isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,419 Commits 1 Branch 0 Tags
45fdfa18f1d46a1d6171a8f94f0fa9396b51de20
Commit Graph

3619 Commits

Author SHA1 Message Date
Todd C. Miller
7ec1ee0e5c bsdauth_verify: do not write to prompt, it is now const 2022-11-01 09:33:19 -06:00
Todd C. Miller
d242261dd4 Store raw sudoers lines in the debug log. 
Also add a "sudoerslex" prefix to the token debug info in
sudoers_trace_print().
 2022-11-01 09:32:14 -06:00
Todd C. Miller
966731311d The line numbers in sudoers_trace_print() were off by one. 
The line counter is incremented when a newline is seen so the output
actually refers to the previous line.
 2022-10-31 10:21:39 -06:00
Todd C. Miller
4da22b101e Make the second arg to the sudo auth verify function const. 
This may be either a plaintext password or a password prompt.
Either way it should not be modified by the verify function.
 2022-10-31 09:11:32 -06:00
Todd C. Miller
bd209b9f16 Fix CVE-2022-43995, potential heap overflow for passwords < 8 characters. 
Starting with sudo 1.8.0 the plaintext password buffer is dynamically
sized so it is not safe to assume that it is at least 9 bytes in size.
Found by Hugo Lefeuvre (University of Manchester) with ConfFuzz.
 2022-10-28 07:29:55 -06:00
Todd C. Miller
c78e78dc5e Move debugging info from hostname_matches() to host_matches(). 2022-10-29 11:39:05 -06:00
Todd C. Miller
6a3fb3fd73 Add debugging to sudo_set_grlist() and sudo_set_gidlist(). 2022-10-28 16:58:16 -06:00
Todd C. Miller
ebd285850d Sync clean target with other Makefile.in files. 2022-10-21 11:24:38 -06:00
Todd C. Miller
8087604e5a Build the sample plugin but do not install it by default. 
We no longer install the sample approval plugin.
 2022-10-21 09:12:11 -06:00
Todd C. Miller
45ea248335 Adapt to current plugin API and fix warnings. 2022-10-21 07:51:00 -06:00
Todd C. Miller
9b9404b6fa Disable admin_flag by setting to NULL, not false. 
Found by cppcheck.
 2022-10-20 13:45:36 -06:00
Todd C. Miller
e7db62f645 Don't NULL out the plugin close function when logging to a log server. 
If sudo calls execve(2) directly the accept info will not be sent.
We also need the sudo front-end to wait until the command finishes
to send the exit status.
 2022-10-19 17:05:36 -06:00
Todd C. Miller
5dbb8ac6e4 Updated translations from translationproject.org 2022-10-14 12:37:20 -06:00
Todd C. Miller
3b205bc412 Update .pot files for 1.9.12 2022-10-10 09:13:22 -06:00
Todd C. Miller
8d5e59c8a8 Update the description of intercept_verify 2022-10-10 09:12:47 -06:00
Todd C. Miller
57b5ff8e8c Avoid a -Wshadow warning on Solaris 9. 2022-10-07 11:00:17 -06:00
Todd C. Miller
af83e3c10f Fix display of command tags and options in "sudo -l" when RunAs changes. 
A new line is started when RunAs changes which means we need to display
the command tags and options again.  GitHub issue #184
 2022-10-06 16:29:54 -06:00
Todd C. Miller
6a0f7ccc41 Fix printing of MYSELF when listing another user's privileges. 
We need to use list_pw if it is set instead of user_name.
GitHub issue #183
 2022-10-06 15:02:09 -06:00
Todd C. Miller
2e2dd48bef Add test for matching a literal "" command line argument as "" in sudoers. 
GitHub issue #182.
 2022-10-05 10:10:31 -06:00
Todd C. Miller
fa952bfbb7 Add -I flag to disable editing include files unless there is an error. 
This can be used when you only want to edit a single sudoers file
unless there is a pre-existing syntax error.
 2022-10-04 16:11:45 -06:00
Todd C. Miller
575200e734 Do not match a literal "" command line argument as "" in sudoers. 
If the empty string is specified in sudoers, no user args are allowed.
GitHub issue #182.
 2022-10-04 13:37:32 -06:00
Todd C. Miller
3940020c94 sudo_secure_open_{file,dir}: always check thatreturn value is not -1. 
Avoids false positives from static analyzers that can't figure out
that the fd is always valid when error is SUDO_PATH_SECURE.
 2022-10-04 09:33:44 -06:00
Todd C. Miller
afaeb0ed57 Mark code that escapes/unescapes "sudo -s cmd args..." for removal. 
A future version of the plugin API will defer any such escaping
to the policy plugin so it can be configurable.
 2022-09-29 13:43:20 -06:00
Todd C. Miller
d2a13a8154 Fix typos found by codespell 2.2.1. 2022-09-28 16:39:19 -06:00
Todd C. Miller
e6f2ad0ed6 Add missing NULL checks for mandatory fields in protobuf messages. 
Also no longer reject an InfoMessage with an unknown value_case,
just log and ignore it.
 2022-09-28 08:47:25 -06:00
Todd C. Miller
9150423676 Don't send ttyname to log server if it is NULL. 
Otherwise the log server will reject the AcceptMessage because a
NULL string is not allowed.
 2022-09-27 15:30:02 -06:00
Todd C. Miller
f360a8006c Regen dependencies 2022-09-27 14:16:03 -06:00
Todd C. Miller
3ca9220e50 Implement find_spec, not the deprecated find_module. 
Fixes a test failure due to find_module having removed from setuptools.
 2022-09-27 09:03:33 -06:00
Todd C. Miller
e66f34d250 copy_arg: fix copying an escaped backslash 
GitHub issue #179
 2022-09-23 12:30:51 -06:00
Todd C. Miller
86c108b50b Add mkdtempat() and mkostempsat() for systems without them. 2022-09-21 19:08:11 -06:00
Todd C. Miller
88ac5e09b6 Use sudo_secure_open_file() instead of sudo_secure_file() where possible. 
Both sudo_secure_open_file() and sudo_secure_open_dir() are now passed
a struct stat pointer like sudo_secure_file() and sudo_secure_dir().
 2022-09-21 19:08:10 -06:00
Todd C. Miller
cbd52e705c Fix potential TOCTOU when creating time stamp directory and file. 2022-09-21 19:08:09 -06:00
Todd C. Miller
ce387a6849 Split log_{input,output} into log_{stdin,ttyin} and log_{ttyout,stdout,stderr} 
If log_input is set, log_{stdin,ttyin} will be set as well.
If log_output is set, log_{stdout,stderr,ttyout} will be set as well.
This provides more fine-grained control over I/O logging and makes it
possible to disable logging piped or redirected intput or output.
 2022-09-20 14:35:12 -06:00
Todd C. Miller
4989856321 Use tcpgid if passed from sudo front-end and use it in tty_present(). 
This can be used as another indicator that a terminal is present
without having to open /dev/tty.
 2022-09-15 16:34:49 -06:00
Todd C. Miller
304726a215 Move gcc-style __attribute__ macros to config.h.in 
Renamed __malloc -> sudo_malloclike, __printflike -> sudo_printflike,
__printf0like -> sudo_printf0like.
Add sudo_noreturn instead of __attribute__((__noreturn__)).
We do not use stdnoreturn.h since it has been deprecated in C23
in favor of the [[noreturn]] attribute.
 2022-09-07 07:48:31 -06:00
Todd C. Miller
a326411903 Use $(GREP) and $(EGREP) variables in Makefile.in files. 2022-09-12 16:30:52 -06:00
Todd C. Miller
d6c7abd42e log_parse_error: make errstr const to quiet a -Wwrite-strings warning 2022-09-07 14:45:47 -06:00
Todd C. Miller
89a40741b4 Add __printf0like to visudo_track_error(). 2022-09-07 07:25:31 -06:00
Todd C. Miller
7f169da832 Back out unintended change in last commit. 2022-09-06 15:47:29 -06:00
Todd C. Miller
965e2a0c09 It is possibble for sudoerserrorf() to be called with a NULL format. 
So log_parse_error() needs to check fmt for NULL before using it.
 2022-09-06 15:40:59 -06:00
Todd C. Miller
02e92c2afd Set MODE_POLICY_INTERCEPTED for log_subcmds too. 
This fixes a problem where sub-commands were not being logged to
the remote log server, if configured.  Since we don't go through
sudoers_policy_main() again for log_subcmds, we set the flag in
sudoers_audit_accept() instead.  The reason this is complicated is
that when I/O logging is enabled the initial accept message gets
sent as part of the remote logging handshake.  GitHub issue #174
 2022-09-03 09:43:41 -06:00
Todd C. Miller
49e9e5eb85 Only check the admin flag file once in intercept mode. 2022-09-02 14:45:57 -06:00
Todd C. Miller
36747f89a8 Skip all of check_user() for intercept unless intercept_authenticate set. 
Previously we were calling the PAM approval modules even in intercept
mode which can take a lot of time.  We may wish to make PAM approval
configurable in intercept mode in the future.
 2022-08-25 09:35:42 -06:00
Todd C. Miller
22dad3f59c Only set MODE_POLICY_INTERCEPTED on subsequent policy checks. 
This fixes a bug where MODE_POLICY_INTERCEPTED was set too early
if the intercept option was set globally in sudoers.  It should
only be set after the original command has executed.
 2022-08-25 09:33:42 -06:00
Todd C. Miller
d65bcf2ab3 Avoid a Coverity false positive. 2022-08-18 10:27:01 -06:00
Todd C. Miller
81a3339df9 Remove cast from time_t to int to avoid a Coverity false positive. 
The cast should not be required.
 2022-08-18 10:21:14 -06:00
Todd C. Miller
158facf6d5 Use multilib rules to look for a 64-bit group plugin on failure. 
If sudo_dso_load() fails on a 64-bit system, try to load a 64-bit
native version of the file using system-dependent multilib rules.
If we don't support multilib on the platform, check for a version
of the file that ends in "64" before the .so suffix.
 2022-08-11 19:34:50 -06:00
Todd C. Miller
2f3afd14ed In putenv(3) replacement reject a string with no '=' or that starts with one. 2022-08-08 07:43:00 -06:00
Todd C. Miller
184f0a2493 Merge pull request #165 from bdrung/xdg-current-desktop 
Add XDG_CURRENT_DESKTOP to initial_keepenv_table
 2022-08-02 15:45:08 -06:00
Todd C. Miller
9c61d7e6e9 Bump the sudo plugin minor version. 
The "update_ticket" entry was added to the settings list and the
"intercept_verify" entry was added to the command_info list.
 2022-08-02 14:28:29 -06:00