isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,433 Commits 1 Branch 0 Tags
6286ce1d16e11619efb8d5855b14dd296f355f9c
Commit Graph

10433 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
4dacf81082 Refactor I/O log code so it can be shared between sudoers and logsrvd 2019-10-24 20:04:29 -06:00
Todd C. Miller
2272430716 Import proof of concept sudo log server. 2019-10-24 20:04:29 -06:00
Todd C. Miller
aa99594575 Avoid invalid read when minval > maxval 2019-10-24 18:35:45 -06:00
Todd C. Miller
271ead2fd3 Don't pass an invalid session or process group ID to the plugin. 
Fixes a regression in 1.8.28 when there is no terminal session leader.
 2019-10-23 12:47:44 -06:00
Todd C. Miller
0375eaca58 regen 2019-10-21 19:55:08 -06:00
Todd C. Miller
5391ee2d5e Not all systems support RLIMIT_NPROC and RLIMIT_RSS 2019-10-21 16:03:10 -06:00
Todd C. Miller
8ea71f9ae0 Sudo 1.8.29 2019-10-21 14:57:24 -06:00
Todd C. Miller
b157b96893 Add depend target to all Makefile.in files. 2019-10-21 15:20:21 -06:00
Todd C. Miller
e80079eaa8 Set resource limits in the sudo process to unlimited. 
We don't want sudo to be limited by the caller's resource limits.
The original resource limits are restore before session setup.
 2019-10-21 11:41:48 -06:00
Todd C. Miller
f57e2d04a3 Older FreeBSD needs sys/param.h included before sys/user.h. 
From Darren Tucker
 2019-10-20 19:18:27 -06:00
Todd C. Miller
c3ce3a84fb Refer to user-ID and group-ID instead of "user ID" and "group ID" 2019-10-19 14:26:41 -06:00
Todd C. Miller
40bf4081be Rename sudo_strtoid() to sudo_strtoidx() and add simplified sudo_strtoid() 2019-10-20 10:21:29 -06:00
Todd C. Miller
6260bf60b4 sudoedit doesn't create a new PAM session so PAM umask does not apply. 2019-10-18 06:43:33 -06:00
Todd C. Miller
b02851dcf3 Change how the umask is handled with PAM and login.conf. 
If the umask is explicitly set in sudoers, use that value regardless
of what is in PAM or login.conf.  If using the default umask from
sudoers, allow PAM or login.conf to override it.  Bug #900
 2019-10-18 06:20:27 -06:00
Todd C. Miller
cf6c60c102 Add log_allowed and log_denied sudoers flags, defaulting to true. 2019-10-17 13:43:04 -06:00
Todd C. Miller
4229dfc566 Enable security auditing malloc options for "make check". 2019-10-17 13:41:53 -06:00
Todd C. Miller
8761217f83 Be more consistent with how we talk about sudoers Defaults settings. 
Use "flag" not "option" when referring to boolean flags.
Use "setting" in place of "Defaults setting" in most places.
Use "the foo option" instead of "sudo's foo option" for command line options.
 2019-10-16 14:29:12 -06:00
Todd C. Miller
cf2f37136f No need to check existing sudoers file when installing to DESTDIR 
This check can cause problems on systems where /etc/sudoers.d is not readable.
 2019-10-16 12:17:06 -06:00
Todd C. Miller
43e44a9982 Inclue sudo_util.h to get sudo_strtonum() prototype. 2019-10-16 11:12:11 -06:00
Todd C. Miller
f5a7585a4f strtonum -> sudo_strtonum 2019-10-16 11:04:09 -06:00
Todd C. Miller
d5ea5b7fbc Add split out strtofoo tests. 2019-10-16 10:21:05 -06:00
Todd C. Miller
1037b685eb Make sure we don't go past the end of the string when out of range. 2019-10-16 10:08:33 -06:00
Todd C. Miller
e339d9950d Fix stronum() regress test and the errno value for out of range numbers. 2019-10-16 09:37:41 -06:00
Todd C. Miller
29afe160a2 Split atofoo.c regress into multiple tests. 2019-10-16 08:45:32 -06:00
Todd C. Miller
b6aa80b5f8 Sudo 1.8.28p1 2019-10-16 05:57:58 -06:00
Todd C. Miller
d494b81556 The fix for bug #869 broke "sudo -v" when verifypw=all (the default) 2019-10-15 07:23:51 -06:00
Todd C. Miller
2512f6efbf Use sudo_strtonum() explicitly instead of via a macro. 2019-10-14 10:09:30 -06:00
Todd C. Miller
04a17095be Always use our own strtonum and implement sudo_strtoid in terms of it. 2019-10-14 10:09:29 -06:00
Todd C. Miller
9d5867eaed Use errno in warning when sudo_make_*_item() fails. 
Previously we always said "out of memory" if not ENOENT.
 2019-10-14 10:09:28 -06:00
Todd C. Miller
3edd6afedf Reject non-LDIF input when converting from LDIF to sudoers or JSON. 2019-10-14 10:09:27 -06:00
Todd C. Miller
8e58e6715a More case-insensitive compare for LDAP attributes and string lists. 
Only the ALL keyword should be compared case-sensitive.
 2019-09-05 08:09:53 -06:00
Todd C. Miller
208a52c613 regen 2019-10-10 10:12:08 -06:00
Todd C. Miller
396bc57fef Add sudo_strtoid() tests for -1 and range errors. 
Also adjust testsudoers/test5 which relied upon gid -1 parsing.
 2019-10-10 10:04:13 -06:00
Todd C. Miller
f752ae5cee Treat an ID of -1 as invalid since that means "no change". 
Fixes CVE-2019-14287.
Found by Joe Vennix from Apple Information Security.
 2019-10-10 10:04:13 -06:00
Todd C. Miller
fd5d0f511e Back out compiler override for now. 2019-10-06 10:46:18 -06:00
Todd C. Miller
364821602d Only prefer clang over gcc on BSD systems. 2019-10-06 08:35:28 -06:00
Todd C. Miller
c64add170e Fix "make pvs-studio" run in a build dir 2019-10-05 14:34:11 -06:00
Todd C. Miller
45a79cf86f regen 2019-09-27 15:38:52 -06:00
Todd C. Miller
ab6cfc404a Bug #898 2019-09-27 15:36:20 -06:00
Todd C. Miller
112dff276a Fix restoring the file context of the user's tty with SELinux. 
Also fix broken tty labeling when running a command in a pty.
Includes a fix for a typo introduced in the last change set.
 2019-09-27 15:32:49 -06:00
Todd C. Miller
b7b3fb72d0 _rs_random_buf is currently unused 2019-09-27 08:55:51 -06:00
Todd C. Miller
bcf8c3dd5e Add some debugging around context setting and tty labeling 
Also be more extact with error return values
 2019-09-27 08:47:41 -06:00
Todd C. Miller
73dd3849c6 Better error message when debug log file cannot be opened. 2019-09-21 07:47:24 -06:00
Todd C. Miller
81a30dd44d Ignore in-tree build directory. 2019-09-20 11:31:22 -06:00
Todd C. Miller
7355363d6a Set CC before AC_USE_SYSTEM_EXTENSIONS to get our preferred compiler. 2019-09-20 11:30:08 -06:00
Todd C. Miller
de87774ea3 Update Polypkg to the latest version from git. 2019-09-19 11:28:00 -06:00
Todd C. Miller
0faf5eed7c If no mandoc or nroff is present, install mdoc format manuals. 
If there is no installed nroff/mandoc they will need to install groff
or heirloom doctools to format the manual pages.
 2019-09-19 11:16:45 -06:00
Todd C. Miller
984382f8a9 Refer to number of terminal lines, not rows, for consistency. 2019-09-18 20:03:04 -06:00
Todd C. Miller
e49e8c1e8b Prefer clang over gcc. 
We want to use clang on systems where clang is the system compiler.
It is less common to have clang installed on systems where gcc is
the system compiler.
 2019-09-17 08:46:37 -06:00
Todd C. Miller
2707acf23f No longer need bypass_last_login on HP-UX, warnings work with clang. 
Also add deb package names for pam and ldap devel on Linux.
 2019-09-17 08:40:48 -06:00