[sudo-workers] sudo 1.9.8b2 released
Todd C. Miller
Todd.Miller at sudo.ws
Thu Aug 26 12:48:37 MDT 2021
On Tue, 24 Aug 2021 15:38:05 +0200, Daniele Palumbo wrote:
> I think that the concept of intercept the execve is really wonderful!
>
> Is there a possibility to allow *only* dynamic executables?
There isn't really a portable way to determine this but it
may be possible to detect this for the most common platforms.
> Is there a possibility to allow *only* SECURE_PATH as execve?
Unfortunately, I don't think this is possible sincE The shell
performs the path lookup itself. However, sudo could reject the
command if it isn't located in a directory listed in secure_path
at execve time.
- todd
More information about the sudo-workers
mailing list