[sudo-commits] sudo changeset 13385:7938c63384df
Todd C. Miller
Todd.Miller at sudo.ws
Fri Aug 13 09:12:42 MDT 2021
changeset: 13385:7938c63384df in /raid/repos/sudo
details: https://www.sudo.ws/repos/sudo/rev/7938c63384df
user: Todd C. Miller <Todd.Miller at sudo.ws>
date: Fri Aug 13 09:10:44 2021 -0600
Log Message:
Pass a secret value to sudo_intercept.so and verify after policy check.
The goal is to make it harder for someone to have a fake policy checker.
This will not stop a determined adversary since the secret is present
in the address space of the running process.
diffstat:
include/intercept.pb-c.h | 3 ++-
src/exec_intercept.c | 17 ++++++++++++++---
src/exec_nopty.c | 2 ++
src/exec_pty.c | 2 ++
src/intercept.pb-c.c | 19 ++++++++++++++++---
src/intercept.proto | 1 +
src/sudo_exec.h | 1 +
src/sudo_intercept_common.c | 19 +++++++++++++++++++
8 files changed, 57 insertions(+), 7 deletions(-)
More information about the sudo-commits
mailing list