isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,089 Commits 1 Branch 0 Tags
0aedc965f88a08912eae945cd6cb15ca4f8faae2
Commit Graph

274 Commits

Author SHA1 Message Date
a1346054
bf7d20b482 Minor cleanup (#110) 
* fix trivial shell script issues
* remove trailing whitespace
 2021-08-19 09:48:01 -06:00
Todd C. Miller
6287e8ca7d Add support for loading the sudo_intercept.so DSO. 2021-08-09 15:50:25 -06:00
Todd C. Miller
d71731e50d Remove --with-efence option, there are better options available. 2021-05-04 19:03:55 -06:00
Todd C. Miller
6f5b353e87 Add configuration for sudo_logsrvd store-and-forward mode. 
Adds "relay_dir" and "store_first" settings to sudo_logsrvd.conf
in the [relay] section.  Also adds a --with-relaydir configure
argument to change the default value (usually /var/log/logsrvd-relay.
 2021-04-23 16:54:15 -06:00
Todd C. Miller
28d41cecad Enable the use of OpenSSL if log client/server not disabled. 
This adds a dependency on OpenSSL unless it is explicitly disabled
(--disable-openssl) or the sudo log client and server are disabled
(--disable-log-client and --disable-log-server).
 2021-04-12 14:10:49 -06:00
Todd C. Miller
009069115c Suggest clang 11 or higher, some fuzzers may hang when used with clang 10. 2021-03-19 08:04:39 -06:00
Todd C. Miller
90534b5b27 Add --disable-ssp configure option. 
This allows for disabling -fstack-protector without turning off the
other hardening options.
 2021-02-18 13:58:09 -07:00
Todd C. Miller
a5504148a5 Add admin_flag sudoers option and make --enable-admin-flag take a path. 
It is now possible to disable the Ubuntu admin flag in sudoers
or change its location.
GitHub issue #56
 2021-02-16 13:20:02 -07:00
Todd C. Miller
55df5efdce Add --enable-fuzzer-linker and --enable-fuzzer-engine options. 
These will allow the fuzzers to be built as part of oss-fuzz.
 2021-02-07 05:52:45 -07:00
Todd C. Miller
6216fb3cca Add --enable-fuzzer option to use when building fuzzers 2021-02-06 13:28:39 -07:00
Todd C. Miller
7a2a211dfc Replace --enable-asan with --enable-sanitizer 
It is not possible to set the sanitizer flags at configure time.
 2021-02-06 12:42:11 -07:00
Todd C. Miller
bde4411867 The --disable-leaks option is not recommended for production use. 2021-02-03 07:57:10 -07:00
Todd C. Miller
bd10bb5cfe Add --disable-leaks configure option. 
This enables the extra freeing of memory before exit also enabled
by --enable-asan.  To be used by oss-fuzz.
 2021-01-30 06:01:48 -07:00
Todd C. Miller
94c5052ebf Fix typo detected by codespell 2.0.0 
Also avoid some new false positives
 2020-11-24 07:40:38 -07:00
Todd C. Miller
e0c2635fb3 Apply Google inclusive language guidelines. 
Also replace backwards with backward.
 2020-10-30 10:15:30 -06:00
Todd C. Miller
10f8bb6398 Ignore --enable-gcrypt if --enable-openssl is also specified. 2020-07-16 07:32:13 -06:00
Todd C. Miller
5635c22f6b Add --disable-log-server and --disable-log-client configure options. 
These can be used to optionally disable building sudo_logsrvd and
support for remote I/O logging in the sudoers plugin respectively.
 2020-02-26 13:17:40 -07:00
Todd C. Miller
690f145d3f LibreSSL and older OpenSSL don't support SSL_CTX_set_ciphersuites(). 
Add a configure test and skip TLS 1.3 setup if it is missing.
We still accept the tls_ciphers13 config setting but it will be ignored.
 2019-11-15 13:19:28 -07:00
Todd C. Miller
fd5d0f511e Back out compiler override for now. 2019-10-06 10:46:18 -06:00
Todd C. Miller
e49e8c1e8b Prefer clang over gcc. 
We want to use clang on systems where clang is the system compiler.
It is less common to have clang installed on systems where gcc is
the system compiler.
 2019-09-17 08:46:37 -06:00
Todd C. Miller
2707acf23f No longer need bypass_last_login on HP-UX, warnings work with clang. 
Also add deb package names for pam and ldap devel on Linux.
 2019-09-17 08:40:48 -06:00
Todd C. Miller
184484b213 Make env_editor the default. 
It is already the default in the package script.
 2019-06-20 11:51:47 -06:00
Todd C. Miller
958cf7e37f Don't describe env_editor as a security hole. 
Users that are able to edit sudoers can grant themselves permissions
so the fact that visudo runs the editor as root is not a security issue.
 2019-06-20 11:40:47 -06:00
Todd C. Miller
4c82e18ac1 Add --enable-pvs-studio configure option to create PVS-Studio.cfg. 2018-10-21 08:46:09 -06:00
Todd C. Miller
523f0eeeab Monty Python insults from Philip Hudson 2018-04-17 07:10:43 -06:00
Todd C. Miller
e48cbfc10c Clarify that --with-rundir and --with-vardir take sudo-specific directory, 
e.g. /var/run/sudo and not just /var/run.  Bug #823
 2018-02-19 11:27:30 -07:00
Todd C. Miller
525c6a3d94 Use /run in preference to /var/run if it exists. 
Bug #822
 2018-02-19 10:59:12 -07:00
Todd C. Miller
749cdc9d95 Make PC insults the default and add new configure option, 
enable-offensive-insults, to enable the offensive insults.
 2017-09-18 10:45:02 -06:00
Todd C. Miller
63d954d1fc Replace tty_tickets option with timestamp_type which can be 
global, ppid or tty.  Defaults to tty (no change in behavior).
Some users want the ppid behavior.
 2017-08-01 16:14:54 -06:00
Todd C. Miller
beece91719 Add support for --enable-sasl and --disable-sasl to make it possible 
to enable/disable support for LDAP with SASL authentication.  Sudo
compiles in support for SASL authentiation by default if the
ldap_sasl_interactive_bind_s() function is detected.
Bug #788
 2017-07-28 13:52:55 -06:00
Todd C. Miller
cc71b99849 Add a new "devsearch" Path setting to sudo.conf for configuring the 
/dev paths to traverse instead of hard-coding a list in ttyname.c
The default value can be set at configure time.
 2017-05-30 10:44:11 -06:00
Todd C. Miller
280d5ac691 Warn people not to use --enable-asan in production. 2017-05-03 12:56:06 -06:00
Todd C. Miller
f0425ca813 Update path to sudo_noexec.so 2017-04-27 12:02:29 -06:00
Todd C. Miller
b9954fb9b9 Add support for using the message digest functions in libgcrypt 
instead of sudo's own SHA2 implementation.
 2017-02-20 16:44:12 -07:00
Todd C. Miller
199a594f43 Add support for using the message digest functions in OpenSSL instead 
of sudo's own SHA2 implementation.
 2017-02-20 16:44:12 -07:00
Todd C. Miller
c3373f03be SunOS 4.x is no longer supported 2016-11-17 08:09:06 -07:00
Todd C. Miller
9b027676c0 Use the value of ipa_hostname from /etc/sssd/sssd.conf if present 
instead of the system hostname.
 2016-06-04 19:52:10 -06:00
Todd C. Miller
8509229eb1 Add a note that --with-solaris-audit is only for Solaris 11 and 
above.  Bug #737
 2016-02-19 13:37:43 -07:00
Todd C. Miller
fd9f010064 mention --enable-asan 2016-01-27 16:49:24 -07:00
Todd C. Miller
8bc70a635c Instead of trying to make weak functions work on all platforms, 
just use a registration function for a plugin-specific setlocale
function.  The sudoers version just wraps sudoers_setlocale().
 2015-05-11 14:51:32 -06:00
Todd C. Miller
fa3552fa76 Create template tmpfiles.d/sudo.conf for installation instead of 
creating one via echo commands in the Makefile.

Add --enable-tmpfiles.d configure option to enable/disable use of
tmpfiles.d and override the default directory.

Use --disable-tmpfiles.d in mkpkg so we no longer need to ignore
tmpfiles.d/sudo.conf in sudo.pp.
 2015-04-07 15:35:01 -06:00
Todd C. Miller
d297f5fd84 Make exampledir configurable and default to DATAROOTDIR/examples/sudo 
on BSD systems.
 2015-04-06 15:10:26 -06:00
Todd C. Miller
5cfd0cff9c Add --disable-weak-symbols option to disable use of weak symbols 
in libsudo_util.
 2015-03-05 14:43:06 -07:00
Todd C. Miller
e11f32fd42 On AIX use the value of auth_type in /etc/security/login.cfg to 
determine whether to use LAM or PAM unless the user specified the
--with-pam or --with-aixauth configure flags.
 2015-02-23 11:12:43 -07:00
Todd C. Miller
c3c28773f5 Sanity check the TZ environment variable by special casing it in 
env_check.  The --with-tzdir configure option can be used to
specify the zoneinfo directory if configure doesn't find it.
 2015-02-06 11:01:05 -07:00
Todd C. Miller
9a9e865375 Add support for installing a shared zlib 2014-10-27 14:39:07 -06:00
Todd C. Miller
b91a91d289 Move sample.* files to a sudo examples dir 2014-10-24 14:25:12 -06:00
Todd C. Miller
76a6dad424 Add --disable-shared-libutil configure option. It may only be used 
in conjunction with the --enable-static-sudoers option.
 2014-08-08 11:03:24 -06:00
Todd C. Miller
18dbc52e4b Add Solaris audit support; from Gary Winiger at Oracle. 2014-06-27 16:01:40 -06:00
Todd C. Miller
53d9429b87 Talk about clearing files at boot time, not reboot time since it 
happens when the system comes up, not down.
 2014-02-17 10:27:20 -07:00