Add support for loading the sudo_intercept.so DSO.

author: Todd C. Miller <Todd.Miller@sudo.ws> 2021-08-09 15:50:25 -0600
committer: Todd C. Miller <Todd.Miller@sudo.ws> 2021-08-09 15:50:25 -0600
commit: dae3e42202f99a6f4a79fdd312bc5b74aa1c42af (patch)
tree: 2eb6c47ea05c8ba4d09875a465c40c050926b7f4 /examples
parent: 6ba837d43339edfcfa6f4ab2253ae49112f6c997 (diff)
download: sudo-dae3e42202f99a6f4a79fdd312bc5b74aa1c42af.tar.gz
1 files changed, 15 insertions, 0 deletions
diff --git a/examples/sudo.conf.in b/examples/sudo.conf.in
index 5e36034f2..6535d3a92 100644
--- a/examples/sudo.conf.in
+++ b/examples/sudo.conf.in
@@ -39,6 +39,21 @@
 #Path devsearch /dev/pts:/dev/vt:/dev/term:/dev/zcons:/dev/pty:/dev
 
 #
+# Sudo command interception:
+#   Path intercept /path/to/sudo_intercept.so
+#
+# Path to a shared library containing replacements for the execv(),
+# execve() and fexecve() library functions that perform a policy check
+# to verify the command is allowed and simply return an error if not.
+# This is used to implement the "intercept" functionality on systems that
+# support LD_PRELOAD or its equivalent.
+#
+# The compiled-in value is usually sufficient and should only be changed
+# if you rename or move the sudo_intercept.so file.
+#
+#Path intercept @plugindir@/sudo_intercept.so
+
+#
 # Sudo noexec:
 #   Path noexec /path/to/sudo_noexec.so
 #
author	Todd C. Miller <Todd.Miller@sudo.ws>	2021-08-09 15:50:25 -0600
committer	Todd C. Miller <Todd.Miller@sudo.ws>	2021-08-09 15:50:25 -0600
commit	dae3e42202f99a6f4a79fdd312bc5b74aa1c42af (patch)
tree	2eb6c47ea05c8ba4d09875a465c40c050926b7f4 /examples
parent	6ba837d43339edfcfa6f4ab2253ae49112f6c997 (diff)
download	sudo-dae3e42202f99a6f4a79fdd312bc5b74aa1c42af.tar.gz