File sudo-1.8.10p3-CVE-2016-7032.patch of Package sudo.5652

# HG changeset patch
# User Todd C. Miller <Todd.Miller@courtesan.com>
# Date 1443474600 21600
# Node ID 58a5c06b5257991a3dbbde25cb2e9852f42a7014
# Parent  22fb750d92a9bad071720e31d577e97bbce18ed8
Also interpose system(3).  On glibc systems you cannot interpose
the syscalls used internally by libc.

Index: sudo-1.8.10p3/src/sudo_noexec.c
===================================================================
--- sudo-1.8.10p3.orig/src/sudo_noexec.c
+++ sudo-1.8.10p3/src/sudo_noexec.c
@@ -20,6 +20,8 @@
 
 #include <errno.h>
 #include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */
@@ -63,6 +65,12 @@ typedef struct interpose_s {
     return -1;					\
 }
 
+#define DUMMY1(fn, t1)				\
+__dso_public int				\
+FN_NAME(fn)(t1 a1)				\
+DUMMY_BODY					\
+INTERPOSE(fn)
+
 #define DUMMY2(fn, t1, t2)			\
 __dso_public int				\
 FN_NAME(fn)(t1 a1, t2 a2)			\
@@ -96,6 +104,7 @@ DUMMY_VA(execlp, const char *, const cha
 DUMMY2(execv, const char *, char * const *)
 DUMMY2(execvp, const char *, char * const *)
 DUMMY3(execve, const char *, char * const *, char * const *)
+DUMMY1(system, const char *)
 
 /*
  * Private versions of the above.
@@ -202,3 +211,12 @@ DUMMY6(_posix_spawnp, pid_t *, const cha
 #ifdef HAVE_POSIX___SPAWNP
 DUMMY6(__posix_spawnp, pid_t *, const char *, const posix_spawn_file_actions_t *, const posix_spawnattr_t *, char * const *, char * const *)
 #endif
+
+/* popen(3) returns FILE *, not int so we can't use a wrapper. */
+__dso_public FILE *
+FN_NAME(popen)(const char *c, const char *t)
+{
+    errno = EACCES;
+    return NULL;
+}
+INTERPOSE(popen)