Commit 1a94eba
committed
ce_intercept_execve: Don't swap original argv[0] into run_argv
The sudoers policy verifies the command based on the path in the
requested argv[0] so we copy the execve path to argv[0] before the
policy check. We were swapping the original argv[0] into run_argv[]
after the policy check if the command path was unchanged to avoid
having to rewrite argv in the process's address space and to avoid
issues with login shells where argv[0] starts with a '-'. However,
this is unsafe for multi-function binaries like busybox where argv[0]
determines the command that is actually run.
Reported by Christos Papakonstantinou from Cantina (cantina.xyz)1 parent f24f72f commit 1a94eba
1 file changed
Lines changed: 21 additions & 10 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1923 | 1923 | | |
1924 | 1924 | | |
1925 | 1925 | | |
| 1926 | + | |
| 1927 | + | |
| 1928 | + | |
| 1929 | + | |
1926 | 1930 | | |
1927 | 1931 | | |
1928 | 1932 | | |
| |||
1941 | 1945 | | |
1942 | 1946 | | |
1943 | 1947 | | |
1944 | | - | |
1945 | | - | |
1946 | | - | |
1947 | | - | |
1948 | | - | |
1949 | | - | |
1950 | | - | |
1951 | | - | |
1952 | | - | |
1953 | | - | |
| 1948 | + | |
| 1949 | + | |
| 1950 | + | |
| 1951 | + | |
| 1952 | + | |
| 1953 | + | |
| 1954 | + | |
| 1955 | + | |
| 1956 | + | |
| 1957 | + | |
| 1958 | + | |
| 1959 | + | |
| 1960 | + | |
| 1961 | + | |
| 1962 | + | |
1954 | 1963 | | |
| 1964 | + | |
| 1965 | + | |
1955 | 1966 | | |
1956 | 1967 | | |
1957 | 1968 | | |
| |||
0 commit comments