isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,067 Commits 1 Branch 0 Tags
2af994ada6118aadb26573a73485ec1944f28d62
Commit Graph

3067 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
2af994ada6 Add a comment describing why we need to be notified about our child 
stopping.
 2004-01-23 00:22:28 +00:00
Todd C. Miller
04b8f60cad Update the noexec variable descriptions 2004-01-22 21:06:58 +00:00
Todd C. Miller
5a972df0ba noexec now replaces more than just execve() 2004-01-22 19:18:50 +00:00
Todd C. Miller
4ad4ba1740 Alas, all the world does not go through execve(2). Many systems 
still have an execv(2) system call, Linux 2.6 provides fexecve(2)
and it is not uncommon for libc to have underscore ('_') versions
of the functions to be used internally by the library.  Instead of
stubbing all these out by hand, define a macro and let it do the
work.  Extra exec functions pointed out by Reznic Valery.
 2004-01-22 17:14:18 +00:00
Todd C. Miller
5ccddf8176 Fix suspending the editor in -e mode. Because we do a fork() first 
we need to be notified when the child has been stopped and then send
that same signal to ourself so the shell can do its job control thing.
 2004-01-22 02:57:01 +00:00
Todd C. Miller
24155a405a Use WIFEXITED and WEXITSTATUS macros. If there are systems out there 
that want to run sudo that still don't support these we can try to
deal with that later.
 2004-01-22 02:44:13 +00:00
Todd C. Miller
6f2cfc2bca regen 2004-01-22 01:03:16 +00:00
Todd C. Miller
be8c6acf64 Document sudo -e / sudoedit 2004-01-22 01:00:54 +00:00
Todd C. Miller
63e1f3dd92 fix typo 2004-01-22 00:08:58 +00:00
Todd C. Miller
2d21140a3d Add SET/CLR/ISSET 2004-01-22 00:02:36 +00:00
Todd C. Miller
d1798a06b4 Allow non-exclusive flags when invoked as sudoedit. 
Pretty print the long usage() line to not wrap (assumes 80 char display)
 2004-01-21 23:55:39 +00:00
Todd C. Miller
2be964efea If sudo is invoked as "sudoedit" the -e flag is implied and no other 
flags are permitted.
 2004-01-21 23:01:35 +00:00
Todd C. Miller
c7d74402f3 Add a new flag, -e, that makes it possible to give users the ability 
to edit files with the editor of their choice as the invoking user,
not the runas user.  Temporary files are used for the actual edit
and the temp file is copied over the original after the editor is done.
 2004-01-21 23:00:43 +00:00
Todd C. Miller
4dc5700a6d Add a new flag, -e, that makes it possible to give users the ability 
to edit files with the editor of their choice as the invoking user,
not the runas user.  Temporary files are used for the actual edit
and the temp file is copied over the original after the editor is done.
 2004-01-21 22:25:10 +00:00
Todd C. Miller
8ab5b8c596 If real uid == 0 and the SUDO_USER environment variables is set, 
use that to determine the invoking user's true identity.  That way
the proper info gets logged by someone who has done "sudo su" but
still uses sudo to as root.  We can't do this for non-root users
since that would open up a security hole, though perhaps it would
be acceptable to use getlogin(2) on OSes where this a system call
(and doesn't just look in the utmp file).
 2004-01-21 22:06:02 +00:00
Todd C. Miller
cc7cfa707e Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP 2004-01-21 21:58:24 +00:00
Todd C. Miller
f4a4d4c666 Add check for fchown(2) 2004-01-21 21:57:59 +00:00
Todd C. Miller
063c2812e2 Back out portions of the -i commit that set NewArgv[0] in set_runaspw. 
It is far to late to set NewArgv[0] there and will have no effect
anyway as cmnd and safe_cmnd have already been set.
 2004-01-20 19:22:46 +00:00
Todd C. Miller
f068ee01c4 Prefer VISUAL over EDITOR like old vipw did. 2004-01-20 19:18:44 +00:00
Todd C. Miller
3001e7f296 In -i mode always set new environment based on the runas user's passwd entry. 2004-01-19 01:17:00 +00:00
Todd C. Miller
1b7cf30c7b Document the new -i flag and sync SYNOPSIS section with usage() in sudo.c. 
Also sort the flags in the OPTIONS section.
 2004-01-18 22:56:27 +00:00
Todd C. Miller
1ca6264df1 o Add -i that acts similar to "su -", based on patches from David J. MacKenzie 
o Sort the flags in the usage message
 2004-01-18 22:55:32 +00:00
Todd C. Miller
7471253e6c Add a missing @runas_default@ substitution. 2004-01-18 22:22:01 +00:00
Todd C. Miller
c823817275 Change euid to runas user before calling find_path(). Unfortunately, 
though runas_user can be modified in sudoers we haven't parsed sudoers yet.
 2004-01-17 21:34:05 +00:00
Todd C. Miller
6def750d08 Add missing defintion of Parameter_List and use single pipes in the 
Defaults EBNF definition.
 2004-01-17 21:25:40 +00:00
Todd C. Miller
03f5f4087c Fix a bug when set_runaspw() is used as a callback. We don't want to 
reset the contents of runas_pw if the user specified a user via the -u flag.

Avoid unnecessary passwd lookups in set_authpw().  In most cases we already
have the info in runas_pw.
 2004-01-17 18:49:59 +00:00
Todd C. Miller
e404f54c23 Add Stan Lee / Uncle Ben quote to the lecture from RedHat 2004-01-16 23:16:24 +00:00
Todd C. Miller
18027fa589 Update sudo_getepw() proto and add one for set_runaspw() 2004-01-16 23:12:03 +00:00
Todd C. Miller
69d47fe756 If we can't stat the command as root, try as the runas user instead. 2004-01-16 23:10:13 +00:00
Todd C. Miller
327729a7e6 Add stub set_runaspw() function 2004-01-16 23:09:34 +00:00
Todd C. Miller
febc09e147 Add set_runaspw() function to fill in runas_pw. This will be used 
as a callback to update runas_pw when the runas user changes.
 2004-01-16 23:09:20 +00:00
Todd C. Miller
ecfc813757 PERM_RUNAS -> PERM_FULL_RUNAS 2004-01-16 23:07:03 +00:00
Todd C. Miller
ceb3653d71 Rename PERM_RUNAS -> PERM_FULL_RUNAS and add a PERM_RUNAS that just 
changes the euid.
 2004-01-16 23:05:47 +00:00
Todd C. Miller
de6ff287e8 Make sudo_pwdup() act like OpenBSD pw_dup() and allocate memory in 
one chunk for easy free()ing.  Also change it from static to extern.
 2004-01-16 23:04:07 +00:00
Todd C. Miller
fb65156a72 Add callback support 2004-01-16 23:03:02 +00:00
Todd C. Miller
175e9e4720 Add a callback field and use it for runas_default 2004-01-16 23:02:18 +00:00
Todd C. Miller
487cd96e08 Add a callback field and use it for runas_default 2004-01-16 23:02:18 +00:00
Todd C. Miller
ae1a984afc Add support for chalnecho and display server responses used by fwtk >= 2.0 2004-01-15 20:13:47 +00:00
Todd C. Miller
db1196a91d ld.so is ld.so.1 on solaris 2004-01-12 23:39:00 +00:00
Todd C. Miller
d55c3f63c7 Use closefrom() instead of doing the equivalent inline. 2004-01-12 19:03:54 +00:00
Todd C. Miller
a34078ac33 closefrom(3) for systems w/o it 2004-01-12 18:55:30 +00:00
Todd C. Miller
c493bb6b63 Update from .pod file. 2004-01-09 21:29:05 +00:00
Todd C. Miller
5c16da4f20 Substitute noexec_file for the sudoers man page 2004-01-09 21:26:46 +00:00
Todd C. Miller
051943b687 Mention noexec 2004-01-09 21:24:50 +00:00
Todd C. Miller
67ba09fccf Document noexec 2004-01-09 21:16:52 +00:00
Todd C. Miller
149862cd9d Move PAM_CONST macro definition from config.h to pam.c where it belongs. 
We can't have this in config.h since that gets included too early.
 2004-01-09 19:39:00 +00:00
Todd C. Miller
aa4eb97ed5 Some PAM implementations put their headers in /usr/include/pam instead 
of /usr/include/security.
 2004-01-09 19:35:54 +00:00
Todd C. Miller
5459af61d4 I missed changing the EXEC macro -> EXECV here when I changed this in 
config.h.in and sudo.c a while ago.
 2004-01-09 19:32:43 +00:00
Todd C. Miller
fce2b7491a OpenBSD vax/m88k/hppa don't do shared libs 2004-01-09 18:15:54 +00:00
Todd C. Miller
cd2bd25a88 o merge the hpux case entries into a single entry w/ its own sub-case statement. 
o HP-UX >= 11 support getspnam(), use it in preference to getprpwuid()
 2004-01-09 08:29:33 +00:00