isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,089 Commits 1 Branch 0 Tags
0aedc965f88a08912eae945cd6cb15ca4f8faae2
Commit Graph

420 Commits

Author SHA1 Message Date
Todd C. Miller
4ccd966e22 Add exports file for sudo_intercept.so that only exports execve() 2021-08-20 11:49:22 -06:00
Todd C. Miller
b40f74cb24 Cross-build support for mksigname and mksiglist 
We must build these with the host C compiler but use the target
preprocessor to generate the output.
 2021-08-19 09:50:05 -06:00
a1346054
bf7d20b482 Minor cleanup (#110) 
* fix trivial shell script issues
* remove trailing whitespace
 2021-08-19 09:48:01 -06:00
Todd C. Miller
c9d9225469 Split off intercept code into exec_intercept.c. 2021-08-11 16:00:47 -06:00
Todd C. Miller
9c3df47da9 Move preload_dso() to its own file and rename to sudo_preload_dso(). 
It now takes an intercept fd as an optional argument instead of a
list of extra variables to add.  This lets us check whether it is
already set to the expected value (and add it if not).
sudo_intercept.so now uses sudo_preload_dso() to make sure that
LD_PRELOAD and SUDO_INTERCEPT_FD are set properly before executing.
 2021-08-09 15:50:25 -06:00
Todd C. Miller
4cf3d1c416 Implement sudo_intercept.so. 
Uses protobuf to talk to main sudo process over a socketpair.
 2021-08-09 15:50:25 -06:00
Todd C. Miller
cede7dd92d Define protocol for sudo <-> sudo_intercept.so communication. 
Uses google protocol buffers.
 2021-08-09 15:50:25 -06:00
Todd C. Miller
5d4120fa5d Add separate convenience lib for protobuf-c 
We need to use it for sudo <-> sudo_intercept.so communication.
 2021-08-09 15:50:25 -06:00
Todd C. Miller
cc3b4ffb04 Remove vsyslog(3) emulation, it is no longer used. 2021-06-14 13:11:39 -06:00
Todd C. Miller
dfaa9b95f1 Add getgids utility to simular "id -G" using sudo_getgrouplist2() 2021-06-07 14:18:09 -06:00
Todd C. Miller
177816b787 Send outgoing messages to the relay server on startup. 
Also attempt to retry messages that could not be relayed periodically.
 2021-05-01 16:27:21 -06:00
Todd C. Miller
84a01d3a93 Move local iolog log functions to logsrvd_local.c 2021-04-27 14:46:27 -06:00
Todd C. Miller
8a65893435 Add a suppression file for the libpython leaks. 
This is a big hammer but it seems like the best we can do for now.
Allows "make check" to succeed when address sanitizer is used.
 2021-04-26 08:58:00 -06:00
Todd C. Miller
5e5131dec3 Treat a lone backslash at the end of a string as a literal backslash. 
GitHub issue #99
 2021-04-24 14:19:46 -06:00
Todd C. Miller
c2d3070fa1 Journal messages to disk when store_first is set in the relay section. 
Instead of forwarding messages immediately, they are journaled
locally in wire format.
This will be used to implement relay store-and-forward mode.
 2021-04-23 16:55:30 -06:00
Todd C. Miller
fbbf602664 Move python.m4 and runlog.m4 to the m4 directory. 
Previously they were inline in aclocal.m4.
 2021-04-16 13:41:43 -06:00
Todd C. Miller
2db9e64214 Move reference-counted string code from sudoers to libsudo_util. 
It will be used by sudo_logsrvd too.
 2021-04-06 14:44:19 -06:00
Todd C. Miller
d60b8a791c Add a relay mode to sudo_logsrvd where it forwards instead of stores. 
Relay hosts are be specified in the server section of sudo_logsrvd.conf.
 2021-04-06 14:44:19 -06:00
Todd C. Miller
72c40ae0e1 Move common TLS client code to tls_client.c and use it in sendlog.c. 2021-04-06 14:44:19 -06:00
Todd C. Miller
71e5275a1c Move common TLS initialization code to tls_init.c. 2021-03-10 16:29:27 -07:00
Todd C. Miller
d4517e0a1c Move autoconf auxiliary files to the scripts directory. 2021-04-06 14:23:38 -06:00
Todd C. Miller
06df3a1b47 Add simple regress check to display the network interfaces found. 2021-03-22 12:26:36 -06:00
Todd C. Miller
977f238d35 Add dictionary file for fuzz_logsrvd_conf. 2021-03-18 19:46:08 -06:00
Todd C. Miller
6eff3b313b Move corpus files to a seed subdirectory. 2021-03-18 15:28:29 -06:00
Todd C. Miller
3e5cf7baa3 Do not redefine system group and passwd functions for testsudoers. 
Instead, prefix the replacements with "testsudoers_" and use a
custom pwutil backend so they get used.
 2021-03-18 11:39:54 -06:00
Todd C. Miller
851247e58c Split iolog_fileio.c into multiple files. 2021-02-26 21:07:48 -07:00
Todd C. Miller
d51d4af7a6 Break out I/O log config handling into iolog_conf.c. 2021-02-26 15:02:58 -07:00
Todd C. Miller
d160dac355 Add test to exercise RunasSpec without a RunasUser. 2021-02-26 10:05:45 -07:00
Todd C. Miller
2e0ca52b50 Remove unused regress files. 2021-02-26 10:04:51 -07:00
Todd C. Miller
f5d7db56e7 Call public getters in logsrvd.conf fuzzer and add to corpus. 
Now exercises the syslog config erorr path.
 2021-02-25 16:00:31 -07:00
Todd C. Miller
24e1774ce3 Add regress test with all current Defaults settings. 
Currently skips SELinux and Solaris privilege settings.
 2021-02-25 11:26:55 -07:00
Todd C. Miller
e7b414ce4e Move env hooks into sudoers_hooks.c. 2021-02-24 19:09:46 -07:00
Todd C. Miller
38c381a0cc Split fmtsudoers.c into the parts used by sudoers plugin and cvtsudoers. 
Only testsudoers and cvtsudoers use the full set of formatting functions.
 2021-02-24 17:14:51 -07:00
Todd C. Miller
05767145b3 Add fuzzer-specific stubs source file. 2021-02-24 16:43:59 -07:00
Todd C. Miller
a56f7daeea Split iolog_util.c into iolog_loginfo.c and iolog_timing.c. 
Also rename check_iolog_util -> check_iolog_timing.
 2021-02-24 14:40:33 -07:00
Todd C. Miller
2a657e2a12 Move legacy I/O log info file parsing to iolog_legacy.c 2021-02-24 14:34:14 -07:00
Todd C. Miller
4128582723 Move eventlog config code into eventlog_conf.c 2021-02-24 14:25:39 -07:00
Todd C. Miller
f399c449ad Move eventlog_free() into its own file. 2021-02-24 13:59:17 -07:00
Todd C. Miller
cbd11c44d2 Update Defaults settings after parsing sudoers. 
Also stub out dump_defaults when fuzzing as it is not used.
 2021-02-24 12:29:34 -07:00
Todd C. Miller
5a85543c16 Move alias checking code out of visudo.c and into check_aliases.c. 2021-02-23 18:42:37 -07:00
Todd C. Miller
081e219e23 Add dictionary files for fuzzers where possible. 2021-02-23 11:28:47 -07:00
Todd C. Miller
d235083342 Add simple fuzzer for sudo_logsrvd.conf parser. 2021-02-15 15:52:17 -07:00
Todd C. Miller
25f50e2f07 Add simple fuzzer for sudo.conf parser. 2021-02-15 13:17:26 -07:00
Todd C. Miller
ea7a70e85d For "make fuzz" only fuzz the seed corpus. 
This way we avoid files generated by the fuzzer itself.
 2021-02-15 07:35:19 -07:00
Todd C. Miller
df2931588a Fuzz sudoers policy module API. 
Includes a test case to reproduce CVE-2021-3156.
 2021-02-12 15:36:18 -07:00
Todd C. Miller
1f97ef92b7 Move audit.c from libparsesudoers to the sudoers module itself. 
Now that audit.c contains the audit module it doesn't belong in
libparsesudoers.
 2021-02-12 11:13:52 -07:00
Todd C. Miller
41fa461fe1 Add a GNU-compatible version of basename(3). 
Unlike POSIX basename(3), the GNU variant does not modify its argument.
Note that basename of a path ending in "/" returns an empty string.
 2021-02-10 14:26:26 -07:00
Todd C. Miller
63a3f62547 Add fuzz Makefile target and run fuzzer corpus in make check. 2021-02-08 04:56:17 -07:00
Todd C. Miller
30d9497eb6 Add stub library that just feeds files to the fuzzing target. 
This will allow the fuzzers to be run as part of "make check".
 2021-02-07 15:43:51 -07:00
Todd C. Miller
1c02c14c35 Add more test files for fuzzers. 2021-02-05 19:30:00 -07:00