isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,089 Commits 1 Branch 0 Tags
0aedc965f88a08912eae945cd6cb15ca4f8faae2
Commit Graph

56 Commits

Author SHA1 Message Date
Todd C. Miller
98401c0588 Add execv(3) support to sudo_intercept.so. 
This allows intercept to work with csh which uses execv(3) not execve(2).
 2021-08-21 08:44:16 -06:00
Todd C. Miller
02b78c38ed Sync the list of functions trapped by sudo_noexec.so. 2021-08-20 18:41:32 -06:00
Todd C. Miller
1e795b5487 Add a Debug example for sudo_intercept.so 
Don't try to enumerate all the sudo programs that support debugging
since all of them do.
 2021-08-20 16:07:02 -06:00
Todd C. Miller
8ccb7f0096 sudo_intercept.so only intercepts execve(2) for now. 2021-08-20 14:25:49 -06:00
Todd C. Miller
6287e8ca7d Add support for loading the sudo_intercept.so DSO. 2021-08-09 15:50:25 -06:00
Todd C. Miller
5ffa0ce053 Make "group_source=dynamic" the default on macOS. 
Recent versions of macOS do not reliably return all of a user's
non-local groups via getgroups(2), even when _DARWIN_UNLIMITED_GETGROUPS
is defined.  Bug #946.
 2021-03-02 14:09:31 -07:00
Todd C. Miller
a18b2a9ddf Limit max_groups in sudo.conf to 1024. 
The max_groups setting should no longer be needed anyway.
 2021-02-16 12:37:23 -07:00
Todd C. Miller
1cdc4716c2 Comment out the default plugin lines in the example sudo.conf. 
Fixes a problem when there are multiple versions of sudo installed
and not all suport the audit plugin, such as on macOS.
GitHub issue #75
 2020-12-05 09:08:43 -07:00
Todd C. Miller
e0c2635fb3 Apply Google inclusive language guidelines. 
Also replace backwards with backward.
 2020-10-30 10:15:30 -06:00
Todd C. Miller
253e041d3b Load the sudoers module as an audit plugin if loaded as a policy plugin. 
Now that logging of successful commands is performed by sudoers as an
audit plugin we need to load sudoers_audit if sudoers_policy is also
loaded.  Otherwise, accpted commands will not be logged.
 2020-06-02 14:54:04 -06:00
Todd C. Miller
c9f26ebbb4 Remove whitespace at the end of the line in example sudo.conf 2020-01-17 09:47:52 -07:00
Todd C. Miller
b527ac3fb5 Update sample sudo.conf with all supported settings. 
The deprecated "max_groups" setting is not documented.
 2020-01-02 14:07:30 -07:00
Todd C. Miller
8aa815643f Remove POD-style C<> markup (typewriter font) from sudo.conf 2020-01-02 13:12:27 -07:00
Robert Manner
9871f7e37b doc/sudo.conf: document developer_mode option 2020-01-02 11:53:08 -05:00
Todd C. Miller
c3ce3a84fb Refer to user-ID and group-ID instead of "user ID" and "group ID" 2019-10-19 14:26:41 -06:00
Todd C. Miller
679f13ef53 Remove trailing whitespace. 2019-07-11 13:41:48 -06:00
Todd C. Miller
bb024cf093 Rename PLUGINDIR -> plugindir 2019-07-03 13:15:47 -06:00
Todd C. Miller
cd258e1d39 Add conditional for sesh path in sudo.conf manual. 2019-07-03 09:06:45 -06:00
Todd C. Miller
a45732528b Use the term pseudo-terminal more consistently. 2019-06-20 16:52:49 -06:00
Todd C. Miller
1e1ef61902 Add SPDX-License-Identifier to files. 2019-04-29 07:21:51 -06:00
Todd C. Miller
019279a4b8 Fix some mangled text in the license block. 2018-10-26 08:19:41 -06:00
Todd C. Miller
675802b71c Use mdoc macros for BSD systems. 
All manuals now pass "make lint"
 2018-10-07 07:34:22 -06:00
Todd C. Miller
e1ecc7142c Should no longer need to set max_groups. 2018-06-16 11:32:14 -06:00
Todd C. Miller
b67915c6e4 Fix some issues pointed out by mandoc -Tlint 2018-06-13 11:19:35 -06:00
Todd C. Miller
3dd7d96933 Fix some more typos. 2018-04-18 14:25:11 -06:00
Todd C. Miller
48fba3c2cc update my email to Todd.Miller@sudo.ws 2017-12-03 17:53:40 -07:00
Todd C. Miller
9ea9ecb183 start new sentences on a new line 2017-07-21 11:20:04 -06:00
Todd C. Miller
60146c2959 Fix the man section of sudo_plugin in cross-references. 2017-06-07 16:25:46 -06:00
Todd C. Miller
7526869d87 devsearch is ignored on BSD, macOS and Solaris 2017-06-02 15:47:35 -06:00
Todd C. Miller
cc71b99849 Add a new "devsearch" Path setting to sudo.conf for configuring the 
/dev paths to traverse instead of hard-coding a list in ttyname.c
The default value can be set at configure time.
 2017-05-30 10:44:11 -06:00
Todd C. Miller
afcdc28534 Add wordexp() to the list of functions wrapped by sudo_noexec.so. 2016-10-14 10:33:55 -06:00
Todd C. Miller
f98b481af2 Point the reader to the sudoers manual for the list of supported 
arguments after the plugin path.
 2016-06-15 10:10:59 -06:00
Todd C. Miller
7cd6d4ec79 The header for sudo.conf(5) should be SUDO.CONF(5) not SUDO(5). 2016-03-17 10:46:23 -06:00
Todd C. Miller
55531958de Allow sudo.conf Path settings to disable path names (by setting the 
value of NULL).
 2015-12-18 12:31:28 -07:00
Todd C. Miller
79be007bd6 Use https in urls. 2015-11-20 10:36:53 -07:00
Todd C. Miller
d5086dfde4 List all the functions wrapped by sudo_noexec.so. 2015-09-28 16:48:46 -06:00
Todd C. Miller
b2f1bbfb02 disable_coredump can be set to no on modern OSes without 
security consequences.
 2015-08-09 16:12:00 -06:00
Todd C. Miller
cd669526e5 Fix "mandoc -Tlint" warnings. 
Sync AUTHORS section in man pages.
Regenerate all man pages.
 2015-03-22 13:09:26 -06:00
Todd C. Miller
b1dc5c54d8 Remove the extra /sudo in sudo.ws urls 2014-12-04 17:00:38 -07:00
Todd C. Miller
9d3fe082fc Reference bugzilla.sudo.ws 2014-11-27 09:51:06 -07:00
Todd C. Miller
4d04c5644b No need to keep specifying ".Nm foo" since the Nm macro remembers 
the argument it was first called with and uses it if none is
specified.  Also fix a few minor formatting errors and
regen bulleted lists in the .man.in files.
 2014-11-11 15:29:19 -07:00
Todd C. Miller
a7e724b75d Change how sudo.conf is parsed. We now do a quick parse and then 
set the values after the entire file has been parsed.  This lets
us init the debug system earlier.  Plugin-specific debug flags are
now stored in struct plugin_info and struct plugin_container and
passed to the plugin via one or more debug_flags settings.
 2014-10-22 13:20:32 -06:00
Todd C. Miller
5ff2c80250 Document tracing 2014-07-24 14:39:50 -06:00
Todd C. Miller
f909c0d132 Remove some extraneous markup; from Ingo Schwarze 
* No need to explicitly end a macro with No before |
   because | counts as middle punctuation
   and falls out of the macro, anyway.
 * No need to explicitly re-open in-line macros after |
   because | counts as middle punctuation
   and the macros resume afterwards, anyway.
 * Simplify the mnemonic remarks regarding the option letters,
   no need for manual font and spacing control with No and Ns.
 * Trim Ns No to just Ns, it already implies No.
 2014-02-15 16:04:07 -07:00
Todd C. Miller
1a42e5f63d It is now possible to disable network interface probing in sudo.conf 
by changing the value of the probe_interfaces setting.
 2014-01-23 14:52:54 -07:00
Todd C. Miller
1739350e20 Document that plugins can be compiled statically into the sudo binary. 2013-12-04 16:05:05 -07:00
Todd C. Miller
5b491573e1 Document "event" debug subsystem. 2013-12-03 14:40:58 -07:00
Todd C. Miller
d9fd6281e4 Allow default plugin dir to be configured in sudo.conf. 2013-08-13 12:24:28 -06:00
Todd C. Miller
9b2fb418ca Don't allow max_groups to be set to zero, it just complicates things 
needlessly.  Fixes an assertion in visudo when there is a group-based
Defaults entry.
 2013-08-12 09:14:38 -06:00
Todd C. Miller
1614c3cad1 Document sesh Path setting. 2013-03-14 20:13:54 -04:00