]>
Commit | Line | Data |
---|---|---|
8620b293 JB |
1 | --- sudo-1.6.7p5/sesh.c.selinux 2004-07-08 13:18:28.000000000 -0400 |
2 | +++ sudo-1.6.7p5/sesh.c 2004-07-08 13:18:28.000000000 -0400 | |
3 | @@ -0,0 +1,50 @@ | |
4 | +#include <stdio.h> | |
5 | +#include <unistd.h> | |
6 | +#include <limits.h> | |
7 | +#include <sys/types.h> | |
8 | +#include <sys/wait.h> | |
9 | +#include <errno.h> | |
10 | + | |
11 | +main (int argc, char **argv) { | |
12 | + char buf[PATH_MAX]; | |
13 | + pid_t pid; | |
14 | + if ( argc < 2 ) { | |
15 | + fprintf(stderr,"%s: Requires at least one argument\n", argv[0]); | |
16 | + exit(-1); | |
17 | + } | |
18 | + if ( argv[1][0] != '/' ) { | |
19 | + fprintf(stderr,"%s: First argument must have a full path\n", argv[0]); | |
20 | + exit(-1); | |
21 | + } | |
22 | + | |
23 | + if ((pid = fork()) < 0) { | |
24 | + snprintf(buf, sizeof(buf), "%s: Couldn't fork"); | |
25 | + perror(buf); | |
26 | + exit(-1); | |
27 | + } else if (pid > 0) { | |
28 | + /* Parent */ | |
29 | + int status; | |
30 | + int ret; | |
31 | + | |
32 | + do { | |
33 | + if ((ret = waitpid(pid, &status, 0)) < 0 && errno == EINTR) | |
34 | + continue; | |
35 | + else if (ret < 0) { | |
36 | + perror("waitpid failed"); | |
37 | + exit(1); | |
38 | + } | |
39 | + } while (0); | |
40 | + | |
41 | + if (WIFEXITED(status)) | |
42 | + exit(WEXITSTATUS(status)); | |
43 | + else | |
44 | + exit(1); | |
45 | + } else { | |
46 | + /* Child */ | |
47 | + execv(argv[1], &argv[1]); | |
48 | + | |
49 | + snprintf(buf, sizeof(buf), "%s: Error execing %s", argv[0], argv[1]); | |
50 | + perror(buf); | |
51 | + exit(-1); | |
52 | + } | |
53 | +} | |
dc214b6e JB |
54 | --- sudo-1.6.9p3/configure.in.orig 2007-07-30 15:30:15.000000000 +0200 |
55 | +++ sudo-1.6.9p3/configure.in 2007-08-04 22:13:39.950053015 +0200 | |
56 | @@ -101,7 +101,7 @@ | |
8620b293 JB |
57 | dnl Initial values for Makefile variables listed above |
58 | dnl May be overridden by environment variables.. | |
59 | dnl | |
60 | -PROGS="sudo visudo" | |
61 | +PROGS="sudo visudo sesh" | |
dc214b6e JB |
62 | : ${MANTYPE='man'} |
63 | : ${mansrcdir='.'} | |
64 | : ${SUDOERS_MODE='0440'} | |
65 | --- sudo-1.6.9p3/sudo.c.orig 2007-07-22 21:21:01.000000000 +0200 | |
66 | +++ sudo-1.6.9p3/sudo.c 2007-08-04 22:15:26.464122906 +0200 | |
67 | @@ -101,6 +101,17 @@ | |
5cb05c03 AM |
68 | #include "interfaces.h" |
69 | #include "version.h" | |
70 | ||
71 | +#ifdef WITH_SELINUX | |
72 | +#include <selinux/flask.h> /* for SECCLASS_CHR_FILE */ | |
73 | +#include <selinux/selinux.h> /* for is_selinux_enabled() */ | |
74 | +#include <selinux/context.h> /* for context-mangling functions */ | |
75 | +#include <selinux/get_default_type.h> | |
ad1310e6 AM |
76 | +char *role_s = NULL; /* role spec'd by user in argv[] */ |
77 | +char *type_s = NULL; /* type spec'd by user in argv[] */ | |
8620b293 JB |
78 | +security_context_t new_tty_context=NULL; /* security context to change to while running command*/ |
79 | +security_context_t tty_context=NULL; /* current security context of tty */ | |
5cb05c03 AM |
80 | +#endif |
81 | + | |
82 | #ifndef lint | |
dc214b6e | 83 | __unused __unused static const char rcsid[] = "$Sudo: sudo.c,v 1.369.2.26 2007/07/22 19:21:01 millert Exp $"; |
5cb05c03 | 84 | #endif /* lint */ |
dc214b6e JB |
85 | @@ -154,7 +165,151 @@ |
86 | #endif /* HAVE_BSD_AUTH_H */ | |
8620b293 | 87 | sigaction_t saved_sa_int, saved_sa_quit, saved_sa_tstp, saved_sa_chld; |
5cb05c03 AM |
88 | |
89 | +#ifdef WITH_SELINUX | |
8620b293 JB |
90 | +security_context_t setup_tty_context(int fd, char *ttyn, security_context_t new_context) { |
91 | + security_context_t tty_context=NULL; /* current sid of tty */ | |
5cb05c03 | 92 | + |
8620b293 JB |
93 | + tty_context = NULL; |
94 | + if (fgetfilecon(fd,&tty_context) <0 ) | |
95 | + fprintf(stderr, "Warning! Could not get current context for %s, not relabeling.\n", ttyn); | |
5cb05c03 | 96 | + |
5cb05c03 | 97 | +#ifdef CANTSPELLGDB |
8620b293 JB |
98 | + if (tty_context) |
99 | + printf("Your tty %s was labeled with context %s\n", ttyn, tty_context); | |
100 | +#endif | |
101 | + | |
102 | + new_tty_context = NULL; | |
103 | + if (tty_context && security_compute_relabel(new_context,tty_context,SECCLASS_CHR_FILE,&new_tty_context) < 0) | |
104 | + fprintf(stderr, "Warning! Could not get new context for %s, not relabeling.\n", ttyn); | |
105 | + | |
5cb05c03 | 106 | +#ifdef CANTSPELLGDB |
8620b293 JB |
107 | + if (new_tty_context) |
108 | + printf("Relabeling tty %s to context %s\n", ttyn, new_tty_context); | |
5cb05c03 | 109 | +#endif |
8620b293 JB |
110 | + |
111 | + if (new_tty_context) { | |
112 | + if( fsetfilecon(fd,new_tty_context)!=0 ) { | |
113 | + fprintf(stderr,"sudo: error: setfilecon on %s to %s",ttyn,new_tty_context); | |
114 | + } | |
115 | + } | |
116 | + return tty_context; | |
117 | +} | |
118 | +security_context_t get_exec_context(char *role_s, char *type_s) { | |
119 | + | |
120 | + security_context_t old_context=NULL; /* our original securiy ID ("old_context") */ | |
121 | + security_context_t new_context=NULL; /* our target security ID ("sid") */ | |
dc214b6e | 122 | |
8620b293 JB |
123 | + /* |
124 | + * | |
125 | + * Step 1: Handle command-line arguments. | |
126 | + * | |
127 | + */ | |
128 | + | |
129 | + security_context_t context_s; /* our security context as a string */ | |
130 | + int context_length; | |
131 | + context_t context; /* manipulatable form of context_s */ | |
132 | + | |
133 | + | |
134 | + /* | |
135 | + * Get the SID and context of the caller, and extract | |
136 | + * the username from the context. Don't rely on the Linux | |
137 | + * uid information - it isn't trustworthy. | |
138 | + */ | |
139 | + | |
140 | + /* Put the caller's SID into `old_context'. */ | |
141 | + if( 0!=(getprevcon(&old_context)) ) { | |
142 | + fprintf(stderr,"failed to get old_context.\n"); | |
143 | + exit(-1); | |
144 | + } | |
145 | + | |
5cb05c03 | 146 | +#ifdef CANTSPELLGDB |
8620b293 | 147 | + printf( "Your old context was %s\n", old_context ); |
5cb05c03 | 148 | +#endif |
8620b293 JB |
149 | + /* |
150 | + * Create a context structure so that we extract and modify | |
151 | + * components easily. | |
152 | + */ | |
153 | + context=context_new(old_context); | |
154 | + | |
155 | + /* | |
156 | + * | |
157 | + * Step 3: Construct a new SID based on our old SID and the | |
158 | + * arguments specified on the command line. | |
159 | + * | |
160 | + */ | |
161 | + | |
162 | + /* The first step in constructing a new SID for the new shell we * | |
163 | + * plan to exec is to take our old context in `context' as a * | |
164 | + * starting point, and modify it according to the options the user * | |
165 | + * specified on the command line. */ | |
166 | + | |
167 | + /* Set the SELinux user identity to root */ | |
168 | + context_user_set(context, "root"); | |
169 | + | |
170 | + /* If the user specified a new role on the command line (if `role_s' * | |
171 | + * is set), then replace the old role in `context' with this new role. */ | |
172 | + if( role_s ) { | |
173 | + if( !type_s ) { | |
174 | + if( get_default_type(role_s,&type_s) ) | |
175 | + { | |
176 | + fprintf(stderr,"Couldn't get default type.\n"); | |
177 | + exit(-1); | |
178 | + } | |
5cb05c03 | 179 | +#ifdef CANTSPELLGDB |
8620b293 JB |
180 | + printf( "Your type will be %s.\n", type_s ); |
181 | +#endif | |
182 | + } | |
183 | + | |
184 | + if( context_role_set(context,role_s)) { | |
185 | + fprintf(stderr,"failed to set new role %s\n",role_s); | |
186 | + exit(-1); | |
187 | + } | |
5cb05c03 | 188 | +#ifdef CANTSPELLGDB |
8620b293 | 189 | + printf("Your new role is %s\n",context_role_get(context)); |
5cb05c03 | 190 | +#endif |
8620b293 JB |
191 | + |
192 | + /* If the user specified a new type on the command line (if `type_s' * | |
193 | + * is set), then replace the old type in `context' with this new type. */ | |
194 | + if( type_s ) { | |
195 | + if( context_type_set(context,type_s)) { | |
196 | + fprintf(stderr,"failed to set new type %s\n",type_s); | |
197 | + exit(-1); | |
198 | + } | |
5cb05c03 | 199 | +#ifdef CANTSPELLGDB |
8620b293 | 200 | + printf("Your new type is %s\n",context_type_get(context)); |
5cb05c03 | 201 | +#endif |
8620b293 JB |
202 | + } /* if user specified new type */ |
203 | + | |
204 | + /* The second step in creating the new SID is to convert our modified * | |
205 | + * `context' structure back to a context string and then to a SID. */ | |
206 | + | |
207 | + /* Make `context_s' point to a string version of the new `context'. */ | |
208 | + if( !(new_context=strdup(context_str(context)))) { | |
209 | + fprintf(stderr,"failed to convert new context to string\n" ); | |
210 | + exit(-1); | |
211 | + } | |
212 | + | |
213 | + } /* if user specified new role */ | |
214 | + else { | |
215 | + if (get_default_context(context_user_get(context), | |
216 | + NULL, | |
217 | + &new_context)) { | |
218 | + fprintf(stderr,"failed to get default context\n" ); | |
219 | + exit(-1); | |
220 | + } | |
221 | + } | |
222 | + context_free(context); | |
223 | + freecon(old_context); | |
5cb05c03 | 224 | + |
8620b293 JB |
225 | + if (security_check_context(new_context) < 0) { |
226 | + fprintf(stderr, "%s is not a valid context\n", new_context); | |
227 | + exit(-1); | |
228 | + } | |
5cb05c03 | 229 | + |
8620b293 JB |
230 | + return new_context; |
231 | +} | |
dc214b6e | 232 | + |
5cb05c03 | 233 | +#endif |
8620b293 JB |
234 | int |
235 | main(argc, argv, envp) | |
236 | int argc; | |
dc214b6e | 237 | @@ -216,9 +371,6 @@ |
8620b293 JB |
238 | /* Setup defaults data structures. */ |
239 | init_defaults(); | |
240 | ||
241 | - /* Load the list of local ip addresses and netmasks. */ | |
242 | - load_interfaces(); | |
243 | - | |
244 | pwflag = 0; | |
245 | if (ISSET(sudo_mode, MODE_SHELL)) | |
246 | user_cmnd = "shell"; | |
dc214b6e JB |
247 | @@ -233,6 +385,8 @@ |
248 | (void) printf("Sudoers path: %s\n", _PATH_SUDOERS); | |
8620b293 JB |
249 | dump_auth_methods(); |
250 | dump_defaults(); | |
251 | + /* Load the list of local ip addresses and netmasks. */ | |
252 | + load_interfaces(); | |
253 | dump_interfaces(); | |
254 | } | |
255 | exit(0); | |
dc214b6e | 256 | @@ -442,7 +596,43 @@ |
8620b293 JB |
257 | #ifndef PROFILING |
258 | if (ISSET(sudo_mode, MODE_BACKGROUND) && fork() > 0) | |
259 | exit(0); | |
260 | - else | |
261 | +#ifdef WITH_SELINUX | |
262 | + if(is_selinux_enabled() > 0) { | |
263 | + int fd; | |
264 | + char *ttyn = NULL; /* tty path */ | |
265 | + security_context_t new_context=NULL; /* our target security ID ("sid") */ | |
266 | + security_context_t chk_tty_context= NULL; | |
5cb05c03 | 267 | + |
8620b293 | 268 | + new_context=get_exec_context(role_s,type_s); |
5cb05c03 | 269 | +#ifdef CANTSPELLGDB |
8620b293 | 270 | + printf("Your new context is %s\n",new_context); |
5cb05c03 AM |
271 | +#endif |
272 | + | |
5cb05c03 AM |
273 | + if (setexeccon(new_context) < 0) { |
274 | + fprintf(stderr, "Could not set exec context to %s.\n", new_context); | |
275 | + exit(-1); | |
276 | + } | |
277 | + freecon(new_context); | |
8620b293 JB |
278 | + { |
279 | + /* | |
280 | + SELinux will only not transition properly with the following | |
281 | + code. Basically if the user chooses to use a different security | |
282 | + context. We need to start the selinux shell, before executing | |
283 | + the command. This way the process transition will happen | |
284 | + correctly. For example if they user wants to run rpm from | |
285 | + sysadm_r. Sudo will exec the /usr/sbin/sesh followed by the | |
286 | + specified command.*/ | |
287 | + char **dst, **src = NewArgv+1; | |
288 | + NewArgv = (char **) emalloc2((++NewArgc + 1), sizeof(char *)); | |
289 | + NewArgv[0] = estrdup("sesh"); | |
290 | + NewArgv[1] = safe_cmnd; | |
291 | + safe_cmnd = estrdup("/usr/sbin/sesh"); | |
292 | + /* copy the args from Argv */ | |
293 | + for (dst = NewArgv + 2; (*dst = *src) != NULL; ++src, ++dst) | |
294 | + ; | |
5cb05c03 AM |
295 | + } |
296 | + } | |
297 | +#endif | |
dc214b6e | 298 | execve(safe_cmnd, NewArgv, environ); |
5cb05c03 AM |
299 | #else |
300 | exit(0); | |
dc214b6e JB |
301 | @@ -766,6 +956,30 @@ |
302 | NewArgv++; | |
303 | break; | |
5cb05c03 AM |
304 | #endif |
305 | +#ifdef WITH_SELINUX | |
306 | + case 'r': | |
307 | + /* Must have an associated SELinux role. */ | |
308 | + if (NewArgv[1] == NULL) | |
309 | + usage(1); | |
310 | + | |
311 | + role_s = NewArgv[1]; | |
312 | + | |
313 | + /* Shift Argv over and adjust Argc. */ | |
314 | + NewArgc--; | |
315 | + NewArgv++; | |
316 | + break; | |
317 | + case 't': | |
318 | + /* Must have an associated SELinux type. */ | |
319 | + if (NewArgv[1] == NULL) | |
320 | + usage(1); | |
321 | + | |
322 | + type_s = NewArgv[1]; | |
323 | + | |
324 | + /* Shift Argv over and adjust Argc. */ | |
325 | + NewArgc--; | |
326 | + NewArgv++; | |
327 | + break; | |
328 | +#endif | |
329 | #ifdef HAVE_LOGIN_CAP_H | |
dc214b6e JB |
330 | case 'c': |
331 | /* Must have an associated login class. */ | |
332 | @@ -1247,6 +1461,9 @@ | |
8620b293 JB |
333 | #ifdef HAVE_LOGIN_CAP_H |
334 | " [-c class|-]", | |
ad1310e6 AM |
335 | #endif |
336 | +#ifdef WITH_SELINUX | |
8620b293 | 337 | + " [-r role] [-t type]", |
ad1310e6 | 338 | +#endif |
8620b293 JB |
339 | " [-p prompt]", |
340 | " [-u username|#uid]", | |
dc214b6e JB |
341 | " [VAR=value]", |
342 | --- sudo-1.6.9p3/sudo.man.in.orig 2007-08-02 17:51:59.000000000 +0200 | |
343 | +++ sudo-1.6.9p3/sudo.man.in 2007-08-04 22:17:59.880865627 +0200 | |
344 | @@ -157,7 +157,8 @@ | |
345 | \&\fBsudo\fR \fB\-h\fR | \fB\-K\fR | \fB\-k\fR | \fB\-L\fR | \fB\-l\fR | \fB\-V\fR | \fB\-v\fR | |
8620b293 | 346 | .PP |
dc214b6e JB |
347 | \&\fBsudo\fR [\fB\-bEHPS\fR] [\fB\-a\fR\ \fIauth_type\fR] |
348 | -[\fB\-c\fR\ \fIclass\fR|\fI\-\fR] [\fB\-p\fR\ \fIprompt\fR] [\fB\-u\fR\ \fIusername\fR|\fI#uid\fR] | |
349 | +[\fB\-c\fR\ \fIclass\fR|\fI\-\fR] [\fB\-r\fR \fIrole\fR ] [\fB\-t\fR \fItype\fR ] | |
350 | +[\fB\-p\fR\ \fIprompt\fR] [\fB\-u\fR\ \fIusername\fR|\fI#uid\fR] | |
351 | [\fB\s-1VAR\s0\fR=\fIvalue\fR] {\fB\-i\fR\ |\ \fB\-s\fR\ |\ \fIcommand\fR} | |
8620b293 | 352 | .PP |
dc214b6e JB |
353 | \&\fBsudoedit\fR [\fB\-S\fR] [\fB\-a\fR\ \fIauth_type\fR] [\fB\-c\fR\ \fIclass\fR|\fI\-\fR] |
354 | @@ -354,6 +355,16 @@ | |
355 | .RE | |
356 | .RS 4 | |
357 | .RE | |
5cb05c03 AM |
358 | +.IP "\-r" 4 |
359 | +.IX Item "-r" | |
360 | +The \fB\-r\fR (\fRrole\fR) option causes the new (SELinux) security context to have the role specified by | |
361 | +\fIROLE\fR. | |
362 | +.IP "\-t" 4 | |
363 | +.IX Item "-t" | |
364 | +The \fB\-t\fR (\fRtype\fR) option causes the new (SELinux) security context to have the have the type (domain) | |
365 | +specified by | |
366 | +\fITYPE\fR. | |
367 | +If no type is specified, the default type is derived from the specified role. | |
368 | .IP "\-S" 4 | |
369 | .IX Item "-S" | |
370 | The \fB\-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from | |
dc214b6e JB |
371 | --- sudo-1.6.9p3/Makefile.in.orig 2007-08-02 17:51:59.000000000 +0200 |
372 | +++ sudo-1.6.9p3/Makefile.in 2007-08-04 22:18:17.657878682 +0200 | |
8620b293 JB |
373 | @@ -43,7 +43,8 @@ |
374 | # Libraries | |
375 | LIBS = @LIBS@ | |
376 | NET_LIBS = @NET_LIBS@ | |
377 | -SUDO_LIBS = @SUDO_LIBS@ @AFS_LIBS@ $(LIBS) $(NET_LIBS) | |
378 | +SELINUX_LIBS = -lselinux | |
379 | +SUDO_LIBS = @SUDO_LIBS@ @AFS_LIBS@ $(LIBS) $(NET_LIBS) $(SELINUX_LIBS) | |
380 | ||
381 | # C preprocessor flags | |
382 | CPPFLAGS = -I. -I$(srcdir) @CPPFLAGS@ | |
383 | @@ -90,7 +91,7 @@ | |
384 | sudoers_mode = @SUDOERS_MODE@ | |
385 | ||
386 | # Pass in paths and uid/gid + OS dependent defined | |
387 | -DEFS = @OSDEFS@ -D_PATH_SUDOERS=\"$(sudoersdir)/sudoers\" -D_PATH_SUDOERS_TMP=\"$(sudoersdir)/sudoers.tmp\" -DSUDOERS_UID=$(sudoers_uid) -DSUDOERS_GID=$(sudoers_gid) -DSUDOERS_MODE=$(sudoers_mode) | |
388 | +DEFS = @OSDEFS@ -D_PATH_SUDOERS=\"$(sudoersdir)/sudoers\" -D_PATH_SUDOERS_TMP=\"$(sudoersdir)/sudoers.tmp\" -DSUDOERS_UID=$(sudoers_uid) -DSUDOERS_GID=$(sudoers_gid) -DSUDOERS_MODE=$(sudoers_mode) -DWITH_SELINUX | |
389 | ||
390 | #### End of system configuration section. #### | |
391 | ||
392 | @@ -104,7 +105,7 @@ | |
dc214b6e JB |
393 | logging.c memrchr.c mkstemp.c parse.c parse.lex parse.yacc set_perms.c \ |
394 | sigaction.c snprintf.c strcasecmp.c strerror.c strlcat.c strlcpy.c \ | |
395 | sudo.c sudo_noexec.c sudo.tab.c sudo_edit.c testsudoers.c tgetpass.c \ | |
396 | - utimes.c visudo.c zero_bytes.c $(AUTH_SRCS) | |
397 | + utimes.c visudo.c zero_bytes.c $(AUTH_SRCS) sesh.c | |
8620b293 JB |
398 | |
399 | AUTH_SRCS = auth/afs.c auth/aix_auth.c auth/bsdauth.c auth/dce.c auth/fwtk.c \ | |
400 | auth/kerb4.c auth/kerb5.c auth/pam.c auth/passwd.c auth/rfc1938.c \ | |
401 | @@ -126,6 +127,8 @@ | |
402 | ||
dd44b34a | 403 | VISUDOBJS = visudo.o fileops.o gettime.o goodpath.o find_path.o $(PARSEOBJS) |
8620b293 JB |
404 | |
405 | +SESH_OBJS = sesh.o | |
406 | + | |
407 | TESTOBJS = interfaces.o testsudoers.o $(PARSEOBJS) | |
408 | ||
409 | LIBOBJS = @LIBOBJS@ @ALLOCA@ | |
dc214b6e | 410 | @@ -146,7 +149,7 @@ |
8620b293 JB |
411 | BINFILES= BUGS CHANGES HISTORY LICENSE README TODO TROUBLESHOOTING \ |
412 | UPGRADE install-sh mkinstalldirs sample.syslog.conf sample.sudoers \ | |
413 | sudo sudo.cat sudo.man sudo.pod sudoers sudoers.cat sudoers.man \ | |
414 | - sudoers.pod visudo visudo.cat visudo.man visudo.pod | |
415 | + sudoers.pod visudo visudo.cat visudo.man visudo.pod sesh | |
416 | ||
dd44b34a | 417 | BINSPECIAL= INSTALL.binary Makefile.binary libtool |
8620b293 | 418 | |
dc214b6e | 419 | @@ -178,6 +181,9 @@ |
8620b293 JB |
420 | visudo: $(VISUDOBJS) $(LIBOBJS) |
421 | $(CC) -o $@ $(VISUDOBJS) $(LIBOBJS) $(LDFLAGS) $(LIBS) $(NET_LIBS) | |
422 | ||
423 | +sesh: $(SESH_OBJS) | |
424 | + $(CC) -o $@ $(SESH_OBJS) $(LDFLAGS) $(LIBS) | |
425 | + | |
426 | testsudoers: $(TESTOBJS) $(LIBOBJS) | |
427 | $(CC) -o $@ $(TESTOBJS) $(LIBOBJS) $(LDFLAGS) $(LIBS) $(NET_LIBS) | |
428 | ||
dc214b6e | 429 | @@ -219,6 +225,7 @@ |
8620b293 JB |
430 | set_perms.o: set_perms.c $(SUDODEP) |
431 | tgetpass.o: tgetpass.c $(SUDODEP) | |
432 | visudo.o: visudo.c $(SUDODEP) version.h | |
433 | +sesh.o: sesh.c | |
434 | sudo.o: sudo.c $(SUDODEP) interfaces.h version.h | |
435 | interfaces.o: interfaces.c $(SUDODEP) interfaces.h | |
436 | testsudoers.o: testsudoers.c $(SUDODEP) parse.h interfaces.h | |
dc214b6e | 437 | @@ -314,6 +321,7 @@ |
dd44b34a | 438 | ln $(DESTDIR)$(sudodir)/sudo $(DESTDIR)$(sudodir)/sudoedit |
5cb05c03 | 439 | |
8620b293 JB |
440 | $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s visudo $(DESTDIR)$(visudodir)/visudo |
441 | + $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s sesh $(DESTDIR)$(visudodir)/sesh | |
5cb05c03 | 442 | |
8620b293 JB |
443 | install-noexec: sudo_noexec.la |
444 | $(LIBTOOL) --mode=install $(INSTALL) sudo_noexec.la $(DESTDIR)$(noexecdir) |