isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,456 Commits 1 Branch 0 Tags
32f4b98f6b4aea4951a2d7b56a55ba4a9e035b22
Commit Graph

56 Commits

Author SHA1 Message Date
Todd C. Miller
32f4b98f6b sudo frontend: silence most -Wconversion warnings. 2023-07-07 15:07:04 -06:00
Todd C. Miller
04c7e910ef Fix up indentation. 2023-07-01 16:03:33 -06:00
Rose
45fdfa18f1 Mark functions not returning as sudo_noreturn 
We also put NOTREACHED where it applies.
 2023-07-01 17:40:16 -04:00
Rose
22079c3072 Avoid compiler casting warnings Part 2 
This saves instructions that are related to casting as well as compiler warnings.
 2023-06-29 13:10:27 -04:00
Rose
e54ba33ea0 Avoid compiler casting warnings by assigning to the same type where possible 
This saves instructions that are related to casting as well as compiler warnings.
 2023-06-28 17:25:26 -04:00
Todd C. Miller
f0030cf30f Make struct {command,user}_details pointers const where possible. 2023-03-27 16:29:46 -06:00
Todd C. Miller
22776b0be6 Move pty_make_controlling() to exec_monitor.c where it is called. 
We can use details->tty to access the pty follower path.
 2023-03-24 14:56:13 -06:00
Todd C. Miller
b81c5e8dac Register pty cleanup function in exec_pty(), not exec_cmnd_pty(). 
We want it to execute in the main sudo process, not the monitor.
 2023-03-24 11:01:58 -06:00
Todd C. Miller
1772fc7b66 Only convert a signal number to a name if we are going to use it. 
It is mostly used for debug logging.
 2023-03-21 15:50:39 -06:00
Todd C. Miller
adb84293ab Move updating of the window size back to the main sudo process. 
We can use the leader file descriptor with TIOCGWINSZ to set the
window size of the pty.  Thanks to Duncan Overbruck for the hint.
 2023-03-21 15:30:54 -06:00
Todd C. Miller
36742deec3 Fix handling of signal forwarding when running commands in a script. 
We need to forward signals from a process in the same pgrp if the
pgrp leader is not either sudo or the command itself.
 2022-11-07 14:51:41 -07:00
Todd C. Miller
de4d53e488 When using ptrace(2), push the point where we suspend into exec_cmnd(). 
This should reduce the amount of time the child has to wait for
the parent to use PTRACE_SEIZE to seize control and then PTRACE_CONT
to continue the child.
 2022-05-31 19:51:26 -06:00
Todd C. Miller
423fbedb65 Suspend the child process and wait for SIGUSR when using ptrace. 
This fixes a race condition in ptrace-based intercept mode when
running the command in a pty.  It was possible for the monitor to
receive SIGCHLD when the command sent itself SIGSTOP before the
main sudo process did.
 2022-04-29 13:09:03 -06:00
Todd C. Miller
46edc4e198 Stop using the WCONTINUED flag with waitpid(2). 
We don't use it for anything other than a debug message and it will
cause problems when intercept mode starts using ptrace(2).
 2022-04-29 08:02:57 -06:00
Todd C. Miller
d2da56dacc Add struct command details * to struct monitor_closure. 
This will be used in the future by the ptrace intercept code.
 2022-04-20 13:58:22 -06:00
Todd C. Miller
de47380350 Block SIGCHLD when forking the mailer. 
Otherwise, it may be picked up by the signal handler instead of our
waitpid(2) call.
Don't warn if waitpid() returns 0 in a SIGCHLD handler.
 2022-03-14 13:54:12 -06:00
Todd C. Miller
e97fb5fd0b Separate out the code to compute the context from selinux_setup(). 
This makes it possible to determine whether we really need to execute
the command via the sesh helper.  What was left of selinux_setup()
is now selinux_relabel_tty() and selinux_audit_role_change().
 2021-11-05 12:33:20 -06:00
Todd C. Miller
a556b373c9 Allocate a socketpair to communicate with sudo_intercept.so over. 
This is used for the intercept and log_children options.
 2021-08-09 15:50:25 -06:00
Todd C. Miller
84e6e6ccf9 Update copyright year on some files where it was out of date. 2020-08-31 14:09:36 -06:00
Todd C. Miller
961a4afe67 Fix some warnings from pvs-studio 2020-08-12 13:45:09 -06:00
Todd C. Miller
03ad96e445 Use the fallthrough attribute instead of /* FALLTHROUGH */ comments. 2020-08-01 13:10:50 -06:00
Todd C. Miller
8bb5aedacf Replace master/slave in code with leader/follower. 2020-06-15 16:21:32 -06:00
Todd C. Miller
446ae3f507 Include string.h unconditionally and only use strings.h for strn?casecmp() 
In the pre-POSIX days BSD had strings.h, not string.h.
Now strings.h is only used for non-ANSI string functions.
 2020-05-18 07:59:24 -06:00
Todd C. Miller
0cf2e09e0c Apply spelling fixes. 
Fixes from PR #30 (ka7) and Bug #925 (fossies.org codespell)
 2020-05-06 09:27:43 -06:00
Todd C. Miller
76bf9a73bc Fix sudoedit when running with SELinux RBAC mode. 
We can't use run_command() to run sesh, that will use the sudo event
loop (and might run it in a pty!).
There's no need to relabel the tty when copying files.
Get the path to sesh from sudo.conf.

Currently, for SELinux RBAC, the editor runs with the target user's
security context. This defeats the purpose of sudoedit.  Fixing
that requires passing file descriptors between the main sudo process
(running with the invoking user's security context) and sesh (runnning
with the target user's security context).
 2020-04-21 14:29:23 -06:00
Todd C. Miller
ac61b5655d Use EXIT_SUCCESS and EXIT_FAILURE more consistently. 2020-02-08 12:43:00 -07:00
Todd C. Miller
5793023ffd Add a plugin interface to sudo main event loop. 2019-11-15 13:36:01 -07:00
Todd C. Miller
356287557f Use dup3() instead of dup2(). 
This is less error prone since dup3() returns an error if old == new.
Sudo guarantees that fds 0-2 are already open.
 2019-11-02 10:55:50 -06:00
Todd C. Miller
352212c7bf Open all pipes using pipe2() with O_CLOEXEC. 
We no longer depend on calling closefrom() before exec.
 2019-11-02 10:52:34 -06:00
Todd C. Miller
112dff276a Fix restoring the file context of the user's tty with SELinux. 
Also fix broken tty labeling when running a command in a pty.
Includes a fix for a typo introduced in the last change set.
 2019-09-27 15:32:49 -06:00
Todd C. Miller
1e1ef61902 Add SPDX-License-Identifier to files. 2019-04-29 07:21:51 -06:00
Todd C. Miller
985600e7f0 Minor snprintf() usage tweaks: 
1) don't assume snprintf() returns -1 on error, check for <0
2) when comparing return value of sizeof(foo), cast the sizeof, not the len
3) cast return value to void in cases where snprintf cannot fail
 2019-01-20 07:49:48 -07:00
Todd C. Miller
6c3d20cb41 Convert PVS-Studio comment to ANSI C. 2018-10-26 08:39:09 -06:00
Todd C. Miller
64e5d34c57 Add comments in .c files so PVS-Studio will check them. 2018-10-21 08:46:05 -06:00
Todd C. Miller
b89cf34b53 Replace sudo_fatal(NULL) with an "unable to allocate memory" message 
that includes the function name.
 2018-10-12 08:39:12 -06:00
Todd C. Miller
5cca421867 Close the pty slave in the parent so that when the command and 
monitor exit, the pty gets recycled without our having to close
it directly.
 2018-08-20 10:04:15 -06:00
Todd C. Miller
6953e7fc79 Move updating of the window size to the monitor process. 
This will allow us to close the slave in the main sudo process in
the future so only the command and monitor have it open.
 2018-08-20 10:04:14 -06:00
Todd C. Miller
42fe0409f6 Add sudo_ev_dispatch(), a wrapper for ev_loop() with no flags. 
Similar the dispatch function in libevent.
 2018-02-19 11:00:10 -07:00
Todd C. Miller
48fba3c2cc update my email to Todd.Miller@sudo.ws 2017-12-03 17:53:40 -07:00
Todd C. Miller
b561d0d7dd When the command completes, make the monitor the foreground process 
group before informing the main sudo process of the command's exit
status.  This will prevent processes started by the command (which
runs in a different process group) from receiving SIGHUP since the
kernel sends SIGHUP to the foreground process group associated with
the terminal session.  The monitor has a SIGHUP handler installed
so the signal is effectively ignored.
 2017-12-01 13:43:06 -07:00
Todd C. Miller
b9adb3dd51 Don't loop over read/write, recv/send or tcgetpgrp/tcsetpgrp trying 
to handle EINTR.  We now use SA_RESTART with signals so this is not
needed and is potentially dangerous if it is possible to receive
SIGTTIN or SIGTTOU (which it currently is not).
 2017-11-30 09:53:21 -07:00
Todd C. Miller
486ced7c11 Sprinkle some extra debugging printfs 2017-11-29 13:13:33 -07:00
Todd C. Miller
d2a0bfbb12 Add the ability to set a default event base, to be used by plugins 
which don't have access to the event base.
 2017-07-13 13:59:31 -06:00
Todd C. Miller
f5b60ef749 Add debug warning when we have wait status but don't overwrite the 
existing cstat.
 2017-06-15 07:51:02 -06:00
Todd C. Miller
c8c586ee0b Better handling of SIGCONT from in command in the monitor. It is 
useful to know when the command continued but we don't want to
inform the parent or store the wait status in this case.  Fixes a
hang after multiple suspends on Linux.
 2017-06-15 07:51:00 -06:00
Todd C. Miller
ad8c1ae07a To avoid overwriting existing command status, check for CMD_INVALID 
instead of CMD_ERRNO or CMD_WSTATUS.
 2017-05-18 13:53:15 -06:00
Todd C. Miller
d979898e71 Remove use of non-standard sigaction_t 2017-05-12 10:02:18 -06:00
Todd C. Miller
1186f39842 Use SUDO_EV_SIGNAL and SUDO_EV_SIGINFO instead of managing the 
signal_pipe explicitly.
 2017-05-12 10:02:17 -06:00
Todd C. Miller
e18a5c7d74 Fix a hang introduced in the last commit. Don't close the pty slave 
until after we have the controlling tty.
 2017-05-05 14:45:35 -06:00
Todd C. Miller
44dc15d02d If any of std{in,out,err} are not hooked up to a tty only interpose 
ourselves with a pipe if the plugin will actually log the data.
This avoids a problem with non-interactive commands where no tty
is present where sudo will consume stdin even when log_input is not
enabled in sudoers.
 2017-05-05 14:27:42 -06:00