Revert "Implement support for NOEXEC (#1073)"

This is spawning a thread before fork, which is UB. This will need to be
fixed, but given that we plan to do a release in a couple of days, let's
remove NOEXEC support for now and re-add fixed NOEXEC support after the
release.

This reverts commit ca76a70, reversing
changes made to 5ca07b1.

Author: bjorn3

Cargo.toml

@@ -29,7 +29,7 @@ name = "visudo"
 path = "bin/visudo.rs"
 
 [dependencies]
-libc = "0.2.152"
+libc = "0.2.149"
 glob = "0.3.0"
 log = { version = "0.4.11", features = ["std"] }
 

src/common/context.rs

@@ -31,7 +31,6 @@ pub struct Context {
     pub process: Process,
     // policy
     pub use_pty: bool,
-    pub noexec: bool,
 }
 
 #[derive(Clone, Copy, Debug, Default, PartialEq, Eq)]
@@ -94,7 +93,6 @@ impl Context {
             non_interactive: sudo_options.non_interactive,
             process: Process::new(),
             use_pty: true,
-            noexec: false,
         })
     }
 
@@ -119,7 +117,6 @@ impl Context {
             non_interactive: sudo_options.non_interactive,
             process: Process::new(),
             use_pty: true,
-            noexec: false,
         })
     }
 
@@ -164,7 +161,6 @@ impl Context {
             non_interactive: sudo_options.non_interactive,
             process: Process::new(),
             use_pty: true,
-            noexec: false,
         })
     }
 
@@ -183,7 +179,6 @@ impl Context {
             group: &self.target_group,
 
             use_pty: self.use_pty,
-            noexec: self.noexec,
         })
     }
 }

src/defaults/mod.rs

@@ -36,7 +36,6 @@ defaults! {
     env_editor                = true
     rootpw                    = false
     targetpw                  = false
-    noexec                    = false
 
     passwd_tries              = 3 [0..=1000]
 

src/exec/mod.rs

@@ -1,8 +1,6 @@
 mod event;
 mod io_util;
 mod no_pty;
-#[cfg(target_os = "linux")]
-mod noexec;
 mod use_pty;
 
 use std::{
@@ -26,9 +24,7 @@ use crate::{
         signal::{consts::*, signal_name},
         wait::{Wait, WaitError, WaitOptions},
     },
-    system::{
-        kill, set_target_user, signal::SignalNumber, term::UserTerm, FileCloser, Group, User,
-    },
+    system::{kill, set_target_user, signal::SignalNumber, term::UserTerm, Group, User},
 };
 
 use self::{
@@ -47,7 +43,6 @@ pub struct RunOptions<'a> {
     pub group: &'a Group,
 
     pub use_pty: bool,
-    pub noexec: bool,
 }
 
 /// Based on `ogsudo`s `exec_pty` function.
@@ -58,8 +53,6 @@ pub fn run_command(
     options: RunOptions<'_>,
     env: impl IntoIterator<Item = (impl AsRef<OsStr>, impl AsRef<OsStr>)>,
 ) -> io::Result<ExitReason> {
-    let mut file_closer = FileCloser::new();
-
     // FIXME: should we pipe the stdio streams?
     let qualified_path = options.command;
     let mut command = Command::new(qualified_path);
@@ -81,16 +74,6 @@ pub fn run_command(
         command.arg0(OsStr::from_bytes(&process_name));
     }
 
-    if options.noexec {
-        #[cfg(target_os = "linux")]
-        noexec::add_noexec_filter(&mut command, &mut file_closer);
-
-        #[cfg(not(target_os = "linux"))]
-        return Err(io::Error::other(
-            "NOEXEC is currently only supported on Linux",
-        ));
-    }
-
     // Decide if the pwd should be changed. `--chdir` takes precedence over `-i`.
     let path = options
         .chdir
@@ -125,14 +108,14 @@ pub fn run_command(
 
     if options.use_pty {
         match UserTerm::open() {
-            Ok(user_tty) => exec_pty(sudo_pid, file_closer, command, user_tty),
+            Ok(user_tty) => exec_pty(sudo_pid, command, user_tty),
             Err(err) => {
                 dev_info!("Could not open user's terminal, not allocating a pty: {err}");
-                exec_no_pty(sudo_pid, file_closer, command)
+                exec_no_pty(sudo_pid, command)
             }
         }
     } else {
-        exec_no_pty(sudo_pid, file_closer, command)
+        exec_no_pty(sudo_pid, command)
     }
 }
 

src/exec/no_pty.rs

@@ -26,11 +26,7 @@ use crate::{
     },
 };
 
-pub(super) fn exec_no_pty(
-    sudo_pid: ProcessId,
-    mut file_closer: FileCloser,
-    mut command: Command,
-) -> io::Result<ExitReason> {
+pub(super) fn exec_no_pty(sudo_pid: ProcessId, mut command: Command) -> io::Result<ExitReason> {
     // FIXME (ogsudo): Initialize the policy plugin's session here.
 
     // Block all the signals until we are done setting up the signal handlers so we don't miss
@@ -43,6 +39,8 @@ pub(super) fn exec_no_pty(
         }
     };
 
+    let mut file_closer = FileCloser::new();
+
     // FIXME (ogsudo): Some extra config happens here if selinux is available.
 
     // Use a pipe to get the IO error if `exec` fails.