> Real "sudo" has "noexec" which (mostly) prevents issues by way of .so injection to override libc exec() functions
LD_PRELOAD hacks are ugly though.. seccomp filter would be nicer, but apparently you can't really block execve with seccomp. Best thing I found was to ptrace the child, and inject seccomp policies after startup. That is not exactly pretty either, but what other options are there that would also work with static executables?
This whole lkml thread is bit depressing, not because the responses are wrong or bad, but because of the hodge-podge nature of unix prevents any easy solutions to fairly reasonable feature request https://lore.kernel.org/all/202010281500.855B950FE@keescook/...
LD_PRELOAD hacks are ugly though.. seccomp filter would be nicer, but apparently you can't really block execve with seccomp. Best thing I found was to ptrace the child, and inject seccomp policies after startup. That is not exactly pretty either, but what other options are there that would also work with static executables?
This whole lkml thread is bit depressing, not because the responses are wrong or bad, but because of the hodge-podge nature of unix prevents any easy solutions to fairly reasonable feature request https://lore.kernel.org/all/202010281500.855B950FE@keescook/...