isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,027 Commits 1 Branch 0 Tags
49f2d67070b51f6b72f8189b53abe9de6e2c727b
Commit Graph

12027 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
49f2d67070 Fix support for AIX-style path(module) syntax in sudo.conf Plugin lines. 2022-12-22 16:45:13 -07:00
Todd C. Miller
27aff55ac8 Merge pull request #226 from rtczza/main 
debug_return_int use error
 2022-12-22 19:59:02 -07:00
wanglujun
5c495b5fef debug_return_int use error 2022-12-23 10:52:01 +08:00
Todd C. Miller
3040bf54c9 Mention the "list" privilege in the description of the -U option. 2022-12-20 09:18:46 -07:00
Todd C. Miller
eada918bbb Add [arg ...] after command in SYNOPSIS and usage output. 
Use Ar markup when referring to the command and args.
 2022-12-20 09:09:25 -07:00
Todd C. Miller
9d5ed2f9ef fmtstr: call va_arg() for %c when computing length. 
Even though we don't need to read the actual char to know its length,
we do need to consume it to get the correct value for the next format.
 2022-12-17 18:55:16 -07:00
Todd C. Miller
e647997236 SUDO_CHECK_SANITIZER: quote "$3" in awk script so m4 doesn't eat it. 2022-12-17 16:46:26 -07:00
Todd C. Miller
d7b3673933 Add missing sudo_json_free(). 2022-12-17 16:37:29 -07:00
Todd C. Miller
0614c1f626 check_pattern: check bounds as a repetition operator too. 
Add regess to verify check_pattern() via sudo_regex_compile().
 2022-12-17 15:09:30 -07:00
Todd C. Miller
f0530b66d3 Instead of collapsing duplicate repetition characters, reject them. 
This is implementation-specific behavior--some regcomp(3) will
reject duplicate repetition characters (BSD), others will try to
support them (Glibc) but may allocate excessive amounts of memory.
 2022-12-17 11:32:24 -07:00
Todd C. Miller
2f32b45d59 New Albanian translation from translationproject.org 2022-12-17 11:11:31 -07:00
Todd C. Miller
797cc917a8 Add basic regress for JSON functions. 
Fix a bug in escaped control character handling.
Roll back changes to buffer if sudo_json_add_value() fails.
 2022-12-15 19:49:11 -07:00
Todd C. Miller
0e6482e827 Add missing memory allocation failure checks. 
Inspired by GitHub PR #221
 2022-12-15 09:30:49 -07:00
Todd C. Miller
e706204f5f Escape control characters in strings. 2022-12-14 19:08:38 -07:00
Todd C. Miller
c184a241a2 Mention the audit plugin in the "Process model" section. 
Remove extraneous information describing how sudo may exec the
command directly, this is already included in the non-pty section.
 2022-12-12 16:35:00 -07:00
Todd C. Miller
62dd5734a2 Plug a memory leak of list_cmnd in the fuzzers. 2022-12-11 14:29:14 -07:00
Todd C. Miller
25c709c4d8 Suppress PVS Studio watning about reassigning a variable the same value. 
Working around the warning would result in more fragile code.
 2022-12-11 13:46:06 -07:00
Todd C. Miller
f26a2e7626 Fix some dead stores noted by PVS Studio. 
Since rc is initialized to SUDO_RC_ERROR there is no need to set
it to SUDO_RC_ERROR again on failure if rc has not been changed
since initialization.
 2022-12-11 13:46:04 -07:00
Todd C. Miller
a04557c3d4 Fix memory leak in multiarch_test to quiet leak sanitizer. 2022-12-11 13:46:04 -07:00
Todd C. Miller
a514a6eed5 Add "list" pseudo-command to allow a user to list another user's 
privs.  Previously, only root or a user with the ability to run any
command as either root or the target user on the current host could
use the -U option.  For "sudo -l [-U otheruser] command", NewArgv[0]
is now set to "list" (just like "sudo -l") and the actual command
to be checked starts with NewArgv[1].
 2022-12-11 13:46:00 -07:00
Todd C. Miller
8c16c8faf6 Adjust a line to quiet codespell warning. 2022-12-09 19:23:48 -07:00
Todd C. Miller
934a8793b2 Only build ChangeLog from a repo checkout, not a release tarball. 
The CODEOWNERS file is not present in the release tarball so we can
use that when determining what is (or is not) a repo checkout.
 2022-12-08 14:03:18 -07:00
Todd C. Miller
95a6731ff1 Add CODEOWNERS file, currently all owned by @millert. 2022-12-08 14:00:29 -07:00
Todd C. Miller
179fd32472 Only regenerate ChangeLog if there have been changes. 
Also check that "hg --version" or "git --version" works before using
hg or git.  Bug #1043.
 2022-12-08 10:10:41 -07:00
Todd C. Miller
f5488d733d Fix potential crash introduced in the fix for GitHub issue #134. 
If a user's sudoers entry did not have any RunAs user's set, running
"sudo -U otheruser -l" would dereference a NULL pointer.  We need
to compare the default RunAs user if the sudoers entry does not
specify one explicitly.  Problem reported by Andreas Mueller who
also suggested a different solution in PR #219.
 2022-12-07 10:25:00 -07:00
Todd C. Miller
31684dccc0 Defer installing the SIGCHLD handler until after non-job commands run. 
Lock the socket dir to avoid races in open_persistent_connection().
Also avoid using "ssh -f" since that may return before the socket is created.
Strip carriage returns from log when running in a pty.
 2022-12-07 07:44:44 -07:00
Todd C. Miller
2e322c0943 Fix a typo in SUDO_CHECK_NET_FUNC. 2022-12-06 18:28:49 -07:00
Todd C. Miller
185fe31fea Fix -Wsign-compare warning. 2022-12-06 18:21:49 -07:00
Todd C. Miller
104a0294e1 Initialize "found" in SUDO_CHECK_NET_FUNC. 2022-12-06 16:45:47 -07:00
Todd C. Miller
11264cd49b Fix pasto introduced in last commit. 2022-12-06 16:36:30 -07:00
Todd C. Miller
3df7b64d80 Fix failure in check targets when there is no UTF-8 C locale. 2022-12-06 16:26:34 -07:00
Todd C. Miller
3d2082cdf3 Add SUDO_CHECK_NET_FUNC to check functions in the network libraries. 
If a function is not found, check again with "-lsocket", "-linet",
"-lsocket -lnsl", or "-lresolv".
Also display network libs in final summary as well as the different
linker flags.
 2022-12-06 16:09:26 -07:00
Todd C. Miller
f9639aca89 Make sure HAVE_MAILLOCK_H is defined on Solaris 10. 2022-12-06 14:03:40 -07:00
Todd C. Miller
2c97e7f471 Remove extraneous "(cached)" line when the -C option is used. 
We do not need to call AC_CACHE_VAL() to ensure that a variable is
cached, its name just needs to match the pattern *_cv_*.
 2022-12-06 13:47:03 -07:00
Todd C. Miller
3cdd044c68 Make path checks in sudo.m4 cachable. 2022-12-06 13:40:12 -07:00
Todd C. Miller
1b76f76122 Use AC_PATH_PROGS_FEATURE_CHECK to find mandoc/nroff. 
We don't use the NROFFPROG or MANDOCPROG any longer so no need
to set those.
 2022-12-06 12:18:26 -07:00
Todd C. Miller
dd1eb1f6c5 Don't check for _sys_siglist if sys_siglist is found. 2022-12-06 10:05:03 -07:00
Todd C. Miller
fd6484917e Fix check for sys_sigabbrev. 2022-12-06 08:55:44 -07:00
Todd C. Miller
29c36a3c1d Skip test for __func__ on C99 and above, avoid extra _sys_signame test. 2022-12-05 19:26:57 -07:00
Todd C. Miller
38ffd03cd6 Move gettext checks to m4/gettext.m4 2022-12-05 19:26:50 -07:00
Todd C. Miller
12da6bd0ce Move LDAP library checks to m4/ldap.m4 and make more tests cacheable. 2022-12-05 16:52:34 -07:00
Todd C. Miller
00e22508a7 Move OpenSSL/wolfSSL checks to m4/openssl.m4 2022-12-05 16:45:18 -07:00
Todd C. Miller
f515c238bc Move PIE executable checks to m4/pie.m4 2022-12-05 12:34:12 -07:00
Todd C. Miller
4220e6631b Move address sanitizer and fuzzer checks to m4/sanitizer.m4 2022-12-05 12:33:44 -07:00
Todd C. Miller
ea5668086c Move symbol visibility checks to m4/visibility.m4 2022-12-05 12:33:42 -07:00
Todd C. Miller
5bf5a4e26c Move hardening checks to m4/hardening.m4 2022-12-05 12:32:53 -07:00
Todd C. Miller
8718fc2083 Make cpp variadic arguments check into a macro and move to sudo.m4. 
Also move the PVS-Studio.cfg generation to sudo.m4.
 2022-12-05 09:47:21 -07:00
Todd C. Miller
ee6420ad5b Sync with OpenBSD. 2022-12-03 09:04:25 -07:00
Todd C. Miller
31152ba4d7 Merge pull request #218 from sohomdatta1/snprintf 
[snprintf] Check for '\0' to prevent undef memory read
 2022-12-03 06:54:53 -07:00
Sohom
8ac89f8d05 [snprintf] Check for '\0' to prevent undef memory read 2022-12-03 08:14:14 +05:30