isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,149 Commits 1 Branch 0 Tags
4dba87262a3d117a4c2962a4fe65e500878690e4
Commit Graph

128 Commits

Author SHA1 Message Date
Todd C. Miller
4dba87262a Look up runas user by name, not euid, where possible. 
Fixes a problem when there are multiple users with the same user-ID
where the PAM session modules could be called with the wrong user name.
Debian bug #734752
 2020-05-06 16:38:08 -06:00
Todd C. Miller
76bf9a73bc Fix sudoedit when running with SELinux RBAC mode. 
We can't use run_command() to run sesh, that will use the sudo event
loop (and might run it in a pty!).
There's no need to relabel the tty when copying files.
Get the path to sesh from sudo.conf.

Currently, for SELinux RBAC, the editor runs with the target user's
security context. This defeats the purpose of sudoedit.  Fixing
that requires passing file descriptors between the main sudo process
(running with the invoking user's security context) and sesh (runnning
with the target user's security context).
 2020-04-21 14:29:23 -06:00
Todd C. Miller
93aa9f9e90 Add cwd_optional to command details and enable it in the sudoers plugin. 
If cwd_optional is set to true, a failure to set the cwd will be a
warning, not an error, and the command will still run.
Debian bug #598519
 2020-03-31 19:43:48 -06:00
Todd C. Miller
c5afbf00fc Mark main sudo usage() function __noreturn__. 
This splits the usage printing out into display_usage().
 2020-02-08 12:17:33 -07:00
Todd C. Miller
22105009d8 Define a new plugin type that receives accept and reject messages. 
This can be used to implement logging-only plugins.
The plugin functions now take an errstr argument that can be used
to return an error string to be logged on failure or error.
 2020-01-30 13:25:34 -07:00
Todd C. Miller
5793023ffd Add a plugin interface to sudo main event loop. 2019-11-15 13:36:01 -07:00
Todd C. Miller
059b55ce72 Refactor code in sudoers that creates I/O log files to share with logsrvd. 2019-10-24 20:04:31 -06:00
Todd C. Miller
e80079eaa8 Set resource limits in the sudo process to unlimited. 
We don't want sudo to be limited by the caller's resource limits.
The original resource limits are restore before session setup.
 2019-10-21 11:41:48 -06:00
Todd C. Miller
b02851dcf3 Change how the umask is handled with PAM and login.conf. 
If the umask is explicitly set in sudoers, use that value regardless
of what is in PAM or login.conf.  If using the default umask from
sudoers, allow PAM or login.conf to override it.  Bug #900
 2019-10-18 06:20:27 -06:00
Todd C. Miller
112dff276a Fix restoring the file context of the user's tty with SELinux. 
Also fix broken tty labeling when running a command in a pty.
Includes a fix for a typo introduced in the last change set.
 2019-09-27 15:32:49 -06:00
Todd C. Miller
d94798e5d0 Enable asserts for Coverity too. 2019-08-30 14:05:03 -06:00
Todd C. Miller
ffaef7939a Add asserts() to avoid static analyzer false positives. 2019-08-30 11:13:35 -06:00
Todd C. Miller
19c548fd57 Add -B option to ring the bell before the password prompt. 2019-05-27 08:49:43 -06:00
Todd C. Miller
1e1ef61902 Add SPDX-License-Identifier to files. 2019-04-29 07:21:51 -06:00
Todd C. Miller
c0a12d9d95 Be sure to include sudo_queue.h where needed instead of relying on other headers. 2019-02-19 08:31:08 -07:00
Todd C. Miller
e2570307e6 Initialize the pty rows/cols based on the values we stored in user_details. 
This fixes a minor issue where we would send an extra window size
change event the first time the command was suspended.
 2018-10-05 14:04:29 -06:00
Todd C. Miller
6953e7fc79 Move updating of the window size to the monitor process. 
This will allow us to close the slave in the main sudo process in
the future so only the command and monitor have it open.
 2018-08-20 10:04:14 -06:00
Todd C. Miller
48fba3c2cc update my email to Todd.Miller@sudo.ws 2017-12-03 17:53:40 -07:00
Todd C. Miller
6a8eaef4b8 Move exec_setup(), unlimit_nproc() and restore_nproc() from sudo.c 
to exec.c.
 2017-05-15 09:01:10 -06:00
Todd C. Miller
1186f39842 Use SUDO_EV_SIGNAL and SUDO_EV_SIGINFO instead of managing the 
signal_pipe explicitly.
 2017-05-12 10:02:17 -06:00
Todd C. Miller
35e4bd3e9f Replace pipe_nonblock() with pipe2() 2017-03-13 12:11:52 -06:00
Todd C. Miller
af1482f487 Add tcsetpgrp_nobg() which acts like tcsetpgrp() but returns -1 
for a background process.  This is safer than blocking SIGTTOU
which would cause tcsetpgrp() to succeed in the background.
 2017-03-07 12:29:21 -07:00
Todd C. Miller
efe957544f Add the argument vector allocated for -s and -i mode to the garbage 
collector list.  Avoids an ASAN warning on exit when the -s or -i
flags are used.
 2016-11-10 10:11:18 -07:00
Todd C. Miller
3e4c7eed31 Move the ignoring of I/O log plugin errors into the I/O log plugin 
itself.
 2016-08-17 14:38:00 -06:00
Todd C. Miller
ed18d0d5f8 Make the behavior when we cannot write to a log or audit file 
configurable.  File log failures are ignored by default for consistency
with syslog.  Audit errors are ignored by default to allow the admin
to fix the issue.  I/O log file errors are still fatal by default
since if I/O logging is activated it is usually to have an audit trail.
Bug #751
 2016-08-17 07:22:51 -06:00
Todd C. Miller
ed9b457eb2 Set user groups in exec_setup() if they were not already set by 
policy_init_session().  Bug #749
 2016-06-22 10:21:29 -06:00
Todd C. Miller
b20977d445 Add support for using fexecve() if supported on commands that are 
checksummed.
 2016-01-04 10:35:18 -07:00
Todd C. Miller
7a57bae1e6 Change noexec flag in selinux_execve() from int to bool. 2015-12-16 15:16:48 -07:00
Todd C. Miller
c50cead833 Add directory writability checks for sudoedit. 2015-10-23 14:04:35 -06:00
Todd C. Miller
98a15d9879 Add a struct sudo_conv_callback that contains on_suspend and on_resume 
function pointer args plus a closure pointer and at it to the
conversation function.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
3354d27a17 Do not follow symbolic links in sudoedit by default. This behavior 
can be controlled by the sudoedit_follow Defaults flag as well as
the FOLLOW/NOFOLLOW tags.
 2015-08-06 13:20:01 -06:00
Todd C. Miller
d96f8bcabb Avoid needless memory allocation when resolving the tty name. 2015-07-19 20:19:22 -06:00
Todd C. Miller
cb63ca701c Avoid using exiting allocators in the front end. 2015-06-17 17:00:54 -06:00
Todd C. Miller
05a01d4c5d Avoid using a leading underbar in defines as they are reserved in 
ISO C.
 2015-05-21 11:13:20 -06:00
Todd C. Miller
9c9ff3dc4b get_pty() should return bool 2015-05-07 09:43:19 -06:00
Todd C. Miller
d2624ffa96 Make tty_present static to tgetpass.c 2015-05-07 09:42:48 -06:00
Todd C. Miller
866cfc4fc3 Add support for multiple Debug lines per program. Callers may 
register arbitrary debug facilities or use built-in defaults.  We
now use separate Debug statements for plugins and programs.
 2014-10-22 13:23:05 -06:00
Todd C. Miller
1e0b8903f2 Return settings from parse_args as struct sudo_settings and format 
for the plugin at plugin open time.  This will allow for additional,
plugin-specific settings to be added to the array.
 2014-10-22 13:13:00 -06:00
Todd C. Miller
db35c7c0e4 Make sudoedit work with SELinux RBAC. 
Adapted from RedHat patches (Daniel Kopecek) but made to behave a
bit more like the non-SELinux bits.
 2014-08-21 15:28:36 -06:00
Todd C. Miller
47835ff289 Rename missing.h -> sudo_compat.h 2014-07-22 14:25:16 -06:00
Todd C. Miller
127ba1354b Rename gettext.h -> sudo_gettext.h 2014-07-21 14:49:43 -06:00
Todd C. Miller
3687b665cb Rename fatal.h -> sudo_fatal.h 2014-07-21 14:40:18 -06:00
Todd C. Miller
2d61d38c23 Add sudo_ prefix to alloc.c functions and rename alloc.h -> sudo_alloc.h 2014-06-27 10:48:31 -06:00
Todd C. Miller
8e088e65c0 Split fileops.c into parseln.c and locking.c 2014-06-27 09:46:24 -06:00
Todd C. Miller
12a1b672c0 We must include gettext.h before missing.h as it includes system 
headers.  Also add missing DEFAULT_TEXT_DOMAIN defines in sudoers
audit code that does not include sudoers.h.
 2014-02-11 09:40:59 -07:00
Todd C. Miller
4d80e7cea4 Redo preserve_fds support to remap high fds so we can get the most 
out of closefrom().  The fds are then restored after closefrom().
 2013-12-24 15:01:00 -07:00
Todd C. Miller
1adeda54ef Add support for preventing fds from getting clobbered by closefrom(). 2013-12-20 11:14:32 -07:00
Todd C. Miller
3e2d818ed9 Move prototypes for functions provided by libcommon that don't have 
their own header files into sudo_util.h.
 2013-12-12 18:29:07 -07:00
Todd C. Miller
d83bfb9fe6 Add atomode() function for parsing a file mode. 2013-12-10 16:56:54 -07:00
Todd C. Miller
12f3bdf60e Add wrapper functions for dlopen() et al so that we can support 
statically compiling in the sudoers plugin but still allow other
plugins to be loaded.  The new --enable-static-sudoers configure
option will cause the sudoers plugin to be compiled statically into
the sudo binary.  This does not prevent other plugins from being
loaded as per sudo.conf.
 2013-11-22 16:35:15 -07:00