isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,419 Commits 1 Branch 0 Tags
45fdfa18f1d46a1d6171a8f94f0fa9396b51de20
Commit Graph

542 Commits

Author SHA1 Message Date
Todd C. Miller
46edc4e198 Stop using the WCONTINUED flag with waitpid(2). 
We don't use it for anything other than a debug message and it will
cause problems when intercept mode starts using ptrace(2).
 2022-04-29 08:02:57 -06:00
Todd C. Miller
7537713904 Adjust starttime test when run under Debian faketime. 
Bug #1026
 2022-03-15 08:38:27 -06:00
Todd C. Miller
cdee5d48da Add check-verbose Makefile target that runs tests in verbose mode. 2022-03-02 13:32:08 -07:00
Todd C. Miller
7c17f84a35 Add helper function to compile a regex that supports (?i). 2022-02-11 12:01:31 -07:00
Todd C. Miller
2e957cd43d Fix compilation on Debian kFreeBSD. 
The configure script correctly detects that utimensat() and futimens()
are missing but the headers define stub versions of the functions.
Including sys/stat.h pulls in the system definitions  so we can override
them safely.  Bug #1021.
 2022-02-03 09:33:30 -07:00
Todd C. Miller
946404434e lib/iolog: add support for filtering password out of tty input 
If a password regex is found in the tty output, tty input will be
replaced with '*' chars until a newline or another tty output
character is received.
 2022-01-28 08:52:41 -07:00
Todd C. Miller
c13b21c199 Avoid TOCTOU in sudo_mkdir_parents() using openat(2) and mkdirat(2). 
This also allows us to make path const as it should be.
 2021-12-11 08:35:18 -07:00
Todd C. Miller
c2d03f7cca sudo_compat.h: include unistd.h regardless of OS type 
This helps to avoid issues with mismatched headers and libraries.
 2021-11-10 13:30:27 -07:00
Todd C. Miller
7c8746bc70 Document resource limit support in command_info[] and Bump plugin API minor. 
This is supported beginning with sudo 1.9.9 and plugin API 1.17.
 2021-11-09 12:57:25 -07:00
Todd C. Miller
4eebd53bce parse_gentime: use timegm() to generate time since the epoch 
The timegm() function is non-standard but widely available.
Provide an implementation for those systems that lack it.
Bug #1006
 2021-10-31 09:27:34 -06:00
Todd C. Miller
b506497fe4 Fix pasto in gmtime_r and localtime_r macros. 
Also add missing Makefile targets for them.
 2021-10-31 09:01:18 -06:00
Todd C. Miller
cc6157d7d4 Add support for WolfSSL's OpenSSL compatibility layer. 
Based on changes from Hayden Roche
 2021-10-25 13:17:57 -06:00
Todd C. Miller
bddf03fe45 No longer need to pass exit params to eventlog_exit(), use struct eventlog. 
Now that struct eventlog includes the exit parameters we can simplify
how eventlog_exit() is called.
 2021-10-19 08:58:34 -06:00
Todd C. Miller
d415624ffc Read command run_time, signal and exit_value from I/O log log.json file. 2021-10-19 08:58:33 -06:00
Todd C. Miller
a554629d84 Flush I/O logs before we send a commit point. 
The commit point message means we have written the data to disk so
we should not be buffering it any longer.
We do not currently fsync(2) the data after flushing, perhaps we should.
 2021-10-15 19:10:34 -06:00
Todd C. Miller
23d04dde24 iolog_nextid(): make iolog_dir argument const. 
We make a copy of the directory so there's no real reason that
parameter can't be const.
 2021-09-21 19:09:21 -06:00
Todd C. Miller
fa71679b5a Add gmtime_r and localtime_r tests and compat if missing. 2021-09-17 10:55:06 -06:00
Todd C. Miller
db750232c5 Avoid symbol name clash to fix --enable-static-sudoers linking. 2021-09-15 11:19:03 -06:00
Todd C. Miller
9a690a8984 Switch to a 128-bit token instead of a 64-bit secret. 
Protobuf doesn't have a 128-bit type so use two u64s.
We now support partial reads of the token.
 2021-09-01 10:17:26 -06:00
Todd C. Miller
9137909c7d sudo_intercept.so: send the secret immediately after connecting. 
Sending the secret out of band, before the message size is read,
should make it harder to mount a DoS attack.
 2021-08-31 16:33:54 -06:00
Todd C. Miller
168d5c47c9 Update runcwd in command_info[] before passing it to the audit plugin. 
Since sudoers does rejected commands itself the runcwd will still
not be correct for those.
 2021-08-27 15:58:19 -06:00
Todd C. Miller
70aef0eb2d sudo_debug_register: add minfd argument to specify lowest fd number 
Use this in sudo_intercept.so to avoid allocating a low-numbered
fd which the shell reserves for use by scripts.
 2021-08-26 09:57:24 -06:00
Todd C. Miller
e199dd8254 sudo_compat.h: include unistd.h on HP-UX to safely redefine pread/pwrite 
HP-UX 11.31 defines static functions for pread() and pwrite() which
will conflict with our macros.
 2021-08-25 16:31:46 -06:00
Todd C. Miller
c465d8971d Change intercept IPC to use a localhost socket instead of inherited fd. 
This allows intercept mode to work with shells that close all open
fds upon startup.  The ctor in sudo_intercept.so requests the port
number and secret over the socket inherited from the parent then
closes it.  For each policy request, a TCP connection is made to
the sudo parent process to perform the policy check.  Child processes
re-use the TCP socket to request the port number and secret just like
the initial process started by sudo does.
 2021-08-25 14:24:36 -06:00
Todd C. Miller
ad28b90c4d We still need the pread/pwrite hack for HP-UX 11.11 at least. 
This time around, avoid defining _LARGEFILE64_SOURCE and just declare
pread64/pwrite64 ourselves.
 2021-08-19 19:18:24 -06:00
Todd C. Miller
23e5304b78 Fix prototypes for sudo_pread() and sudo_pwrite(). 2021-08-19 19:05:50 -06:00
Todd C. Miller
4aefd43948 For intercepted commands, log an offset into the current I/O log. 
This can be used with sudoreplay to jump to when a specific command
was executed within a session log.
 2021-08-13 16:00:00 -06:00
Todd C. Miller
62aca803ce Older Solaris has getusershell() et al but does not declare it. 2021-08-13 09:52:02 -06:00
Todd C. Miller
eaf03a382b Pass a secret value to sudo_intercept.so and verify after policy check. 
The goal is to make it harder for someone to have a fake policy checker.
This will not stop a determined adversary since the secret is present
in the address space of the running process.
 2021-08-13 09:10:44 -06:00
Todd C. Miller
cede7dd92d Define protocol for sudo <-> sudo_intercept.so communication. 
Uses google protocol buffers.
 2021-08-09 15:50:25 -06:00
Todd C. Miller
9d776b4e7b Allow multiple accept/reject messages during a logsrv conversation. 
The log server now advertises a subcommands flag if it supports
logging subcommands (e.g. commands run from a sudo-spawned program
like a shell).  The client should only log additional commands
during a session if this flag is set in the ServerHello message.
 2021-08-09 15:50:25 -06:00
Todd C. Miller
a556b373c9 Allocate a socketpair to communicate with sudo_intercept.so over. 
This is used for the intercept and log_children options.
 2021-08-09 15:50:25 -06:00
Todd C. Miller
6287e8ca7d Add support for loading the sudo_intercept.so DSO. 2021-08-09 15:50:25 -06:00
Todd C. Miller
36fbb13c4c Use TLS_method() instead of TLS_client_method() throughout. 
OpenSSL returns an error for SSL_accept() if TLS_client_method()
was used to generate the context (LibreSSL doesn't care).

Prior to sudo 1.9.7, TLS_client_method() and TLS_server_method()
were used in the TLS client and server initialization code respectively.
This was refactored in sudo 1.9.7 to allow the code to be shared.
Bug #988
 2021-07-26 13:40:25 -06:00
Todd C. Miller
4a90deb2a0 Add configure check for va_copy instead of using #ifdef 
This prevents the va_copy compat #define from being used if
sudo_compat.h is somehow included before stdarg.h.
 2021-07-25 15:51:23 -06:00
Todd C. Miller
c234bab7b2 Remove unused info_cb and info arguments from eventlog_exit() 2021-07-15 11:07:25 -06:00
Todd C. Miller
fa7250ead7 Create a UUID and log it in the JSON version of the event log. 2021-07-15 11:07:25 -06:00
Todd C. Miller
b54a16e174 Add support for logging exit status events. 
For sudo-formatted logs, this is a record with "EXIT=number" and
potentially "SIGNAL=name" after the command.  For JSON-format logs,
a new "exit" record is logged which contains an "exit_value" and
potentially "signal" and "core_dumped".  JSON-format logs now incude
a UUID to associate the "exit" record with the "accept" record.
 2021-07-09 11:08:44 -06:00
Todd C. Miller
cc3b4ffb04 Remove vsyslog(3) emulation, it is no longer used. 2021-06-14 13:11:39 -06:00
Todd C. Miller
c5247845ac Add NSS_TRYAGAIN and correct buflen in struct nss_XbyY_buf_t. 
Add some function argument names.  Also use struct nss_db_state *
instead of void * in nss_db_root_t.  We don't define struct
nss_db_state but since it is a pointer all we need is a forward
declaration.
 2021-06-08 14:25:02 -06:00
Todd C. Miller
2db9e64214 Move reference-counted string code from sudoers to libsudo_util. 
It will be used by sudo_logsrvd too.
 2021-04-06 14:44:19 -06:00
Todd C. Miller
d4517e0a1c Move autoconf auxiliary files to the scripts directory. 2021-04-06 14:23:38 -06:00
Todd C. Miller
dfff132122 Add a new "fuzz" target that executes the fuzzers for 8192 runs each. 
To run indefinately, set FUZZ_RUNS=-1, e.g. "make FUZZ_RUNS=-1 fuzz"
 2021-03-18 16:48:19 -06:00
Todd C. Miller
4c182c90f1 Rename "fuzz" makefile target to "check-fuzzer". 
It's purpose is to run the fuzzers are part of a normal "make check"
to avoid bit rot, not to perform a fuzzer run.
The fuzz_logsrvd_conf fuzzer was not wired up to "make check" previously.
 2021-03-18 09:08:16 -06:00
Todd C. Miller
d9d450292d Remove compatibility defines for POSIX sys/stat.h macros. 
Modern systems have them and we no longer support pre-POSIX systems.
This fixes potential redefinition of the macros if sys/stat.h is
included after sudo_compat.h.  Bug #968.
 2021-03-10 12:26:11 -07:00
Todd C. Miller
d452678787 Log peer address in sudo_logsrvd JSON-format logs. 
The peer that connected to us might not be the same host where the
log entry originated.
 2021-03-02 18:37:35 -07:00
Todd C. Miller
851247e58c Split iolog_fileio.c into multiple files. 2021-02-26 21:07:48 -07:00
Todd C. Miller
d51d4af7a6 Break out I/O log config handling into iolog_conf.c. 2021-02-26 15:02:58 -07:00
Todd C. Miller
b93aad4e95 Move iolog info log writing to iolog_loginfo.c 2021-02-24 15:01:37 -07:00
Todd C. Miller
4128582723 Move eventlog config code into eventlog_conf.c 2021-02-24 14:25:39 -07:00