Skip to content

Commit c37eb11

Browse files
millertmillert
committed
direct_exec_allowed: don't allow for intercept or log_subcmds
1 parent f8ea989 commit c37eb11

File tree

1 file changed

+5
-2
lines changed

1 file changed

+5
-2
lines changed

src/exec.c

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -408,8 +408,11 @@ direct_exec_allowed(const struct command_details *details)
408408
debug_decl(direct_exec_allowed, SUDO_DEBUG_EXEC);
409409

410410
/* Assumes sudo_needs_pty() was already checked. */
411-
if (ISSET(details->flags, CD_RBAC_ENABLED|CD_SET_TIMEOUT|CD_SUDOEDIT) ||
412-
policy_plugin.u.policy->close != NULL)
411+
if (policy_plugin.u.policy->close != NULL)
412+
debug_return_bool(false);
413+
if (ISSET(details->flags, CD_RBAC_ENABLED|CD_SET_TIMEOUT|CD_SUDOEDIT))
414+
debug_return_bool(false);
415+
if (ISSET(details->flags, CD_INTERCEPT|CD_LOG_SUBCMDS))
413416
debug_return_bool(false);
414417

415418
TAILQ_FOREACH(plugin, &audit_plugins, entries) {

0 commit comments

Comments
 (0)