Skip to content

Commit

Permalink
Disable fast_glob and fdexec if SUDOERS_NAME_MATCH is defined.
Browse files Browse the repository at this point in the history 
We use SUDOERS_NAME_MATCH for fuzzing when we want to avoid searching
the file system for commands.
  • Loading branch information
@millert
millert committed Aug 28, 2023
1 parent c858acc commit 07003d9
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion plugins/sudoers/defaults.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -510,6 +510,12 @@ init_defaults(void)
#endif
#ifdef UMASK_OVERRIDE
def_umask_override = true;
#endif
#ifdef SUDOERS_NAME_MATCH
def_fast_glob = true;
def_fdexec = never;
#else
def_fdexec = digest_only;
#endif
def_timestamp_type = TIMESTAMP_TYPE;
if ((def_iolog_file = strdup("%{seq}")) == NULL)
Expand Down Expand Up @@ -554,7 +560,6 @@ init_defaults(void)
def_netgroup_tuple = false;
def_sudoedit_checkdir = true;
def_iolog_mode = S_IRUSR|S_IWUSR;
def_fdexec = digest_only;
def_log_allowed = true;
def_log_denied = true;
def_log_format = sudo;
Expand Down

0 comments on commit 07003d9

Please sign in to comment.