isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,371 Commits 1 Branch 0 Tags
4b75a03343bf3964b5d761390b8c7129504df4fc
Commit Graph

3371 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
4b75a03343 Rewind sudoers_fp in open_sudoers() instead of sudoers_lookup() so 
we start at the right file position when reading include files.
 2004-09-28 17:52:59 +00:00
Todd C. Miller
fbb62c6805 document #include 2004-09-28 01:04:57 +00:00
Todd C. Miller
4aa29b5f2f regen 2004-09-28 00:47:47 +00:00
Todd C. Miller
8c039eac93 Add max depth of 128 for the include stack to avoid loops. 
Since yyerror() doesn't stop parsing, pass return values back to
yylex and call yyterminate() on error.
 2004-09-28 00:47:30 +00:00
Todd C. Miller
d1f1af2bce document tracing 2004-09-27 18:06:26 +00:00
Todd C. Miller
a79c3af487 Mention PREVENTING SHELL ESCAPES section of sudoers man page 2004-09-27 18:05:58 +00:00
Todd C. Miller
741177ad12 regen 2004-09-27 16:08:18 +00:00
Todd C. Miller
5691c513d3 Add support for #include in sudoers (visudo support TBD) 2004-09-27 16:03:15 +00:00
Todd C. Miller
7f73581592 make yyerror()'s argument const 2004-09-27 16:02:50 +00:00
Todd C. Miller
ec0ef3fcf7 Add open_sudoers() stubs. 2004-09-27 16:02:10 +00:00
Todd C. Miller
7cf26298a2 Rename check_sudoers() open_sudoers() and make it return a FILE * 2004-09-27 16:01:54 +00:00
Todd C. Miller
22ad3cbc96 Crank version 2004-09-26 16:35:58 +00:00
Todd C. Miller
8b8ff2e455 Better HP-UX depot construction 2004-09-26 16:33:31 +00:00
Todd C. Miller
e4d64ce1d0 o Made children global so check_exec() can lookup a child. 
o Replaced uid in struct childinfo with struct passwd * (for runas)
o new_child() now takes a parent pid so the runas info can be inherited
o Added find_child() to lookup a child by its pid
o update_child() now fills in a struct passwd
o Converted the big if/else mess in set_policy to a switch
o Syscalls that change uid are now "ask" so we get SYSTR_MSG_UGID events
 2004-09-25 21:08:48 +00:00
Todd C. Miller
ea5307a433 Add flag to sudo_pwdup that indicates whether or not to lookup the 
shadow password.  Will be used to a struct passwd that has the
shadow password already filled in.
 2004-09-25 21:01:46 +00:00
Todd C. Miller
28736eb556 add missing increment of addr in read_string() 2004-09-25 20:58:11 +00:00
Todd C. Miller
649e2dac12 Remove bogus call to update_child() and some cosmetic fixes 2004-09-25 20:15:44 +00:00
Todd C. Miller
4e5c53e139 Don't leak /dev/systrace fd to tracee 
Make initialized global for simplicity
If STRIOCATTACH returns EBUSY we are already being traced
Check for user_args == NULL in setproctitle() call
Add missing calls to STRIOCANSWER
 2004-09-25 20:11:39 +00:00
Todd C. Miller
d4e3f175c8 g/c sudo_pwdup proto 2004-09-25 17:15:06 +00:00
Todd C. Miller
007aff2b63 Add target for building a depot file 2004-09-25 00:21:04 +00:00
Todd C. Miller
1131db0699 trim includes 2004-09-25 00:07:26 +00:00
Todd C. Miller
2bb8472982 regen 2004-09-24 18:11:19 +00:00
Todd C. Miller
78ac046db5 document --with-systrace 2004-09-24 18:10:32 +00:00
Todd C. Miller
35203ffe56 Add check for setproctitle 2004-09-24 18:10:27 +00:00
Todd C. Miller
11edf288bd pass struct str_msg_ask in to syscall checker so it can set the error code 2004-09-24 18:09:47 +00:00
Todd C. Miller
d492138ff0 systrace(4) support for sudo. On systems with the systrace(4) kernel 
facility (OpenBSD, NetBSD, Linux w/ patches) sudo can intercept exec
calls and check the exec args against the sudoers file.
In other words, sudo can now control subcommands and shell escapes.
 2004-09-24 17:30:23 +00:00
Todd C. Miller
aa8d212e3c Call systrace_attach() if FLAG_TRACE is set. 2004-09-24 17:17:29 +00:00
Todd C. Miller
e3391d597b Add trace Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE 2004-09-24 17:15:51 +00:00
Todd C. Miller
0c2be08089 Don't close sudoers_fp, keep it open and set close on exec flag instead. 2004-09-24 17:13:24 +00:00
Todd C. Miller
ef874440a5 Add trace option 2004-09-24 17:11:14 +00:00
Todd C. Miller
84a3d101e8 Add systrace 2004-09-24 00:24:09 +00:00
Todd C. Miller
7db351d7ab SunOS /bin/sh blows up with configure 2004-09-24 00:23:51 +00:00
Todd C. Miller
ce559899e2 Include sys/param.h before systrace.h 2004-09-24 00:23:28 +00:00
Todd C. Miller
ec57f115f8 regen 2004-09-24 00:15:19 +00:00
Todd C. Miller
5431e1451c _PATH_DEV_SYSTRACE 2004-09-24 00:15:13 +00:00
Todd C. Miller
35b33cc1bc line up options in --help 2004-09-24 00:14:44 +00:00
Todd C. Miller
2af113f24e Add --with-systrace 2004-09-24 00:11:31 +00:00
Todd C. Miller
fdaaeda58e regen 2004-09-23 17:35:55 +00:00
Todd C. Miller
2306b4eb51 make this work with autoconf-2.59 2004-09-23 17:35:40 +00:00
Todd C. Miller
5ac82331be Simplify logic around open & stat of files and do sanity on edited 
file even if we lack fstat (still racable but worth doing).
 2004-09-16 16:58:03 +00:00
Todd C. Miller
4bf59231e5 Add support url 2004-09-15 22:47:48 +00:00
Todd C. Miller
075af35f95 versino 1.6.8p1 2004-09-15 20:11:22 +00:00
Todd C. Miller
98e8b1a150 more changes for 1.6.8p1 2004-09-15 19:20:24 +00:00
Todd C. Miller
55be146f08 1.6.8p1 2004-09-15 19:18:38 +00:00
Todd C. Miller
12c78c0f6d Add sanity check so we don't try to edit something other than a regular file. 2004-09-15 16:16:20 +00:00
Aaron Spangler
bbfe3c0a66 sync 2004-09-15 00:55:00 +00:00
Aaron Spangler
beb6773572 document --with-ldap-conf-file 2004-09-15 00:21:59 +00:00
Todd C. Miller
ec404a074a political correctness strikes again 2004-09-14 21:43:31 +00:00
Todd C. Miller
e3161b7a9c sync 2004-09-14 19:09:00 +00:00
Todd C. Miller
13a265e0ed Install sudoedit man link 2004-09-12 23:50:35 +00:00