isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,562 Commits 1 Branch 0 Tags
2d2529a15edd0937a7b58488f681feb5be1cc9a1
Commit Graph

156 Commits

Author SHA1 Message Date
Todd C. Miller
2d2529a15e Add a sudoers_context struct that embeds the user and runas structs. 2023-08-20 16:27:08 -06:00
Todd C. Miller
a321e6cedf Add struct sudoers_runas_context and move runas-specific bits into it. 2023-08-12 14:20:30 -06:00
Todd C. Miller
d8b28dad97 Expand the user_* (and more) macros to user_ctx.foo. 2023-08-12 10:39:59 -06:00
Todd C. Miller
a38b714667 sudoers plugin: silence most -Wconversion warnings. 2023-07-07 15:07:04 -06:00
Todd C. Miller
3878ce8d49 env_file_next_local: change the order of the val_len check. 
It makes more sense to verify that val_len > 1 before using it.
This is not a problem in practice because val[val_len - 1] is
guaranteed not to underflow but it can confuse reviewers and static
analyzers.
 2023-01-09 14:26:07 -07:00
Todd C. Miller
d781ab0a89 Fix typo in check for environment variables that start with '='. 2023-01-09 14:23:50 -07:00
Sohom
761ffb3bfe Prevent integer underflow due to environment variable 
Gaurd against replacing quotes when the environment variable
val_len is 1.
 2023-01-02 11:47:52 +05:30
Todd C. Miller
8eabbf8fdd parse_args: an environment variable may not start with '='. 
Also check VAR=val format in validate_env_vars() and add an error
message if insert_env_vars() fails.
 2022-12-28 14:07:43 -07:00
Todd C. Miller
c820599893 rebuild_env: avoid a potential NULL dereference in fuzz_policy 2022-12-28 11:05:17 -07:00
Todd C. Miller
8e8a22b8e5 rebuild_env: avoid a potential NULL dereference in fuzz_policy 2022-12-28 09:45:01 -07:00
Todd C. Miller
9c4271f737 validate_env_vars: more efficient errbuf handling 
Also avoid appending to errbuf if it is already full.
 2022-12-28 09:24:22 -07:00
Todd C. Miller
f066ff9e01 Eliminate a few harmless dead stores. 
Quiets warnings from Infer.
 2022-11-22 11:18:24 -07:00
Todd C. Miller
2f3afd14ed In putenv(3) replacement reject a string with no '=' or that starts with one. 2022-08-08 07:43:00 -06:00
Benjamin Drung
225feb386e Add XDG_CURRENT_DESKTOP to initial_keepenv_table 
Qt needs `XDG_CURRENT_DESKTOP` to be set to determine the correct theme.

Since `DISPLAY` and `XAUTHORITY` are already in the default table of
variables to preserve in the environment, just add `XDG_CURRENT_DESKTOP`
to it.

Bug: https://launchpad.net/bugs/1958055
Signed-off-by: Benjamin Drung <bdrung@ubuntu.com>
 2022-07-29 11:35:47 +02:00
Todd C. Miller
224d78993a sudo_putenv_nodebug: require that the environment string include a '=' 2022-07-09 09:00:48 -06:00
Todd C. Miller
13672f28df Make sudo pass -Wwrite-strings 2022-06-28 16:33:15 -06:00
Todd C. Miller
6525436db7 Change black list -> blocklist 
This was missed in the previous conversion.
 2022-06-09 14:49:49 -06:00
Todd C. Miller
e7b414ce4e Move env hooks into sudoers_hooks.c. 2021-02-24 19:09:46 -07:00
Todd C. Miller
7f3c670a13 Fix sudoers garbage collection and run it in policy fuzzer. 2021-02-14 14:01:31 -07:00
Todd C. Miller
94c5052ebf Fix typo detected by codespell 2.0.0 
Also avoid some new false positives
 2020-11-24 07:40:38 -07:00
Todd C. Miller
bdf5530014 Set pp_ignore_define_body=false in uncrustify config. 
Need to work around a bug that produces closed brace errors,
see https://github.com/uncrustify/uncrustify/issues/2569
 2020-11-23 10:47:47 -07:00
Todd C. Miller
e0c2635fb3 Apply Google inclusive language guidelines. 
Also replace backwards with backward.
 2020-10-30 10:15:30 -06:00
Todd C. Miller
88dcdcd11d Fix -Wshadow warnings. 2020-09-25 15:09:45 -06:00
Todd C. Miller
961a4afe67 Fix some warnings from pvs-studio 2020-08-12 13:45:09 -06:00
Todd C. Miller
446ae3f507 Include string.h unconditionally and only use strings.h for strn?casecmp() 
In the pre-POSIX days BSD had strings.h, not string.h.
Now strings.h is only used for non-ANSI string functions.
 2020-05-18 07:59:24 -06:00
Todd C. Miller
dd88460800 We no longer need to include headers we don't use for sudo*.h files. 
Previously we needed to include headers required by the various
sudo*h files.  Now those files are more self-sufficient and we
should only include headers needed by code in the various .c files.
 2020-05-18 06:47:04 -06:00
Todd C. Miller
b66cf649f5 Fix typo in PERLIO_DEBUG (trailing whitespace). 
This has no effect unless env_reset is disabled.
From Allan Wirth
 2020-05-18 04:45:04 -06:00
Todd C. Miller
1d008b92f5 Truncate the command args at 4096 chars when formatting SUDO_COMMAND. 
We have to limit the length of SUDO_COMMAND to avoid getting E2BIG
from execve(2) for very long argument vectors.
The command's environment also counts against the ARG_MAX limit.
Debian bug #596631
 2020-04-02 13:01:58 -06:00
Todd C. Miller
486ee2b71f debug_decl and debug_decl_vars now require a semicolon at the end. 2019-12-22 08:48:16 -07:00
Todd C. Miller
71aed42f9e Do not warn about a missing /etc/environment file on Linux without PAM. 
Bug #907
 2019-11-06 09:55:14 -07:00
Todd C. Miller
1e1ef61902 Add SPDX-License-Identifier to files. 2019-04-29 07:21:51 -06:00
Todd C. Miller
e1205f08d6 Add simple API for to allow reading environment data from different sources. 
Currently, this is used to read a file like /etc/environment.
 2019-02-20 17:05:02 -07:00
Todd C. Miller
985600e7f0 Minor snprintf() usage tweaks: 
1) don't assume snprintf() returns -1 on error, check for <0
2) when comparing return value of sizeof(foo), cast the sizeof, not the len
3) cast return value to void in cases where snprintf cannot fail
 2019-01-20 07:49:48 -07:00
Todd C. Miller
6c3d20cb41 Convert PVS-Studio comment to ANSI C. 2018-10-26 08:39:09 -06:00
Todd C. Miller
64e5d34c57 Add comments in .c files so PVS-Studio will check them. 2018-10-21 08:46:05 -06:00
Todd C. Miller
d537daf787 Treat LOGIN, LOGNAME and USER specially. If one is preserved 
or deleted we want to preserve or delete all of them.
 2018-09-24 05:30:28 -06:00
Todd C. Miller
5f61f2c0f4 Remove special handling of the USERNAME environment variable. It 
used to be set on old versions of Fedora but that hasn't been the
case for some time.  It's worth noting that ssh doesn't set USERNAME
either.
 2018-09-24 05:30:03 -06:00
Todd C. Miller
2ff7870263 Update conversion of DID_* to KEPT_* to match the new values of 
DID_* and KEPT_*.
 2018-08-28 20:25:06 -06:00
Todd C. Miller
8acc29dc01 Set the LOGIN environment variable on AIX like we do LOGNAME. 2018-08-28 18:32:39 -06:00
Todd C. Miller
48fba3c2cc update my email to Todd.Miller@sudo.ws 2017-12-03 17:53:40 -07:00
Todd C. Miller
e1e2162dcf Instead of hard-coding a check for bash functions in env_should_delete(), 
use a "*=()* " pattern in initial_badenv_table[] to match them instead.
This allows the user to remove the check via env_delete.
 2017-06-03 08:43:32 -06:00
Todd C. Miller
17514b55ea Add support for multiple '*' in env_keep, env_check and env_delete 
entries.
 2017-05-12 10:02:17 -06:00
Todd C. Miller
b3af85ddc8 Add restricted_env_file which is like env_file but subject to the 
same restrictions as the user's own environment.
 2017-03-22 13:39:25 -06:00
Todd C. Miller
deb4c3b19c In sudo_unsetenv_nodebug(), decrement envp.env_len after removing 
the variable.  From Paul Zirnik of SUSE.
 2017-01-16 11:12:56 -07:00
Todd C. Miller
dbd5252798 Fix incorrect strncmp() lengths. The check for USERNAME was only 
looking at the first 5 characters (copy and paste error).  The check
for SUDO_PS1 was not checking the trailing '=' character (off by
one error).  Found by PVS-Studio.
 2016-10-26 11:25:59 -06:00
Todd C. Miller
4c8988d483 When checking for old-style bash functions in the environment, check 
for values starting with "() " (note the trailing space) rather
than "()".  Bash will only treat the value as a function if the
space after "()" is present.  The trailing space was already present
in the compare string but when it was added, the length passed to
strncmp() was not updated from 3 to 4.
Found by PVS-Studio.  No security impact.
 2016-10-26 11:22:30 -06:00
Todd C. Miller
fc1b4155d7 Replace bare ";" in the body of for() loops with "continue;" for 
improved readability.
 2016-10-26 10:42:28 -06:00
Todd C. Miller
3f022419ae Be consistent with the naming of the variable used to store the 
function return value.  Previously, some code used "rval", some
used "ret".  This standardizes on "ret" and uses "rc" for temporary
return codes.
 2016-09-08 16:38:08 -06:00
Todd C. Miller
881814c9f9 Don't try to support line continuation in /etc/environment. 2016-09-01 14:35:40 -06:00
Todd C. Miller
17ad75d50b Add a flags option to sudo_parseln() and a flag to only mach comments 
at the beginning of the line.  Use the flag when parsing ldap.conf.
 2016-09-01 09:19:20 -06:00