isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,868 Commits 1 Branch 0 Tags
0b506a2d07df25073f08975687ce6ea44c35d65b
Commit Graph

3401 Commits

Author SHA1 Message Date
Todd C. Miller
2e2dd48bef Add test for matching a literal "" command line argument as "" in sudoers. 
GitHub issue #182.
 2022-10-05 10:10:31 -06:00
Todd C. Miller
fa952bfbb7 Add -I flag to disable editing include files unless there is an error. 
This can be used when you only want to edit a single sudoers file
unless there is a pre-existing syntax error.
 2022-10-04 16:11:45 -06:00
Todd C. Miller
575200e734 Do not match a literal "" command line argument as "" in sudoers. 
If the empty string is specified in sudoers, no user args are allowed.
GitHub issue #182.
 2022-10-04 13:37:32 -06:00
Todd C. Miller
3940020c94 sudo_secure_open_{file,dir}: always check thatreturn value is not -1. 
Avoids false positives from static analyzers that can't figure out
that the fd is always valid when error is SUDO_PATH_SECURE.
 2022-10-04 09:33:44 -06:00
Todd C. Miller
afaeb0ed57 Mark code that escapes/unescapes "sudo -s cmd args..." for removal. 
A future version of the plugin API will defer any such escaping
to the policy plugin so it can be configurable.
 2022-09-29 13:43:20 -06:00
Todd C. Miller
d2a13a8154 Fix typos found by codespell 2.2.1. 2022-09-28 16:39:19 -06:00
Todd C. Miller
e6f2ad0ed6 Add missing NULL checks for mandatory fields in protobuf messages. 
Also no longer reject an InfoMessage with an unknown value_case,
just log and ignore it.
 2022-09-28 08:47:25 -06:00
Todd C. Miller
9150423676 Don't send ttyname to log server if it is NULL. 
Otherwise the log server will reject the AcceptMessage because a
NULL string is not allowed.
 2022-09-27 15:30:02 -06:00
Todd C. Miller
f360a8006c Regen dependencies 2022-09-27 14:16:03 -06:00
Todd C. Miller
3ca9220e50 Implement find_spec, not the deprecated find_module. 
Fixes a test failure due to find_module having removed from setuptools.
 2022-09-27 09:03:33 -06:00
Todd C. Miller
e66f34d250 copy_arg: fix copying an escaped backslash 
GitHub issue #179
 2022-09-23 12:30:51 -06:00
Todd C. Miller
86c108b50b Add mkdtempat() and mkostempsat() for systems without them. 2022-09-21 19:08:11 -06:00
Todd C. Miller
88ac5e09b6 Use sudo_secure_open_file() instead of sudo_secure_file() where possible. 
Both sudo_secure_open_file() and sudo_secure_open_dir() are now passed
a struct stat pointer like sudo_secure_file() and sudo_secure_dir().
 2022-09-21 19:08:10 -06:00
Todd C. Miller
cbd52e705c Fix potential TOCTOU when creating time stamp directory and file. 2022-09-21 19:08:09 -06:00
Todd C. Miller
ce387a6849 Split log_{input,output} into log_{stdin,ttyin} and log_{ttyout,stdout,stderr} 
If log_input is set, log_{stdin,ttyin} will be set as well.
If log_output is set, log_{stdout,stderr,ttyout} will be set as well.
This provides more fine-grained control over I/O logging and makes it
possible to disable logging piped or redirected intput or output.
 2022-09-20 14:35:12 -06:00
Todd C. Miller
4989856321 Use tcpgid if passed from sudo front-end and use it in tty_present(). 
This can be used as another indicator that a terminal is present
without having to open /dev/tty.
 2022-09-15 16:34:49 -06:00
Todd C. Miller
304726a215 Move gcc-style __attribute__ macros to config.h.in 
Renamed __malloc -> sudo_malloclike, __printflike -> sudo_printflike,
__printf0like -> sudo_printf0like.
Add sudo_noreturn instead of __attribute__((__noreturn__)).
We do not use stdnoreturn.h since it has been deprecated in C23
in favor of the [[noreturn]] attribute.
 2022-09-07 07:48:31 -06:00
Todd C. Miller
a326411903 Use $(GREP) and $(EGREP) variables in Makefile.in files. 2022-09-12 16:30:52 -06:00
Todd C. Miller
d6c7abd42e log_parse_error: make errstr const to quiet a -Wwrite-strings warning 2022-09-07 14:45:47 -06:00
Todd C. Miller
89a40741b4 Add __printf0like to visudo_track_error(). 2022-09-07 07:25:31 -06:00
Todd C. Miller
7f169da832 Back out unintended change in last commit. 2022-09-06 15:47:29 -06:00
Todd C. Miller
965e2a0c09 It is possibble for sudoerserrorf() to be called with a NULL format. 
So log_parse_error() needs to check fmt for NULL before using it.
 2022-09-06 15:40:59 -06:00
Todd C. Miller
02e92c2afd Set MODE_POLICY_INTERCEPTED for log_subcmds too. 
This fixes a problem where sub-commands were not being logged to
the remote log server, if configured.  Since we don't go through
sudoers_policy_main() again for log_subcmds, we set the flag in
sudoers_audit_accept() instead.  The reason this is complicated is
that when I/O logging is enabled the initial accept message gets
sent as part of the remote logging handshake.  GitHub issue #174
 2022-09-03 09:43:41 -06:00
Todd C. Miller
49e9e5eb85 Only check the admin flag file once in intercept mode. 2022-09-02 14:45:57 -06:00
Todd C. Miller
36747f89a8 Skip all of check_user() for intercept unless intercept_authenticate set. 
Previously we were calling the PAM approval modules even in intercept
mode which can take a lot of time.  We may wish to make PAM approval
configurable in intercept mode in the future.
 2022-08-25 09:35:42 -06:00
Todd C. Miller
22dad3f59c Only set MODE_POLICY_INTERCEPTED on subsequent policy checks. 
This fixes a bug where MODE_POLICY_INTERCEPTED was set too early
if the intercept option was set globally in sudoers.  It should
only be set after the original command has executed.
 2022-08-25 09:33:42 -06:00
Todd C. Miller
d65bcf2ab3 Avoid a Coverity false positive. 2022-08-18 10:27:01 -06:00
Todd C. Miller
81a3339df9 Remove cast from time_t to int to avoid a Coverity false positive. 
The cast should not be required.
 2022-08-18 10:21:14 -06:00
Todd C. Miller
158facf6d5 Use multilib rules to look for a 64-bit group plugin on failure. 
If sudo_dso_load() fails on a 64-bit system, try to load a 64-bit
native version of the file using system-dependent multilib rules.
If we don't support multilib on the platform, check for a version
of the file that ends in "64" before the .so suffix.
 2022-08-11 19:34:50 -06:00
Todd C. Miller
2f3afd14ed In putenv(3) replacement reject a string with no '=' or that starts with one. 2022-08-08 07:43:00 -06:00
Todd C. Miller
184f0a2493 Merge pull request #165 from bdrung/xdg-current-desktop 
Add XDG_CURRENT_DESKTOP to initial_keepenv_table
 2022-08-02 15:45:08 -06:00
Todd C. Miller
9c61d7e6e9 Bump the sudo plugin minor version. 
The "update_ticket" entry was added to the settings list and the
"intercept_verify" entry was added to the command_info list.
 2022-08-02 14:28:29 -06:00
Todd C. Miller
556dacf1ff Add a way to run a command without updating the cached credentials. 
This can also be used to test for whether or not the user's
credentials are currently cached.
 2022-08-02 14:28:28 -06:00
Carlo Teubner
2b5dcf255d visudo.c: add nvim (Neovim) to lineno_editor list 
Neovim supports it: https://neovim.io/doc/user/starting.html#-+
 2022-07-31 17:20:50 +01:00
Todd C. Miller
3ce19efca9 Add intercept_verify sudoers option to control execve(2) argument checking. 2022-07-29 15:22:27 -06:00
Todd C. Miller
620a563b54 Only set MODE_POLICY_INTERCEPTED if we are running a command. 
Fixes an error with "sudo -l" when intercept is enabled globally.
 2022-07-29 15:17:45 -06:00
Benjamin Drung
225feb386e Add XDG_CURRENT_DESKTOP to initial_keepenv_table 
Qt needs `XDG_CURRENT_DESKTOP` to be set to determine the correct theme.

Since `DISPLAY` and `XAUTHORITY` are already in the default table of
variables to preserve in the environment, just add `XDG_CURRENT_DESKTOP`
to it.

Bug: https://launchpad.net/bugs/1958055
Signed-off-by: Benjamin Drung <bdrung@ubuntu.com>
 2022-07-29 11:35:47 +02:00
Todd C. Miller
a2b0a8330c Fix a few whitespace issues. 2022-07-09 11:21:17 -06:00
Todd C. Miller
e7b7fbaf6e Increase the realloc increment from 128 to 1024. 
The contents of the env_add array should not include the leading
"env=" prefix.
 2022-07-09 09:02:25 -06:00
Todd C. Miller
224d78993a sudo_putenv_nodebug: require that the environment string include a '=' 2022-07-09 09:00:48 -06:00
Todd C. Miller
fba81260ad If update_defaults() fails, treat it as a parse error. 2022-07-08 14:01:15 -06:00
Todd C. Miller
3dc8497b48 Add additional PVS-studio suppression comments for generated code. 2022-07-08 10:53:00 -06:00
Todd C. Miller
a7f9c8162e Fix compilation error when SUDOERS_NAME_MATCH is defined. 2022-07-07 20:28:49 -06:00
Todd C. Miller
5a59ce159e Fix a NOPASSWD issue with a non-existent command when fdexec=always 
In command_matches_all(), if the command is fully-qualified and
open_cmnd() return false, only treat it as an error if we are able
to stat(2) the command.  For "sudo ALL" a non-existent command is
not an error.
 2022-07-07 20:11:44 -06:00
Todd C. Miller
41e7532c90 Quote ^foo$ on command line to protect it from the shell. 2022-07-07 10:13:22 -06:00
Todd C. Miller
f6e4d2765a Add explicit include of unistd.h for getopt(3) and related variables. 2022-07-05 11:35:25 -06:00
Todd C. Miller
fd0c5566ac Merge pull request #161 from likunyur/lky 
sudoers/cvtsudoers: Remove the repeated ';' from code
 2022-07-04 09:00:58 -06:00
Li kunyu
a311180bbc sudoers/cvtsudoers: Remove the repeated ';' from code 
Signed-off-by: Li kunyu <kunyu@nfschina.com>
 2022-07-04 12:31:50 +08:00
Todd C. Miller
985a2261bc sudoers_main: defer setting return value until the end when running a command 
Otherwise, we could return success when there was an error from a
system call or memory allocation failure.
 2022-06-30 13:35:04 -06:00
Todd C. Miller
885abf48d7 Save the initial command run via sudo and use it when logging exit status. 
Otherwise, if we are in intercept mode or logging sub-commands the
exit status will be logged with the wrong command.
 2022-06-30 11:10:43 -06:00