isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,104 Commits 1 Branch 0 Tags
168d5c47c99336ac3be70b2c04170b17e615919c
Commit Graph

11104 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
168d5c47c9 Update runcwd in command_info[] before passing it to the audit plugin. 
Since sudoers does rejected commands itself the runcwd will still
not be correct for those.
 2021-08-27 15:58:19 -06:00
Todd C. Miller
22de92b0da Fix LD_PRELOAD formatting when there is an existing LD_PRELOAD var. 2021-08-27 13:19:58 -06:00
Todd C. Miller
75bac8dee9 intercept_check_policy: fix potential NUL dereference on the error path. 2021-08-26 17:29:30 -06:00
Todd C. Miller
ba171724f7 Rename log_children -> log_subcmds 2021-08-26 16:36:41 -06:00
Todd C. Miller
d8d4023335 Updated translations from translationproject.org 2021-08-26 13:17:46 -06:00
Todd C. Miller
dcab17900b Add sudo_debug_register_v2() stub for fuzzing build. 2021-08-26 10:43:15 -06:00
Todd C. Miller
3d8b327c60 Fix use-after-free on error. 
Also remove useless free of a ptr that is always NULL on the error path.
 2021-08-26 10:07:50 -06:00
Todd C. Miller
dc30c842bb No longer need to remap intercept fd but we do need to remap debug fd. 
The intercept fd is closed in the ctor but the debug fd will still be open.
 2021-08-26 09:57:25 -06:00
Todd C. Miller
70aef0eb2d sudo_debug_register: add minfd argument to specify lowest fd number 
Use this in sudo_intercept.so to avoid allocating a low-numbered
fd which the shell reserves for use by scripts.
 2021-08-26 09:57:24 -06:00
Todd C. Miller
d6a71fe32e Fix command name of sub-command in logs when log_children is set. 2021-08-26 09:46:26 -06:00
Todd C. Miller
ec751c63eb log_allowed: pass struct eventlog * instead of argv[] and envp[]. 
This lets us log based on the command_info[] list passed in from
the front-end.  Previously, much of the struct eventlog was constructed
from internal sudoers state instead.
 2021-08-25 17:29:15 -06:00
Todd C. Miller
e199dd8254 sudo_compat.h: include unistd.h on HP-UX to safely redefine pread/pwrite 
HP-UX 11.31 defines static functions for pread() and pwrite() which
will conflict with our macros.
 2021-08-25 16:31:46 -06:00
Todd C. Miller
438a0cf07e Add a state variable to intercept_closure, replaces policy_result. 2021-08-25 14:24:36 -06:00
Todd C. Miller
c465d8971d Change intercept IPC to use a localhost socket instead of inherited fd. 
This allows intercept mode to work with shells that close all open
fds upon startup.  The ctor in sudo_intercept.so requests the port
number and secret over the socket inherited from the parent then
closes it.  For each policy request, a TCP connection is made to
the sudo parent process to perform the policy check.  Child processes
re-use the TCP socket to request the port number and secret just like
the initial process started by sudo does.
 2021-08-25 14:24:36 -06:00
Todd C. Miller
448536e0f7 Fold intercept_closure_reset() into intercept_close(). 2021-08-24 13:00:52 -06:00
Todd C. Miller
0aedc965f8 command_matches: avoid printf("%s") of NULL in debug for sudo ALL. 2021-08-25 13:11:57 -06:00
Todd C. Miller
9980357a73 Merge pull request #111 from commodo/fix-cflags 
lib/util/Makefile.in: use host CFLAGS and CPPFLAGS for mksig{name,list}
 2021-08-25 08:09:00 -06:00
Alexandru Ardelean
a12b15b436 lib: util: Makefile.in: use host CFLAGS and CPPFLAGS for mksig{name,list} 
When cross-build support was added for mkig{name,list} was added, the
CFLAGS and CPPFLAGS should have been updated to the HOSTCFLAGS/HOSTCPPFLAGS
vars.

In a cross-build scenario, some of these flags don't match what the
compiler can understand (because they may be architecture specific) and
may fail the build.

Using the HOSTCFLAGS/HOSTCPPFLAGS works and builds successfully.
Also the output binary works on the target.

This is in continuation of
- https://github.com/sudo-project/sudo/pull/104
- https://github.com/sudo-project/sudo/pull/109

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2021-08-25 15:24:21 +03:00
Todd C. Miller
222d6f94cd Fix typo that caused SUDO_INTERCEPT_FD to overwrite LD_PRELOAD. 2021-08-24 08:51:43 -06:00
Todd C. Miller
1391813443 Fix off-by-one that could result in duplicate SUDO_INTERCEPT_FD vars. 2021-08-24 08:34:14 -06:00
Todd C. Miller
df68f4c8d9 Fix typo in macOS execv change. 2021-08-24 08:09:20 -06:00
Todd C. Miller
98401c0588 Add execv(3) support to sudo_intercept.so. 
This allows intercept to work with csh which uses execv(3) not execve(2).
 2021-08-21 08:44:16 -06:00
Todd C. Miller
02b78c38ed Sync the list of functions trapped by sudo_noexec.so. 2021-08-20 18:41:32 -06:00
Todd C. Miller
1e795b5487 Add a Debug example for sudo_intercept.so 
Don't try to enumerate all the sudo programs that support debugging
since all of them do.
 2021-08-20 16:07:02 -06:00
Todd C. Miller
bb40491c99 Update sudoers Debug example to match the debug changes from sudo 1.8.12. 2021-08-20 15:50:02 -06:00
Todd C. Miller
8ccb7f0096 sudo_intercept.so only intercepts execve(2) for now. 2021-08-20 14:25:49 -06:00
Todd C. Miller
7df245dc91 Fix formatting for bound defaults with multiple entries in the binding. 
The entries in the binding were separated with " ," instead of ", ".
 2021-08-20 14:01:44 -06:00
Todd C. Miller
4ccd966e22 Add exports file for sudo_intercept.so that only exports execve() 2021-08-20 11:49:22 -06:00
Todd C. Miller
dc281f0366 Add some debugging to the sudo_intercept.so. 2021-08-20 11:32:29 -06:00
Todd C. Miller
680fd4a629 Use AC_FUNC_FSEEKO instead of AC_CHECK_FUNCS_ONCE([fseeko]). 
This will define _LARGEFILE_SOURCE, if needed, to make the prototype
visible on older systems.
 2021-08-20 10:59:52 -06:00
Todd C. Miller
ad28b90c4d We still need the pread/pwrite hack for HP-UX 11.11 at least. 
This time around, avoid defining _LARGEFILE64_SOURCE and just declare
pread64/pwrite64 ourselves.
 2021-08-19 19:18:24 -06:00
Todd C. Miller
23e5304b78 Fix prototypes for sudo_pread() and sudo_pwrite(). 2021-08-19 19:05:50 -06:00
Todd C. Miller
5d3ab032f2 intercept_fd_cb: store the passed fd in newfd, not fd 
only affects the old BSD-style fd passing code, not POSIX-style.
 2021-08-19 13:10:44 -06:00
Todd C. Miller
d333f484ec Fix mksiglist and mksigname dependencies. 2021-08-19 10:30:02 -06:00
Todd C. Miller
52e7594ae5 set-user-ID and set-group-ID not set user-ID and set group-ID. 2021-08-19 09:59:32 -06:00
Todd C. Miller
09f160779b The fix for bug #989 will make sudo 1.9.8. 
Also mention intercept_authenticate and intercept_allow_setid.
 2021-08-19 09:54:18 -06:00
Todd C. Miller
90aee138ba regen 2021-08-19 09:51:23 -06:00
Todd C. Miller
bb5843055e Replace messages like "unknown foo: %s" with "unknown foo %s". 
The colon really doesn't belong there; we generally use a colon to
separate a message from the warning detail.
 2021-08-19 09:44:11 -06:00
Todd C. Miller
b40f74cb24 Cross-build support for mksigname and mksiglist 
We must build these with the host C compiler but use the target
preprocessor to generate the output.
 2021-08-19 09:50:05 -06:00
a1346054
bf7d20b482 Minor cleanup (#110) 
* fix trivial shell script issues
* remove trailing whitespace
 2021-08-19 09:48:01 -06:00
Todd C. Miller
1c52c24a93 log_server_peer_cert and log_server_peer_key are not required by default. 
They are only required if sudo_logsrvd has tls_checkpeer enabled.
 2021-08-19 09:15:12 -06:00
Todd C. Miller
e17003b35c Sync warning messages with sudoers/logging.c 
Avoids 3 translation strings that were effectively duplicated.
 2021-08-19 09:09:19 -06:00
Todd C. Miller
ad5feeb40b regen 2021-08-18 15:48:05 -06:00
Todd C. Miller
f9d3f46fa7 Add intercept_allow_setid sudoers option, disabled by default. 
With this change, a shell in intercept mode cannot run a setuid or
setgid binary by default.  On most systems, the dynamic loader will
ignore LD_PRELOAD for setuid/setgid binaries such as sudo which
would effectively disable intercept mode.
 2021-08-18 15:43:26 -06:00
Todd C. Miller
53a95e3a50 Always allocate a struct sudo_command for the command, even for ALL. 
Previously we special-cased handling of ALL but this complicates
some upcoming changes.
 2021-08-18 09:12:19 -06:00
Todd C. Miller
dad40a50a1 Update TAGS_CHANGED macro based on parse.h 2021-08-16 13:28:19 -06:00
Todd C. Miller
fc9a01936c Better document the limitations of intercept mode. 
Also mention log_children under "Preventing shell escapes"
 2021-08-16 12:44:49 -06:00
Todd C. Miller
e4809d634d Update .pot files for 1.9.8. 2021-08-16 10:46:34 -06:00
Todd C. Miller
a85cf1f3fd Try to clarify log_server_peer_key and log_server_peer_cert. 
These are client-side not server-side.
 2021-08-16 10:45:51 -06:00
Todd C. Miller
bfcc31b19b Print the section when warning about an illegal key in the conf file. 
This should make it easier to tell when a setting is present in the
wrong section.
 2021-08-16 10:44:48 -06:00