[sudo-workers] sudo 1.9.8b2 released

Todd C. Miller Todd.Miller at sudo.ws
Thu Aug 26 12:48:37 MDT 2021

On Tue, 24 Aug 2021 15:38:05 +0200, Daniele Palumbo wrote:

> I think that the concept of intercept the execve is really wonderful!
> Is there a possibility to allow *only* dynamic executables?

There isn't really a portable way to determine this but it
may be possible to detect this for the most common platforms.

> Is there a possibility to allow *only* SECURE_PATH as execve?

Unfortunately, I don't think this is possible sincE The shell
performs the path lookup itself.  However, sudo could reject the
command if it isn't located in a directory listed in secure_path
at execve time.

 - todd

More information about the sudo-workers mailing list