isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,022 Commits 1 Branch 0 Tags
788708c9ff925a79ffdd56612f86d3dfc36d7232
Commit Graph

1042 Commits

Author SHA1 Message Date
Todd C. Miller
5d4120fa5d Add separate convenience lib for protobuf-c 
We need to use it for sudo <-> sudo_intercept.so communication.
 2021-08-09 15:50:25 -06:00
Todd C. Miller
6287e8ca7d Add support for loading the sudo_intercept.so DSO. 2021-08-09 15:50:25 -06:00
Todd C. Miller
40496f510b Prefix sanitizer and fuzzer options with -XCClinker in ASAN_LDFLAGS. 
Otherwise libtool may ignore the options when linking.
 2021-07-29 09:29:07 -06:00
Todd C. Miller
625ab9d298 Bump version to 1.9.7p2 2021-07-26 18:03:14 -06:00
Todd C. Miller
36fbb13c4c Use TLS_method() instead of TLS_client_method() throughout. 
OpenSSL returns an error for SSL_accept() if TLS_client_method()
was used to generate the context (LibreSSL doesn't care).

Prior to sudo 1.9.7, TLS_client_method() and TLS_server_method()
were used in the TLS client and server initialization code respectively.
This was refactored in sudo 1.9.7 to allow the code to be shared.
Bug #988
 2021-07-26 13:40:25 -06:00
Todd C. Miller
f8e05dd984 Use AC_CACHE_CHECK in place of AC_MSG_CHECKING + AC_CACHE_VAL where possible. 2021-07-25 19:29:25 -06:00
Todd C. Miller
4a90deb2a0 Add configure check for va_copy instead of using #ifdef 
This prevents the va_copy compat #define from being used if
sudo_compat.h is somehow included before stdarg.h.
 2021-07-25 15:51:23 -06:00
Todd C. Miller
cc3b4ffb04 Remove vsyslog(3) emulation, it is no longer used. 2021-06-14 13:11:39 -06:00
Todd C. Miller
df1895f66f Sudo 1.9.7p1 2021-06-11 12:50:23 -06:00
Todd C. Miller
f7f1617826 Disable nss_search()-based group lookups on HP-UX for now. 
There is a crash when "group: compat" is used in /etc/nsswitch.conf
that I haven't been able to debug.  Since HP-UX doesn't ship the
appropriate headers it is likely that there is a mismatch between
include/compat/nss_dbdefs.h and what HP actually uses.
 2021-06-09 10:43:04 -06:00
Todd C. Miller
2e492267e7 Build sudo_noexec.so as a module on systems other then Darwin. 
On Darwin, shared modules and shared libraries are not interchangable
and since we preload sudo_noexec.so via DYLD_INSERT_LIBRARIES it
must be a library, not a module.  We must relax the requirement
that libraries begin with a "lib" prefix to work around this
difference.  This does mean you must use sudo's libtool on Darwin
(macOS) but that is already a requirement on other systems (notably
HP-UX and SCO) due to a number of libtool patches we require that
haven't be accepted upstream.  This is a different fix for PR #102.
 2021-05-13 12:45:56 -06:00
Todd C. Miller
31e6138115 Use -Wno-deprecated-declarations on macOS 
This quiets warnings about LDAP and audit libraries being deprecated.
We will use them until they are removed in a future version of macOS.
 2021-05-13 09:52:09 -06:00
Todd C. Miller
2efa903521 Remove redundant "configuring Sudo version X.YY" line. 
We now display this along with the summary info at the end.
 2021-05-07 08:01:07 -06:00
Todd C. Miller
841e1b33fb Don't check for -Wl,-z,relro twice. 2021-05-07 07:56:33 -06:00
Todd C. Miller
9b33594a43 Remove shell-style quotes in configure warning/error/notice messages. 
Square bracket quotes are used, no need for shell-style double quotes.
 2021-05-06 14:41:35 -06:00
Todd C. Miller
96436787a1 Summarize configure settings after all tests have run. 
This makes it a lot easier to see what features have been enabled.
 2021-05-06 13:14:58 -06:00
Todd C. Miller
d71731e50d Remove --with-efence option, there are better options available. 2021-05-04 19:03:55 -06:00
Todd C. Miller
fda17ecfda Rename logsrvd log dir to /var/log/sudo_logsrvd. 2021-05-02 08:28:19 -06:00
Todd C. Miller
66c6edada2 Sudo 1.9.7 2021-04-26 13:12:28 -06:00
Todd C. Miller
6f5b353e87 Add configuration for sudo_logsrvd store-and-forward mode. 
Adds "relay_dir" and "store_first" settings to sudo_logsrvd.conf
in the [relay] section.  Also adds a --with-relaydir configure
argument to change the default value (usually /var/log/logsrvd-relay.
 2021-04-23 16:54:15 -06:00
Todd C. Miller
b0a32fe738 Remove the HP-UX 11.0 pread64() hack, it causes problems on modern HP-UX. 2021-04-20 14:59:19 -06:00
Todd C. Miller
5ffa915c9c determine Python (3.10) version number correctly. 
from upstream automake
 2021-04-16 14:06:07 -06:00
Todd C. Miller
d76cc96af6 Add hiuxmpp where we have hpux for special cases. 
Also move the HP-UX 11.00 pread(2) workaround into the section where
pread(2) is tested for, not before it.
 2021-04-15 13:07:13 -06:00
Todd C. Miller
28d41cecad Enable the use of OpenSSL if log client/server not disabled. 
This adds a dependency on OpenSSL unless it is explicitly disabled
(--disable-openssl) or the sudo log client and server are disabled
(--disable-log-client and --disable-log-server).
 2021-04-12 14:10:49 -06:00
Todd C. Miller
d4517e0a1c Move autoconf auxiliary files to the scripts directory. 2021-04-06 14:23:38 -06:00
Todd C. Miller
cf8feb2876 Remove support for obsolete ISC UNIX and MIPS RISC/OS systems. 
They were getting in the way of net_its.c simplification.
 2021-03-24 08:54:17 -06:00
Todd C. Miller
d03805c413 Use --allow-multiple-definition to work around an issue with ld.lld. 
For fuzz_policy we redefine getaddrinfo/freeaddrinfo to work around
a DNS timeout problem with name resolution and CIfuzz.  However,
this causes a link failure when sanitizers are enabled on systems
that use ld.lld as their linker.  Use a big hammer to avoid the
link error.
 2021-03-18 11:45:41 -06:00
Todd C. Miller
85d77fb3d9 Sudo 1.9.6p1 2021-03-15 10:49:47 -06:00
Todd C. Miller
b8e588565b Add -Wno-unknown-pragmas along with -Wall. 
We don't want warnings about unknown pragmas in system headers.
 2021-03-10 07:47:23 -07:00
Todd C. Miller
0e2ba920ee Compare OS name against freebsd* and netbsd* not freebsd and netbsd. 
Fixes an issue on NetBSD where host_os starts with netbsdelf.
 2021-03-08 14:05:39 -07:00
Todd C. Miller
7bce330ffa AIX 6.1 may have a broken fmemopen(). 
We only use it for the fuzzers so ignore it for AIX < 7.1.
 2021-03-07 07:51:59 -07:00
Todd C. Miller
06beb6f064 No longer need to define _DARWIN_UNLIMITED_GETGROUPS on macOS. 
We now define _DARWIN_C_SOURCE which accomplishes the same thing.
 2021-03-03 11:26:02 -07:00
Todd C. Miller
90534b5b27 Add --disable-ssp configure option. 
This allows for disabling -fstack-protector without turning off the
other hardening options.
 2021-02-18 13:58:09 -07:00
Todd C. Miller
b736804cf0 Sudo 1.9.6 2021-02-17 09:56:04 -07:00
Todd C. Miller
a5504148a5 Add admin_flag sudoers option and make --enable-admin-flag take a path. 
It is now possible to disable the Ubuntu admin flag in sudoers
or change its location.
GitHub issue #56
 2021-02-16 13:20:02 -07:00
Todd C. Miller
440febff86 Error out if fuzzer/sanitizer enabled but not supported by the compiler. 2021-02-13 15:40:48 -07:00
Todd C. Miller
942b11149c Do not pass AX_APPEND_FLAG more than a single flag. 
GitHub issue #92
 2021-02-12 07:16:32 -07:00
Todd C. Miller
a527c583dc illumos has a broken fmemopen(3), don't use it. 2021-02-09 08:59:11 -07:00
Todd C. Miller
e392646ed4 Add configure check for SSIZE_MAX 2021-02-08 18:38:17 -07:00
Todd C. Miller
a046e3bbb0 Add -fsanitize=fuzzer-no-link to ASAN_LDFLAGS too, not just ASAN_CFLAGS. 2021-02-08 05:27:26 -07:00
Todd C. Miller
30d9497eb6 Add stub library that just feeds files to the fuzzing target. 
This will allow the fuzzers to be run as part of "make check".
 2021-02-07 15:43:51 -07:00
Todd C. Miller
a72d743ec8 Fall back to a temp file if fmemopen() is not available(). 2021-02-07 13:56:15 -07:00
Todd C. Miller
55df5efdce Add --enable-fuzzer-linker and --enable-fuzzer-engine options. 
These will allow the fuzzers to be built as part of oss-fuzz.
 2021-02-07 05:52:45 -07:00
Todd C. Miller
6216fb3cca Add --enable-fuzzer option to use when building fuzzers 2021-02-06 13:28:39 -07:00
Todd C. Miller
7a2a211dfc Replace --enable-asan with --enable-sanitizer 
It is not possible to set the sanitizer flags at configure time.
 2021-02-06 12:42:11 -07:00
Todd C. Miller
bd10bb5cfe Add --disable-leaks configure option. 
This enables the extra freeing of memory before exit also enabled
by --enable-asan.  To be used by oss-fuzz.
 2021-01-30 06:01:48 -07:00
Todd C. Miller
da5c6c6c45 Regenerate configure script with autoconf 2.71. 
Also fix some warnings from the new version.
 2020-12-08 12:35:21 -07:00
Todd C. Miller
98d5cc2a85 Sudo 1.9.5p2 2021-01-23 08:44:00 -07:00
Todd C. Miller
e60ff9058b Sudo 1.9.5p1 2021-01-11 18:47:22 -07:00
Todd C. Miller
9e111eae57 Sudo 1.9.5 2021-01-08 19:52:45 -07:00