[sudo-commits] sudo changeset 13910:e411d6bc3855
Todd C. Miller
Todd.Miller at sudo.ws
Fri Apr 29 13:29:22 MDT 2022
changeset: 13910:e411d6bc3855 in /raid/repos/sudo
details: https://www.sudo.ws/repos/sudo/rev/e411d6bc3855
user: Todd C. Miller <Todd.Miller at sudo.ws>
date: Fri Apr 29 13:09:03 2022 -0600
Log Message:
For ptrace intercept mode, do not do a policy check for the initial command.
We can skip the policy check for the execve(2) of the initial command
since it has already been check. Otherwise, we would log the command
twice. When using fexecve(2) due to a digest check, there should
be no need to skip the initial command since it will be executed
via execveat(2) not execve(2). However, on older kernels without
execveat(2), glibc will emulate fexecve(2) using /proc which will
result in the extra log entry.
diffstat:
src/exec_intercept.c | 13 ++++++++++++-
src/exec_intercept.h | 1 +
src/exec_ptrace.c | 6 ++++++
src/sudo.c | 1 +
src/sudo.h | 1 +
5 files changed, 21 insertions(+), 1 deletions(-)
More information about the sudo-commits
mailing list