From 65d6b278b4fc0b7c62fbedfec9475ece17307a25 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Sat, 21 Aug 2004 18:20:11 +0000
Subject: [PATCH] document --with-noexec

---
 INSTALL | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/INSTALL b/INSTALL
index d967cb1df..1744178c0 100644
--- a/INSTALL
+++ b/INSTALL
@@ -225,6 +225,17 @@ Special features/options:
         only the newer BSD authentication API is supported.  If you
         don't have /usr/include/bsd_auth.h then you cannot use this.
 
+  --with-noexec[=PATH]
+        Enable support for the "noexec" functionality which prevents
+        a dynamically-linked program being run by sudo from executing
+        another program (think shell escapes).  Please see the
+        "PREVENTING SHELL ESCAPES" section in the sudoers man page
+        for details.  If specified, PATH should be a fully qualified
+        pathname, e.g. /usr/local/libexec/sudo_noexec.so.  If PATH
+        is "no", noexec support will not be compiled in.  The default
+        is to compile noexec support if libtool supports building
+        shared objects on your OS.
+
   --disable-root-mailer
         By default sudo will run the mailer as root when tattling
         on a user so as to prevent that user from killing the mailer.
-- 
2.40.0