isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,690 Commits 1 Branch 0 Tags
00b4732c9d0e78ae1140b5cc7ca258bbdce8135a
Commit Graph

8690 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
00b4732c9d Add some casts to quiet gcc warnings on Solaris and remove a 
now-useless debug printf.
 2017-03-03 11:20:56 -07:00
Todd C. Miller
a788144094 change debug info when suspending sudo 2017-03-03 11:20:25 -07:00
Todd C. Miller
6dba84dca9 Reorganize the command execution code to separate out the pty and 
non-pty code paths into their own event loops.  The non-pty exec
code is now contained in exec_nopty.c and the pty exec code is split
between exec_pty.c (parent process) and exec_monitor.c (session leader).
This results in a small bit of duplicated code but improves readability.
Some of the duplicated code will fall out in future changes to the
event subsystem (the signal pipe).
 2017-03-03 10:35:11 -07:00
Todd C. Miller
4b1f0c4176 Remove support for the TIOCGSIZE ioctl. Systems that use this 
rather than TIOCGWINSZ are too old for sudo to build on anyway.
 2017-02-26 16:41:25 -07:00
Todd C. Miller
13fcdb4f5f Set the child pid to -1 after we've waited for it and take care to 
avoid killing pid -1.  This makes it a bit more explicit and removes
the need for a separate variable to track the child's status.
Sudo already stops processing signals after it receives SIGCHLD so
it is not vulnerable to CVE-2017-2616.
 2017-02-24 15:14:56 -07:00
Todd C. Miller
05e52c7b82 Update the description of strict mode to current reality. Aliases 
haven't needed to be defined before they are used since sudo 1.7.
 2017-02-22 14:13:07 -07:00
Todd C. Miller
daa728fd88 Go back to using a Warning/Error prefix in the message printed to 
stderr for alias problems.  Requested by Tomas Sykora.
 2017-02-22 06:38:33 -07:00
Todd C. Miller
143620bb25 fix copyright years 2017-02-21 09:03:57 -07:00
Todd C. Miller
b9954fb9b9 Add support for using the message digest functions in libgcrypt 
instead of sudo's own SHA2 implementation.
 2017-02-20 16:44:12 -07:00
Todd C. Miller
199a594f43 Add support for using the message digest functions in OpenSSL instead 
of sudo's own SHA2 implementation.
 2017-02-20 16:44:12 -07:00
Todd C. Miller
b5e7b7bd2c Move the file digest code out of match.c and into filedigest.c. 
Inspired by RedHat changes that used libgcrypt.
Also add digest_type_to_name() to map a sudo digest type (int)
to a name (string) and use it.
 2017-02-20 16:44:12 -07:00
Todd C. Miller
00b76afe46 Check for gmtime() or localtime() returning NULL and just use a 
zero offset in that case.  Should not be possible.
 2017-02-20 16:44:02 -07:00
Todd C. Miller
b3fdb26c41 Add support for ROLE, TYPE, PRIVS, LIMITPRIVS, TIMEOUT, NOTBEFORE 
and NOTAFTER.
 2017-02-18 16:44:56 -07:00
Todd C. Miller
fd40d88ba7 strftime() was in C89 so use it unconditionally. 2017-02-18 16:23:40 -07:00
Todd C. Miller
e5dee1557e Add NOTBEFORE and NOTAFTER command options similar to what is 
already available in LDAP.
 2017-02-18 15:35:48 -07:00
Todd C. Miller
3b19d05fe9 regen 2017-02-16 10:28:13 -07:00
Todd C. Miller
31540e6228 Bump version to 1.11 for timeout entry in settings[] 2017-02-16 10:28:08 -07:00
Todd C. Miller
b030c96a86 regen 2017-02-16 10:13:48 -07:00
Todd C. Miller
c86a6a23ad Add a command line option to specify the command timeout, as long 
as sudoers does not specify a shorter time limit.
 2017-02-16 09:58:18 -07:00
Todd C. Miller
9b0622b58f Better error message when the timeout value does not parse. 2017-02-15 15:13:37 -07:00
Todd C. Miller
8bffd09881 set errno to ERANGE not EOVERFLOW on range error 2017-02-15 10:51:39 -07:00
Todd C. Miller
635f330a43 regen 2017-02-14 16:24:10 -07:00
Todd C. Miller
e5266f9eba Only inhibit ASAN leak detector for tests that result in a parse 
error.  The parser cannot currently clean up completely on error.
 2017-02-14 15:56:34 -07:00
Todd C. Miller
0f3f4e028a Plug some memory leaks found by ASAN. 2017-02-14 15:56:34 -07:00
Todd C. Miller
e954facb9d List SELinux role/type for "sudo -l" with LDAP and SSSd backends. 
Also fix printing of the timeout.
 2017-02-14 15:56:34 -07:00
Todd C. Miller
d7f7cf7a79 Only inherit SELinux role/type and Solaris privilege sets if 
the command does not include any.  Previously, a command with
only a role would inherit a type from the previous command
which is not what was intended.
 2017-02-14 15:56:34 -07:00
Todd C. Miller
24cdbb8de1 Split out tags again so they must precede the command and not allow 
them to be mixed in with options.
 2017-02-14 15:56:34 -07:00
Todd C. Miller
3980f1531b Add support for command timeouts in sudoers. After the timeout, 
the command will be terminated.
 2017-02-14 15:56:34 -07:00
Todd C. Miller
4f9dcd7264 Merge command tags, SELinux type/role and Solaris privs settings 
into "command options".  This relaxes the order of things so tags
and other options can be interspersed.
 2017-02-14 15:56:34 -07:00
Todd C. Miller
fb419ba066 supress cppcheck memory leak false positive 2017-02-14 14:38:31 -07:00
Todd C. Miller
47b82acd78 fix typo that prevented compilation on FreeBSD 2017-02-14 13:19:45 -07:00
Todd C. Miller
4dad181be3 Link vsyslog.lo directly into vsyslog_test to make sure the syslog() 
stub gets called.  Otherwise, the real syslog will get called via
libutil on AIX.
 2017-02-13 20:33:42 -07:00
Todd C. Miller
f59327bc5c Fix final test with a format > 2048 bytes. 
Keep track of tests run in the syslog() stub so we can
detect if the stub is not being called.
 2017-02-13 20:30:45 -07:00
Todd C. Miller
6263cc55a5 avoid redefining the MIN macro 2017-02-13 15:03:57 -07:00
Todd C. Miller
09438e5b42 Include parse.h in timestr.c which is where function prototype lives. 2017-02-13 13:44:11 -07:00
Todd C. Miller
359cacc40f Fix for including a sudoers file that begins with the letter 'i'. 
The hack to determine whether we are parsing an include or includedir
is no longer safe now that relative include paths are permitted.
Bug #776.
 2017-02-13 13:38:24 -07:00
Todd C. Miller
8c1da9b69e Display the value of syslog_maxlen in sudo -V output. 2017-02-10 15:08:44 -07:00
Todd C. Miller
3742f7a46e Add ignore_unknown_defaults flag to ignore unknown Defaults entries 
in sudoers instead of producing a warning.
 2017-02-06 05:41:57 -07:00
Todd C. Miller
ba8f756695 Always set the close-on-exec bit on the fd used to generate the 
digest (i.e. the command to run) on systems that lack fexecve(2).
That way we don't need to explicitly close it using #ifdefs.
 2017-01-27 09:26:51 -07:00
Todd C. Miller
1a8957e30b sync with translationproject.org 2017-01-27 06:27:03 -07:00
Todd C. Miller
ca89a0a914 first updates for 1.8.20 2017-01-27 06:25:55 -07:00
Todd C. Miller
c392e469db sudo 1.8.20 2017-01-27 06:18:42 -07:00
Todd C. Miller
8e3613340c update zlib to version 1.2.11 2017-01-25 15:11:32 -07:00
Todd C. Miller
26b8dc11bf Fix fdexec=never when a digest is present. 2017-01-23 07:43:32 -08:00
Todd C. Miller
413e1100b8 Add new fdexec sudoers setting to allow choose whether execve() or 
fexecve() is used.
 2017-01-22 18:56:16 -08:00
Todd C. Miller
dde2b5eb2c Close execfd in parent processes where it is not needed. 2017-01-22 18:56:13 -08:00
Todd C. Miller
5514ea6851 Add support for digest matching when the command is a glob-style 
pattern or a directory.  For example:

millert ALL = sha224:TmUvLkp3a2txliSC2X6CiK42626qdKsH72m/PQ== /bin/
millert ALL = sha224:TmUvLkp3a2txliSC2X6CiK42626qdKsH72m/PQ== /bin/*

would only match /bin/ls (assuming the digest matches).

Previously, only explicit path matches checked the digest.
 2017-01-21 16:43:46 -07:00
Todd C. Miller
df03020c4c Add support for SASL_MECH in ldap.conf; Bug #764 2017-01-17 11:09:23 -07:00
Todd C. Miller
34ba901baa Fix documentation bug, the contents of env_file have never been 
subject to env_keep or env_check.  However, variables are only added
if they have not already been preserved.
 2017-01-17 10:10:47 -07:00
Todd C. Miller
57933a8ff3 Safer example for rule that can change non-root passwords. GNU 
getopts allows options to follow arguments so we need to be able
to deny things like "passwd root -q".  From Paul "Joey" Clark.
Bug #772
 2017-01-17 08:55:40 -07:00