isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,739 Commits 1 Branch 0 Tags
65df01dd71b5da06e5ae3f1fcabb577f96e6cf8c
Commit Graph

1264 Commits

Author SHA1 Message Date
Todd C. Miller
18e06825fb Plug memory leak when an I/O plugin is specified in sudo.conf 
but the I/O plugin is not configured.
 2018-04-17 13:41:44 -06:00
Todd C. Miller
5ae557e308 Check sudoedit temporary directory for writability before using it. 2018-04-04 21:05:59 -06:00
Todd C. Miller
a42cf67acb In pty_close() we still need to check whether the pty master and 
slave fds are open before closing them.  When no tty is present but
we are I/O logging pty_close() will be called when there is no
actual pty in use.
 2018-03-27 16:00:08 -06:00
Todd C. Miller
2336496347 In pty_close() there is no need to remove events associated with 
the pty slave as there are none.  We also don't need to check for
the pty fds being -1 since they are not closed elsewhere and
pty_close() is only called if pty_setup() succeeds.
 2018-03-26 06:28:23 -06:00
Todd C. Miller
4df454310d In pty_close() close the slave and remove any events associated 
with it.  Fixes a potential hang when performing the final flush
on non-BSD systems.
 2018-03-25 06:03:19 -06:00
Todd C. Miller
b06e046835 Add aix_setauthdb() before the initial getpwuid() call. 2018-03-17 07:49:08 -06:00
Todd C. Miller
217e0a9b4b Less confusing sysctl checks for kinfo_proc. 2018-03-05 17:35:02 -07:00
Todd C. Miller
4b29e0bd70 Restore line to set MODE_PRESERVE_ENV in flags when the -E command 
line option is used.  The caller doesn't check MODE_PRESERVE_ENV
these days but parse_args uses it to detect usage errors when -E
is used along with a mutually excusive option.  Problem found by
Yuriy Vostrikov.
 2018-02-28 07:05:36 -07:00
Todd C. Miller
faa5baac9b Use setpassent() and setgroupent() on systems that support it to 
keep the passwd and group database open.  Sudo does a lot of passwd
and group lookups so it can be beneficial to just leave the file
open.
 2018-02-20 13:22:59 -07:00
Todd C. Miller
d5d170252a In pty_cleanup() we need to call sudo_term_restore() even if no I/O 
plugins are present as long as /dev/tty exists.  Fixes the use_pty
case with no I/O plugins.
 2018-02-19 11:00:12 -07:00
Todd C. Miller
42fe0409f6 Add sudo_ev_dispatch(), a wrapper for ev_loop() with no flags. 
Similar the dispatch function in libevent.
 2018-02-19 11:00:10 -07:00
Todd C. Miller
a885b952fb Remove use of AC_HEADER_TIME, only obsolete platforms actually 
need this.  Also stop removing sys/time.h unless the source file
uses struct timeval.
 2018-01-17 09:52:15 -07:00
Todd C. Miller
ff5ac3ef0e Add tsdump, a simple utility to dump a timestamp file. To build, 
run "make tsdump" in the plugins/sudoers directory (it is not built
by default).  In order to map the tty device number to a name,
sudo_ttyname_dev() has been moved into libsudo_util.
 2018-01-11 10:49:20 -07:00
Todd C. Miller
cd0b700543 No need for a loop around the recv() now that we don't have to worry 
about EINTR.  CID 180697
 2017-12-12 21:44:23 -07:00
Todd C. Miller
5106bfc139 Allow the plugin to determine whether or not an empty timeout is 
allowed.  For sudoers, an error will be returned for an empty timeout.
 2017-12-11 09:20:41 -07:00
Todd C. Miller
bbc43b5e30 Change some _() into U_() since they are used for warn/fatal. 
We always want to issue warnings in the user's locale.
 2017-12-11 08:07:01 -07:00
Todd C. Miller
d322caf7ac Print usage and return an error when an empty argument is given for 
all command line arguments other than -p and -E.  Bug #817
 2017-12-10 07:53:09 -07:00
Todd C. Miller
48fba3c2cc update my email to Todd.Miller@sudo.ws 2017-12-03 17:53:40 -07:00
Todd C. Miller
a2eff11509 Track window size changes that happen while sudo is suspended 2017-12-02 21:30:11 -07:00
Todd C. Miller
b561d0d7dd When the command completes, make the monitor the foreground process 
group before informing the main sudo process of the command's exit
status.  This will prevent processes started by the command (which
runs in a different process group) from receiving SIGHUP since the
kernel sends SIGHUP to the foreground process group associated with
the terminal session.  The monitor has a SIGHUP handler installed
so the signal is effectively ignored.
 2017-12-01 13:43:06 -07:00
Todd C. Miller
4168668f53 Add debug printfs around group list retrieval. 2017-12-01 12:58:37 -07:00
Todd C. Miller
116c5d7eff Move call to sudo_ev_loopcontinue() into schedule_signal() itself. 
We always want to prioritize signal forwarding.
 2017-11-30 10:02:15 -07:00
Todd C. Miller
b9adb3dd51 Don't loop over read/write, recv/send or tcgetpgrp/tcsetpgrp trying 
to handle EINTR.  We now use SA_RESTART with signals so this is not
needed and is potentially dangerous if it is possible to receive
SIGTTIN or SIGTTOU (which it currently is not).
 2017-11-30 09:53:21 -07:00
Todd C. Miller
486ced7c11 Sprinkle some extra debugging printfs 2017-11-29 13:13:33 -07:00
Todd C. Miller
54acf4f991 Handle receipt of SIGTTIN/SIGTTOU when reading/writing from/to the tty. 
We can't use a signal event for these since that would restart the
system call after the signal was handled and the callback would not
get a chance to run.  Fixes running a command in the background that
write to the tty when the TOSTOP terminal flag is set.
 2017-11-29 12:06:12 -07:00
Todd C. Miller
5ccc7ab879 We don't need to be the foreground process to be able to write to 
the terminal in most cases.  If the background process tries to
modify the terminal flags it will receive SIGTTOU which is relayed
to the sudo front-end.  This currently mishandles terminals with
the TOSTOP local flag set.
 2017-11-29 12:06:12 -07:00
Todd C. Miller
3b88cdfcd8 Fix stair-stepped output when the output of a sudo command is piped 
to another command and use_pty is set.
 2017-09-26 14:21:11 -06:00
Todd C. Miller
8949992040 Set ec->cmnd_pid to the correct value when receiving the command's 
process ID from the monitor.
 2017-09-07 13:22:10 -06:00
Todd C. Miller
84af812b8c If /dev/tty is not available and no I/O logging plugins are configured, 
fall back on exec_nopty() even if the policy plugin requested a pty.
We never allocate a pty when sudo is not run from a terminal anyway.
 2017-09-07 11:32:30 -06:00
Todd C. Miller
2c2476f07f Do not set utmp_user if we did not actually allocate a pty. 2017-09-07 11:00:19 -06:00
Todd C. Miller
d85056d95f sudo_terminated() should not return true when SIGCHLD is pending. 
Bug #801
 2017-09-06 16:08:23 -06:00
Todd C. Miller
4b5aeefebc Set SIGCHLD handler to SIG_DFL before forking the askpass command 
and restore after.  Otherwise, SIGCHLD will end up in the list of
pending signals and sudo_execute() will not execute the command.
 2017-09-06 15:59:37 -06:00
Todd C. Miller
c3d098254d Don't forward SIGINFO to the child when it is send by the kernel 
(not another user process).  This is consistent with the handling
of other keyboard-generated signals such as SIGINT, SIGQUIT and
SIGTSTP.  Bug #796
 2017-08-29 08:58:14 -06:00
Todd C. Miller
c18dde2350 Allow the user to specify a list of environment variables to preserve. 
This adds an option paramter to the --preserve-env option, a
comma-separated list of variable names.
 2017-08-03 07:32:24 -06:00
Todd C. Miller
0849e2cac4 No need to call sudo_ev_del() before sudo_ev_free(); sudo_ev_free() 
will delete the event from its base before freeing it.
 2017-07-27 14:12:57 -06:00
Todd C. Miller
1cfaf6c344 Terminate the command if an I/O log function returns 0 or -1. This 
was mistakenly removed by 25b7fd056614 in Sudo 1.8.18 with the
removal of the ignore_iolog_errors variable.
 2017-07-27 14:10:44 -06:00
Todd C. Miller
7f8765d327 If we free the default base in sudo_ev_base_free(), reset the default 
base to NULL.
 2017-07-14 10:09:58 -06:00
Todd C. Miller
d2a0bfbb12 Add the ability to set a default event base, to be used by plugins 
which don't have access to the event base.
 2017-07-13 13:59:31 -06:00
Todd C. Miller
8898ec1f9c Pass window size change events to the plugin. 2017-07-12 05:47:28 -06:00
Todd C. Miller
e70a953fb4 Remove pointless subshells in targets that simply change the directory 
and execute a command.  The command is already run in a shell so
there is no need to execute a subshell in this case.
 2017-07-12 05:45:46 -06:00
Todd C. Miller
a7759b6261 Store the debug instance ID for I/O plugins too. 
Now iolog_open() is consistent with policy_open().
 2017-07-10 16:28:10 -06:00
Todd C. Miller
6d4d4594b7 Use _PATH_DEV consistently 2017-06-29 18:10:53 -06:00
Todd C. Miller
f5b60ef749 Add debug warning when we have wait status but don't overwrite the 
existing cstat.
 2017-06-15 07:51:02 -06:00
Todd C. Miller
c8c586ee0b Better handling of SIGCONT from in command in the monitor. It is 
useful to know when the command continued but we don't want to
inform the parent or store the wait status in this case.  Fixes a
hang after multiple suspends on Linux.
 2017-06-15 07:51:00 -06:00
Todd C. Miller
ab59834a00 Don't treat an unchanged file as an error. From Xin Li. 2017-06-05 07:47:43 -06:00
Todd C. Miller
0d70e868f1 sudo_edit() must return a wait status but if there is an error, or 
even if no changes were made to the file, it was returning 1 instead
which would be interpreted as the command having received SIGHUP.
Use the W_EXITCODE() to construct a proper wait status in the error
case too.
 2017-06-05 07:11:09 -06:00
Todd C. Miller
26d9043bf4 Avoid sign extension when assigning the value of tty_nr in 
/proc/self/stat on Linux.  It is an unsigned int value that
is printed as a signed int but dev_t is unsigned long long.
We need to cast to unsigned int before assigning to a dev_t.
 2017-06-03 08:45:29 -06:00
Todd C. Miller
c13ebffbce A command name may also contain newline characters so read 
/proc/self/stat until EOF.  It is not legal for /proc/self/stat to
contain embedded NUL bytes so treat the file as corrupt if we see
any.  With help from Qualys.

This is not exploitable due to the /dev traversal changes in sudo
1.8.20p1 (thanks Solar!).
 2017-05-31 09:14:31 -06:00
Todd C. Miller
15901c9487 Use /proc/self consistently on Linux. As far as I know, only AIX 
doesn't support /proc/self.
 2017-05-30 10:44:11 -06:00
Todd C. Miller
cc71b99849 Add a new "devsearch" Path setting to sudo.conf for configuring the 
/dev paths to traverse instead of hard-coding a list in ttyname.c
The default value can be set at configure time.
 2017-05-30 10:44:11 -06:00