isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,761 Commits 1 Branch 0 Tags
363a2f2593c30b127ba84dc69f7c0c06b3b35e6b
Commit Graph

72 Commits

Author SHA1 Message Date
Todd C. Miller
363a2f2593 Fix preserving of variables in env_keep. 2007-06-19 16:53:09 +00:00
Todd C. Miller
f670ef29bc add XAUTHORIZATION 2007-06-19 11:11:42 +00:00
Todd C. Miller
5ac9f1de51 Add LINGUAS to initial_checkenv_table. 
Add COLORS, HOSTNAME, LS_COLORS, MAIL, PS1, PS2, XAUTHORITY
to intial_keepenv_table.
 2007-06-18 21:33:22 +00:00
Todd C. Miller
c225668972 Treat USERNAME environemnt variable like LOGNAME/USER 2007-06-18 21:23:48 +00:00
Todd C. Miller
549c88d513 Don't need to populate keepenv table with the contents of the checkenv table. 2007-06-18 21:21:30 +00:00
Todd C. Miller
e096ae6f13 Make env_check apply when env_reset it true. Environment variables are 
passed through unless they contain '/' or '%'.  There is no need
to have a variable in both env_check and env_keep.
 2007-06-18 12:56:11 +00:00
Todd C. Miller
f221ba2300 Check TERM and COLORTERM for '%' and '/' characters. From Debian. 2007-06-09 11:20:59 +00:00
Todd C. Miller
30e57038d4 Remove KRB5_KTNAME from environment. Allow COLORTERM. 2007-06-07 11:52:44 +00:00
Todd C. Miller
bf500a00d6 Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and 
LDR_PRELOAD64.  The 64-bit version is not currently supported.
Remove zero_env() prototype as it no longer exists.
 2007-01-31 15:00:48 +00:00
Todd C. Miller
be9d490e1a Add PERL5DB to list of environment variables to remove. 2005-11-15 14:25:03 +00:00
Todd C. Miller
b9f34a5a3f Add more environment variables to remove; from gentoo linux 
Add some comments about what bad env variables go to what (more to do)
 2005-11-13 19:51:43 +00:00
Todd C. Miller
3c6d0cc871 Add PERLLIB, PERL5LIB and PERL5OPT to the default list of environment 
variables to remove.  From Charles Morris
 2005-11-07 16:02:22 +00:00
Todd C. Miller
ce8f2b10e4 add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5 2005-11-01 18:24:47 +00:00
Todd C. Miller
096a289d94 add PS4 and SHELLOPTS to initial_badenv_table for bash 2005-10-28 00:35:33 +00:00
Todd C. Miller
8f90cfbd89 Preserve DISPLAY environment variable by default. 2005-06-25 21:46:16 +00:00
Todd C. Miller
2791a18078 Fix disabling set_logname and make env_keep override set_logname. 2005-02-20 17:57:48 +00:00
Todd C. Miller
6bee8e3770 Just clean the environment once. This assumes that any further 
setenv/putenv will be able to handle the fact that we replaced environ
with our own malloc'd copy but all the implementations I've checked do.
 2005-02-20 16:48:05 +00:00
Todd C. Miller
87a8b5b48b In -i mode, base the value of insert_env()'s dupcheck flag on DID_FOO flags. 
Move checks for $HOME resetting into rebuild_env()
 2005-02-16 04:16:22 +00:00
Todd C. Miller
74894ebf62 Move setting of user_path, user_shell, user_prompt and prev_user 
into init_vars() since user_shell at least is needed there.
 2005-02-13 05:33:59 +00:00
Todd C. Miller
778d587063 Update copyright years. 2005-02-12 22:56:07 +00:00
Todd C. Miller
ab2e7bc267 Instead of zeroing out the environment, just prune out entries 
based on the env_delete and env_check lists.  Base building up
the new environment on the current environment and the variables
we removed initially.
 2005-02-10 04:00:04 +00:00
Todd C. Miller
f015a51b9b correct value for DID_USER 2005-02-08 03:56:51 +00:00
Todd C. Miller
3b8b88407f Add __unused to rcsids 2005-01-27 15:42:30 +00:00
Todd C. Miller
48dae86b8f Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE being set 
unconditionally on darwin.  From Toby Peterson.
 2004-12-02 16:18:29 +00:00
Todd C. Miller
2c2daa8eca Use: #include <config.h> 
Not: #include "config.h"
That way we get the correct config.h when build dir != src dir
 2004-11-19 18:39:14 +00:00
Todd C. Miller
b2ef18bbd3 Preserve KRB5CCNAME in zero_env() and add a paranoia check to make sure 
we can't overflow new_env.
 2004-11-17 16:18:33 +00:00
Todd C. Miller
51375f969f Add local error/warning functions like err/warn but that call an additional 
cleanup routine in the error case.  This means we no longer need to compile
a special version of alloc.o for visudo.
 2004-11-15 15:53:53 +00:00
Todd C. Miller
a768dbc34f Bring back the "secure_path" Defaults option now that Defaults take 
effect before the path is searched.
 2004-11-12 16:19:19 +00:00
Todd C. Miller
74b4e439a6 strip CDPATH too 2004-11-11 16:25:20 +00:00
Todd C. Miller
482526bde1 strip exported bash functions from the environment. 2004-11-11 16:20:59 +00:00
Todd C. Miller
01dbe19ba1 Let the loader initialize nep 2004-09-08 15:57:49 +00:00
Aaron Spangler
03b53b6911 Rare SEGV 2004-09-07 01:12:34 +00:00
Aaron Spangler
2102b561ba Openldap ~/.ldaprc fix 2004-09-06 19:05:32 +00:00
Todd C. Miller
362d6f4eb6 Remove trailing spaces, no actual code changes. 2004-06-06 23:58:10 +00:00
Todd C. Miller
5a2e5144de More to a less restrictive, ISC-style license. 2004-02-13 21:36:43 +00:00
Todd C. Miller
262bb5e870 Use the SET, CLR and ISSET macros. 2004-01-29 22:33:54 +00:00
Todd C. Miller
8ab5b8c596 If real uid == 0 and the SUDO_USER environment variables is set, 
use that to determine the invoking user's true identity.  That way
the proper info gets logged by someone who has done "sudo su" but
still uses sudo to as root.  We can't do this for non-root users
since that would open up a security hole, though perhaps it would
be acceptable to use getlogin(2) on OSes where this a system call
(and doesn't just look in the utmp file).
 2004-01-21 22:06:02 +00:00
Todd C. Miller
3001e7f296 In -i mode always set new environment based on the runas user's passwd entry. 2004-01-19 01:17:00 +00:00
Todd C. Miller
ecfc813757 PERM_RUNAS -> PERM_FULL_RUNAS 2004-01-16 23:07:03 +00:00
Todd C. Miller
230a54ebb9 Make format_env() varargs 
Add noexec support for Darwin, MacOS X, Irix, and Tru64
 2004-01-09 05:38:58 +00:00
Todd C. Miller
8e421c95b8 update copyright year 2004-01-05 17:15:32 +00:00
Todd C. Miller
626e2cd209 Add _PATH_SUDO_NOEXEC and corresponding --with-noexec configure option. 
The default value of noexec_file is set to this.
 2004-01-05 03:58:39 +00:00
Todd C. Miller
7536a781f0 Add support for preloading a shared object containing a dummy execve() 
function that just sets error and returns -1.  This adds a
"noexec_file" option to load the filename as well as a "noexec" flag
to enable it unconditionally.  There is also a NOEXEC tag that can
be attached to specific commands and an EXEC tag to disable it.
 2004-01-05 02:48:09 +00:00
Todd C. Miller
6ad252765b Create def_* macros for each defaults value so we no longer need 
the def_{flag,ival,str,list,mode} macros (which have been removed).
This is a step toward more flexible data types in def_data.in.
 2003-12-30 22:20:21 +00:00
Todd C. Miller
684f62dd0f Fix an off by one error when reallocating the environment; Kevin Pye 2003-05-06 04:31:24 +00:00
Todd C. Miller
c6c8c99515 add DARPA credit on affected files 2003-04-16 00:42:09 +00:00
Todd C. Miller
dcf1a5acce Use warn/err and getprogname() throughout. The main exception is 
openlog().  Since the admin may be filtering logs based on the
program name in the log files, hard code this to "sudo".
 2003-04-02 18:25:30 +00:00
Todd C. Miller
48229cbac6 update copyright year 2003-03-15 20:31:02 +00:00
Todd C. Miller
b18a141ae9 Cast [ug]ids to unsigned long and printf with %lu 2003-03-15 20:19:58 +00:00
Todd C. Miller
7e05ae7a3b fix indentation 2003-03-15 17:51:45 +00:00