isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,879 Commits 1 Branch 0 Tags
171512b173f7eddf1928d49b7238210c7c7c0474
Commit Graph

8879 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
d989f8af30 In sudo_ttyname_scan() if dir is the empty string, set errno to 
ENOENT before returning.
 2017-04-12 17:06:48 -06:00
Todd C. Miller
0b81e0b195 Try to make it clear that when match_group_by_gid is enabled, groups 
in sudoers are looked up by group name instead of group ID.  This
doesn't usually cause problems, but if there are conflicting group
entries (for example, from a local /etc/group file and an LDAP or
AD group database), whether the group is resolved by name or ID can
be used to work around conflicts.
 2017-04-11 16:56:04 -06:00
Todd C. Miller
f7251f806c sync with translationproject.org 2017-04-07 10:32:52 -06:00
Todd C. Miller
491e6ae9fc plug memory leak in check_digest 2017-04-07 09:56:47 -06:00
Todd C. Miller
c6f9f06c45 Check return value of dispatch_pending_signals() in case we received 
SIGINT or SIGQUIT before executing the command.
 2017-04-07 08:38:56 -06:00
Todd C. Miller
ec5b78335f back out unintentional change to the version number 2017-03-30 07:10:36 -06:00
Todd C. Miller
04d83c41c7 sync with translationproject.org 2017-03-28 10:56:30 -06:00
Todd C. Miller
bdc9251184 Make check_digest test sudo_filedigest() itself instead of the 
underlying SHA2 functions.  That way we can test it regardless of
whether we use sudo's SHA2 functions or a library version.
 2017-03-27 14:45:24 -06:00
Todd C. Miller
272a9c8e9b Document that commands matched by "sudo ALL" are not affected by 
fdexec.
 2017-03-27 11:10:18 -06:00
Todd C. Miller
ba15306c97 Update for 1.8.20 2017-03-24 16:29:09 -06:00
Todd C. Miller
a58c7d7db5 regen for restricted_env_file 2017-03-24 15:37:14 -06:00
Todd C. Miller
7f26338071 Mention that iolog_user is useful for NFS. 2017-03-24 15:36:03 -06:00
Todd C. Miller
4df6b62b56 Only retry mkdir or create with PERM_IOLOG if errno is EACCES. 
Also always use PERM_IOLOG for mkdtemp() since we cannot retry
if it fails.  Since we are guaranteed to create a new directory
there's no real need to try w/o PERM_IOLOG in this case.
 2017-03-23 17:00:27 -06:00
Todd C. Miller
31b16fd3e9 Add fallback to PERM_IOLOG when making the final componenet of iolog_dir. 2017-03-22 15:55:16 -06:00
Todd C. Miller
b3af85ddc8 Add restricted_env_file which is like env_file but subject to the 
same restrictions as the user's own environment.
 2017-03-22 13:39:25 -06:00
Todd C. Miller
4621e43676 quiet a warning on older zlib 2017-03-22 08:47:10 -06:00
Todd C. Miller
8d1e994d84 cast mode_t to unsigned int when printing with %o 2017-03-22 08:37:12 -06:00
Todd C. Miller
7f1fa00be9 regen 2017-03-21 16:34:17 -06:00
Todd C. Miller
7668b4b42b Set umask temporarily when creating files instead of changing the 
mode after the fact.  This is slightly less error prone.
 2017-03-21 16:21:17 -06:00
Todd C. Miller
2a37590b7d remove now-useless variable 2017-03-21 15:04:47 -06:00
Todd C. Miller
2caddff3f9 Don't set owner/mode on directories that already exist, only on 
newly-created ones.
 2017-03-21 14:55:19 -06:00
Todd C. Miller
1bd90d8fff Explicitly set the file mode of I/O log files so the mode is not 
affected by the invoking user's umask.
 2017-03-21 13:54:27 -06:00
Todd C. Miller
8d57491dc1 Add PERM_IOLOG so we can create I/O log files on an NFS-mounted 
filesystem where root is remapped to an unprivileged user.
 2017-03-21 13:41:14 -06:00
Todd C. Miller
cfb15106e3 Restore the '/' in the path before returning if we encounter an error. 2017-03-21 10:15:31 -06:00
Todd C. Miller
2dbd091443 When creating the timestamp directory, use the group of the timestamp 
owner instead of inheriting the group of the parent directory.
 2017-03-20 12:59:28 -06:00
Todd C. Miller
a1322d7dd9 zero out nss->handle after it has been freed to make sure we cannot free it twice 2017-03-21 09:52:51 -06:00
Todd C. Miller
c4e703696a Add iolog_flush option. 2017-03-20 10:25:58 -06:00
Todd C. Miller
8c8d078f66 Don't allow the user to specify an I/O log file mode that sudo can't 
read or write to.  I/O logs must always be readable and writable
by the owner.
 2017-03-17 10:56:17 -06:00
Todd C. Miller
8b3845c1ca Regenerate the cat pages with newer mandoc which formats double 
quotes as "foo" instead of ``foo''.
 2017-03-14 09:13:25 -06:00
Todd C. Miller
4bdbc6b290 Make it clear that I/O logs will be complete even if the command 
run by sudo is terminated by a signal.  The I/O log buffering just
prevents the logs from being displayed in real-time as the command
is running.
 2017-03-14 09:11:56 -06:00
Todd C. Miller
35e4bd3e9f Replace pipe_nonblock() with pipe2() 2017-03-13 12:11:52 -06:00
Todd C. Miller
7aa89c49b5 Emulate pipe2() on systems without it. 2017-03-13 12:11:51 -06:00
Todd C. Miller
b63df21ba5 Fix declaration of sudo_krb5_verify() in the case where krb5_verify_user() 
is not present.  Bug #777
 2017-03-10 11:52:49 -07:00
Todd C. Miller
453360666c Use HAVE_STDBOOL_H to detect systems w/o stdbool.h. 
Bug #778
 2017-03-10 11:49:07 -07:00
Todd C. Miller
a86d399ef6 regen 2017-03-09 12:00:18 -07:00
Todd C. Miller
867fd16343 Move SIGCHLD handling into handle_sigchld() functions and move the 
remaining bits of dispatch_signal() into signal_pipe_cb()
 2017-03-09 08:36:40 -07:00
Todd C. Miller
78f3f8bb9d e_termination should be set to the value of WTERMSIG not WEXITSTATUS 2017-03-08 09:17:53 -07:00
Todd C. Miller
af1482f487 Add tcsetpgrp_nobg() which acts like tcsetpgrp() but returns -1 
for a background process.  This is safer than blocking SIGTTOU
which would cause tcsetpgrp() to succeed in the background.
 2017-03-07 12:29:21 -07:00
Todd C. Miller
2f074d33ab Prevent sudo from receiving SIGTTOU when it tries to restore the 
controlling terminal.  There appears to be a race with the shell
(bash) which we may lose.
 2017-03-06 13:05:17 -07:00
Todd C. Miller
00b4732c9d Add some casts to quiet gcc warnings on Solaris and remove a 
now-useless debug printf.
 2017-03-03 11:20:56 -07:00
Todd C. Miller
a788144094 change debug info when suspending sudo 2017-03-03 11:20:25 -07:00
Todd C. Miller
6dba84dca9 Reorganize the command execution code to separate out the pty and 
non-pty code paths into their own event loops.  The non-pty exec
code is now contained in exec_nopty.c and the pty exec code is split
between exec_pty.c (parent process) and exec_monitor.c (session leader).
This results in a small bit of duplicated code but improves readability.
Some of the duplicated code will fall out in future changes to the
event subsystem (the signal pipe).
 2017-03-03 10:35:11 -07:00
Todd C. Miller
4b1f0c4176 Remove support for the TIOCGSIZE ioctl. Systems that use this 
rather than TIOCGWINSZ are too old for sudo to build on anyway.
 2017-02-26 16:41:25 -07:00
Todd C. Miller
13fcdb4f5f Set the child pid to -1 after we've waited for it and take care to 
avoid killing pid -1.  This makes it a bit more explicit and removes
the need for a separate variable to track the child's status.
Sudo already stops processing signals after it receives SIGCHLD so
it is not vulnerable to CVE-2017-2616.
 2017-02-24 15:14:56 -07:00
Todd C. Miller
05e52c7b82 Update the description of strict mode to current reality. Aliases 
haven't needed to be defined before they are used since sudo 1.7.
 2017-02-22 14:13:07 -07:00
Todd C. Miller
daa728fd88 Go back to using a Warning/Error prefix in the message printed to 
stderr for alias problems.  Requested by Tomas Sykora.
 2017-02-22 06:38:33 -07:00
Todd C. Miller
143620bb25 fix copyright years 2017-02-21 09:03:57 -07:00
Todd C. Miller
b9954fb9b9 Add support for using the message digest functions in libgcrypt 
instead of sudo's own SHA2 implementation.
 2017-02-20 16:44:12 -07:00
Todd C. Miller
199a594f43 Add support for using the message digest functions in OpenSSL instead 
of sudo's own SHA2 implementation.
 2017-02-20 16:44:12 -07:00
Todd C. Miller
b5e7b7bd2c Move the file digest code out of match.c and into filedigest.c. 
Inspired by RedHat changes that used libgcrypt.
Also add digest_type_to_name() to map a sudo digest type (int)
to a name (string) and use it.
 2017-02-20 16:44:12 -07:00