isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,939 Commits 1 Branch 0 Tags
096eacb21c5cd3f789f69d77e0ee68987c63b41c
Commit Graph

11939 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
096eacb21c If AUTOCONF_VERSION is unset, use version 2.71 not 2.69. 2022-11-16 10:11:21 -07:00
Todd C. Miller
bef72f76f6 Add -Wvla and -Walloca to --enable-warnings 2022-11-15 11:05:42 -07:00
Todd C. Miller
3ecfa025b8 sudo_debug_group_list: short-circuit if groups is NULL 2022-11-11 11:05:12 -07:00
Todd C. Miller
3cfba230c5 configure: only check for getauxval() if getentropy() is missing. 2022-11-11 11:04:58 -07:00
Todd C. Miller
28dbad3342 Remove checks for random() and lrand48(), they are no longer used. 
Also remove duplicate checks for arc4random() and getentropy().
 2022-11-11 09:37:49 -07:00
Todd C. Miller
3d0fcc0ff2 Skip check for cpp variadic macro support if the compiler supports C99. 2022-11-11 09:09:31 -07:00
Todd C. Miller
6b005e8114 HI-UX/MPP is based on OSF-1, not HP-UX 
Completely untested.
 2022-11-11 08:45:58 -07:00
Todd C. Miller
a142bc1830 Only check for utmps.h on HP-UX. 2022-11-11 08:32:41 -07:00
Todd C. Miller
a3684d7f3b Only check for sys/syscall.h on Linux. 
We only use it in the Linux-specific getentropy() emulation code.
 2022-11-11 08:11:26 -07:00
Todd C. Miller
feba299f22 configure: avoid running unnecessary tests on modern systems. 
Remove AC_SYS_POSIX_TERMIOS, AC_TYPE_MODE_T, AC_TYPE_UID_T.
Add missing checks for int16_t, uint16_t, int32_t, and int64_t.
Only check for intmax_t, uintmax_t and bit-width types if missing
both inttypes.h and stdint.h.
Remove unused clockid_t replacement.
 2022-11-11 07:05:26 -07:00
Todd C. Miller
b8e9fc1b12 Add a regress check for the cvtsudoers filter crash. 
GitHub issue #198.
 2022-11-11 07:05:24 -07:00
Todd C. Miller
264326de57 Fix a potential use-after-free bug with cvtsudoers filtering. 
In role_to_sudoers() when merging a privilege to the previous one
where the runas lists are the same we need to re-use the runas lists
of the last command in the previous privilege, not the first.
Otherwise, the check in free_cmndspec() will not notice the re-used
runas lists.  Reported/analyzed by Sohom Datta.  GitHub issue #198.
 2022-11-10 14:55:56 -07:00
Todd C. Miller
5683fc6f7a The name of the C locale w/ UTF-8 support is not always C.UTF-8. 
Use a pattern to find it (if present) and use that value instead
of hard-coding C.UTF-8.  This works around a leak sanitizer crash
on certain inputs.
 2022-11-11 07:05:21 -07:00
Todd C. Miller
75008a0570 Copy some LDIF test data from the cvtsudoers tests to the seed corpus. 
This includes a test to exercise the fix in PR #196.
 2022-11-10 09:54:59 -07:00
Todd C. Miller
455f250ac5 Set LDAP base for sudoers_parse_ldif(). 
Without this set the fuzzer will not exercise the dn parsing.
 2022-11-10 09:34:44 -07:00
Todd C. Miller
82150340a6 Include linux/elf.h, not elf.h to make sure we get NT_ARM_SYSTEM_CALL. 
The NT_PRSTATUS define is present in both files.
 2022-11-10 08:08:09 -07:00
Todd C. Miller
3e8497b5ce Remove CMSG_* compatibility macros, they are no longer used. 2022-11-09 15:24:28 -07:00
Todd C. Miller
ecb5526fc8 Add missing include of sys/stat.h 2022-11-09 14:48:38 -07:00
Todd C. Miller
8b06bdc121 Move forward declaration of struct stat before its first use. 2022-11-09 14:02:13 -07:00
Todd C. Miller
0b1335f54e Use a consistent base when testing cvtsudoers conversion from ldif. 2022-11-09 13:00:48 -07:00
Todd C. Miller
8b898b2ca2 Test parsing LDIF when a backslash is the last char of the file. 
If run with address sanitizer, this test will crash when the fix
in ceaf706ab74b is reverted.
 2022-11-09 12:58:41 -07:00
Todd C. Miller
685150586d Merge pull request #196 from sohomdatta1/main 
Prevent cvtsudoers from reading into undefined memory
 2022-11-09 11:51:33 -07:00
Sohom
902271f441 [cvtsudoers]: Prevent sudo from reading into undefined memory 2022-11-09 23:46:39 +05:30
Todd C. Miller
9f948224ac sudo_passwd_verify: zero out des_pass before returning. 2022-11-08 13:17:11 -07:00
Todd C. Miller
045d08bec9 Pass sudo's process ID to suspend_sudo_nopty() since we already know it. 
Saves an unnecessary getpid(2) call.
 2022-11-07 14:51:43 -07:00
Todd C. Miller
f87fac3b55 Don't kill the parent process group on suspend if it is not sudo's pid. 
If sudo is not the process group leader we must only send the suspend
signal to sudo itself.  When sudo is run via a shell script, it
usually has the same process group as the shell script interpreter.
We do not want to suspend the script itself when the command run
by sudo is suspended.
 2022-11-07 14:51:43 -07:00
Todd C. Miller
bbe4fbaaae Call terminate_command() with use_pgrp = false when not running in a pty. 
When sudo runs a command in the user's existing terminal the command
is run in the same process group as sudo itself.  The proper way
to terminate it is to use kill(2), not killpg(3)
 2022-11-07 14:51:42 -07:00
Todd C. Miller
36742deec3 Fix handling of signal forwarding when running commands in a script. 
We need to forward signals from a process in the same pgrp if the
pgrp leader is not either sudo or the command itself.
 2022-11-07 14:51:41 -07:00
Todd C. Miller
c7071f6da0 Make test_ptrace compile again after recent changes. 2022-11-07 14:51:39 -07:00
Todd C. Miller
8db1eb0c8b Update the cwd for log_subcmds too. 
Fixes a problem for intercept_method=trace when running a relative
command from a different directory than what sudo ws started from.
GitHub issue #194
 2022-11-07 12:14:15 -07:00
Todd C. Miller
3df1e9a073 sudo 1.9.12p1 2022-11-04 14:19:27 -06:00
Todd C. Miller
7ba3184708 Include time.h for struct timespec used by sudo_iolog.h. 2022-11-03 14:39:33 -06:00
Todd C. Miller
b2c8e1b1b9 Display sudo_mode in hex in debug log. 
This makes it easier to match against the MODE_ defines.
 2022-11-03 12:03:08 -06:00
Todd C. Miller
7ec1ee0e5c bsdauth_verify: do not write to prompt, it is now const 2022-11-01 09:33:19 -06:00
Todd C. Miller
d242261dd4 Store raw sudoers lines in the debug log. 
Also add a "sudoerslex" prefix to the token debug info in
sudoers_trace_print().
 2022-11-01 09:32:14 -06:00
Todd C. Miller
966731311d The line numbers in sudoers_trace_print() were off by one. 
The line counter is incremented when a newline is seen so the output
actually refers to the previous line.
 2022-10-31 10:21:39 -06:00
Todd C. Miller
4da22b101e Make the second arg to the sudo auth verify function const. 
This may be either a plaintext password or a password prompt.
Either way it should not be modified by the verify function.
 2022-10-31 09:11:32 -06:00
Todd C. Miller
bd209b9f16 Fix CVE-2022-43995, potential heap overflow for passwords < 8 characters. 
Starting with sudo 1.8.0 the plaintext password buffer is dynamically
sized so it is not safe to assume that it is at least 9 bytes in size.
Found by Hugo Lefeuvre (University of Manchester) with ConfFuzz.
 2022-10-28 07:29:55 -06:00
Todd C. Miller
c78e78dc5e Move debugging info from hostname_matches() to host_matches(). 2022-10-29 11:39:05 -06:00
Todd C. Miller
6a3fb3fd73 Add debugging to sudo_set_grlist() and sudo_set_gidlist(). 2022-10-28 16:58:16 -06:00
Todd C. Miller
366217571e configure: better test for -fstack-clash-protection 
The gcc front-end may accept -fstack-clash-protection even if the
machine-specific code does not support it.  We use a test program
with a large stack allocation to try to cause the compiler to insert
the stack clash protection code, or fail if not supported.
GitHub issue #191
 2022-10-27 20:02:37 -06:00
Todd C. Miller
6a2075b671 Check that compiler accepts -fstack-clash-protection and -fcf-protection. 
Previously, we only checked that linker accepted them.
GitHub issue #191
 2022-10-27 18:33:41 -06:00
Todd C. Miller
7944494196 Fix compilation error on Linux/mips. 2022-10-26 16:35:30 -06:00
Todd C. Miller
802e500cca Regenerate dependencies for src/sesh.c. 2022-10-21 11:30:04 -06:00
Todd C. Miller
ebd285850d Sync clean target with other Makefile.in files. 2022-10-21 11:24:38 -06:00
Todd C. Miller
8087604e5a Build the sample plugin but do not install it by default. 
We no longer install the sample approval plugin.
 2022-10-21 09:12:11 -06:00
Todd C. Miller
45ea248335 Adapt to current plugin API and fix warnings. 2022-10-21 07:51:00 -06:00
Todd C. Miller
9b9404b6fa Disable admin_flag by setting to NULL, not false. 
Found by cppcheck.
 2022-10-20 13:45:36 -06:00
Todd C. Miller
3a6083f043 Bug #1042. 2022-10-20 09:30:33 -06:00
Todd C. Miller
803998d2bd Only add trailing carriage return to messages if output is a raw tty. 
If output is being written to a terminal in "raw" mode, we need to
add a carriage return after the newline to avoid "stair-step" output.
However, we should not write the carriage return if the terminal
is in "cooked" mode, output to a pipe, or output redirected to a file.
Bug #1042.
 2022-10-20 08:55:26 -06:00