[sudo-commits] sudo changeset 13910:e411d6bc3855

Todd C. Miller Todd.Miller at sudo.ws
Fri Apr 29 13:29:22 MDT 2022

changeset:	13910:e411d6bc3855 in /raid/repos/sudo
details:	https://www.sudo.ws/repos/sudo/rev/e411d6bc3855
user:		Todd C. Miller <Todd.Miller at sudo.ws>
date:		Fri Apr 29 13:09:03 2022 -0600

Log Message:
	For ptrace intercept mode, do not do a policy check for the initial command.
	We can skip the policy check for the execve(2) of the initial command
	since it has already been check.  Otherwise, we would log the command
	twice.  When using fexecve(2) due to a digest check, there should
	be no need to skip the initial command since it will be executed
	via execveat(2) not execve(2).  However, on older kernels without
	execveat(2), glibc will emulate fexecve(2) using /proc which will
	result in the extra log entry.


 src/exec_intercept.c |  13 ++++++++++++-
 src/exec_intercept.h |   1 +
 src/exec_ptrace.c    |   6 ++++++
 src/sudo.c           |   1 +
 src/sudo.h           |   1 +
 5 files changed, 21 insertions(+), 1 deletions(-)

More information about the sudo-commits mailing list