isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,314 Commits 1 Branch 0 Tags
003f9550f175f0dff7ca437ee59b5c5bc1f4b36c
Commit Graph

11314 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
242e4d070f Fix typo in comment. 2021-09-01 11:07:36 -06:00
Todd C. Miller
4ca5c7d643 Updated translations from translationproject.org 2021-09-01 10:57:26 -06:00
Todd C. Miller
9a690a8984 Switch to a 128-bit token instead of a 64-bit secret. 
Protobuf doesn't have a 128-bit type so use two u64s.
We now support partial reads of the token.
 2021-09-01 10:17:26 -06:00
Todd C. Miller
4bff82cab4 Fix random uuid generation, no need to convert between byte order. 
Also add regression test.
 2021-08-31 19:53:28 -06:00
Todd C. Miller
9137909c7d sudo_intercept.so: send the secret immediately after connecting. 
Sending the secret out of band, before the message size is read,
should make it harder to mount a DoS attack.
 2021-08-31 16:33:54 -06:00
Todd C. Miller
26938012f8 Handle reading large messages that don't fit in a single recv(). 
We know the length of what we are receiving so just loop until
we have it all, get EOF or an error.
 2021-08-31 12:09:05 -06:00
Todd C. Miller
c0630a36c8 Add checks for -fstack-clash-protection and -Wl,-z,noexecstack 
We use -Wc,-fstack-clash-protection as the linker flag to prevent
libtool from removing it from the link line.
 2021-08-31 09:57:11 -06:00
Todd C. Miller
a078bc64bb Make the sudo side of the intercept socket non-blocking. 2021-08-31 07:46:58 -06:00
Todd C. Miller
3c26b92a75 Handle partial read/write by dropping back into the event loop. 2021-08-31 07:36:54 -06:00
Todd C. Miller
33d1b26c6a intercept_check_policy: Fix double free introduced in last commit 
If the command is not accepted we don't rebuild command_info[] and
must not free it.  It will be freed by the policy instead.
 2021-08-31 05:50:52 -06:00
Todd C. Miller
168d5c47c9 Update runcwd in command_info[] before passing it to the audit plugin. 
Since sudoers does rejected commands itself the runcwd will still
not be correct for those.
 2021-08-27 15:58:19 -06:00
Todd C. Miller
22de92b0da Fix LD_PRELOAD formatting when there is an existing LD_PRELOAD var. 2021-08-27 13:19:58 -06:00
Todd C. Miller
75bac8dee9 intercept_check_policy: fix potential NUL dereference on the error path. 2021-08-26 17:29:30 -06:00
Todd C. Miller
ba171724f7 Rename log_children -> log_subcmds 2021-08-26 16:36:41 -06:00
Todd C. Miller
d8d4023335 Updated translations from translationproject.org 2021-08-26 13:17:46 -06:00
Todd C. Miller
dcab17900b Add sudo_debug_register_v2() stub for fuzzing build. 2021-08-26 10:43:15 -06:00
Todd C. Miller
3d8b327c60 Fix use-after-free on error. 
Also remove useless free of a ptr that is always NULL on the error path.
 2021-08-26 10:07:50 -06:00
Todd C. Miller
dc30c842bb No longer need to remap intercept fd but we do need to remap debug fd. 
The intercept fd is closed in the ctor but the debug fd will still be open.
 2021-08-26 09:57:25 -06:00
Todd C. Miller
70aef0eb2d sudo_debug_register: add minfd argument to specify lowest fd number 
Use this in sudo_intercept.so to avoid allocating a low-numbered
fd which the shell reserves for use by scripts.
 2021-08-26 09:57:24 -06:00
Todd C. Miller
d6a71fe32e Fix command name of sub-command in logs when log_children is set. 2021-08-26 09:46:26 -06:00
Todd C. Miller
ec751c63eb log_allowed: pass struct eventlog * instead of argv[] and envp[]. 
This lets us log based on the command_info[] list passed in from
the front-end.  Previously, much of the struct eventlog was constructed
from internal sudoers state instead.
 2021-08-25 17:29:15 -06:00
Todd C. Miller
e199dd8254 sudo_compat.h: include unistd.h on HP-UX to safely redefine pread/pwrite 
HP-UX 11.31 defines static functions for pread() and pwrite() which
will conflict with our macros.
 2021-08-25 16:31:46 -06:00
Todd C. Miller
438a0cf07e Add a state variable to intercept_closure, replaces policy_result. 2021-08-25 14:24:36 -06:00
Todd C. Miller
c465d8971d Change intercept IPC to use a localhost socket instead of inherited fd. 
This allows intercept mode to work with shells that close all open
fds upon startup.  The ctor in sudo_intercept.so requests the port
number and secret over the socket inherited from the parent then
closes it.  For each policy request, a TCP connection is made to
the sudo parent process to perform the policy check.  Child processes
re-use the TCP socket to request the port number and secret just like
the initial process started by sudo does.
 2021-08-25 14:24:36 -06:00
Todd C. Miller
448536e0f7 Fold intercept_closure_reset() into intercept_close(). 2021-08-24 13:00:52 -06:00
Todd C. Miller
0aedc965f8 command_matches: avoid printf("%s") of NULL in debug for sudo ALL. 2021-08-25 13:11:57 -06:00
Todd C. Miller
9980357a73 Merge pull request #111 from commodo/fix-cflags 
lib/util/Makefile.in: use host CFLAGS and CPPFLAGS for mksig{name,list}
 2021-08-25 08:09:00 -06:00
Alexandru Ardelean
a12b15b436 lib: util: Makefile.in: use host CFLAGS and CPPFLAGS for mksig{name,list} 
When cross-build support was added for mkig{name,list} was added, the
CFLAGS and CPPFLAGS should have been updated to the HOSTCFLAGS/HOSTCPPFLAGS
vars.

In a cross-build scenario, some of these flags don't match what the
compiler can understand (because they may be architecture specific) and
may fail the build.

Using the HOSTCFLAGS/HOSTCPPFLAGS works and builds successfully.
Also the output binary works on the target.

This is in continuation of
- https://github.com/sudo-project/sudo/pull/104
- https://github.com/sudo-project/sudo/pull/109

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2021-08-25 15:24:21 +03:00
Todd C. Miller
222d6f94cd Fix typo that caused SUDO_INTERCEPT_FD to overwrite LD_PRELOAD. 2021-08-24 08:51:43 -06:00
Todd C. Miller
1391813443 Fix off-by-one that could result in duplicate SUDO_INTERCEPT_FD vars. 2021-08-24 08:34:14 -06:00
Todd C. Miller
df68f4c8d9 Fix typo in macOS execv change. 2021-08-24 08:09:20 -06:00
Todd C. Miller
98401c0588 Add execv(3) support to sudo_intercept.so. 
This allows intercept to work with csh which uses execv(3) not execve(2).
 2021-08-21 08:44:16 -06:00
Todd C. Miller
02b78c38ed Sync the list of functions trapped by sudo_noexec.so. 2021-08-20 18:41:32 -06:00
Todd C. Miller
1e795b5487 Add a Debug example for sudo_intercept.so 
Don't try to enumerate all the sudo programs that support debugging
since all of them do.
 2021-08-20 16:07:02 -06:00
Todd C. Miller
bb40491c99 Update sudoers Debug example to match the debug changes from sudo 1.8.12. 2021-08-20 15:50:02 -06:00
Todd C. Miller
8ccb7f0096 sudo_intercept.so only intercepts execve(2) for now. 2021-08-20 14:25:49 -06:00
Todd C. Miller
7df245dc91 Fix formatting for bound defaults with multiple entries in the binding. 
The entries in the binding were separated with " ," instead of ", ".
 2021-08-20 14:01:44 -06:00
Todd C. Miller
4ccd966e22 Add exports file for sudo_intercept.so that only exports execve() 2021-08-20 11:49:22 -06:00
Todd C. Miller
dc281f0366 Add some debugging to the sudo_intercept.so. 2021-08-20 11:32:29 -06:00
Todd C. Miller
680fd4a629 Use AC_FUNC_FSEEKO instead of AC_CHECK_FUNCS_ONCE([fseeko]). 
This will define _LARGEFILE_SOURCE, if needed, to make the prototype
visible on older systems.
 2021-08-20 10:59:52 -06:00
Todd C. Miller
ad28b90c4d We still need the pread/pwrite hack for HP-UX 11.11 at least. 
This time around, avoid defining _LARGEFILE64_SOURCE and just declare
pread64/pwrite64 ourselves.
 2021-08-19 19:18:24 -06:00
Todd C. Miller
23e5304b78 Fix prototypes for sudo_pread() and sudo_pwrite(). 2021-08-19 19:05:50 -06:00
Todd C. Miller
5d3ab032f2 intercept_fd_cb: store the passed fd in newfd, not fd 
only affects the old BSD-style fd passing code, not POSIX-style.
 2021-08-19 13:10:44 -06:00
Todd C. Miller
d333f484ec Fix mksiglist and mksigname dependencies. 2021-08-19 10:30:02 -06:00
Todd C. Miller
52e7594ae5 set-user-ID and set-group-ID not set user-ID and set group-ID. 2021-08-19 09:59:32 -06:00
Todd C. Miller
09f160779b The fix for bug #989 will make sudo 1.9.8. 
Also mention intercept_authenticate and intercept_allow_setid.
 2021-08-19 09:54:18 -06:00
Todd C. Miller
90aee138ba regen 2021-08-19 09:51:23 -06:00
Todd C. Miller
bb5843055e Replace messages like "unknown foo: %s" with "unknown foo %s". 
The colon really doesn't belong there; we generally use a colon to
separate a message from the warning detail.
 2021-08-19 09:44:11 -06:00
Todd C. Miller
b40f74cb24 Cross-build support for mksigname and mksiglist 
We must build these with the host C compiler but use the target
preprocessor to generate the output.
 2021-08-19 09:50:05 -06:00
a1346054
bf7d20b482 Minor cleanup (#110) 
* fix trivial shell script issues
* remove trailing whitespace
 2021-08-19 09:48:01 -06:00