isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,553 Commits 1 Branch 0 Tags
4010d06ed05a6b47d202efe5bd86f7c77b67a7fd
Commit Graph

11553 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
4010d06ed0 In ptrace(2) intercept mode, add execveat to the seccomp(2) filter. 
This allows us to avoid logging the initial command twice regardless
of whether the kernel supports execveat(2) or not.
 2022-04-29 13:09:03 -06:00
Todd C. Miller
052d3d1d91 Update intercept documentation. 2022-04-29 13:09:03 -06:00
Todd C. Miller
52cacfc302 For ptrace intercept mode, do not do a policy check for the initial command. 
We can skip the policy check for the execve(2) of the initial command
since it has already been check.  Otherwise, we would log the command
twice.  When using fexecve(2) due to a digest check, there should
be no need to skip the initial command since it will be executed
via execveat(2) not execve(2).  However, on older kernels without
execveat(2), glibc will emulate fexecve(2) using /proc which will
result in the extra log entry.
 2022-04-29 13:09:03 -06:00
Todd C. Miller
5d385b3c58 Enable intercept and log_subcmds for SELinux using ptrace and seccomp. 2022-04-29 13:09:03 -06:00
Todd C. Miller
423fbedb65 Suspend the child process and wait for SIGUSR when using ptrace. 
This fixes a race condition in ptrace-based intercept mode when
running the command in a pty.  It was possible for the monitor to
receive SIGCHLD when the command sent itself SIGSTOP before the
main sudo process did.
 2022-04-29 13:09:03 -06:00
Todd C. Miller
fe80dc0bc2 Check architecture in the seccomp filter. 
Currently only supports the native architecture.
 2022-04-29 13:09:03 -06:00
Todd C. Miller
8e7ead57f6 Add support for replacing argv in ptrace intecept mode. 
The new argv is written below the tracee's stack and the system
call argument is replaced with the new argv address.
 2022-04-29 13:09:03 -06:00
Todd C. Miller
8e375445fb Check the policy for ptrace-based intercept mode. 2022-04-29 13:08:59 -06:00
Todd C. Miller
3e73644cde Add support for getting the execve(2) arguments via ptrace(2). 
This will be used to perform a policy check in intercept mode.
 2022-04-29 12:35:34 -06:00
Todd C. Miller
01733a5214 Add scaffolding for ptrace-based intercept mode. 2022-04-29 12:35:31 -06:00
Todd C. Miller
22866f2423 Handle multiple child processes in the SIGCHLD handler. 
This is required by the uncoming ptrace intercept code.
 2022-04-29 08:02:57 -06:00
Todd C. Miller
46edc4e198 Stop using the WCONTINUED flag with waitpid(2). 
We don't use it for anything other than a debug message and it will
cause problems when intercept mode starts using ptrace(2).
 2022-04-29 08:02:57 -06:00
Todd C. Miller
c7ed03c986 sudo_logsrvd: update elapsed time for winsize and suspend in journal mode 
Fixes a bug in store-first relay mode where the commit point messages
sent by the server were incorrect.
 2022-04-24 17:26:05 -06:00
Todd C. Miller
72794ecd75 Fix typo; GitHub issue #144 2022-04-23 07:21:08 -06:00
Todd C. Miller
d2da56dacc Add struct command details * to struct monitor_closure. 
This will be used in the future by the ptrace intercept code.
 2022-04-20 13:58:22 -06:00
Todd C. Miller
841375783a Don't require a pty for intercept or log_subcmmds. 
The code to take back control of the tty before a policy check
doesn't appear to be needed.  If the command is run in its own pty,
sudo has control over the user's tty.  If the command is run in
the user's tty, sudo should be in the foreground process group.
 2022-04-20 11:56:26 -06:00
Todd C. Miller
839c189373 Translate "unable to set limit privileges" strings. 2022-04-20 13:55:51 -06:00
Todd C. Miller
ec5164ced2 Define _TIME_BITS=64 on systems that define __TIMESIZE, like GNU libc. 
This should be replaced by a specialized autoconf macro when one
becomes available.
 2022-04-19 13:28:39 -06:00
Todd C. Miller
c414a89eb3 Remove ABOUT-NLS file, it is no longer maintained as part of GNU gettext. 
Expand the Translations section in CONTRIBUTING.md.
 2022-04-20 12:58:11 -06:00
Todd C. Miller
c51b81fa53 Expand section about expired accounts to include /etc/shadow info. 
GitHub issue #143
 2022-04-20 15:47:42 -06:00
Todd C. Miller
930271847a clean_output: prune lines that consisting of '^' characters and whitespace. 
Starting with Python 3.11, backtraces may contain a line with '^'
characters to bring attention to the important part of the line.
Also replace "REJECT" with "0" in backtrace output for Python 3.11.
 2022-04-11 19:05:06 -06:00
Todd C. Miller
a1e20ddd95 Fix check for EVP_MD_CTX_new() when -pthread is in Libs.private. 2022-04-04 10:13:28 -06:00
Todd C. Miller
dcb2fb26a5 Rename SSP_(C|LD)FLAGS -> HARDENING_(C|LD)FLAGS 2022-04-01 11:14:59 -06:00
Todd C. Miller
4a8877bebe Mention other hardening compilation and linker options. 2022-04-01 10:23:54 -06:00
Todd C. Miller
cc4d7196ff Update to libtool 2.4.7. 2022-03-31 16:14:10 -06:00
Todd C. Miller
90501b7000 Fix check for EVP_MD_CTX_new using static libcrypto with dependencies. 2022-03-31 16:14:10 -06:00
Todd C. Miller
c77cba373a --enable-openssl: don't add non-existent directories to PKG_CONFIG_LIBDIR 2022-03-30 11:21:44 -06:00
Todd C. Miller
dfd8ef2931 Fix a typo in the AIX section. 2022-03-29 16:53:37 -06:00
Todd C. Miller
5c0436f0b3 Update embedded copy of zlib to version 1.2.12. 
Fixes CVE-2018-25032
 2022-03-28 08:51:41 -06:00
Todd C. Miller
6af2b4188a Minor style nit. 2022-03-16 15:53:17 -06:00
Todd C. Miller
6143dcae97 Merge pull request #138 from dfskoll/main 
If we're using Kerberos, don't overwrite a custom prompt
 2022-03-16 15:42:15 -06:00
Dianne Skoll
11c6cdc02b If we're using Kerberos, don't overwrite a custom prompt if one was given with -p 
Thanks to @thend20 for testing this patch.
 2022-03-16 16:46:18 -04:00
Todd C. Miller
e2692f1095 Write the \r\n pair to ttyfp if possible, falling back on fp. 
This is consistent with the vfprintf() call and fixes a problem
introduced by the last commit where the newline could be written
before the message instead of after.
 2022-03-15 17:33:58 -06:00
Todd C. Miller
7537713904 Adjust starttime test when run under Debian faketime. 
Bug #1026
 2022-03-15 08:38:27 -06:00
Todd C. Miller
210875796d sudo_conversation_printf: convert trailing nl to cr + nl combo. 
This fixes output when the terminal is in raw mode and is consistent
with how sudo_conversation() behaves.
 2022-03-14 20:11:38 -06:00
Todd C. Miller
ff17317988 Do not warn, log or send mail for errors when reinitializing defaults. 
If there is a problem, we would have already warned, logged or mailed it.
The one exception is the initial defaults, which should never fail.
 2022-03-14 13:54:12 -06:00
Todd C. Miller
de47380350 Block SIGCHLD when forking the mailer. 
Otherwise, it may be picked up by the signal handler instead of our
waitpid(2) call.
Don't warn if waitpid() returns 0 in a SIGCHLD handler.
 2022-03-14 13:54:12 -06:00
Todd C. Miller
e5a50ae429 If there are multiple parse errors, send them in a single mail message. 2022-03-14 13:54:11 -06:00
Todd C. Miller
1f64aca229 Unset LANGUAGE when running tests, otherwise it may override LC_ALL. 
Bug #1025.
 2022-03-14 13:51:03 -06:00
Todd C. Miller
ef4ce5c08a Looser owner/permission checks for an uninstalled sudoers file. 
We don't check the owner or permissions on a sudoers file that is
specified as an argument to visudo by default.  However, the owner
and mode of files included via @includedir were still checked.  This
commit makes the owner and permissions checks for filed included
via @includedir follow the same as for the original sudoers file.
 2022-03-11 10:44:17 -07:00
Todd C. Miller
b2a32f95ee getdelim_test: increase longstr to check end pointer after realloc 
This would have caught the recent bug in our getdelim replacement
when run under address-sanitizer or valgrind.
 2022-03-11 09:03:55 -07:00
Todd C. Miller
8e7c004c7f Add missing va_start/va_end around call to sudoers_error_hook(). 
Coverity CID 250885
 2022-03-11 08:37:06 -07:00
Todd C. Miller
c48c511e91 Correctly update the end pointer when we expand the buffer. 
From Robert Manner.
 2022-03-11 08:00:38 -07:00
Todd C. Miller
6ff33922f4 sudo_secure_path: pass the struct stat * argument directly to stat(2) 
Set the pointer to a struct stat on the stack if st is NULL.
Avoids a needless memcpy() at the end.
 2022-03-10 20:16:51 -07:00
Todd C. Miller
8dae0ba06c Fix off-by-one when storing line number in userspec. 
We store the line number *after* parsing the newline so we need to
subtract one.
 2022-03-10 20:05:40 -07:00
Todd C. Miller
eb2803c3e9 For alert messages, the command or runuser may not be set. 
This fixes the logging of parse errors when JSON logging is enabled.
 2022-03-10 13:59:34 -07:00
Todd C. Miller
65e5b89f1d Pass file, line and column to sudoers defaults callbacks. 2022-03-10 13:35:58 -07:00
Todd C. Miller
d7ddff2a31 Add a hook for sudoers parse errors (including defaults and aliases). 
The hook can be used to log parser errors (sudoers module) or keep
track of which files have an error (visudo).
Previously, we only kept track of a single parse error.
 2022-03-10 13:30:56 -07:00
Todd C. Miller
6ec279532e Add a source to struct sudo_nss and use it if getdefs() fails. 
Also remove useless "Problem with defaults entries" warning in testsudoers.
 2022-03-09 12:38:25 -07:00
Todd C. Miller
31ab2e2297 Plug a few test memory leaks now that they return from main(). 2022-03-08 13:34:38 -07:00