isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,435 Commits 1 Branch 0 Tags
2d1e360e8352f15dce9df95c45b733ceea7624e2
Commit Graph

3435 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
2d1e360e83 Move parse.lex -> toke.l 
Rename buffer_frob() -> switch_buffer()
WORD no longer needs to exclude '@'
kill yywrap()
 2004-10-26 22:12:47 +00:00
Todd C. Miller
5becc03851 Rewritten parser that converts sudoers into a set of data structures. 
This eliminates ordering issues and makes it possible to apply
sudoers Defaults entries before searching for the command.
 2004-10-26 22:10:55 +00:00
Todd C. Miller
6725bb2e53 We won't be using lsearch() any longer. 2004-10-26 22:09:22 +00:00
Todd C. Miller
f7d7a3d5f7 sudo should not send mail if someone who runs 'sudo -l' has no entry. 2004-10-26 22:07:03 +00:00
Todd C. Miller
8204723c87 regen 2004-10-26 20:09:14 +00:00
Todd C. Miller
ae0a788d98 Update warnings to match new visudo 2004-10-26 20:09:01 +00:00
Todd C. Miller
b7479ce1e2 The new parser doesn't have the old ordering constraints. 2004-10-26 20:08:47 +00:00
Todd C. Miller
92d0954bcc Document that -l now takes an optional username argument 2004-10-26 20:08:24 +00:00
Todd C. Miller
17bb4b138b AIX 5.2.0.0 works 2004-10-25 17:44:54 +00:00
Todd C. Miller
66992e10ef If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS instead. 
Fixes a compilation problem with Solaris 9's native LDAP.

Set FLAG_MONITOR when needed.
 2004-10-25 17:38:24 +00:00
Todd C. Miller
2c91a58149 Call sudo_goodpath() *after* changing the cwd to match the traced process. 
Fixes relative paths.
 2004-10-23 17:32:20 +00:00
Todd C. Miller
d9e4426cb1 Kill set_perms() stub--it is no longer needed. 2004-10-21 16:31:19 +00:00
Todd C. Miller
e455f848a9 stay_setuid now requires set_reuid() or setresuid() 2004-10-13 16:52:51 +00:00
Todd C. Miller
48cdd1dec3 Kill use of POSIX saved uids; they aren't worth bothering with. 2004-10-13 16:46:19 +00:00
Todd C. Miller
55e1b220e0 remove call to issetugid() 2004-10-07 20:23:06 +00:00
Todd C. Miller
d56b543a13 Remove warning about wildcards. Now that we use glob() the bug is fixed. 2004-10-07 18:57:41 +00:00
Todd C. Miller
1b06f3e81d Use glob(3) instead of fnmatch(3) for matching pathnames and stat each 
result that matches the basename of the user's command.  This makes
"cd /usr/bin ; sudo ./blah" work when sudoers allows /usr/bin/blah.
Fixes bug #143.
 2004-10-07 18:52:51 +00:00
Todd C. Miller
082b0f8b3b Define HAVE_EXTENDED_GLOB for extended glob (GLOB_TILDE and GLOB_BRACE) 2004-10-07 18:27:49 +00:00
Todd C. Miller
e05c8441e6 Check for a glob() that supports GLOB_BRACE and GLOB_TILDE 2004-10-07 16:59:54 +00:00
Todd C. Miller
b19c6c4e94 reference glob 2004-10-07 16:51:56 +00:00
Todd C. Miller
50ed391d18 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions removed. 2004-10-07 16:50:34 +00:00
Todd C. Miller
1ef398856a 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions removed. 2004-10-07 16:50:34 +00:00
Todd C. Miller
163994c116 Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably means 
we are out of space in the stack gap...
 2004-10-05 21:26:38 +00:00
Todd C. Miller
a3367a7158 sync 2004-10-05 21:20:06 +00:00
Todd C. Miller
a7d63df1fb Take a stab at ldap sudoers support here. 2004-10-05 20:53:29 +00:00
Todd C. Miller
385dfb2696 Detach from tracee on SIGHUP, SIGINT and SIGTERM. Now "sudo reboot" 
doesn't cause reboot to inadvertanly kill itself.
 2004-10-05 19:13:56 +00:00
Todd C. Miller
6e2fb232a4 put "monitor" in the proctitle, not "systrace" 2004-10-05 18:21:26 +00:00
Todd C. Miller
f01c983f12 When modifying the environment, don't replace envp when we can get 
away with just rewriting pointers in the traced process.
 2004-10-05 18:15:35 +00:00
Todd C. Miller
dc368b59fb Add environment updating via STRIOCINJECT (if available). 2004-10-05 17:46:22 +00:00
Todd C. Miller
5c259f8b47 regen 2004-10-05 14:22:26 +00:00
Todd C. Miller
30f4a9c13c regen 2004-10-04 20:15:38 +00:00
Todd C. Miller
7e36fc441c Fix bug introduced in unput() removal; want yyless(0) not yyless(1) 2004-10-04 20:15:29 +00:00
Todd C. Miller
d7e43093ef Include file is now mon_systrace.h 2004-10-04 16:09:45 +00:00
Todd C. Miller
3c8145a923 No longer call it tracing, it is now "monitoring" which should be more 
a obvious name to non-hackers.
 2004-10-04 16:07:19 +00:00
Todd C. Miller
5eb4895b55 Fix some XXX 2004-10-01 19:06:44 +00:00
Todd C. Miller
e173a07c85 No need to include syscall.h, use 1024 as the max # of entries (the 
max that systrace(4) allows).

Only need to use SYSTR_POLICY_ASSIGN once

Change check_syscall() -> find_handler() and have it return the
handler instead of just running it.  We need this since handler now
have two parts: one part that generates and answer and another that
gets called after the answer is accepted (to do logging).

Add some missing check_exec for emul execv
 2004-10-01 18:30:20 +00:00
Todd C. Miller
ebf22ee977 Add $Sudo$ tags. 2004-10-01 14:58:15 +00:00
Todd C. Miller
0035b30f94 Add missing HAVE_LINUX_SYSTRACE_H 2004-10-01 14:47:14 +00:00
Todd C. Miller
d94975937e add trace_systrace.o dependency 2004-10-01 00:46:21 +00:00
Todd C. Miller
6f338fd773 Also look for systrace.h in /usr/include/linux 2004-09-30 23:00:25 +00:00
Todd C. Miller
7edec19902 Move all struct defs and prototypes into trace_systrace.h and mark all 
but systace_attach() static.
 2004-09-30 22:27:33 +00:00
Todd C. Miller
33badbaeaa Add support for tracing emulations. At the moment, all emulations are 
compiled in.  It might make sense to #ifdef them in the future, though
this impeeds readability.
 2004-09-30 22:14:34 +00:00
Todd C. Miller
2cfa16a770 rename systrace.c -> trace_systrace.c 2004-09-30 21:07:36 +00:00
Todd C. Miller
6fa20c570f Allow this to build with a K&R compiler again 2004-09-30 19:58:10 +00:00
Todd C. Miller
9c15884b29 sync 2004-09-30 17:58:36 +00:00
Todd C. Miller
8a33025986 Use __attribute__((__noreturn__)) 2004-09-30 17:55:21 +00:00
Todd C. Miller
1e65afba3d Exit() takes a negative value to indicate it was not called via signal. 2004-09-30 17:44:24 +00:00
Todd C. Miller
abc7ac8eef regen 2004-09-30 17:25:51 +00:00
Todd C. Miller
2b020f9999 Define Err() and Errx() that are like err() and errx() but call Exit() 
instead of exit().  Build private copy of alloc.o for visudo that calls
Err() and Errx().
 2004-09-30 17:22:37 +00:00
Todd C. Miller
b5d2fbb77b regen 2004-09-29 19:22:38 +00:00