[sudo-commits] sudo changeset 13405:cdb876f62882
Todd C. Miller
Todd.Miller at sudo.ws
Wed Aug 18 15:45:30 MDT 2021
changeset: 13405:cdb876f62882 in /raid/repos/sudo
details: https://www.sudo.ws/repos/sudo/rev/cdb876f62882
user: Todd C. Miller <Todd.Miller at sudo.ws>
date: Wed Aug 18 15:43:26 2021 -0600
Log Message:
Add intercept_allow_setid sudoers option, disabled by default.
With this change, a shell in intercept mode cannot run a setuid or
setgid binary by default. On most systems, the dynamic loader will
ignore LD_PRELOAD for setuid/setgid binaries such as sudo which
would effectively disable intercept mode.
diffstat:
doc/sudoers.man.in | 31 +++++++++-
doc/sudoers.mdoc.in | 30 ++++++++-
plugins/sudoers/def_data.c | 4 +
plugins/sudoers/def_data.h | 2 +
plugins/sudoers/def_data.in | 3 +
plugins/sudoers/match_command.c | 95 +++++++++++++++++-----------
plugins/sudoers/parse.c | 2 +
plugins/sudoers/parse.h | 1 +
plugins/sudoers/regress/fuzz/fuzz_sudoers.c | 1 +
9 files changed, 130 insertions(+), 39 deletions(-)
More information about the sudo-commits
mailing list