isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,061 Commits 1 Branch 0 Tags
3da971ba33ee64ee41e25370f0890ebd943ea7eb
Commit Graph

6061 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
3da971ba33 Better debug subsystem usage 2012-02-02 11:28:33 -05:00
Todd C. Miller
f5f9aadccc Remove duplicate function prototypes 2012-02-02 11:28:19 -05:00
Todd C. Miller
f1fef17d83 Error out if user specified --with-pam but we can't find the headers 
or library.  Also throw an error if the headers are present but the
library is not and vice versa.
 2012-02-01 11:27:50 -05:00
Todd C. Miller
491b4495f5 Fix the sudoers permission check when the expected sudoers mode is 
owner-writable.
 2012-01-31 16:24:57 -05:00
Todd C. Miller
c894f802d3 Verify that we can link executables built with -D_FORTIFY_SOURCE 
before using it.
 2012-01-30 14:09:17 -05:00
Todd C. Miller
ca4a338c45 Fix potential off-by-one when making a copy of the environment for 
LD_PRELOAD insertion.  Fixes bug #534
 2012-01-30 13:49:24 -05:00
Todd C. Miller
7908621ba0 Add rudimentary check for _FORTIFY_SOURCE support by checking for 
__sprintf_chk, one of the functions used by gcc to support it.
 2012-01-30 10:09:23 -05:00
Todd C. Miller
da6fe1230f Use AC_HEADER_STDBOOL instead of checking for stdbool.h ourselves. 2012-01-30 09:28:11 -05:00
Todd C. Miller
f3f986c75d regen 2012-01-29 14:48:20 -05:00
Todd C. Miller
1877c455d1 The change in 818e82ecbbfc that caused to exit when the monitor 
dies created a race condition between the monitor exiting and the
status being read.  All we really want to do is make sure that
select() notifies us that there is a status change when the monitor
dies unexpectedly so shutdown the socketpair connected to the monitor
for writing when it dies.  That way we can still read the status
that is pending on the socket and select() on Linux will tell us
that the fd is ready.
 2012-01-25 16:29:08 -05:00
Todd C. Miller
d11e7febbc Refactor disable_execute() and my_execve() into exec_common.c for 
use by sesh.c.  This fixes NOEXEC when SELinux is used.  Instead
of disabling exec in exec_setup(), disable it immediately before
executing the command.  Adapted from a diff by Arno Schuring.
 2012-01-25 14:58:02 -05:00
Todd C. Miller
e852bf4374 Add custom version of AC_CHECK_LIB that uses the extra libs in the 
cache value name.  With this we no longer need to rely on a modified
version of autoconf.
 2012-01-20 10:28:56 -05:00
Todd C. Miller
d337a532ac Better handling of network functions that need -lsocket -lnsl 2012-01-19 14:19:37 -05:00
Todd C. Miller
66a66729af When setting up the execution environment, set groups before gid/egid 
like sudo 1.7 did.
 2012-01-19 12:55:23 -05:00
Todd C. Miller
8e3691c38e Remove "WARNING: unable to find foo() trying -lsocket -lnsl" 2012-01-19 11:09:22 -05:00
Todd C. Miller
a5dfea7cd4 For "sudo -g" prepend the specified group ID to the beginning of 
the groups list.  This matches BSD convention where the effective
gid is the first entry in the group list.  This is required on newer
FreeBSD where the effective gid is not tracked separately and thus
setgroups() changes the egid if this convention is not followed.
Fixes bug #532
 2012-01-19 11:03:22 -05:00
Todd C. Miller
7747b481dd Fix sh warning; use "test" instead of "[" 2012-01-17 13:07:35 -05:00
Todd C. Miller
2fd77381a1 When not logging I/O, use a signal handler that only forwards SIGINT, 
SIGQUIT and SIGHUP when they are user-generated signals.  Fixes a
race in the non-I/O logging path where the command may receive two
keyboard-generated signals; one from the kernel and one from the
sudo process.
 2012-01-17 10:27:33 -05:00
Todd C. Miller
97cecaf6eb Back out change that put the command in its own pgrp when not logging 
I/O.  It causes problems with pipelines.
 2012-01-17 10:25:44 -05:00
Todd C. Miller
40badb50e6 Only run compat regress tests on compat objects we actually build. 
Fixes "make check" in the compat dir for systems that don't implement
character classes in fnmatch() or glob().  Bug #531
 2012-01-16 10:40:11 -05:00
Todd C. Miller
0df60d8ec0 Update po files from translationproject.org 2012-01-14 07:19:43 -05:00
Todd C. Miller
4baffc7801 Include parent directories in case they don't already exist. This 
fixes a directory permissions problem with the AIX package when the
/usr/local directories don't already exist.
 2012-01-13 09:49:20 -05:00
Todd C. Miller
4d8a8e0156 sync with git version 2012-01-13 09:06:08 -05:00
Todd C. Miller
ee0fb36d8b regen dependencies 2012-01-13 06:02:17 -05:00
Todd C. Miller
106bbebba7 Move tty name lookup code to its own file. 2012-01-13 06:01:58 -05:00
Todd C. Miller
83006b000e Update with latest sudo 1.8.4 changes. 2012-01-12 16:42:28 -05:00
Todd C. Miller
760cdb00d8 Remove obsolete template for HAVE_TIMESPEC 2012-01-12 13:25:04 -05:00
Todd C. Miller
1c038be413 Add a check for devname() returning a fully-qualified pathname. 
None of the devname() implementations do this today but you never
know when this might change.
 2012-01-12 07:50:40 -05:00
Todd C. Miller
315b998a6d For "visudo -c" also list include files that were checked when 
everything is OK.
 2012-01-11 16:25:39 -05:00
Todd C. Miller
f05de3f3f1 The device name returned by devname() does not include the /dev/ 
prefix so we need to add it ourselves.
 2012-01-11 15:38:18 -05:00
Todd C. Miller
f7b04c32ae Add debug warning if KERN_PROC sysctl fails or devname() can't 
resolve the tty device to a name.
 2012-01-11 14:09:16 -05:00
Todd C. Miller
fa15fc7651 The result of writev() is never checked so just cast to NULL. 2012-01-11 13:09:09 -05:00
Todd C. Miller
8fd2b8b934 Update Esperanto, Finnish, Polish and Ukrainian translations from 
translationproject.org.
 2012-01-11 07:09:25 -05:00
Todd C. Miller
528258aff5 Add support for determining tty via sysctl on other BSD variants. 2012-01-10 16:49:24 -05:00
Todd C. Miller
5c59576eac Only check for struct kinfo_proc.ki_tdev on systems that support sysctl. 2012-01-10 13:02:55 -05:00
Todd C. Miller
832c4c9d57 For FreeBSD, try the KERN_PROC_PID sysctl() first, falling back on 
ttyname() of std{in,out,err}.
 2012-01-10 13:02:41 -05:00
Todd C. Miller
974e50dcf0 On newer FreeBSD we can get the parent's tty name via sysctl(). 2012-01-09 16:08:58 -05:00
Todd C. Miller
c30872260f Include locale.h 2012-01-09 15:34:05 -05:00
Todd C. Miller
c142a52f5b Silence a gcc warning. 2012-01-09 15:33:51 -05:00
Todd C. Miller
d5571aa1e0 Need to include gettext.h and sudo_debug.h; from John Hein 2012-01-09 12:36:43 -05:00
Todd C. Miller
373043b4db Initialize the debug framework from the I/O plugin too. 2012-01-09 11:00:59 -05:00
Todd C. Miller
5dd3f0ec56 Enable debugging via sudo.conf. 2012-01-08 12:11:14 -05:00
Todd C. Miller
efbf020d42 Use SUDO_DEBUG_ALIAS for alias checking functions. 2012-01-07 12:24:43 -05:00
Todd C. Miller
b1882a7945 More complete test for getaddrinfo() that doesn't rely on the network 
libraries already being added to LIBS.
 2012-01-07 12:22:43 -05:00
Todd C. Miller
13561805d9 Add debug support. 2012-01-06 20:10:41 -05:00
Todd C. Miller
c1a9cc9ab1 Need -lsocket -lnsl for getaddrinfo(3) on Solaris at least. 2012-01-06 20:02:12 -05:00
Todd C. Miller
e7ae9dbba2 Include errno.h and missing.h 2012-01-06 19:28:08 -05:00
Todd C. Miller
1cfd09c880 ignore doc/varsub 2012-01-06 15:27:30 -05:00
Todd C. Miller
0771c981de Update copyright year. 2012-01-06 14:23:55 -05:00
Todd C. Miller
a9a3cbd410 Update for sudo 1.8.4 2012-01-06 14:19:53 -05:00