static void sudo_conf_dump(void) { struct plugin_info_list *plugins = sudo_conf_plugins(); struct sudo_conf_debug_list *debug_list = sudo_conf_debugging(); struct sudo_conf_debug *debug_spec; struct sudo_debug_file *debug_file; struct plugin_info *info; printf("Set disable_coredump %s\n", sudo_conf_disable_coredump() ? "true" : "false"); printf("Set group_source %s\n", sudo_conf_group_source() == GROUP_SOURCE_ADAPTIVE ? "adaptive" : sudo_conf_group_source() == GROUP_SOURCE_STATIC ? "static" : "dynamic"); printf("Set max_groups %d\n", sudo_conf_max_groups()); if (sudo_conf_askpass_path() != NULL) printf("Path askpass %s\n", sudo_conf_askpass_path()); if (sudo_conf_sesh_path() != NULL) printf("Path sesh %s\n", sudo_conf_sesh_path()); if (sudo_conf_noexec_path() != NULL) printf("Path noexec %s\n", sudo_conf_noexec_path()); if (sudo_conf_plugin_dir_path() != NULL) printf("Path plugin_dir %s\n", sudo_conf_plugin_dir_path()); TAILQ_FOREACH(info, plugins, entries) { printf("Plugin %s %s", info->symbol_name, info->path); if (info->options) { char * const * op; for (op = info->options; *op != NULL; op++) printf(" %s", *op); } putchar('\n'); }
void selinux_execve(const char *path, char *const argv[], char *const envp[], int noexec) { char **nargv; const char *sesh; int argc, serrno; debug_decl(selinux_execve, SUDO_DEBUG_SELINUX) sesh = sudo_conf_sesh_path(); if (sesh == NULL) { sudo_warnx("internal error: sesh path not set"); errno = EINVAL; debug_return; } if (setexeccon(se_state.new_context)) { sudo_warn(U_("unable to set exec context to %s"), se_state.new_context); if (se_state.enforcing) debug_return; } #ifdef HAVE_SETKEYCREATECON if (setkeycreatecon(se_state.new_context)) { sudo_warn(U_("unable to set key creation context to %s"), se_state.new_context); if (se_state.enforcing) debug_return; } #endif /* HAVE_SETKEYCREATECON */ /* * Build new argv with sesh as argv[0]. * If argv[0] ends in -noexec, sesh will disable execute * for the command it runs. */ for (argc = 0; argv[argc] != NULL; argc++) continue; nargv = sudo_emallocarray(argc + 2, sizeof(char *)); if (noexec) nargv[0] = *argv[0] == '-' ? "-sesh-noexec" : "sesh-noexec"; else nargv[0] = *argv[0] == '-' ? "-sesh" : "sesh"; nargv[1] = (char *)path; memcpy(&nargv[2], &argv[1], argc * sizeof(char *)); /* copies NULL */ /* sesh will handle noexec for us. */ sudo_execve(sesh, nargv, envp, false); serrno = errno; free(nargv); errno = serrno; debug_return; }