isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,149 Commits 1 Branch 0 Tags
3c9c8668c10e1f9b42ef25bed7777c20cbb9428b
Commit Graph

12149 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
3c9c8668c1 Avoid compilation errors if getaddrinfo() or freeaddrinfo() are macros. 
If this is the case we probably can't stub out the functions but
at least the fuzzer will compile.
 2023-01-31 13:33:59 -07:00
Todd C. Miller
7c5f0d3052 Initialize the integer result parameter passed to SIOCGIFANUM. 
It appears that passing in a non-zero value causes the ioctl() to
fail.  From Tim Rice.
 2023-01-31 12:35:49 -07:00
Todd C. Miller
0b2e662b2e Protect use of AF_INET6 with HAVE_STRUCT_IN6_ADDR guards. 
From Tim Rice.
 2023-01-31 12:22:47 -07:00
Todd C. Miller
ffb09be49d Add configure test for NSIG, _NSIG or __NSIG. 
This is better than just defining NSIG in sudo_compat.h if it is
not defined since signal.h may not have been included.
 2023-01-31 11:30:45 -07:00
Todd C. Miller
49df977c2f Avoid DNS lookups when fuzzing. 2023-01-31 08:59:50 -07:00
Todd C. Miller
23237bb006 No longer need to treat Rocky or Alma Linux specially. 
We now treat them the same as RHEL.
 2023-01-30 07:32:05 -07:00
Todd C. Miller
6d945448ef Merge pull request #230 from trackers-lover/main 
Return value does not match
 2023-01-29 07:12:25 -07:00
bianguangze@uniontech.com
8797f0ceb9 Modify return value parameter 2023-01-29 11:08:38 +08:00
Todd C. Miller
b257df55da Store conf hash in vm_servers instead of vmid. 
Add a shutdown command fallback to the conf file.
 2023-01-27 14:47:32 -07:00
Todd C. Miller
179ad08c86 Updated translations from translationproject.org 2023-01-27 14:46:52 -07:00
Todd C. Miller
ab9b20be9e New Georgian translation from translationproject.org 2023-01-26 13:29:31 -07:00
Todd C. Miller
b4325e64c8 Mention the recent intercept/log_subcmds fix. 2023-01-27 14:44:45 -07:00
Todd C. Miller
53389b5743 Recognize Alma Linux and Rocky Linux (Open Source RHEL clones) 2023-01-27 14:44:45 -07:00
Todd C. Miller
fd0021ee5c Regen with latest autoconf git. 2023-01-27 14:44:45 -07:00
Todd C. Miller
1977f98d21 Fix a typo. 2023-01-27 14:44:45 -07:00
Todd C. Miller
94eafd2f08 Fix determination of the number of CPU cores on Linux. 2023-01-27 10:31:12 -07:00
Todd C. Miller
3b3089e4f5 Merge pull request #235 from kernelmethod/apparmor_dependencies 
Replace the Debian libselinux1 dependency with libapparmor1
 2023-01-26 13:12:47 -07:00
kernelmethod
8c9a8933b2 Replace the Debian libselinux1 dependency with libapparmor1 
Debian >= 10 uses AppArmor by default instead of SELinux, so
SELinux-related sudo features are typically going to be unusable in
Debian installs. This changes the dependency on libselinux1 to be a
dependency on libapparmor1 for .deb packages built with `make package`.
 2023-01-26 19:42:52 +00:00
Todd C. Miller
fe001b6ffe get_execve_info: defer setting pathname until argbuf is finalized 
If we reallocate the buffer (via growbuf()) in ptrace_read_vec(),
the address of argbuf may change.  If so, the value stored in
pathname will no longer be valid.  GitHub issue #194.
 2023-01-25 11:55:29 -07:00
Todd C. Miller
a32a54dced Correct error message when command doesn't exist in intercept mode. 
Previously, we would always use EACCES, even when ENOENT was
appropriate.  This also affected log_subcmds.
 2023-01-25 10:31:49 -07:00
Todd C. Miller
de021b60db Update .pot files for 1.9.13 2023-01-24 13:11:47 -07:00
Todd C. Miller
b9dc472bba Update for 1.9.13. 2023-01-23 14:01:34 -07:00
Todd C. Miller
d3afffec75 Include elf.h, not linux/elf.h but define NT_ARM_SYSTEM_CALL if missing. 
Older kernel headers are missing the definition of EM_ARM in linux/elf.h.
GitHub issue #232
 2023-01-23 13:55:23 -07:00
Todd C. Miller
e11bb93e26 Add tests for escaped digits. 2023-01-23 08:48:21 -07:00
Todd C. Miller
f6340068d1 check_pattern: handle escaped digits since GNU libc accepts them. 2023-01-23 08:02:25 -07:00
Todd C. Miller
2d9c0d9034 Add eventlog_store_sudo() and use it in sudoreplay. 
This replaces the custom log formatting used by "sudoreplay -l".
 2023-01-22 15:27:53 -07:00
Todd C. Miller
733303ed96 Add --build-only flag to skip building packages. 2023-01-21 09:43:15 -07:00
Todd C. Miller
ec79bbc8e0 Suport building packages on DragonFly BSD. 2023-01-20 15:08:31 -07:00
Todd C. Miller
f65a51afdf Try to link a simple shared object with -Wl,--no-undefined. 
This only works for gcc-style compilers, which should not be a
problem.  The source uses environ (FreeBSD) and errno (OpenBSD).
 2023-01-20 12:30:33 -07:00
Todd C. Miller
0010c98613 Pass the name to the config.cache file to the build script. 
If --cache-file is not specified, no config.cache file will be used.
Add an "omit_artifacts" setting for platforms where we don't publish
artifacts.
 2023-01-20 10:30:19 -07:00
Todd C. Miller
ee2f2287a6 check_pattern: accept a backslash before the numeric bound like glibc. 
This helps avoid out-of-memory conditions when fuzzing on Linux.
 2023-01-19 19:50:09 -07:00
Todd C. Miller
7a64275a3d Don't use -Wl,--no-undefined with the sanitizers/fuzzers. 
It breaks linking when using -fsanitize with clang at least.
 2023-01-19 19:40:35 -07:00
Todd C. Miller
c6cc680069 Add a link to the sudo security advisories archive. 2023-01-19 15:20:38 -07:00
Todd C. Miller
f7265f5de2 Eliminate usage of obsolete 2-argument AC_CHECK_TYPE macro. 2023-01-19 13:59:05 -07:00
Todd C. Miller
9ddae66818 Add support for the struct kinfo_proc on Dragonfly BSD. 2023-01-19 13:22:32 -07:00
Todd C. Miller
d409ba67c6 Elminate the $OS variable, we can just use $host_os instead. 2023-01-19 13:22:31 -07:00
Todd C. Miller
cb56fd2edb Need to link sudo and sudoers with -lutil on Dragonfly BSD. 
It is safer to just search for setusercontext() in libc and libutil
instead of matching on the operating system.
 2023-01-19 13:22:31 -07:00
Todd C. Miller
83b4cee98a Add -Wl,--no-undefined to LDFLAGS if it is supported. 
This will find missing symbols at build-time instead of run-time.
Don't use it on FreeBSD where environ is filled in by the dynamic loader.
We also need to pull in -llber with -lldap where possible (instead
of relying on DT_NEEDED) to avoid undefined symbol errors when
building with LDAP support.
 2023-01-19 07:47:10 -07:00
Todd C. Miller
1e0bb704c2 Restore the line that set errno to ENOENT when find_path() fails. 
This was inadvertently removed when the "goto bad" was added.
 2023-01-19 10:08:38 -07:00
Todd C. Miller
e3583e01b8 The sample plugin is now built by default to avoid bit rot. 
GitHub issue #234.
 2023-01-19 07:38:51 -07:00
Todd C. Miller
4f9da47e55 The change from sudo_printf -> sudo_plugin_printf was incomplete. 
Fixes GitHub issue #234.
 2023-01-19 07:38:29 -07:00
Todd C. Miller
544c978217 Solaris: use lt_prog_compiler_pic instead of assuming -KPIC 2023-01-18 16:05:52 -07:00
Todd C. Miller
e72d75d38e Solaris: the aslr, nxheap and nxstack link options are only for executables. 
Move them back to PIE_LDFLAGS, which is only used when linking a binary.
 2023-01-18 15:38:31 -07:00
Todd C. Miller
7d4666656e Solaris: move aslr linker option to hardening and try to build real PIEs 
These flags are specific to the Solaris linker.
 2023-01-18 15:14:55 -07:00
Todd C. Miller
b44ad49bf7 Enable non-executable heap and stack options for Solaris ld. 2023-01-18 14:54:20 -07:00
Todd C. Miller
73c52e731a Limit some of the hardening tests to compilers that define __GNUC__. 
This should avoid false positives on other compilers.
 2023-01-18 14:39:52 -07:00
Todd C. Miller
7ff70c09fe Update expected plugin version. 2023-01-18 13:53:33 -07:00
Todd C. Miller
0865e61d9e Pass back the number of files to edit when using sudoedit. 
The sudo front-end can use this to determine where the list of files
to edit begins.
 2023-01-18 13:38:15 -07:00
Todd C. Miller
334daf92b3 Escape control characters in log messages and "sudoreplay -l" output. 
The log message contains user-controlled strings that could include
things like terminal control characters.  Space characters in the
command path are now also escaped.

Command line arguments that contain spaces are surrounded with
single quotes and any literal single quote or backslash characters
are escaped with a backslash.  This makes it possible to distinguish
multiple command line arguments from a single argument that contains
spaces.

Issue found by Matthieu Barjole and Victor Cutillas of Synacktiv
(https://synacktiv.com).
 2023-01-18 08:21:34 -07:00
Todd C. Miller
77557f8f19 Merge in sudo 1.9.12p2 changes. 2023-01-18 08:21:25 -07:00