isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,070 Commits 1 Branch 0 Tags
824021b51b6400762492c9e21086e4f76a27e53a
Commit Graph

8070 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
824021b51b Add explicit mention of sudo's netgroup semantics since they differ 
from most other netgroup consumers.
 2015-09-21 16:04:59 -06:00
Todd C. Miller
80673750cf sync with translationproject.org 2015-09-21 15:18:04 -06:00
Todd C. Miller
0cfce655bd Fix potential double free of the cookie when sudo is suspended at 
the password prompt.
 2015-09-21 15:07:00 -06:00
Todd C. Miller
71d0246322 sync with translationproject.org 2015-09-16 09:53:43 -06:00
Todd C. Miller
51c2ef7ae6 sync with translationproject.org 2015-09-15 14:04:43 -06:00
Todd C. Miller
43fd191cfc Bug #719 2015-09-15 13:36:34 -06:00
Todd C. Miller
3ac17b302b SIGHUP is now relayed to the command. Bug #719 2015-09-15 12:24:19 -06:00
Todd C. Miller
3f6f1cd15c When a terminal device is closed, SIGHUP is sent to the controlling 
process associated with that terminal.  It is not sent to the entire
process group so sudo needs to relay SIGHUP to the command when it
is not being run in a new pty.  Bug #719
 2015-09-15 10:30:36 -06:00
Todd C. Miller
b12500993d Mention visudo bug in 1.8.14 2015-09-15 09:50:35 -06:00
Todd C. Miller
b6cb1b65c9 We reserved two slots at the end of the editor argv for the line 
number and the file name.  However, resolve_editor() adds "--"
before the file names so the +line_number is interpreted as a file
name, not a line number so we need to overwrite the "--" as well.
 2015-09-15 09:29:40 -06:00
Todd C. Miller
a2979ed809 Remove checks for __sys_siglist and __sys_signame. They are internal 
to libc and there are no known systems that export those symbols
that do not already export the single underbar or no-underbar versions.
 2015-09-10 16:44:57 -06:00
Todd C. Miller
9ff93c307b Sync with translationproject.org 2015-09-10 14:30:57 -06:00
Todd C. Miller
4132f184ef regen 2015-09-10 14:30:02 -06:00
Todd C. Miller
38b7aea6b7 Restore old signal handlers before tty settings. That way SIGTTOU 
is at its original value if sudo_term_restore() should fail.
 2015-09-09 15:27:09 -06:00
Todd C. Miller
241174ea2d Document what happens when the on_suspend/on_resume callbacks 
return an error.
 2015-09-09 15:14:06 -06:00
Todd C. Miller
edfeee6a7a No need to have version macros for hooks, callbacks and the sudoers 
group plugin.  We can just use the main sudo API macros.  The sudoers
group plugin macros are preserved for source compatibility but are
not documented.
 2015-09-09 14:56:52 -06:00
Todd C. Miller
c45559e6c8 Properly escape the backslash before a comma in an example so the 
example rule is parsable by visudo.
 2015-09-09 14:33:01 -06:00
Todd C. Miller
2f1d675055 Ignore callbacks if major version doesn't match. 2015-09-09 13:29:57 -06:00
Todd C. Miller
67183d74f4 Remove include/compat/timespec.h. Systems old enough to lack struct 
timespec are too old to build a modern sudo.
 2015-09-09 11:13:22 -06:00
Todd C. Miller
69d51b7590 Bug #713 2015-09-09 10:52:23 -06:00
Todd C. Miller
d08faa73a7 Fill in cstat if exec_setup() fails. Previously it was only filled 
in for an execve() failure.  Fixes an unkillable sudo process when
exec_setup() fails and I/O logging is enabled.
 2015-09-09 10:50:21 -06:00
Todd C. Miller
27c2a3d158 Fix running commands as non-root when neither setresuid() not 
setreuid() are available.  At this point we are already root so
setuid() must succeed.  Bug #713
 2015-09-09 10:45:56 -06:00
Todd C. Miller
0dbfbee035 Cast uid_t to unsigned int when printing as %u 2015-09-09 10:14:03 -06:00
Todd C. Miller
2042aa2b75 Mention time stamp file locking changes, fix some spelling. 2015-09-09 09:57:10 -06:00
Todd C. Miller
3fd97f6bad Update with latest changes. 2015-09-09 06:23:29 -06:00
Todd C. Miller
9dedc65a7f Avoid touching the time stamp directory for "sudo -k command" 2015-09-07 06:06:08 -06:00
Todd C. Miller
69050f9345 Bring back the check for time stamp files that predate the boot 
time.  Instead of truncating we now unlink the file since another
process may be sleeping on the lock.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
7d0a623fdd Use pread(2) and pwrite(2) where possible. 2015-09-07 06:06:08 -06:00
Todd C. Miller
70914b3328 sudo_term_* already restart themselve for all but SIGTTOU so we 
don't need to use our own restart loops.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
448b18de2b Set errno to EINVAL if sudo_lock_* is called with a bad type. 2015-09-07 06:06:08 -06:00
Todd C. Miller
0487b6da9d Adjust new locking to work when tty_tickets is disabled. We need 
to use per-tty/ppid locking to gain exclusive access to the tty
for the password prompt but use a separate (short term) lock
that is shared among all sudo processes for the user.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
f9b8a43816 Allow the time stamp lock to be interrupted by signals. 2015-09-07 06:06:08 -06:00
Todd C. Miller
0c70df5de9 Implement suspend/resume callbacks for the conversation function. 
If suspended, close the timestamp file (dropping all locks).  On
resume, lock the record before reading the password.

For this to work properly we need to be able to run th callback
when tsetattr() suspends us, not just when the user does.  To
accomplish this the term_* functions now return EINTR if SIGTTOU
would be generated.  The caller now has to restart the term_*
function (and send itself SIGTTOU) instead of it being done
automatically.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
00142c91fa Lock individual records in the timestamp file instead of the entire 
file.  This will make it possible for multiple sudo processes using
the same tty to serialize their timestamp lookups.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
98a15d9879 Add a struct sudo_conv_callback that contains on_suspend and on_resume 
function pointer args plus a closure pointer and at it to the
conversation function.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
af47293800 Make hook_version and hook_type unsigned. 2015-09-02 08:00:27 -06:00
Todd C. Miller
bfb1cead60 When decoding base64, avoid using '=' in the decoded temporary array 
as a sentinel as it can legitimately be present.  Instead, just use
the count of bytes stored in the temp array to determine which bytes
to fold into the destination.
 2015-09-01 10:24:59 -06:00
Todd C. Miller
333faa20e2 When parsing def_editor, break out of the loop when we find the 
first valid editor.  Bug #714
 2015-08-21 11:25:02 -06:00
Todd C. Miller
7df2487165 The condition for adding a missing newline at the end of sudoers 
was never reached.  Keep track of the last character and write a
newline character if when copying to the temp file.  Found by Radovan
Sroka.
 2015-08-18 08:57:53 -06:00
Todd C. Miller
7ef9b5827e Remove extraneous while() from botched do {} while() loop 
conversion to use sudo_strsplit.  Noticed by Radovan Sroka.
 2015-08-18 08:34:10 -06:00
Todd C. Miller
2b6085760c In sudo_pam_begin_session() and sudo_pam_end_session() return 
AUTH_FATAL on error, not AUTH_FAILURE.  In sudo_auth_begin_session()
treat anything other than AUTH_SUCCESS as a fatal error.
 2015-08-10 20:17:02 -06:00
Todd C. Miller
13869d349c Linux sets si_pid in struct siginfo to 0 when the process that sent 
the signal is in a different container since the PID namespaces in
different conatiners are separate.  Avoid looking up the process
group by id when si_pid is 0 since getpgid(0) returns the process
group of the current process.  Since sudo ignores signals sent
by processes in its own process group, this had the effect of
ignoring signals sent from other containers.  From Maarten de Vries
 2015-08-10 15:13:37 -06:00
Todd C. Miller
db5376001f Sprinkle some debugging. 2015-08-10 10:56:47 -06:00
Todd C. Miller
ad9a51bd9d Document that sudo uses the real uid to map from uid to passwd file 
user name.
 2015-08-09 16:22:16 -06:00
Todd C. Miller
b2f1bbfb02 disable_coredump can be set to no on modern OSes without 
security consequences.
 2015-08-09 16:12:00 -06:00
Todd C. Miller
f1053af3b5 Emphasis on the never. 2015-08-07 17:05:50 -06:00
Todd C. Miller
d4f1aeb196 Explicitly tell people not to grant sudoedit to directories the 
user can write to.  While sudoedit will no longer open symbolic
links, hard links are still an issue.
 2015-08-07 17:01:15 -06:00
Todd C. Miller
c12dd68d1e Add warning about writable directories and sudo/sudoedit. 2015-08-07 17:00:42 -06:00
Todd C. Miller
796911b3fa Emphasize that wildcards are not regexps. Bug #692 2015-08-07 12:37:15 -06:00
Todd C. Miller
329a8dee8a Emphasize that wildcards in command line arguments are dangerous. 
Document the failings of the passwd example on GNU systems.
Bug #691
 2015-08-07 12:21:37 -06:00