diff options
author | Todd C. Miller <Todd.Miller@sudo.ws> | 2022-10-10 09:12:48 -0600 |
---|---|---|
committer | Todd C. Miller <Todd.Miller@sudo.ws> | 2022-10-10 09:12:48 -0600 |
commit | 2e52866b3ec5e58b0966f9d75ecd020892ff3d78 (patch) | |
tree | 3a97db3347d663a1de55f7f53c1e74e547131f5c /src/selinux.c | |
parent | 1d10af1813f7e4504a33ae764754ca86db58a22e (diff) | |
download | sudo-2e52866b3ec5e58b0966f9d75ecd020892ff3d78.tar.gz |
Use getopt() and getopt_long() for sesh command line options.
Diffstat (limited to 'src/selinux.c')
-rw-r--r-- | src/selinux.c | 35 |
1 files changed, 18 insertions, 17 deletions
diff --git a/src/selinux.c b/src/selinux.c index b4d392ac9..50455f4d0 100644 --- a/src/selinux.c +++ b/src/selinux.c @@ -444,8 +444,7 @@ selinux_execve(int fd, const char *path, char *const argv[], char *envp[], { char **nargv; const char *sesh; - int argc, nargc, serrno; - bool login_shell = false; + int argc, len, nargc, serrno; debug_decl(selinux_execve, SUDO_DEBUG_SELINUX); sesh = sudo_conf_sesh_path(); @@ -461,8 +460,6 @@ selinux_execve(int fd, const char *path, char *const argv[], char *envp[], /* * Build new argv with sesh as argv[0]. - * If argv[0] ends in -noexec, sesh will disable execute - * for the command it runs. */ for (argc = 0; argv[argc] != NULL; argc++) continue; @@ -470,19 +467,15 @@ selinux_execve(int fd, const char *path, char *const argv[], char *envp[], errno = EINVAL; debug_return; } - nargv = reallocarray(NULL, argc + 4, sizeof(char *)); + nargv = reallocarray(NULL, 5 + argc + 1, sizeof(char *)); if (nargv == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); debug_return; } if (*argv[0] == '-') - login_shell = true; - if (ISSET(flags, CD_NOEXEC)) { - nargv[0] = (char *)(login_shell ? "-sesh-noexec" : "sesh-noexec"); - CLR(flags, CD_NOEXEC); - } else { - nargv[0] = (char *)(login_shell ? "-sesh" : "sesh"); - } + nargv[0] = (char *)"-sesh"; + else + nargv[0] = (char *)"sesh"; nargc = 1; if (ISSET(flags, CD_RBAC_SET_CWD)) { const char *prefix = ISSET(flags, CD_CWD_OPTIONAL) ? "+" : ""; @@ -491,19 +484,27 @@ selinux_execve(int fd, const char *path, char *const argv[], char *envp[], errno = EINVAL; debug_return; } - if (asprintf(&nargv[nargc++], "--chdir=%s%s", prefix, rundir) == -1) { + len = asprintf(&nargv[nargc++], "--directory=%s%s", prefix, rundir); + if (len == -1) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); debug_return; } } - if (fd != -1 && asprintf(&nargv[nargc++], "--execfd=%d", fd) == -1) { - sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); - debug_return; + if (fd != -1) { + len = asprintf(&nargv[nargc++], "--execfd=%d", fd); + if (len == -1) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + debug_return; + } + } + if (ISSET(flags, CD_NOEXEC)) { + CLR(flags, CD_NOEXEC); + nargv[nargc++] = (char *)"--noexec"; } + nargv[nargc++] = (char *)"--"; nargv[nargc++] = (char *)path; memcpy(&nargv[nargc], &argv[1], argc * sizeof(char *)); /* copies NULL */ - /* sesh will handle noexec for us. */ sudo_execve(-1, sesh, nargv, envp, -1, flags); serrno = errno; free(nargv); |