[sudo-commits] sudo changeset 12928:e86e7a918487
Todd C. Miller
Todd.Miller at sudo.ws
Tue Feb 9 13:53:11 MST 2021
changeset: 12928:e86e7a918487 in /raid/repos/sudo
details: https://www.sudo.ws/repos/sudo/rev/e86e7a918487
user: Todd C. Miller <Todd.Miller at sudo.ws>
date: Tue Apr 21 14:29:23 2020 -0600
Log Message:
Fix sudoedit when running with SELinux RBAC mode.
We can't use run_command() to run sesh, that will use the sudo event
loop (and might run it in a pty!).
There's no need to relabel the tty when copying files.
Get the path to sesh from sudo.conf.
Currently, for SELinux RBAC, the editor runs with the target user's
security context. This defeats the purpose of sudoedit. Fixing
that requires passing file descriptors between the main sudo process
(running with the invoking user's security context) and sesh (runnning
with the target user's security context).
diffstat:
src/exec_monitor.c | 2 +-
src/exec_nopty.c | 2 +-
src/selinux.c | 42 +++++++++++++++--------
src/sudo.c | 4 --
src/sudo.h | 14 ++++----
src/sudo_edit.c | 92 ++++++++++++++++++++++++++++++++---------------------
src/sudo_exec.h | 1 +
7 files changed, 93 insertions(+), 64 deletions(-)
More information about the sudo-commits
mailing list