diff options
| author | Todd C. Miller <Todd.Miller@courtesan.com> | 1996-03-17 20:02:00 +0000 |
|---|---|---|
| committer | Todd C. Miller <Todd.Miller@courtesan.com> | 1996-03-17 20:02:00 +0000 |
| commit | 084bdf5399d7fd2a84d075a0aa1f38a2151b1776 (patch) | |
| tree | 63a269bb00b5072fdc8c3c19d8503c4a1514c220 | |
| parent | aacdea8fe172810d41c5aa9ccbc09e7b3e814211 (diff) | |
| download | sudo-084bdf5399d7fd2a84d075a0aa1f38a2151b1776.tar.gz | |
added NO_DOT_PATH
| -rw-r--r-- | OPTIONS | 5 | ||||
| -rw-r--r-- | find_path.c | 6 | ||||
| -rw-r--r-- | options.h | 1 |
3 files changed, 12 insertions, 0 deletions
@@ -153,6 +153,11 @@ SECURE_PATH NOTE: SECURE_PATH is not applied to users in the EXEMPTGROUP. This is off by default. +NO_DOT_PATH + If defined, sudo will ignore '.' or '' (current dir) in $PATH. + The $PATH itself is not modified. + This is off by default. + USE_EXECV Use execv() to exec the command instead of execvp(). I can't think of a reason to actually do this since execvp() is passed a fully qualified diff --git a/find_path.c b/find_path.c index 1af07592f..9290d3577 100644 --- a/find_path.c +++ b/find_path.c @@ -99,7 +99,9 @@ char * find_path(file) char *path = NULL; /* contents of PATH env var */ char *origpath; /* so we can free path later */ char *result = NULL; /* result of path/file lookup */ +#ifndef NO_DOT_PATH int checkdot = 0; /* check current dir? */ +#endif /* NO_DOT_PATH */ command[0] = '\0'; @@ -148,7 +150,9 @@ char * find_path(file) * things like using './' or './/' */ if (*path == '\0' || (*path == '.' && *(path + 1) == '\0')) { +#ifndef NO_DOT_PATH checkdot = 1; +#endif /* NO_DOT_PATH */ path = n + 1; continue; } @@ -169,11 +173,13 @@ char * find_path(file) } while (n); +#ifndef NO_DOT_PATH /* * check current dir if dot was in the PATH */ if (!result && checkdot) result = sudo_goodpath(file); +#endif /* NO_DOT_PATH */ (void) free(origpath); @@ -56,6 +56,7 @@ #define INCORRECT_PASSWORD "Sorry, try again." /* message for bad passwd */ #define MAILSUBJECT "*** SECURITY information ***" /* subject of mail sent */ #define PASSPROMPT "Password:" /* default password prompt */ +/*#define NO_DOT_PATH /* ignore '.' if in $PATH */ /*#define SECURE_PATH "/bin:/usr/ucb:/usr/bin:/usr/etc:/etc" /* secure path */ /*#define USE_EXECV /* use execv() instead of execvp() */ /*#define SHELL_IF_NO_ARGS /* if sudo is given no arguments run a shell */ |