isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,419 Commits 1 Branch 0 Tags
45fdfa18f1d46a1d6171a8f94f0fa9396b51de20
Commit Graph

558 Commits

Author SHA1 Message Date
Todd C. Miller
16ae61dcd7 Use C23 [[__fallthrough__]] and [[__noreturn__]] attributes if supported. 
If the C23 attributes are not supported, use gcc-style attributes
where possible.
 2022-11-29 16:28:27 -07:00
Todd C. Miller
cfdcd96b63 Move the check for the fallthrough attribute outside the warnings block. 
Use AX_APPEND_FLAG instead of addind to CFLAGS directly.
 2022-11-29 16:04:14 -07:00
Todd C. Miller
0044893961 Use AC_SYS_YEAR2038 instead of setting _TIME_BITS by hand. 2022-11-16 19:29:22 -07:00
Todd C. Miller
03559d0770 Replace foo in descriptions with 'foo' 2022-11-16 10:10:20 -07:00
Todd C. Miller
cc0615059f Fix insufficient quoting in AC_CHECK_LIB() calls. 2022-11-16 10:22:28 -07:00
Todd C. Miller
bef72f76f6 Add -Wvla and -Walloca to --enable-warnings 2022-11-15 11:05:42 -07:00
Todd C. Miller
3cfba230c5 configure: only check for getauxval() if getentropy() is missing. 2022-11-11 11:04:58 -07:00
Todd C. Miller
28dbad3342 Remove checks for random() and lrand48(), they are no longer used. 
Also remove duplicate checks for arc4random() and getentropy().
 2022-11-11 09:37:49 -07:00
Todd C. Miller
3d0fcc0ff2 Skip check for cpp variadic macro support if the compiler supports C99. 2022-11-11 09:09:31 -07:00
Todd C. Miller
6b005e8114 HI-UX/MPP is based on OSF-1, not HP-UX 
Completely untested.
 2022-11-11 08:45:58 -07:00
Todd C. Miller
a142bc1830 Only check for utmps.h on HP-UX. 2022-11-11 08:32:41 -07:00
Todd C. Miller
a3684d7f3b Only check for sys/syscall.h on Linux. 
We only use it in the Linux-specific getentropy() emulation code.
 2022-11-11 08:11:26 -07:00
Todd C. Miller
feba299f22 configure: avoid running unnecessary tests on modern systems. 
Remove AC_SYS_POSIX_TERMIOS, AC_TYPE_MODE_T, AC_TYPE_UID_T.
Add missing checks for int16_t, uint16_t, int32_t, and int64_t.
Only check for intmax_t, uintmax_t and bit-width types if missing
both inttypes.h and stdint.h.
Remove unused clockid_t replacement.
 2022-11-11 07:05:26 -07:00
Todd C. Miller
3df1e9a073 sudo 1.9.12p1 2022-11-04 14:19:27 -06:00
Todd C. Miller
366217571e configure: better test for -fstack-clash-protection 
The gcc front-end may accept -fstack-clash-protection even if the
machine-specific code does not support it.  We use a test program
with a large stack allocation to try to cause the compiler to insert
the stack clash protection code, or fail if not supported.
GitHub issue #191
 2022-10-27 20:02:37 -06:00
Todd C. Miller
6a2075b671 Check that compiler accepts -fstack-clash-protection and -fcf-protection. 
Previously, we only checked that linker accepted them.
GitHub issue #191
 2022-10-27 18:33:41 -06:00
Todd C. Miller
d37710b0f6 Use mkdtempat_np() and mkostempsat_np() on macOS 2022-09-22 11:34:00 -06:00
Todd C. Miller
376d18b5da Add fchownat() systems without it. 2022-09-21 19:08:12 -06:00
Todd C. Miller
86c108b50b Add mkdtempat() and mkostempsat() for systems without them. 2022-09-21 19:08:11 -06:00
Todd C. Miller
304726a215 Move gcc-style __attribute__ macros to config.h.in 
Renamed __malloc -> sudo_malloclike, __printflike -> sudo_printflike,
__printf0like -> sudo_printf0like.
Add sudo_noreturn instead of __attribute__((__noreturn__)).
We do not use stdnoreturn.h since it has been deprecated in C23
in favor of the [[noreturn]] attribute.
 2022-09-07 07:48:31 -06:00
Todd C. Miller
14356c1940 Use process_vm_readv(2) and process_vm_writev(2) if available. 
This is faster than reading/writing from/to the remote process one
word at a time using PTRACE_PEEKDATA and PTRACE_POKEDATA.
 2022-08-25 12:37:19 -06:00
Todd C. Miller
a366c623f1 Use our own arc4random() in preference to the glibc version. 
The glibc arc4random() may fail in chroot on older kernels and exit.
 2022-08-04 13:11:07 -06:00
Todd C. Miller
b422ddea75 Sudo 1.9.12. 2022-08-02 14:28:30 -06:00
Todd C. Miller
13672f28df Make sudo pass -Wwrite-strings 2022-06-28 16:33:15 -06:00
Todd C. Miller
b3a8cad346 A typo prevented -Wno-deprecated-declarations from being used on macOS. 2022-06-28 15:43:27 -06:00
Todd C. Miller
f5ac1317c4 Make sudo pass -Wmissing-prototypes 2022-06-27 12:48:03 -06:00
Todd C. Miller
01a9e5a157 Sudo 1.9.11p3 2022-06-20 16:58:03 -06:00
Todd C. Miller
04746d0e65 Sudo 1.9.11p2 2022-06-12 08:05:00 -06:00
Todd C. Miller
d2bf3aad06 Sudo 1.9.11p1 2022-06-08 08:31:27 -06:00
Todd C. Miller
7689b8718c Check for SECCOMP_MODE_FILTER not SECCOMP_SET_MODE_FILTER. 
This matches the actual prctl() call we use.
 2022-06-07 10:50:59 -06:00
Todd C. Miller
96c3c28194 Add EXAMPLES variables for use in the man pages for the examples directory. 2022-06-06 08:36:44 -06:00
Todd C. Miller
25a26f5042 Avoid using vfork(2) in the DSO system(3) wrapper. 
Traditional vfork(2) semantics make it unsafe for use for more than
just vfork(2) + execve(2).
 2022-06-03 09:43:34 -06:00
Todd C. Miller
cec83a05a3 Add configure check for vfork(2) and fall back to fork(2) if missing. 2022-05-31 14:47:39 -06:00
Todd C. Miller
1c83161622 On AIX, fmemopen(3) has a bug where feof() returns false at EOF. 
See https://www.ibm.com/support/pages/apar/IJ11845
 2022-05-29 15:52:48 -06:00
Todd C. Miller
9bb288d10e Regenerate files after merging AppArmor integration. 2022-05-27 08:30:34 -06:00
kernelmethod
0b541c2029 Add a --with-apparmor build flag 
Add a new build flag, --with-apparmor, that builds sudo with AppArmor
support. Modify the build script for Debian and Ubuntu to enable this
flag by default.
 2022-05-23 13:41:14 -06:00
Todd C. Miller
583e8bf538 Use explicit library dependencies instead of implicit. 
We now include all the dependent libraries when linking.
Fixes a linking problem on CentOS Stream 9.
 2022-05-19 17:01:14 -06:00
Todd C. Miller
4ac1237bd3 Sudo 1.9.11 2022-04-29 19:03:24 -06:00
Todd C. Miller
ec5164ced2 Define _TIME_BITS=64 on systems that define __TIMESIZE, like GNU libc. 
This should be replaced by a specialized autoconf macro when one
becomes available.
 2022-04-19 13:28:39 -06:00
Todd C. Miller
a1e20ddd95 Fix check for EVP_MD_CTX_new() when -pthread is in Libs.private. 2022-04-04 10:13:28 -06:00
Todd C. Miller
dcb2fb26a5 Rename SSP_(C|LD)FLAGS -> HARDENING_(C|LD)FLAGS 2022-04-01 11:14:59 -06:00
Todd C. Miller
90501b7000 Fix check for EVP_MD_CTX_new using static libcrypto with dependencies. 2022-03-31 16:14:10 -06:00
Todd C. Miller
c77cba373a --enable-openssl: don't add non-existent directories to PKG_CONFIG_LIBDIR 2022-03-30 11:21:44 -06:00
Todd C. Miller
908ae9510d Update copyright year. 2022-03-01 12:31:36 -07:00
Todd C. Miller
75a0e51590 Add sudo_closefrom() regression test. 2022-03-01 11:31:19 -07:00
Todd C. Miller
f1a697a8ff Use close_range(2) in closefrom() emulation if available. 
On Linux, prefer our own closefrom() emulation since the glibc
version may fail if /proc is not present and close_range() is not
supported.  On FreeBSD, closefrom(3) will either call the closefrom
or close_range system call, depending on which is available.
 2022-03-01 09:54:23 -07:00
Todd C. Miller
c3177ce831 Repair --enable-pvs-studio on Linux. 2022-03-01 09:42:07 -07:00
Todd C. Miller
10ca59097e Mention apple radar 3710161 in the comment about broken macOS poll(2). 2022-03-01 09:25:14 -07:00
Todd C. Miller
a57e979962 Adapt test harness for lib/util and move to regress directory. 2022-02-28 14:15:43 -07:00
Todd C. Miller
f35bbd5a3f Move the cvtsudoers/sudoers/testsudoers/visudo tests into a script. 
It is easier to maintain these tests in script form.  The output
now more closely matches that of the other tests.  The harness
script can be invoked directly and supports running specific tests.
 2022-02-28 11:29:38 -07:00