isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,358 Commits 1 Branch 0 Tags
3a85a8892f982cc47cf44ece71a2f7e7d7550905
Commit Graph

164 Commits

Author SHA1 Message Date
Todd C. Miller
9b027676c0 Use the value of ipa_hostname from /etc/sssd/sssd.conf if present 
instead of the system hostname.
 2016-06-04 19:52:10 -06:00
Todd C. Miller
3b043207b2 Sudo 1.8.17 2016-05-06 09:28:42 -06:00
Todd C. Miller
b20b411e71 Define NO_LEAKS when sudo is built with Coverity. 2016-05-04 13:01:57 -06:00
Todd C. Miller
9d5c6fbd64 Remove the check for __sprintf_chk when checking for _FORTIFY_SOURCE, 
Some implementations are purely header-file based.  As long as we
can link a test program using sprintf() when _FORTIFY_SOURCE=2 it
should be safe to use.
 2016-04-28 15:27:53 -06:00
Todd C. Miller
e0f12d81a7 Remove configure checks for dev_t, id_t, ino_t, ptrdiff_t, size_t 
and ssize_t.  These have been specified by either ANSI C or POSIX
for long enough that if the system doesn't support them, it is
unlikely to be able to compile sudo anyway.
 2016-04-28 15:09:46 -06:00
Todd C. Miller
48dff84081 Work around an ambiguity in the PAM spec with respect to the conversation 
function.  It is not clear whether the "struct pam_message **msg" is an
array of pointers or a pointer to an array.  Linux-PAM and OpenPAM use
an array of pointers while Solaris/HP-UX/AIX uses a pointer to an array.
Bug #726.
 2016-03-09 09:39:46 -07:00
Todd C. Miller
4b079ee7e6 Don't check for posix_spawn() or posix_spawnp() if we were unable 
to find spawn.h.  This should only be a problem on systems with
broken headers.  Bug #730
 2016-02-24 16:00:08 -07:00
Todd C. Miller
4f7b0b1159 Remove last remnants of the deprecated --with-stow option. 2016-02-18 16:18:30 -07:00
Todd C. Miller
6cbba7d665 Add an administrative domain to the passwd/group cache key for 
AIX which can have different name <-> ID mappings depending
on whether the database is local, LDAP, etc.
 2016-02-01 11:08:58 -07:00
Todd C. Miller
3d0b0f061e Add --enable-asan configure flag to enable address sanitizer 2016-01-27 15:37:25 -07:00
Todd C. Miller
41a32a1c58 When calling setauthdb(), save the old registry value so we can 
restore it properly.  Previously we were setting the registry to
unrestricted instead of actually restoring it.
 2016-01-22 17:04:58 -07:00
Todd C. Miller
c1b1481204 Use faccessat(2) for directory writability instead of doing the 
checks manually where possible.  This also allows us to remove the
#ifdef __linux__ bits since we no longer use fstat(2) on Linux with
an O_PATH fd.
 2016-01-18 10:45:47 -07:00
Todd C. Miller
4bcef637f8 Work around the buggy pread(2) on 32-bit HP-UX 11.00 by using 
pread64() on that platform.
 2016-01-13 11:10:33 -07:00
Todd C. Miller
b20977d445 Add support for using fexecve() if supported on commands that are 
checksummed.
 2016-01-04 10:35:18 -07:00
Todd C. Miller
3b338830cf Add missing square brackets in configure option descriptions. 2015-12-16 14:57:37 -07:00
Todd C. Miller
d13bb39d1d Use https in sudo.ws urls 2015-11-20 10:51:11 -07:00
Todd C. Miller
48a95973a5 sudo 1.8.16 2015-11-20 10:33:08 -07:00
Todd C. Miller
640e867dbd Don't use CPPFLAGS for the -fstack-protector check. Otherwise on 
systems with _FORTIFY_SOURCE support we'll get an error due to the
lack of optimization flags.  Bug #725
 2015-10-30 10:11:55 -06:00
Todd C. Miller
448f7f25f2 When checking for stack protector support we need to actually link 
the test program.
 2015-10-30 08:49:22 -06:00
Todd C. Miller
b87ac0f0a2 Preserve LDFLAGS when checking for stack protector as they may include 
rpath settings to allow the stack protector lib to be found.  Avoid
using existing CFLAGS since we don't want the compiler to optimize
away the stack variable.
 2015-10-29 14:06:21 -06:00
Todd C. Miller
bdcb83be92 Better configure test for -fstack-protector. Some gcc installations 
may be missing the ssp library even though the compiler supports it.
 2015-10-29 10:51:09 -06:00
Todd C. Miller
c50cead833 Add directory writability checks for sudoedit. 2015-10-23 14:04:35 -06:00
Todd C. Miller
37abc1b7e4 There's no point in trying to interpose protected versions of the 
exec family of functions.  Many modern C libraries use hidden symbols
for the functions and syscalls defined in libc such that they cannot
be overridden inside libc itself.  We have to just wrap all the exec
variants plus system and popen.
 2015-09-28 21:20:37 -06:00
Todd C. Miller
a2979ed809 Remove checks for __sys_siglist and __sys_signame. They are internal 
to libc and there are no known systems that export those symbols
that do not already export the single underbar or no-underbar versions.
 2015-09-10 16:44:57 -06:00
Todd C. Miller
67183d74f4 Remove include/compat/timespec.h. Systems old enough to lack struct 
timespec are too old to build a modern sudo.
 2015-09-09 11:13:22 -06:00
Todd C. Miller
7d0a623fdd Use pread(2) and pwrite(2) where possible. 2015-09-07 06:06:08 -06:00
Todd C. Miller
00142c91fa Lock individual records in the timestamp file instead of the entire 
file.  This will make it possible for multiple sudo processes using
the same tty to serialize their timestamp lookups.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
079167d2c4 Sudo 1.8.15 2015-08-06 13:15:00 -06:00
Todd C. Miller
620f8a33eb Sudo 1.8.14p3 2015-07-22 06:09:14 -06:00
Todd C. Miller
ef47c692c3 Sudo 1.8.14p2 2015-07-20 20:27:40 -06:00
Todd C. Miller
c0b8e71488 Sudo 1.8.14p1 2015-07-17 15:28:26 -06:00
Todd C. Miller
43a57126ea Solaris 2.6 has the prototypes for inet_pton() and inet_ntop() in 
resolv.h.
 2015-07-09 10:11:25 -06:00
Todd C. Miller
d77941c2be We require POSIX so no need to conditionally include dirent.h. 
Add a check for d_namlen and use the result in the NAMLEN macro.
 2015-07-02 09:24:48 -06:00
Todd C. Miller
433c3dca58 Do check for inet_pton before inet_ntop since we may need to record 
dependent libraries for inet_pton when linking our getaddrinfo
replacement.
 2015-06-30 10:57:42 -06:00
Todd C. Miller
d87a0a4aab Add check for inline support. 2015-06-30 10:16:56 -06:00
Todd C. Miller
dc883f2454 We require ANSI C so stop using the obsolete STDC_HEADERS. 2015-06-19 14:29:27 -06:00
Todd C. Miller
09b07fe21a Add back _REENTRANT define on HP-UX to expose strtok_r on some versions. 
We may need to define it on other systems too.
 2015-06-19 12:35:51 -06:00
Todd C. Miller
048e251ae0 Fix check for strnlen() when cross-compiling. 2015-06-19 09:54:12 -06:00
Todd C. Miller
a50555faa2 Remove support for the obsolete malloc.h header. 2015-06-18 20:30:59 -06:00
Todd C. Miller
138aa2ccd1 Remove BROKEN_SYSLOG define which was for obsolete versions of HP-UX. 
Remove last remnants of 4.2BSD syslog support.
 2015-06-18 17:53:49 -06:00
Todd C. Miller
a38253b101 Replace use of OSDEFS with config.h defines. 
Rename DEFS in Makefile.in to CPPDEFS and include in CPPFLAGS.
Bring back _BSD_SOURCE as a config.h define.
Remove obsolescent _REENTRANT define.
 2015-06-18 09:33:05 -06:00
Todd C. Miller
4c7a264f10 Use AC_FUNC_STRNLEN to check for broken strnlen() on AIX. 
This requires that we use AC_USE_SYSTEM_EXTENSIONS so remove
things from OSDEFS that are enabled by AC_USE_SYSTEM_EXTENSIONS.
 2015-06-17 17:00:21 -06:00
Todd C. Miller
40d72f26e4 Add standalone reallocarray.c from OpenBSD instead of rolling our own. 2015-05-27 10:04:32 -06:00
Todd C. Miller
82286d8b7b Add strndup() for those without it. As strndup.c uses strnlen(), 
use our own if it is missing.
 2015-05-26 14:05:26 -06:00
Todd C. Miller
49d56f323e Add strnlen() replacement needed for glob.c. 
Only used if no glob() and no strnlen().
 2015-05-26 13:55:18 -06:00
Todd C. Miller
05a01d4c5d Avoid using a leading underbar in defines as they are reserved in 
ISO C.
 2015-05-21 11:13:20 -06:00
Todd C. Miller
a40cf3e288 There should be no need to check for tzset() as it is POSIX. 2015-05-18 13:42:06 -06:00
Todd C. Miller
f1491fe137 Add sudo_reallocarrary to util.exp.in if reallocarray is not found. 2015-05-18 13:39:21 -06:00
Todd C. Miller
0b1e027b12 Force flat namespace on darwin to make the getenv() hooking work 
as it does on ELF.
 2015-05-15 15:48:24 -06:00
Todd C. Miller
3595807f4e Add reallocarray() for those without it. 2015-05-14 10:13:18 -06:00