isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,939 Commits 1 Branch 0 Tags
096eacb21c5cd3f789f69d77e0ee68987c63b41c
Commit Graph

11939 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
a5ac29219a intercept_check_policy: add oom label and fix approval failure case. 
If the approval plugin fails we need to set the state to POLICY_REJECT
just like we do if the policy rejected the command.
 2022-07-13 13:06:21 -06:00
Todd C. Miller
a2b0a8330c Fix a few whitespace issues. 2022-07-09 11:21:17 -06:00
Todd C. Miller
e7b7fbaf6e Increase the realloc increment from 128 to 1024. 
The contents of the env_add array should not include the leading
"env=" prefix.
 2022-07-09 09:02:25 -06:00
Todd C. Miller
224d78993a sudo_putenv_nodebug: require that the environment string include a '=' 2022-07-09 09:00:48 -06:00
Todd C. Miller
fba81260ad If update_defaults() fails, treat it as a parse error. 2022-07-08 14:01:15 -06:00
Todd C. Miller
3dc8497b48 Add additional PVS-studio suppression comments for generated code. 2022-07-08 10:53:00 -06:00
Todd C. Miller
a7f9c8162e Fix compilation error when SUDOERS_NAME_MATCH is defined. 2022-07-07 20:28:49 -06:00
Todd C. Miller
5a59ce159e Fix a NOPASSWD issue with a non-existent command when fdexec=always 
In command_matches_all(), if the command is fully-qualified and
open_cmnd() return false, only treat it as an error if we are able
to stat(2) the command.  For "sudo ALL" a non-existent command is
not an error.
 2022-07-07 20:11:44 -06:00
Todd C. Miller
41e7532c90 Quote ^foo$ on command line to protect it from the shell. 2022-07-07 10:13:22 -06:00
Todd C. Miller
f6e4d2765a Add explicit include of unistd.h for getopt(3) and related variables. 2022-07-05 11:35:25 -06:00
Todd C. Miller
42c6d9fb50 In timegm() initialize tm_isdst to 0 like tzcode does. 2022-07-01 14:23:28 -06:00
Todd C. Miller
fd0c5566ac Merge pull request #161 from likunyur/lky 
sudoers/cvtsudoers: Remove the repeated ';' from code
 2022-07-04 09:00:58 -06:00
Li kunyu
a9a164e71c src/send: Remove the repeated ';' from code 
Signed-off-by: Li kunyu <kunyu@nfschina.com>
 2022-07-04 12:36:11 +08:00
Li kunyu
a311180bbc sudoers/cvtsudoers: Remove the repeated ';' from code 
Signed-off-by: Li kunyu <kunyu@nfschina.com>
 2022-07-04 12:31:50 +08:00
Todd C. Miller
3cd9c5f5e6 Stop sending an InterceptResponse to a PolicyCheckRequest for log_subcmds. 
There's no real reason for the command to wait for sudo send back a
response that will always be a PolicyAcceptMessage.
 2022-06-30 13:35:07 -06:00
Todd C. Miller
985a2261bc sudoers_main: defer setting return value until the end when running a command 
Otherwise, we could return success when there was an error from a
system call or memory allocation failure.
 2022-06-30 13:35:04 -06:00
Todd C. Miller
885abf48d7 Save the initial command run via sudo and use it when logging exit status. 
Otherwise, if we are in intercept mode or logging sub-commands the
exit status will be logged with the wrong command.
 2022-06-30 11:10:43 -06:00
Todd C. Miller
3badff39ca Define _LARGEFILE64_SOURCE if _FILE_OFFSET_BITS == 64. 
Fixes a -Wwrite-strings warning on 32-bit systems.
 2022-06-29 16:59:50 -06:00
Todd C. Miller
50813f8160 Quiet another -Wwrite-strings warning. 2022-06-29 16:41:11 -06:00
Todd C. Miller
bfc6249902 Fix a clang analyzer 14 warning about a possible NULL deref. 2022-06-29 11:18:16 -06:00
Todd C. Miller
424fa7f2b1 sudo_preload_dso: make the envp function argument const 
This lets us fix an inappropriate cast in sudo_intercept_common.c.
 2022-06-21 14:31:30 -06:00
Todd C. Miller
5f534979ef Regenerate dependencies 2022-06-29 10:18:56 -06:00
Todd C. Miller
a14bef6a41 Do not check files generated by protbuf-c with PVS-Studio 2022-06-29 10:17:35 -06:00
Todd C. Miller
b6151781ce Quiet some harmless PVS Studio warnings. 2022-06-29 10:08:55 -06:00
Todd C. Miller
54ed54d94e Use "unable to allocate memory" warning on malloc failure. 
This is consistent with the rest of the sudo source code.
 2022-06-29 10:00:03 -06:00
Todd C. Miller
3e21c8da5c Add missing PVS Studio Open Source comments. 
Also avoid checking protobuf-c source and protobuf-c generated files.
 2022-06-29 09:45:04 -06:00
Todd C. Miller
e5834bd405 Use #include <config.h> not #include "config.h" for consistency. 
Otherwise, some compilers may do the wrong thing in a build
dir if there is a config.h file in the source dir too.
 2022-06-29 08:47:16 -06:00
Todd C. Miller
38278640ca Update group_plugin_load() stub to match its prototype. 2022-06-28 16:42:25 -06:00
Todd C. Miller
13672f28df Make sudo pass -Wwrite-strings 2022-06-28 16:33:15 -06:00
Todd C. Miller
b3a8cad346 A typo prevented -Wno-deprecated-declarations from being used on macOS. 2022-06-28 15:43:27 -06:00
Todd C. Miller
0efd616202 Fix missing prototype warning. 2022-06-27 14:01:29 -06:00
Todd C. Miller
89666e7c37 Define _LFS64_LARGEFILE, _LARGEFILE64_SOURCE if 64-bit or _LARGE_FILES set. 
autoconf does not define _LARGEFILE64_SOURCE by default but zlib
expects it (its own configure script will define it).
Fixes a missing prototype for crc32_combine_gen64() on AIX and HP-UX.
 2022-06-27 13:02:13 -06:00
Todd C. Miller
f5ac1317c4 Make sudo pass -Wmissing-prototypes 2022-06-27 12:48:03 -06:00
Todd C. Miller
f432209304 Include inttypes.h if stdint.h is not present. 
Bug #1035
 2022-06-27 07:20:37 -06:00
Todd C. Miller
e9c2695268 intercept_write: remove unused CD_USE_PTRACE code. 
It is not possible to end up in intercept_write when CD_USE_PTRACE
is set.
 2022-06-21 09:54:41 -06:00
Todd C. Miller
33547702f3 readlink(2) does NUL-terminate the buffer, do it manually. 
Fixes a bug where the current working directory could include garbage
in intercept mode using ptrace(2).
 2022-06-21 20:12:58 -06:00
Todd C. Miller
01a9e5a157 Sudo 1.9.11p3 2022-06-20 16:58:03 -06:00
Todd C. Miller
332a6afe77 Set TCP_NODELAY on the socket used for intercept IPC to reduce latency. 
On some systems, Nagle's algorithm was delaying receipt of the data,
causing commands with intercept or log_subcmds to run slowly.
Related to Bug #1034.
 2022-06-20 16:22:29 -06:00
Todd C. Miller
b10201bdc4 Use blocking I/O when talking to the sudo process. 
Also check for EAGAIN/EINTR when reading the message size.
Fixes a problem seen on AIX where recv_intercept_response() could
fail unexpectedly.  Bug #1034.
 2022-06-20 15:02:11 -06:00
Todd C. Miller
8829c028d3 Add debug printfs when send/recv return EAGAIN or EINTR. 
These are not actually errors but can help gain insight into what
is going on and, in the case of EAGAIN, whether or not there may
be a kernel resource starvation problem.
 2022-06-20 14:58:06 -06:00
Todd C. Miller
49c27f5278 log_exit_status: make local variables match struct evlog members. 2022-06-14 13:10:13 -06:00
Todd C. Miller
5787da7b21 Quiet a compiler warning on macOS. 
The getgrouplist() groups array on macOS is int * instead of gid_t *.
 2022-06-13 14:59:00 -06:00
Todd C. Miller
04746d0e65 Sudo 1.9.11p2 2022-06-12 08:05:00 -06:00
Todd C. Miller
dfee181d15 Fix compilation on Linux/x32; GitHub issue #158 2022-06-11 16:59:18 -06:00
Todd C. Miller
1c00c7c238 Fix pasto in comment after HAVE_PRIV_SET #endif 2022-06-10 09:42:22 -06:00
Todd C. Miller
169e049821 Fix typo, we should define SSIZE_MAX if it is not defined. 2022-06-10 09:34:33 -06:00
Todd C. Miller
6525436db7 Change black list -> blocklist 
This was missed in the previous conversion.
 2022-06-09 14:49:49 -06:00
Todd C. Miller
d04810c4f2 Save a pointer to the event_alloc parameter in the plugin open function. 
That way we don't need to pass event_alloc around to the log client
functions.
 2022-06-09 13:05:21 -06:00
Todd C. Miller
b6a6451482 Fix regression with zero-length messages introduced in protobuf-c PR 500. 2022-06-09 07:34:55 -06:00
Todd C. Miller
d2bf3aad06 Sudo 1.9.11p1 2022-06-08 08:31:27 -06:00