Revert "Revert "Implement support for NOEXEC (#1073)""

This reverts commit 58c2df5.

Author: bjorn3

Cargo.toml

@@ -29,7 +29,7 @@ name = "visudo"
 path = "bin/visudo.rs"
 
 [dependencies]
-libc = "0.2.149"
+libc = "0.2.152"
 glob = "0.3.0"
 log = { version = "0.4.11", features = ["std"] }
 

src/common/context.rs

@@ -31,6 +31,7 @@ pub struct Context {
     pub process: Process,
     // policy
     pub use_pty: bool,
+    pub noexec: bool,
 }
 
 #[derive(Clone, Copy, Debug, Default, PartialEq, Eq)]
@@ -93,6 +94,7 @@ impl Context {
             non_interactive: sudo_options.non_interactive,
             process: Process::new(),
             use_pty: true,
+            noexec: false,
         })
     }
 
@@ -117,6 +119,7 @@ impl Context {
             non_interactive: sudo_options.non_interactive,
             process: Process::new(),
             use_pty: true,
+            noexec: false,
         })
     }
 
@@ -161,6 +164,7 @@ impl Context {
             non_interactive: sudo_options.non_interactive,
             process: Process::new(),
             use_pty: true,
+            noexec: false,
         })
     }
 
@@ -179,6 +183,7 @@ impl Context {
             group: &self.target_group,
 
             use_pty: self.use_pty,
+            noexec: self.noexec,
         })
     }
 }

src/defaults/mod.rs

@@ -36,6 +36,7 @@ defaults! {
     env_editor                = true
     rootpw                    = false
     targetpw                  = false
+    noexec                    = false
 
     apparmor_profile          = None (!= None)
     passwd_tries              = 3 [0..=1000]

src/exec/mod.rs

@@ -1,6 +1,8 @@
 mod event;
 mod io_util;
 mod no_pty;
+#[cfg(target_os = "linux")]
+mod noexec;
 mod use_pty;
 
 use std::{
@@ -24,7 +26,9 @@ use crate::{
         signal::{consts::*, signal_name},
         wait::{Wait, WaitError, WaitOptions},
     },
-    system::{kill, set_target_user, signal::SignalNumber, term::UserTerm, Group, User},
+    system::{
+        kill, set_target_user, signal::SignalNumber, term::UserTerm, FileCloser, Group, User,
+    },
 };
 
 use self::{
@@ -43,6 +47,7 @@ pub struct RunOptions<'a> {
     pub group: &'a Group,
 
     pub use_pty: bool,
+    pub noexec: bool,
 }
 
 /// Based on `ogsudo`s `exec_pty` function.
@@ -53,6 +58,8 @@ pub fn run_command(
     options: RunOptions<'_>,
     env: impl IntoIterator<Item = (impl AsRef<OsStr>, impl AsRef<OsStr>)>,
 ) -> io::Result<ExitReason> {
+    let mut file_closer = FileCloser::new();
+
     // FIXME: should we pipe the stdio streams?
     let qualified_path = options.command;
     let mut command = Command::new(qualified_path);
@@ -74,6 +81,16 @@ pub fn run_command(
         command.arg0(OsStr::from_bytes(&process_name));
     }
 
+    if options.noexec {
+        #[cfg(target_os = "linux")]
+        noexec::add_noexec_filter(&mut command, &mut file_closer);
+
+        #[cfg(not(target_os = "linux"))]
+        return Err(io::Error::other(
+            "NOEXEC is currently only supported on Linux",
+        ));
+    }
+
     // Decide if the pwd should be changed. `--chdir` takes precedence over `-i`.
     let path = options
         .chdir
@@ -108,14 +125,14 @@ pub fn run_command(
 
     if options.use_pty {
         match UserTerm::open() {
-            Ok(user_tty) => exec_pty(sudo_pid, command, user_tty),
+            Ok(user_tty) => exec_pty(sudo_pid, file_closer, command, user_tty),
             Err(err) => {
                 dev_info!("Could not open user's terminal, not allocating a pty: {err}");
-                exec_no_pty(sudo_pid, command)
+                exec_no_pty(sudo_pid, file_closer, command)
             }
         }
     } else {
-        exec_no_pty(sudo_pid, command)
+        exec_no_pty(sudo_pid, file_closer, command)
     }
 }
 

src/exec/no_pty.rs

@@ -26,7 +26,11 @@ use crate::{
     },
 };
 
-pub(super) fn exec_no_pty(sudo_pid: ProcessId, mut command: Command) -> io::Result<ExitReason> {
+pub(super) fn exec_no_pty(
+    sudo_pid: ProcessId,
+    mut file_closer: FileCloser,
+    mut command: Command,
+) -> io::Result<ExitReason> {
     // FIXME (ogsudo): Initialize the policy plugin's session here.
 
     // Block all the signals until we are done setting up the signal handlers so we don't miss
@@ -39,8 +43,6 @@ pub(super) fn exec_no_pty(sudo_pid: ProcessId, mut command: Command) -> io::Resu
         }
     };
 
-    let mut file_closer = FileCloser::new();
-
     // FIXME (ogsudo): Some extra config happens here if selinux is available.
 
     // Use a pipe to get the IO error if `exec` fails.