[sudo-workers] missing --with-noexec in sudo-1.6.8/INSTALL
skeleten at shillest.net
Sat Aug 21 14:02:45 EDT 2004
I found that the installation notes document
(sudo-1.6.8/INSTALL) doesn't refer to --with-noexec option
though it does to --with-ldap option. (Both of these two
options are newly created at the version 1.6.8, as you
I'm happy if you add the notation of the option such as:
Enable "noexec" functionality, which prevents a
dynamically-linked program being run by sudo from executing another
program (think shell escapes of vi and makefile for make). If
specified, FILE is the shared library for it. This functionality is
enabled by default. Please see http://noexec.sourceforge.net/ for more
# Yes, I know the information about this functionality
# enabled by --with-noexec configure option is available at
# least from the change-log file (sudo-1.6.8/CHANGES):
# | 517) A new tag, NOEXEC, will prevent a dynamically-linked program being run
# | by sudo from executing another program (think shell escapes).
# | Because this uses LD_PRELOAD it has no effect on static binaries.
# | Idea from Reznic Valery.
As far as I checked the configure script (lines 19669-19691),
it seems that this functionality is enabled by default (in
the case where I specify NEITHER --with-noexec NOR
--without-noexec when I execute configure script). Is this
As far as I read this change-log file, I think that this
functionality also prevents make utility from executing
other commands in makefiles. Is this right?
The University of Aizu
E-mail: skeleten [AT] shillest.net
s1080224 [AT] u-aizu.ac.jp
More information about the sudo-workers