isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Hard-code usage() and help() for an 80-column terminal.

Browse Source 
Trying to tailor the help and usage output to the terminal width
is simply not worth it and could be abused to mark a socket as
"trusted" on Linux if there are additional kernel bugs like
CVE-2023-2002.
This commit is contained in:
Todd C. Miller
2023-04-18 07:33:12 -06:00
parent 65c0b5a089
commit b24af7b3e6
2 changed files with 75 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
src/parse_args.c
View File

@@ -695,56 +695,31 @@ parse_args(int argc, char **argv, const char *shell, int *old_optind,
debug_return_int(mode | flags);
}
static int
usage_err(const char *buf)
{
return fputs(buf, stderr);
}
static int
usage_out(const char *buf)
{
return fputs(buf, stdout);
}
/*
* Display usage message.
* The actual usage strings are in sudo_usage.h for configure substitution.
*/
static void
display_usage(int (*output)(const char *), int cols)
display_usage(FILE *fp)
{
struct sudo_lbuf lbuf;
const char *uvec[6];
int i, ulen;
const char * const **uvecs = sudo_usage;
const char * const *uvec;
int i, indent;
/*
* Use usage vectors appropriate to the progname.
*/
if (strcmp(getprogname(), "sudoedit") == 0) {
uvec[0] = SUDO_USAGE0;
uvec[1] = &SUDO_USAGE5[3]; /* skip the leading "-e " */
uvec[2] = NULL;
} else {
uvec[0] = SUDO_USAGE1;
uvec[1] = SUDO_USAGE2;
uvec[2] = SUDO_USAGE3;
uvec[3] = SUDO_USAGE4;
uvec[4] = SUDO_USAGE5;
uvec[5] = NULL;
}
if (strcmp(getprogname(), "sudoedit") == 0)
uvecs = sudoedit_usage;
/*
* Print usage and wrap lines as needed, depending on the
* tty width.
*/
ulen = (int)strlen(getprogname()) + 8;
sudo_lbuf_init(&lbuf, output, ulen, NULL, cols);
for (i = 0; uvec[i] != NULL; i++) {
sudo_lbuf_append(&lbuf, "usage: %s%s", getprogname(), uvec[i]);
sudo_lbuf_print(&lbuf);
indent = strlen(getprogname()) + 8;
while ((uvec = *uvecs) != NULL) {
(void)fprintf(fp, "usage: %s %s\n", getprogname(), uvec[0]);
for (i = 1; uvec[i] != NULL; i++) {
(void)fprintf(fp, "%*s%s\n", indent, "", uvec[i]);
}
uvecs++;
}
sudo_lbuf_destroy(&lbuf);
}
/*
@@ -753,10 +728,7 @@ display_usage(int (*output)(const char *), int cols)
void
usage(void)
{
int rows, cols;
sudo_get_ttysize(STDERR_FILENO, &rows, &cols);
display_usage(usage_err, cols);
display_usage(stderr);
exit(EXIT_FAILURE);
}
@@ -786,6 +758,12 @@ usage_excl_ticket(void)
usage();
}
static int
help_out(const char *buf)
{
return fputs(buf, stdout);
}
static void
help(void)
{
@@ -793,21 +771,17 @@ help(void)
const int indent = 32;
const char *pname = getprogname();
bool sudoedit = false;
int rows, cols;
debug_decl(help, SUDO_DEBUG_ARGS);
sudo_get_ttysize(STDOUT_FILENO, &rows, &cols);
sudo_lbuf_init(&lbuf, usage_out, indent, NULL, cols);
if (strcmp(pname, "sudoedit") == 0) {
sudoedit = true;
sudo_lbuf_append(&lbuf, _("%s - edit files as another user\n\n"), pname);
(void)printf(_("%s - edit files as another user\n\n"), pname);
} else {
sudo_lbuf_append(&lbuf, _("%s - execute a command as another user\n\n"), pname);
(void)printf(_("%s - execute a command as another user\n\n"), pname);
}
sudo_lbuf_print(&lbuf);
display_usage(usage_out, cols);
display_usage(stdout);
sudo_lbuf_init(&lbuf, help_out, indent, NULL, 80);
sudo_lbuf_append(&lbuf, "%s", _("\nOptions:\n"));
sudo_lbuf_append(&lbuf, " -A, --askpass %s\n",
_("use a helper program for password prompting"));

58
src/sudo_usage.h.in
View File

@@ -1,7 +1,7 @@
/*
* SPDX-License-Identifier: ISC
*
* Copyright (c) 2007-2010, 2013, 2015, 2017, 2020-2022
* Copyright (c) 2007-2010, 2013, 2015, 2017, 2020-2023
* Todd C. Miller <Todd.Miller@sudo.ws>
*
* Permission to use, copy, modify, and distribute this software for any
@@ -24,11 +24,55 @@
* Usage strings for sudo. These are here because we
* need to be able to substitute values from configure.
*/
#define SUDO_USAGE0 " -h | -V"
#define SUDO_USAGE1 " -h | -K | -k | -V"
#define SUDO_USAGE2 " -v [-ABkNnS] @BSDAUTH_USAGE@[-g group] [-h host] [-p prompt] [-u user]"
#define SUDO_USAGE3 " -l [-ABkNnS] @BSDAUTH_USAGE@[-g group] [-h host] [-p prompt] [-U user] [-u user] [command [arg ...]]"
#define SUDO_USAGE4 " [-ABbEHkNnPS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C num] [-D directory] @LOGINCAP_USAGE@[-g group] [-h host] [-p prompt] [-R directory] [-T timeout] [-u user] [VAR=value] [-i | -s] [command [arg ...]]"
#define SUDO_USAGE5 " -e [-ABkNnS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C num] @LOGINCAP_USAGE@[-D directory] [-g group] [-h host] [-p prompt] [-R directory] [-T timeout] [-u user] file ..."
static const char *sudo_usage1[] = {
"-h | -K | -k | -V",
NULL
};
static const char *sudo_usage2[] = {
"-v [-ABkNnS] @BSDAUTH_USAGE@[-g group] [-h host] [-p prompt] [-u user]",
NULL
};
static const char *sudo_usage3[] = {
"-l [-ABkNnS] @BSDAUTH_USAGE@[-g group] [-h host] [-p prompt] [-U user]",
"[-u user] [command [arg ...]]",
NULL
};
static const char *sudo_usage4[] = {
"[-ABbEHkNnPS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C num] @LOGINCAP_USAGE@[-D directory]",
"[-g group] [-h host] [-p prompt] [-R directory] [-T timeout]",
"[-u user] [VAR=value] [-i | -s] [command [arg ...]]",
NULL
};
static const char *sudo_usage5[] = {
"-e [-ABkNnS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C num] @LOGINCAP_USAGE@[-D directory]",
"[-g group] [-h host] [-p prompt] [-R directory] [-T timeout]",
"[-u user] file ...",
NULL
};
static const char * const *sudo_usage[] = {
sudo_usage1,
sudo_usage2,
sudo_usage3,
sudo_usage4,
sudo_usage5,
NULL
};
static const char *sudoedit_usage1[] = {
"-h | -V",
NULL
};
static const char *sudoedit_usage2[] = {
/* Same as sudo_usage5 but no -e flag. */
"[-ABkNnS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C num] @LOGINCAP_USAGE@[-D directory]",
"[-g group] [-h host] [-p prompt] [-R directory] [-T timeout]",
"[-u user] file ...",
NULL
};
static const char * const *sudoedit_usage[] = {
sudoedit_usage1,
sudoedit_usage2,
NULL
};
#endif /* SUDO_USAGE_H */