[sudo-commits] sudo changeset 12928:e86e7a918487

Todd C. Miller Todd.Miller at sudo.ws
Tue Feb 9 13:53:11 MST 2021


changeset:	12928:e86e7a918487 in /raid/repos/sudo
details:	https://www.sudo.ws/repos/sudo/rev/e86e7a918487
user:		Todd C. Miller <Todd.Miller at sudo.ws>
date:		Tue Apr 21 14:29:23 2020 -0600

Log Message:
	Fix sudoedit when running with SELinux RBAC mode.
	We can't use run_command() to run sesh, that will use the sudo event
	loop (and might run it in a pty!).
	There's no need to relabel the tty when copying files.
	Get the path to sesh from sudo.conf.

	Currently, for SELinux RBAC, the editor runs with the target user's
	security context. This defeats the purpose of sudoedit.  Fixing
	that requires passing file descriptors between the main sudo process
	(running with the invoking user's security context) and sesh (runnning
	with the target user's security context).

diffstat:

 src/exec_monitor.c |   2 +-
 src/exec_nopty.c   |   2 +-
 src/selinux.c      |  42 +++++++++++++++--------
 src/sudo.c         |   4 --
 src/sudo.h         |  14 ++++----
 src/sudo_edit.c    |  92 ++++++++++++++++++++++++++++++++---------------------
 src/sudo_exec.h    |   1 +
 7 files changed, 93 insertions(+), 64 deletions(-)



More information about the sudo-commits mailing list