isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,761 Commits 1 Branch 0 Tags
3ce19efca958e607ab5a24fea3baf3adfbc4aac6
Commit Graph

27 Commits

Author SHA1 Message Date
Todd C. Miller
3ce19efca9 Add intercept_verify sudoers option to control execve(2) argument checking. 2022-07-29 15:22:27 -06:00
Helio Machado
d60b6c618f Improve Tag_Spec EBNF documentation 2022-06-07 17:24:45 +02:00
Helio Machado
3405fac05e Add missing colon in Tag_Spec documentation 2022-06-07 16:28:14 +02:00
Todd C. Miller
f52342031d Add support for intercepting the system(3) function. 
This also means we can log system(3) with log_subcmds.
 2022-05-31 14:45:00 -06:00
Todd C. Miller
6eda28ef51 Fix typo 2022-05-27 13:08:01 -06:00
Todd C. Miller
f16754a1dd Merge branch 'main' into apparmor_support 2022-05-27 08:25:12 -06:00
Todd C. Miller
f053f174bc Add intercept_type sudoers option to set intercept/log_subcmds mechanism. 2022-05-24 13:39:28 -06:00
kernelmethod
d8184fdb6f Add documentation for AppArmor support 
- Document the AppArmor userspec option in the sudoers man pages.
- Add information about the --with-apparmor build configuration option
  to INSTALL.md.
 2022-05-23 13:41:56 -06:00
Todd C. Miller
4ab6a87b96 Initialize intercept_allow_setid to true if we use ptrace(2) and seccomp(2). 2022-05-04 13:32:28 -06:00
Todd C. Miller
052d3d1d91 Update intercept documentation. 2022-04-29 13:09:03 -06:00
Todd C. Miller
973a8f08f9 Document that negating mailto or mailerpath disables sending mail. 2022-02-21 13:50:49 -07:00
Todd C. Miller
9f5615e5b1 Avoid using "note that" and "note: " in documentation. 2022-02-16 16:38:44 -07:00
Todd C. Miller
9175954895 Remove "please" from the documentation, it is considered bad style. 2022-02-16 12:33:32 -07:00
Todd C. Miller
339ef82d62 Add security notes about regular expressions in sudoers rules. 2022-02-16 10:41:29 -07:00
Todd C. Miller
33f54c853b Limit regular expressions to 1024 characters each. 
Avoids a problem with the fuzzer creating large regular expressions
that blow up the glibc regcomp().
 2022-02-12 09:33:02 -07:00
Todd C. Miller
0bbe4b1813 Substitute paths set by configure in examples. Bug #1023 2022-02-11 19:07:08 -07:00
Todd C. Miller
7c17f84a35 Add helper function to compile a regex that supports (?i). 2022-02-11 12:01:31 -07:00
Todd C. Miller
86d2173937 Add support for matching command and args using regular expressions. 
Either the command, its arguments or both may be (separate)
regular expressions.
 2022-02-10 18:26:24 -07:00
Todd C. Miller
3b6f620e3e Update links to sudo web site and reference markdown docs. 2022-02-10 13:15:39 -07:00
Todd C. Miller
7b5f0dfaf7 Use a 4n indent for code blocks instead of the default 6n. 2022-02-10 13:05:34 -07:00
Todd C. Miller
8adad85b4b A few minor (mostly cosmetic) fixes. 
Add missing ALL to Runas_Member and Host.
Replace some tabs with spaces.
Fix the syntax of a sudoedit example.
 2022-02-08 11:26:55 -07:00
Todd C. Miller
85fef8b50f Add sudoers option to perform authentication even in non-interative mode. 
If noninteractive_auth is set, authentication methods that do not
require input from the user's terminal may proceed.  It is off by
default, which restores the pre-1.9.9 behavior of "sudo -n".
 2022-02-01 20:08:26 -07:00
Todd C. Miller
0efe280037 Add a new sudoers settings log_passwords and passprompt_regex. 
When logging terminal input, if log_passwords is disabled and any
of the regular expressions in the passprompt_regex list are found
in the terminal output, terminal input will be replaced with '*'
characters until a newline or carriage return is found in the input
or an output character is received.
 2022-01-28 08:52:41 -07:00
Todd C. Miller
e4ee1a8502 Replace uid and gid with user-ID and group-ID in more places. 2022-01-20 10:08:34 -07:00
Todd C. Miller
0d0e7de454 Use the Oxford comma consistently, it is helpful in technical documents. 2022-01-19 18:41:23 -07:00
Todd C. Miller
48bc498a6f Add pam_askpass_service sudoers setting for "sudo -A". 
This makes it possible to use a different PAM configuration for
when "sudo -A" is used.  The main use case is to only use PAM modules
that can interact with the askpass program.  GitHub issue #112.
 2022-01-08 11:35:03 -07:00
Todd C. Miller
289a045a4f Rename "doc" directory to "docs" for better GitHub compatibility. 2021-11-10 16:45:16 -07:00