2 * Copyright (c) 2009-2012 Todd C. Miller <Todd.Miller@courtesan.com>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 #include <sys/types.h>
20 #include <sys/param.h>
29 #endif /* STDC_HEADERS */
32 #endif /* HAVE_STRING_H */
35 #endif /* HAVE_STRINGS_H */
38 #endif /* HAVE_UNISTD_H */
45 #include "sudo_exec.h"
48 * Disable execution of child processes in the command we are about
49 * to run. On systems with privilege sets, we can remove the exec
50 * privilege. On other systems we use LD_PRELOAD and the like.
53 disable_execute(char *const envp[])
55 #ifdef _PATH_SUDO_NOEXEC
57 char *preload, **nenvp;
58 int env_len = 0, env_size = 128;
59 #endif /* _PATH_SUDO_NOEXEC */
60 debug_decl(disable_execute, SUDO_DEBUG_UTIL)
63 /* Solaris privileges, remove PRIV_PROC_EXEC post-execve. */
64 if (priv_set(PRIV_OFF, PRIV_LIMIT, "PRIV_PROC_EXEC", NULL) == 0)
65 debug_return_ptr(envp);
66 warning(_("unable to remove PRIV_PROC_EXEC from PRIV_LIMIT"));
67 #endif /* HAVE_PRIV_SET */
69 #ifdef _PATH_SUDO_NOEXEC
70 nenvp = emalloc2(env_size, sizeof(char *));
73 * Preload a noexec file. For a list of LD_PRELOAD-alikes, see
74 * http://www.fortran-2000.com/ArnaudRecipes/sharedlib.html
75 * XXX - need to support 32-bit and 64-bit variants
77 # if defined(__darwin__) || defined(__APPLE__)
78 nenvp[env_len++] = "DYLD_FORCE_FLAT_NAMESPACE=";
79 preload = fmt_string("DYLD_INSERT_LIBRARIES", sudo_conf_noexec_path());
80 # elif defined(__osf__) || defined(__sgi)
81 easprintf(&preload, "_RLD_LIST=%s:DEFAULT", sudo_conf_noexec_path());
83 preload = fmt_string("LDR_PRELOAD", sudo_conf_noexec_path());
85 preload = fmt_string("LD_PRELOAD", sudo_conf_noexec_path());
88 errorx(1, _("unable to allocate memory"));
89 nenvp[env_len++] = preload;
91 for (ev = envp; *ev != NULL; ev++) {
93 * Prune out existing preloaded libraries.
94 * XXX - should append to new value instead.
96 # if defined(__darwin__) || defined(__APPLE__)
97 if (strncmp(*ev, "DYLD_INSERT_LIBRARIES=", sizeof("DYLD_INSERT_LIBRARIES=") - 1) == 0)
99 if (strncmp(*ev, "DYLD_FORCE_FLAT_NAMESPACE=", sizeof("DYLD_INSERT_LIBRARIES=") - 1) == 0)
101 # elif defined(__osf__) || defined(__sgi)
102 if (strncmp(*ev, "_RLD_LIST=", sizeof("_RLD_LIST=") - 1) == 0)
105 if (strncmp(*ev, "LDR_PRELOAD=", sizeof("LDR_PRELOAD=") - 1) == 0)
108 if (strncmp(*ev, "LD_PRELOAD=", sizeof("LD_PRELOAD=") - 1) == 0)
111 /* Need at least 2 slots for current element and a NULL. */
112 if (env_len + 2 > env_size) {
114 nenvp = erealloc3(nenvp, env_size, sizeof(char *));
116 nenvp[env_len++] = *ev;
118 nenvp[env_len] = NULL;
120 #endif /* _PATH_SUDO_NOEXEC */
122 debug_return_ptr(envp);
126 * Like execve(2) but falls back to running through /bin/sh
127 * ala execvp(3) if we get ENOEXEC.
130 sudo_execve(const char *path, char *const argv[], char *const envp[], int noexec)
132 /* Modify the environment as needed to disable further execve(). */
134 envp = disable_execute(envp);
136 execve(path, argv, envp);
137 if (errno == ENOEXEC) {
141 for (argc = 0; argv[argc] != NULL; argc++)
143 nargv = emalloc2(argc + 2, sizeof(char *));
145 nargv[1] = (char *)path;
146 memcpy(nargv + 2, argv + 1, argc * sizeof(char *));
147 execve(_PATH_BSHELL, nargv, envp);