isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,726 Commits 1 Branch 0 Tags
0f40753d46bfd704869e77d25c765a81ff1e3457
Commit Graph

1666 Commits

Author SHA1 Message Date
Todd C. Miller
8145ad12da Quiet another -Wwrite-strings warning. 2022-08-19 11:37:38 -06:00
Todd C. Miller
8eb619ac2b ptrace_getregs: try to determine compat mode if caller doesn't know. 
In ptrace_verify_post_exec(), we don't know whether the executable
that is now running is a native or compat binary.  In most cases
ptrace_getregs() will be able to figure it out for us.
 2022-08-19 11:34:40 -06:00
Todd C. Miller
b2d8909c19 ptrace_intercept_execve: fail syscall rather than killing process on error. 
If the execve(2) args are bogus pointers, we should just return an
error instead of killing the process.  For consistency with the
kernel, convert EIO from ptrace(2) to EFAULT.
Also convert some ptrace(2) warnings to debug printfs so sudo is less chatty.
 2022-08-19 11:05:10 -06:00
Todd C. Miller
9f552471bc Treat argv and closure->run_argv of different sizes as a mismatch. 
If argv and closure->run_argv match up to the point where we hit a
NULL but one of them has additional entries, we still need to rewrite
argv.
 2022-08-18 15:15:06 -06:00
Todd C. Miller
aef4a61886 Handle the case where argc is 0 when allocating space for argv. 
We need to pass the pathname to the policy plugin in argv[0] so we
must be sure to allocate space for it even if argc is 0.
 2022-08-18 15:12:21 -06:00
Todd C. Miller
76bd1bcc95 copy_vector: treat a NULL pointer as an empty vector. 
Linux execve(2) allows argv to be NULL so we must allocate an empty
vector in this case and not return an error.
 2022-08-18 15:10:42 -06:00
Todd C. Miller
48a9126a1b Update debug_decl name for sudo_preload_dso -> sudo_preload_dso_alloc change. 2022-08-18 15:08:38 -06:00
Todd C. Miller
bc5016296d Handle the case where argc is 0 when rebuilding argv. 
We need to pass the pathname to the policy plugin in argv[0] so we
must be sure to allocate space for it even if argc is 0.
 2022-08-18 15:07:25 -06:00
Todd C. Miller
23fa22975c Handle sysconf(_SC_ARG_MAX) failure, Coverity CID 276504. 2022-08-18 10:32:19 -06:00
Todd C. Miller
2f3afd14ed In putenv(3) replacement reject a string with no '=' or that starts with one. 2022-08-08 07:43:00 -06:00
Todd C. Miller
9c61d7e6e9 Bump the sudo plugin minor version. 
The "update_ticket" entry was added to the settings list and the
"intercept_verify" entry was added to the command_info list.
 2022-08-02 14:28:29 -06:00
Todd C. Miller
556dacf1ff Add a way to run a command without updating the cached credentials. 
This can also be used to test for whether or not the user's
credentials are currently cached.
 2022-08-02 14:28:28 -06:00
Todd C. Miller
cf250354fc Defer chdir(2) until sesh when running with SELinux. 
We need to be running with the correct security context or the
chdir(2) may fail.  GitHub issue #160.
 2022-08-01 13:40:47 -06:00
Todd C. Miller
3ce19efca9 Add intercept_verify sudoers option to control execve(2) argument checking. 2022-07-29 15:22:27 -06:00
Todd C. Miller
b80b012de0 Use PTRACE_EVENT_EXEC to stop execution before return from execve(2). 
We can now verify that the arguments match what we accepted before
the command actually runs.  If there is a mismatch, the process is
killed.  Shell scripts must be handled specially since the path
executed will be the interpreter, not the script name.
Linux allows interpreters to be nested up to 4 deep.
 2022-07-29 15:22:26 -06:00
Todd C. Miller
25513b4f37 The length returned by ptrace_read_string() include the NUL. 
We were wasting a extra byte in the string table for each entry.
 2022-07-27 14:11:13 -06:00
Todd C. Miller
6c9b3c7613 fmtstr: add missing va_end() for the overflow case 
Coverity CID 275335
 2022-07-26 12:54:52 -06:00
Todd C. Miller
f5dc739ea3 Quiet some harmless PVS-Studio warnings. 2022-07-26 11:28:38 -06:00
Todd C. Miller
de3d5fe934 Reject relative command paths if runcwd is not set. 
This is now treated as a policy rejection.
 2022-07-26 11:04:29 -06:00
Todd C. Miller
16ea0bb3fd intercept_check_policy: close saved_dir before returning 2022-07-26 08:56:27 -06:00
Todd C. Miller
3c1f3ef102 Change to runcwd during the policy check where possible. 
Otherwise, attempts to run "./command" from a shell with intercept
set will fail if the current working directory is different from
the main sudo process.
 2022-07-26 08:43:44 -06:00
Todd C. Miller
5516cdcd5b For preload DSO make copies of cmnd, argv, envp and map them read-only. 2022-07-25 19:56:54 -06:00
Todd C. Miller
226a6cd754 Use sudo_mmap_alloc functions in DSO-based intercept code. 2022-07-25 16:05:11 -06:00
Todd C. Miller
15fd62f0d5 resolve_path: skip non-regular files 2022-07-25 08:51:49 -06:00
Todd C. Miller
75e97fd5b2 Make sure the plugin provides a command, argv and envp. 2022-07-14 09:49:00 -06:00
Todd C. Miller
e5652fc65a Linux execve(2) allows argv or envp to be NULL. 
Add checks to make sure we don't deference a NULL pointer.
 2022-07-14 09:29:40 -06:00
Todd C. Miller
a5ac29219a intercept_check_policy: add oom label and fix approval failure case. 
If the approval plugin fails we need to set the state to POLICY_REJECT
just like we do if the policy rejected the command.
 2022-07-13 13:06:21 -06:00
Todd C. Miller
a2b0a8330c Fix a few whitespace issues. 2022-07-09 11:21:17 -06:00
Todd C. Miller
f6e4d2765a Add explicit include of unistd.h for getopt(3) and related variables. 2022-07-05 11:35:25 -06:00
Todd C. Miller
fd0c5566ac Merge pull request #161 from likunyur/lky 
sudoers/cvtsudoers: Remove the repeated ';' from code
 2022-07-04 09:00:58 -06:00
Li kunyu
a9a164e71c src/send: Remove the repeated ';' from code 
Signed-off-by: Li kunyu <kunyu@nfschina.com>
 2022-07-04 12:36:11 +08:00
Todd C. Miller
3cd9c5f5e6 Stop sending an InterceptResponse to a PolicyCheckRequest for log_subcmds. 
There's no real reason for the command to wait for sudo send back a
response that will always be a PolicyAcceptMessage.
 2022-06-30 13:35:07 -06:00
Todd C. Miller
424fa7f2b1 sudo_preload_dso: make the envp function argument const 
This lets us fix an inappropriate cast in sudo_intercept_common.c.
 2022-06-21 14:31:30 -06:00
Todd C. Miller
5f534979ef Regenerate dependencies 2022-06-29 10:18:56 -06:00
Todd C. Miller
b6151781ce Quiet some harmless PVS Studio warnings. 2022-06-29 10:08:55 -06:00
Todd C. Miller
3e21c8da5c Add missing PVS Studio Open Source comments. 
Also avoid checking protobuf-c source and protobuf-c generated files.
 2022-06-29 09:45:04 -06:00
Todd C. Miller
13672f28df Make sudo pass -Wwrite-strings 2022-06-28 16:33:15 -06:00
Todd C. Miller
0efd616202 Fix missing prototype warning. 2022-06-27 14:01:29 -06:00
Todd C. Miller
f5ac1317c4 Make sudo pass -Wmissing-prototypes 2022-06-27 12:48:03 -06:00
Todd C. Miller
f432209304 Include inttypes.h if stdint.h is not present. 
Bug #1035
 2022-06-27 07:20:37 -06:00
Todd C. Miller
e9c2695268 intercept_write: remove unused CD_USE_PTRACE code. 
It is not possible to end up in intercept_write when CD_USE_PTRACE
is set.
 2022-06-21 09:54:41 -06:00
Todd C. Miller
33547702f3 readlink(2) does NUL-terminate the buffer, do it manually. 
Fixes a bug where the current working directory could include garbage
in intercept mode using ptrace(2).
 2022-06-21 20:12:58 -06:00
Todd C. Miller
332a6afe77 Set TCP_NODELAY on the socket used for intercept IPC to reduce latency. 
On some systems, Nagle's algorithm was delaying receipt of the data,
causing commands with intercept or log_subcmds to run slowly.
Related to Bug #1034.
 2022-06-20 16:22:29 -06:00
Todd C. Miller
b10201bdc4 Use blocking I/O when talking to the sudo process. 
Also check for EAGAIN/EINTR when reading the message size.
Fixes a problem seen on AIX where recv_intercept_response() could
fail unexpectedly.  Bug #1034.
 2022-06-20 15:02:11 -06:00
Todd C. Miller
8829c028d3 Add debug printfs when send/recv return EAGAIN or EINTR. 
These are not actually errors but can help gain insight into what
is going on and, in the case of EAGAIN, whether or not there may
be a kernel resource starvation problem.
 2022-06-20 14:58:06 -06:00
Todd C. Miller
dfee181d15 Fix compilation on Linux/x32; GitHub issue #158 2022-06-11 16:59:18 -06:00
Todd C. Miller
964bcfa2dd Make read and write events persistent and disable as needed. 
For the read callback, disable reader when the buffer is full.
For the write callback, disable writer when the buffer is consumed.
 2022-06-07 12:40:00 -06:00
Todd C. Miller
7689b8718c Check for SECCOMP_MODE_FILTER not SECCOMP_SET_MODE_FILTER. 
This matches the actual prctl() call we use.
 2022-06-07 10:50:59 -06:00
Pierre Bourdon
d549adf04b exec_ptrace: fix missing sudo_pt_regs on aarch64 
AArch64 already had an existing "user_pt_regs" struct and didn't need a
struct alias before the renaming to "sudo_pt_regs". Make the code build
again by adding the now missing alias.

Fixes: 2eb8ff17
 2022-06-07 17:14:39 +02:00
Todd C. Miller
c2a131714a Reinstall the event handler if we get EAGAIN from read/write callback. 
The read and write events do not set SUDO_EV_PERSIST so we need to
explicitly re-enable the event if there is still data to be read.
Bug #963.
 2022-06-06 19:42:07 -06:00