isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,419 Commits 1 Branch 0 Tags
45fdfa18f1d46a1d6171a8f94f0fa9396b51de20
Commit Graph

12419 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
075ee0f9dc Add missing stdio.h include for the _FORTIFY_SOURCE=2 check. 
Implementations of _FORTIFY_SOURCE require the header file to be
included.  Also remove the useless test of an empty program with
_FORTIFY_SOURCE defined.  Pointed out by Florian Weimer.
 2023-04-26 12:44:10 -06:00
Todd C. Miller
b83140e0f1 Use ldap_msgfree() instead of ldap_init() for the lber.h test. 
The ldap_init() function is marked as deprecated and not defined
by default on some systems.  This can cause an error for compilers
that do not support implicit function declarations.
From Florian Weimer.
 2023-04-26 11:10:46 -06:00
Todd C. Miller
47ae92d034 Include arpa/inet.h for inet_pton() prototype. 2023-04-25 13:22:02 -06:00
Todd C. Miller
3d4dc19ecd Add netdb.h for struct addrinfo and EAI_* error codes. 2023-04-25 13:15:55 -06:00
Todd C. Miller
64f6d6fdbc Stub out getaddrinfo() and freeaddrinfo(). 
We may not be able have access to DNS in the fuzzing environment.
 2023-04-25 13:06:24 -06:00
Todd C. Miller
8c85fefaee Plug memory leaks in store_sudo_test found by LSAN. 2023-04-25 09:28:34 -06:00
Todd C. Miller
b1deffbe5b disable_coredump: only change the soft limit, leave the hard limit as-is 
This should avoid problems on Linux in cases where sudo does not
have CAP_SYS_RESOURCE which may be the case in an unprivileged container.
GitHub issue #42
 2023-04-24 10:32:40 -06:00
Todd C. Miller
e2243e3737 Add basic support for remote power on/off via net-snmp. 2023-04-19 17:48:47 -06:00
Todd C. Miller
6c3c8acbac More accurate description of what happens for "sudo -b". 2023-04-19 15:09:23 -06:00
Todd C. Miller
ab0f8dda31 Avoid calling isatty()/ttyname() on std{in,out,err} if not a char dev. 
The user controls these fds so we should avoid calling ioctl(2) on
them unless they correspond to actual character device files.
 2023-04-18 13:52:26 -06:00
Todd C. Miller
fe80c27dec Better support for "sudo -b" when running the command in a pty. 
When a command is run via "sudo -b" it has no access to terminal
input.  In non-pty mode, the command runs in an orphaned process
group and reads from the controlling terminal fail with EIO.  We
cannot do the same while running in a pty but if we set stdin to a
half-closed pipe, reads from it will get EOF.  That is close enough.
 2023-04-19 14:34:57 -06:00
Todd C. Miller
b24af7b3e6 Hard-code usage() and help() for an 80-column terminal. 
Trying to tailor the help and usage output to the terminal width
is simply not worth it and could be abused to mark a socket as
"trusted" on Linux if there are additional kernel bugs like
CVE-2023-2002.
 2023-04-18 07:33:12 -06:00
Todd C. Miller
65c0b5a089 Move CONFIGURE_ARGS from sudo_usage.h.in to config.h.in. 2023-04-18 07:29:37 -06:00
Todd C. Miller
80b85bdd50 get_user_info: call sudo_get_ttysize() even if no /dev/tty 
We still want to initialize rows and cols based on the environment
if possible.
 2023-04-17 07:27:05 -06:00
Todd C. Miller
4ac9941794 Get the tty size using stdout, not stderr, when printing help output. 
While usage() prints to stderr, help() prints to stdout.
 2023-04-16 16:06:59 -06:00
Todd C. Miller
d1912957ae get_user_info: pass sudo_get_ttysize() the fd of /dev/tty, not stderr. 
Both the plugin API and the main event loop expect lines/cols to
refer to the user's terminal, so using /dev/tty is better here.
 2023-04-16 16:05:15 -06:00
Todd C. Miller
cc22cca34f Add an fd argument to sudo_get_ttysize() instead of always using stderr. 
For sudoreplay we open /dev/tty, so use that instead of stderr when
determining the terminal size.
 2023-04-16 15:45:19 -06:00
Todd C. Miller
5650b436e6 Check whether stderr is a tty before trying TIOCGWINSZ. 2023-04-16 15:31:14 -06:00
Todd C. Miller
ae12d18ff0 Use -no-undefined on macOS to avoid "-undefined dynamic_lookup" warnings. 
Starting with macOS 13, the linker warns when "-undefined dynamic_lookup"
is used.  This is added by libtool by default on macOS but we can
suppress it by passing -no-undefined to libtool.
 2023-04-14 13:02:28 -06:00
Todd C. Miller
62a2d9f94c Add make to Dockerfile and sort packages. 2023-04-08 15:25:00 -06:00
Todd C. Miller
894daa88f6 Enable the use_pty option by default for sudo 1.9.14. 
GitHub issue #258
 2023-04-06 11:30:51 -06:00
Todd C. Miller
d7b8f3ffbf Split up the monolithic sudoers_policy_main() function. 
This splits the code to find the command, perform a sudoers lookup,
ask for a password as needed, and perform post-lokup checks out
into sudoers_check_common().  The old sudoers_policy_main() has
been replaced by sudoers_check_cmnd() (called by sudoers_policy_check()),
sudoers_validate_user() (called by sudoers_policy_validate()) and
sudoers_list() (called by sudoers_policy_list()).  The list_user
lookup is now performed in sudoers_list().
 2023-04-05 13:35:09 -06:00
Todd C. Miller
859a81ad24 Move the root_sudo check until after we apply per-command Defaults. 
It is possible, though unlikely, for "root_sudo" to be used in
a per-command Defaults statement.
 2023-04-05 13:25:32 -06:00
Todd C. Miller
ab4b947169 sudoers_policy_main: restore locale if sudoers_lookup() fails. 
Previously, if sudoers_lookup() set VALIDATE_ERROR, the sudoers
locale would still be in effect instead of the original locale.
 2023-04-01 10:22:07 -06:00
Todd C. Miller
fb0a36c1a5 sudoers_lookup_pseudo: remove validated function argument 
This was always set to FLAG_NO_USER|FLAG_NO_HOST which are cleared
at the top of the fuction.  Make validated a local variables,
initialized to 0, instead.  No change in behavior.
 2023-04-01 10:17:31 -06:00
Todd C. Miller
0a4c8872a8 The I/O log file name is not just the basename of the full iolog_path. 
The audit plugin already has the correct value for iolog_file, don't
overwrite it with basename(iolog_path).  In the future we may wish
to pass in iolog_file and iolog_dir in addition to iolog_path.
Fixes Bug #1046.
 2023-03-31 15:51:14 -06:00
Todd C. Miller
ac12f82d86 Warn with "unknown user" not "unknown uid" if user cannot be resolved. 
Prior to sudo 1.8 this was after a getpwuid() but now we use
getpwnam().
 2023-03-29 14:49:41 -06:00
Todd C. Miller
ad890acf6c Set timestamp_uid and timestamp_gid via a callback. 
This also makes it possible to include the location of the line in
the sudoers file in the warning message (and mail).
 2023-03-29 14:37:09 -06:00
Todd C. Miller
493b2441d4 Fix display of escape sequencees in ldapsearch example. 2023-03-28 16:04:47 -06:00
Todd C. Miller
3b55de4e83 White space is not allowed between Defaults and '@', ':', '!', '>'. 
The EBNF made it appear that this is allowed when it really is not.
 2023-03-28 16:02:46 -06:00
Todd C. Miller
f0030cf30f Make struct {command,user}_details pointers const where possible. 2023-03-27 16:29:46 -06:00
Todd C. Miller
554397eaea Make user_details private to main. 2023-03-27 16:19:11 -06:00
Todd C. Miller
5108c279af Make user_details private to sudo.c. 2023-03-27 16:19:08 -06:00
Todd C. Miller
e435b158b8 Use sudo_get_ttysize() in help() and usage(). 
This eliminates a dependency on the user_details global.
 2023-03-25 16:27:44 -06:00
Todd C. Miller
f95c9f839c Regenerate with the autoconf 2.72c snapshot. 2023-03-27 09:55:41 -06:00
Todd C. Miller
86002226b6 Store submitcwd (from user_details) in struct command_details. 
This eliminates use of the user_details global from exec_setup().
 2023-03-25 08:27:41 -06:00
Todd C. Miller
51453c4f2e utmp_fill: user is now always non-NULL, no need for user_details. 2023-03-24 19:16:44 -06:00
Todd C. Miller
fa5a28f345 Remove list_user global. 2023-03-24 19:10:46 -06:00
Todd C. Miller
a5b11a58b7 No need to declare tgetpass_flags, it is already in sudo.h. 2023-03-24 19:10:19 -06:00
Todd C. Miller
9fd787343d No need for sudo_mode to be global anymore. 2023-03-24 17:07:20 -06:00
Todd C. Miller
11277bb921 Make command_details private to main(). 2023-03-24 15:56:00 -06:00
Todd C. Miller
8d2b9a4343 Make iobufs private to exec_iolog.c. 2023-03-24 15:26:37 -06:00
Todd C. Miller
ee3f99c88c Remove ttymode and its associated values. 2023-03-24 15:25:05 -06:00
Todd C. Miller
f9b1beced2 Move ptyname to struct exec_closure 2023-03-24 14:56:45 -06:00
Todd C. Miller
22776b0be6 Move pty_make_controlling() to exec_monitor.c where it is called. 
We can use details->tty to access the pty follower path.
 2023-03-24 14:56:13 -06:00
Todd C. Miller
7ac9ce001c Eliminate utmp_user global, just use the value in struct command details. 2023-03-24 14:44:56 -06:00
Todd C. Miller
778688d4fc Replace tty_mode global with term_raw flag in struct exec_closure. 
The pty_cleanup hook needs access to the closure so add
pty_cleanup_init() to store a pointer to the closure for use
by pty_cleanup_hook().
 2023-03-24 14:44:17 -06:00
Todd C. Miller
b81c5e8dac Register pty cleanup function in exec_pty(), not exec_cmnd_pty(). 
We want it to execute in the main sudo process, not the monitor.
 2023-03-24 11:01:58 -06:00
Todd C. Miller
11739e3def Make ttyblock private to exec_iolog.c 2023-03-24 10:58:49 -06:00
Todd C. Miller
3303dd98c0 exec_pty.c: move foreground flag to struct exec_closure. 
Also make pipeline flag private to exec_pty() and remove the unneeded
check_foreground() prototype.
 2023-03-23 19:35:57 -06:00