isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,314 Commits 1 Branch 0 Tags
8c85fefaee0b43cba2d22be942f88f051eba9a9f
Commit Graph

12314 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
8c85fefaee Plug memory leaks in store_sudo_test found by LSAN. 2023-04-25 09:28:34 -06:00
Todd C. Miller
b1deffbe5b disable_coredump: only change the soft limit, leave the hard limit as-is 
This should avoid problems on Linux in cases where sudo does not
have CAP_SYS_RESOURCE which may be the case in an unprivileged container.
GitHub issue #42
 2023-04-24 10:32:40 -06:00
Todd C. Miller
e2243e3737 Add basic support for remote power on/off via net-snmp. 2023-04-19 17:48:47 -06:00
Todd C. Miller
6c3c8acbac More accurate description of what happens for "sudo -b". 2023-04-19 15:09:23 -06:00
Todd C. Miller
ab0f8dda31 Avoid calling isatty()/ttyname() on std{in,out,err} if not a char dev. 
The user controls these fds so we should avoid calling ioctl(2) on
them unless they correspond to actual character device files.
 2023-04-18 13:52:26 -06:00
Todd C. Miller
fe80c27dec Better support for "sudo -b" when running the command in a pty. 
When a command is run via "sudo -b" it has no access to terminal
input.  In non-pty mode, the command runs in an orphaned process
group and reads from the controlling terminal fail with EIO.  We
cannot do the same while running in a pty but if we set stdin to a
half-closed pipe, reads from it will get EOF.  That is close enough.
 2023-04-19 14:34:57 -06:00
Todd C. Miller
b24af7b3e6 Hard-code usage() and help() for an 80-column terminal. 
Trying to tailor the help and usage output to the terminal width
is simply not worth it and could be abused to mark a socket as
"trusted" on Linux if there are additional kernel bugs like
CVE-2023-2002.
 2023-04-18 07:33:12 -06:00
Todd C. Miller
65c0b5a089 Move CONFIGURE_ARGS from sudo_usage.h.in to config.h.in. 2023-04-18 07:29:37 -06:00
Todd C. Miller
80b85bdd50 get_user_info: call sudo_get_ttysize() even if no /dev/tty 
We still want to initialize rows and cols based on the environment
if possible.
 2023-04-17 07:27:05 -06:00
Todd C. Miller
4ac9941794 Get the tty size using stdout, not stderr, when printing help output. 
While usage() prints to stderr, help() prints to stdout.
 2023-04-16 16:06:59 -06:00
Todd C. Miller
d1912957ae get_user_info: pass sudo_get_ttysize() the fd of /dev/tty, not stderr. 
Both the plugin API and the main event loop expect lines/cols to
refer to the user's terminal, so using /dev/tty is better here.
 2023-04-16 16:05:15 -06:00
Todd C. Miller
cc22cca34f Add an fd argument to sudo_get_ttysize() instead of always using stderr. 
For sudoreplay we open /dev/tty, so use that instead of stderr when
determining the terminal size.
 2023-04-16 15:45:19 -06:00
Todd C. Miller
5650b436e6 Check whether stderr is a tty before trying TIOCGWINSZ. 2023-04-16 15:31:14 -06:00
Todd C. Miller
ae12d18ff0 Use -no-undefined on macOS to avoid "-undefined dynamic_lookup" warnings. 
Starting with macOS 13, the linker warns when "-undefined dynamic_lookup"
is used.  This is added by libtool by default on macOS but we can
suppress it by passing -no-undefined to libtool.
 2023-04-14 13:02:28 -06:00
Todd C. Miller
62a2d9f94c Add make to Dockerfile and sort packages. 2023-04-08 15:25:00 -06:00
Todd C. Miller
894daa88f6 Enable the use_pty option by default for sudo 1.9.14. 
GitHub issue #258
 2023-04-06 11:30:51 -06:00
Todd C. Miller
d7b8f3ffbf Split up the monolithic sudoers_policy_main() function. 
This splits the code to find the command, perform a sudoers lookup,
ask for a password as needed, and perform post-lokup checks out
into sudoers_check_common().  The old sudoers_policy_main() has
been replaced by sudoers_check_cmnd() (called by sudoers_policy_check()),
sudoers_validate_user() (called by sudoers_policy_validate()) and
sudoers_list() (called by sudoers_policy_list()).  The list_user
lookup is now performed in sudoers_list().
 2023-04-05 13:35:09 -06:00
Todd C. Miller
859a81ad24 Move the root_sudo check until after we apply per-command Defaults. 
It is possible, though unlikely, for "root_sudo" to be used in
a per-command Defaults statement.
 2023-04-05 13:25:32 -06:00
Todd C. Miller
ab4b947169 sudoers_policy_main: restore locale if sudoers_lookup() fails. 
Previously, if sudoers_lookup() set VALIDATE_ERROR, the sudoers
locale would still be in effect instead of the original locale.
 2023-04-01 10:22:07 -06:00
Todd C. Miller
fb0a36c1a5 sudoers_lookup_pseudo: remove validated function argument 
This was always set to FLAG_NO_USER|FLAG_NO_HOST which are cleared
at the top of the fuction.  Make validated a local variables,
initialized to 0, instead.  No change in behavior.
 2023-04-01 10:17:31 -06:00
Todd C. Miller
0a4c8872a8 The I/O log file name is not just the basename of the full iolog_path. 
The audit plugin already has the correct value for iolog_file, don't
overwrite it with basename(iolog_path).  In the future we may wish
to pass in iolog_file and iolog_dir in addition to iolog_path.
Fixes Bug #1046.
 2023-03-31 15:51:14 -06:00
Todd C. Miller
ac12f82d86 Warn with "unknown user" not "unknown uid" if user cannot be resolved. 
Prior to sudo 1.8 this was after a getpwuid() but now we use
getpwnam().
 2023-03-29 14:49:41 -06:00
Todd C. Miller
ad890acf6c Set timestamp_uid and timestamp_gid via a callback. 
This also makes it possible to include the location of the line in
the sudoers file in the warning message (and mail).
 2023-03-29 14:37:09 -06:00
Todd C. Miller
493b2441d4 Fix display of escape sequencees in ldapsearch example. 2023-03-28 16:04:47 -06:00
Todd C. Miller
3b55de4e83 White space is not allowed between Defaults and '@', ':', '!', '>'. 
The EBNF made it appear that this is allowed when it really is not.
 2023-03-28 16:02:46 -06:00
Todd C. Miller
f0030cf30f Make struct {command,user}_details pointers const where possible. 2023-03-27 16:29:46 -06:00
Todd C. Miller
554397eaea Make user_details private to main. 2023-03-27 16:19:11 -06:00
Todd C. Miller
5108c279af Make user_details private to sudo.c. 2023-03-27 16:19:08 -06:00
Todd C. Miller
e435b158b8 Use sudo_get_ttysize() in help() and usage(). 
This eliminates a dependency on the user_details global.
 2023-03-25 16:27:44 -06:00
Todd C. Miller
f95c9f839c Regenerate with the autoconf 2.72c snapshot. 2023-03-27 09:55:41 -06:00
Todd C. Miller
86002226b6 Store submitcwd (from user_details) in struct command_details. 
This eliminates use of the user_details global from exec_setup().
 2023-03-25 08:27:41 -06:00
Todd C. Miller
51453c4f2e utmp_fill: user is now always non-NULL, no need for user_details. 2023-03-24 19:16:44 -06:00
Todd C. Miller
fa5a28f345 Remove list_user global. 2023-03-24 19:10:46 -06:00
Todd C. Miller
a5b11a58b7 No need to declare tgetpass_flags, it is already in sudo.h. 2023-03-24 19:10:19 -06:00
Todd C. Miller
9fd787343d No need for sudo_mode to be global anymore. 2023-03-24 17:07:20 -06:00
Todd C. Miller
11277bb921 Make command_details private to main(). 2023-03-24 15:56:00 -06:00
Todd C. Miller
8d2b9a4343 Make iobufs private to exec_iolog.c. 2023-03-24 15:26:37 -06:00
Todd C. Miller
ee3f99c88c Remove ttymode and its associated values. 2023-03-24 15:25:05 -06:00
Todd C. Miller
f9b1beced2 Move ptyname to struct exec_closure 2023-03-24 14:56:45 -06:00
Todd C. Miller
22776b0be6 Move pty_make_controlling() to exec_monitor.c where it is called. 
We can use details->tty to access the pty follower path.
 2023-03-24 14:56:13 -06:00
Todd C. Miller
7ac9ce001c Eliminate utmp_user global, just use the value in struct command details. 2023-03-24 14:44:56 -06:00
Todd C. Miller
778688d4fc Replace tty_mode global with term_raw flag in struct exec_closure. 
The pty_cleanup hook needs access to the closure so add
pty_cleanup_init() to store a pointer to the closure for use
by pty_cleanup_hook().
 2023-03-24 14:44:17 -06:00
Todd C. Miller
b81c5e8dac Register pty cleanup function in exec_pty(), not exec_cmnd_pty(). 
We want it to execute in the main sudo process, not the monitor.
 2023-03-24 11:01:58 -06:00
Todd C. Miller
11739e3def Make ttyblock private to exec_iolog.c 2023-03-24 10:58:49 -06:00
Todd C. Miller
3303dd98c0 exec_pty.c: move foreground flag to struct exec_closure. 
Also make pipeline flag private to exec_pty() and remove the unneeded
check_foreground() prototype.
 2023-03-23 19:35:57 -06:00
Todd C. Miller
51cdb194b8 On resume, always sync the pty terminal settings with /dev/tty. 
Changes made to the terminal settings while the command is suspended
are now reflected in the pty when the command is resumed.  This is
more consistent with the non-pty behavior and allows for the removal
of the "tty_initialized" global.  One downside to this change is
that if a terminal-based program using the pty is stopped with
SIGSTOP it may have the wrong terminal settings on resume.
However, this is no different from the non-pty case.
 2023-03-23 10:39:28 -06:00
Todd C. Miller
3e734fa51b Correct a comment. 2023-03-23 08:20:48 -06:00
Todd C. Miller
2a5d8bfea1 GitHub sponsor settings. 2023-03-22 19:26:07 -06:00
Todd C. Miller
f0f5e1b5bc Use built-in tests for bit types instead of using AC_CHECK_TYPES. 
This should be more portable as it handles the quirks of some older
systems.
 2023-03-22 15:37:12 -06:00
Todd C. Miller
a17491972b Quiet compiler warnings on systems where pid_t is not an int. 
Historically, pid_t was a long on some 32-bit systems like Solaris.
 2023-03-22 14:48:49 -06:00