isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,201 Commits 1 Branch 0 Tags
6cbba7d66556dc67d71c6dfae91bcf35ff9bef8c
Commit Graph

8201 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
69d51b7590 Bug #713 2015-09-09 10:52:23 -06:00
Todd C. Miller
d08faa73a7 Fill in cstat if exec_setup() fails. Previously it was only filled 
in for an execve() failure.  Fixes an unkillable sudo process when
exec_setup() fails and I/O logging is enabled.
 2015-09-09 10:50:21 -06:00
Todd C. Miller
27c2a3d158 Fix running commands as non-root when neither setresuid() not 
setreuid() are available.  At this point we are already root so
setuid() must succeed.  Bug #713
 2015-09-09 10:45:56 -06:00
Todd C. Miller
0dbfbee035 Cast uid_t to unsigned int when printing as %u 2015-09-09 10:14:03 -06:00
Todd C. Miller
2042aa2b75 Mention time stamp file locking changes, fix some spelling. 2015-09-09 09:57:10 -06:00
Todd C. Miller
3fd97f6bad Update with latest changes. 2015-09-09 06:23:29 -06:00
Todd C. Miller
9dedc65a7f Avoid touching the time stamp directory for "sudo -k command" 2015-09-07 06:06:08 -06:00
Todd C. Miller
69050f9345 Bring back the check for time stamp files that predate the boot 
time.  Instead of truncating we now unlink the file since another
process may be sleeping on the lock.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
7d0a623fdd Use pread(2) and pwrite(2) where possible. 2015-09-07 06:06:08 -06:00
Todd C. Miller
70914b3328 sudo_term_* already restart themselve for all but SIGTTOU so we 
don't need to use our own restart loops.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
448b18de2b Set errno to EINVAL if sudo_lock_* is called with a bad type. 2015-09-07 06:06:08 -06:00
Todd C. Miller
0487b6da9d Adjust new locking to work when tty_tickets is disabled. We need 
to use per-tty/ppid locking to gain exclusive access to the tty
for the password prompt but use a separate (short term) lock
that is shared among all sudo processes for the user.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
f9b8a43816 Allow the time stamp lock to be interrupted by signals. 2015-09-07 06:06:08 -06:00
Todd C. Miller
0c70df5de9 Implement suspend/resume callbacks for the conversation function. 
If suspended, close the timestamp file (dropping all locks).  On
resume, lock the record before reading the password.

For this to work properly we need to be able to run th callback
when tsetattr() suspends us, not just when the user does.  To
accomplish this the term_* functions now return EINTR if SIGTTOU
would be generated.  The caller now has to restart the term_*
function (and send itself SIGTTOU) instead of it being done
automatically.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
00142c91fa Lock individual records in the timestamp file instead of the entire 
file.  This will make it possible for multiple sudo processes using
the same tty to serialize their timestamp lookups.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
98a15d9879 Add a struct sudo_conv_callback that contains on_suspend and on_resume 
function pointer args plus a closure pointer and at it to the
conversation function.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
af47293800 Make hook_version and hook_type unsigned. 2015-09-02 08:00:27 -06:00
Todd C. Miller
bfb1cead60 When decoding base64, avoid using '=' in the decoded temporary array 
as a sentinel as it can legitimately be present.  Instead, just use
the count of bytes stored in the temp array to determine which bytes
to fold into the destination.
 2015-09-01 10:24:59 -06:00
Todd C. Miller
333faa20e2 When parsing def_editor, break out of the loop when we find the 
first valid editor.  Bug #714
 2015-08-21 11:25:02 -06:00
Todd C. Miller
7df2487165 The condition for adding a missing newline at the end of sudoers 
was never reached.  Keep track of the last character and write a
newline character if when copying to the temp file.  Found by Radovan
Sroka.
 2015-08-18 08:57:53 -06:00
Todd C. Miller
7ef9b5827e Remove extraneous while() from botched do {} while() loop 
conversion to use sudo_strsplit.  Noticed by Radovan Sroka.
 2015-08-18 08:34:10 -06:00
Todd C. Miller
2b6085760c In sudo_pam_begin_session() and sudo_pam_end_session() return 
AUTH_FATAL on error, not AUTH_FAILURE.  In sudo_auth_begin_session()
treat anything other than AUTH_SUCCESS as a fatal error.
 2015-08-10 20:17:02 -06:00
Todd C. Miller
13869d349c Linux sets si_pid in struct siginfo to 0 when the process that sent 
the signal is in a different container since the PID namespaces in
different conatiners are separate.  Avoid looking up the process
group by id when si_pid is 0 since getpgid(0) returns the process
group of the current process.  Since sudo ignores signals sent
by processes in its own process group, this had the effect of
ignoring signals sent from other containers.  From Maarten de Vries
 2015-08-10 15:13:37 -06:00
Todd C. Miller
db5376001f Sprinkle some debugging. 2015-08-10 10:56:47 -06:00
Todd C. Miller
ad9a51bd9d Document that sudo uses the real uid to map from uid to passwd file 
user name.
 2015-08-09 16:22:16 -06:00
Todd C. Miller
b2f1bbfb02 disable_coredump can be set to no on modern OSes without 
security consequences.
 2015-08-09 16:12:00 -06:00
Todd C. Miller
f1053af3b5 Emphasis on the never. 2015-08-07 17:05:50 -06:00
Todd C. Miller
d4f1aeb196 Explicitly tell people not to grant sudoedit to directories the 
user can write to.  While sudoedit will no longer open symbolic
links, hard links are still an issue.
 2015-08-07 17:01:15 -06:00
Todd C. Miller
c12dd68d1e Add warning about writable directories and sudo/sudoedit. 2015-08-07 17:00:42 -06:00
Todd C. Miller
796911b3fa Emphasize that wildcards are not regexps. Bug #692 2015-08-07 12:37:15 -06:00
Todd C. Miller
329a8dee8a Emphasize that wildcards in command line arguments are dangerous. 
Document the failings of the passwd example on GNU systems.
Bug #691
 2015-08-07 12:21:37 -06:00
Todd C. Miller
dc5ccf4736 Escape the colons in [[:alpha:]] as required by sudoers. 2015-08-07 12:00:12 -06:00
Todd C. Miller
2fbce103f6 Change warning when user tries to sudoedit a symbolic link. 2015-08-07 07:09:01 -06:00
Todd C. Miller
531bcc8aa6 regen 2015-08-06 13:21:37 -06:00
Todd C. Miller
5b2ea42d47 regen 2015-08-06 13:20:36 -06:00
Todd C. Miller
3354d27a17 Do not follow symbolic links in sudoedit by default. This behavior 
can be controlled by the sudoedit_follow Defaults flag as well as
the FOLLOW/NOFOLLOW tags.
 2015-08-06 13:20:01 -06:00
Todd C. Miller
079167d2c4 Sudo 1.8.15 2015-08-06 13:15:00 -06:00
Todd C. Miller
f11e02ddd5 add .json regress files to MANIFEST 2015-08-06 13:39:59 -06:00
Todd C. Miller
4501b7416a Check JSON output of sudoers test files too. 2015-08-06 10:57:42 -06:00
Todd C. Miller
4abc13bfca Move comment to match moved code. 2015-08-04 16:15:11 -06:00
Todd C. Miller
e0969c162e maxseq is an int not a string 2015-08-04 11:28:43 -06:00
Todd C. Miller
918190fce9 Include sys/types.h for id_t. Bug #711 2015-08-02 19:59:32 -06:00
Todd C. Miller
1965da8c33 Avoid a potential out of bounds read found by enh while fuzzing 
with address sanitizer enabled.
 2015-07-31 16:10:03 -06:00
Todd C. Miller
d536626b18 Set sssd lib location to /usr/lib64 on 64-bit RHEL/Centos. 
Bug #710
 2015-07-27 07:07:38 -06:00
Todd C. Miller
01bfae5bad Add Jakub Wilk 2015-07-08 15:14:55 -06:00
Todd C. Miller
ddd35459c3 The init.d files are generated from a .in file so we need to install 
from top_builddir not top_srcdir.  From Ross Burton.  Bug #708
 2015-07-24 13:38:03 -06:00
Todd C. Miller
e941f97eb4 Replace two "return 0" with debug_return_bool(false). 2015-07-22 19:11:32 -06:00
Todd C. Miller
0765f5fe7f fix typo in previous commit 2015-07-22 06:21:21 -06:00
Todd C. Miller
620f8a33eb Sudo 1.8.14p3 2015-07-22 06:09:14 -06:00
Todd C. Miller
83d8cbf811 Fix errno value from get_process_ttyname() when no tty is present. 2015-07-21 15:20:49 -06:00