isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,609 Commits 1 Branch 0 Tags
8fbdbde2f5845b157eb84722d21d5acefbdac2f6
Commit Graph

50 Commits

Author SHA1 Message Date
Todd C. Miller
d20335136b Better split of membership vs. traditional group check in user_in_group(). 
Allow user_ngroups to be < 0 if getgroups() fails.
 2009-12-13 22:24:34 +00:00
Todd C. Miller
4e0200a33a Protect call to setegid in runas_setup with #ifdef HAVE_SETEUID. 
Reported by Josef Schmid.
 2009-06-25 12:44:33 +00:00
Todd C. Miller
62b89f9dfc Update copyright years. 2009-05-25 12:02:42 +00:00
Todd C. Miller
896508077c Handle getgroups() returning 0. Also add missing check for HAVE_GETGROUPS. 2009-05-22 10:37:29 +00:00
Todd C. Miller
5f9f29a233 Remove group setting code in setusercontext case, we will do it ourselves 
later on in runas_setup.  Set the gid after initgroups/setgroups is called,
since on Mac OS X it seems to change the egid.
 2009-05-18 10:33:33 +00:00
Todd C. Miller
755a81e946 Add option for set_perm to not exit on failure and use this in 
the logging routines.
 2009-05-10 11:52:13 +00:00
Todd C. Miller
897239afe9 Add aix_setlimits() to set resource limits on AIX using a combination 
of getuserattr() and setrlimit().  Currently untested.
 2008-03-06 17:19:57 +00:00
Todd C. Miller
8e33f63484 Use a specific error message for errno == EAGAIN when setuid() et al fails. 
On Linux systems setuid() will fail with errno set to EAGAIN if changing
to the new uid would result in a resource limit violation.
 2008-01-27 21:37:54 +00:00
Todd C. Miller
908b8f64e6 Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was insufficient. 2007-11-27 23:40:50 +00:00
Todd C. Miller
9c5696978c Don't assume runas_pw is set; it may not be in the -g case. 2007-11-26 00:26:42 +00:00
Todd C. Miller
a766300007 Set aux group vector for PERM_RUNAS and restore group vector for 
PERM_ROOT if we previously changed it.  Stash the runas group vector
so we don't have to call initgroups more than once. Also add no-op
check to check_perms.
 2007-11-25 13:07:21 +00:00
Todd C. Miller
f9f4aca556 Add support for runas groups. This allows the user to run a command 
with a different effective group.  If the -g option is specified
without -u the command will be run as the current user (only the
group will change).  the -g and -u options may be used together.
TODO: implement runas group for ldap
      improve runas group documentation
      add testsudoers support
 2007-11-21 20:12:00 +00:00
Todd C. Miller
988f44a603 for PERM_RUNAS, set the egid to the runas user's gid and restore to the user's original in PERM_ROOT 2007-07-06 14:14:12 +00:00
Todd C. Miller
f3ef738254 PERM_FULL_ROOT is now no different than PERM_ROOT so remove PERM_FULL_ROOT 2007-07-06 14:04:40 +00:00
Todd C. Miller
ea8c5d5d2d Add seteuid() flavor of set_perms() for systems without setreuid() 
or setresuid() that have a working seteuid().  Tested on Darwin.
 2006-07-31 17:50:06 +00:00
Todd C. Miller
778d587063 Update copyright years. 2005-02-12 22:56:07 +00:00
Todd C. Miller
31968c368b Use warning/error instead of perror/fatal. 2005-02-10 05:03:58 +00:00
Todd C. Miller
3b8b88407f Add __unused to rcsids 2005-01-27 15:42:30 +00:00
Todd C. Miller
2c2daa8eca Use: #include <config.h> 
Not: #include "config.h"
That way we get the correct config.h when build dir != src dir
 2004-11-19 18:39:14 +00:00
Todd C. Miller
48cdd1dec3 Kill use of POSIX saved uids; they aren't worth bothering with. 2004-10-13 16:46:19 +00:00
Todd C. Miller
b5376f8d21 Deal with systems that have no way of setting the effective uid such as 
nsr-tandem-nsk.
 2004-05-27 23:12:02 +00:00
Todd C. Miller
a6849607c9 Preliminary changes to support nsr-tandem-nsk. Based on patches from 
Tom Bates.
 2004-05-17 20:08:46 +00:00
Todd C. Miller
3a2282c927 More to a less restrictive, ISC-style license. 2004-02-13 21:36:43 +00:00
Todd C. Miller
a622cb2795 setreuid(0, 0) fails on QNX if the euid is not already 0 so set the 
euid first, then just call setuid(0) to set the real uid too.
 2004-02-06 23:08:04 +00:00
Todd C. Miller
7bc6df0246 Use setresuid() and setreuid() for PERM_RUNAS when appropriate instead 
of seteuid() which may not exist.
 2004-02-06 19:52:17 +00:00
Todd C. Miller
c4a8ab8b99 Use the SET, CLR and ISSET macros. 2004-01-29 22:33:58 +00:00
Todd C. Miller
ceb3653d71 Rename PERM_RUNAS -> PERM_FULL_RUNAS and add a PERM_RUNAS that just 
changes the euid.
 2004-01-16 23:05:47 +00:00
Todd C. Miller
6ad252765b Create def_* macros for each defaults value so we no longer need 
the def_{flag,ival,str,list,mode} macros (which have been removed).
This is a step toward more flexible data types in def_data.in.
 2003-12-30 22:20:21 +00:00
Todd C. Miller
8cd9f4f1ec Add explicit declaration of printerr variable in function header 
(was defaulting to int which is OK but oh so K&R :-).  From Theo.
 2003-06-21 16:50:56 +00:00
Todd C. Miller
69ac0e56c2 add DARPA credit on affected files 2003-04-16 00:42:10 +00:00
Todd C. Miller
48229cbac6 update copyright year 2003-03-15 20:31:02 +00:00
Todd C. Miller
2aec2bd724 Fix typo; check pw_uid, not pw_gid after setusercontext() failure. 2003-03-15 00:48:34 +00:00
Todd C. Miller
e27e963f2b Fix pasto/thinko in setresgid()/setregid() usage. 
Want to set effective gid, not real gid, when reading sudoers.
 2002-12-15 16:24:24 +00:00
Todd C. Miller
1996179bf2 don't compile set_perms_posix if we have setreuid or setresuid 2002-12-15 16:08:32 +00:00
Todd C. Miller
b152da4cdb Revamp set_perms. We now use a version based on setresuid() or setreuid() 
when possible since that allows us to support the stay_setuid option and
we always know exactly what the semantics will be (various Linux kernels
have broken POSIX saved uid support).
 2002-11-22 19:09:49 +00:00
Todd C. Miller
d497949e68 Error out if setusercontext() fails and the runas user is not root. 2002-07-20 12:30:45 +00:00
Todd C. Miller
c289159953 g/c second arg to set_perms--it is no longer used 2002-05-05 00:43:38 +00:00
Todd C. Miller
a30951d34c Add support for non-root timestamp dirs. This allows the timestamp 
dir to be shared via NFS (though this is not recommended).
 2002-05-03 22:48:17 +00:00
Todd C. Miller
bf0aa0ae71 fatal() now takes an argument that determines whether or not to call 
perror().
 2002-01-22 02:00:25 +00:00
Todd C. Miller
fec1b63caa Bring back PERM_FULL_USER 2002-01-16 21:27:09 +00:00
Todd C. Miller
f039427253 Add a configure option to turn off use of POSIX saved IDs 2002-01-15 22:47:29 +00:00
Todd C. Miller
26f2a96558 Remove PERM_FULL_USER (which is no longer used) and add PERM_FULL_ROOT 
(used when exec'ing the mailer).
 2002-01-13 18:28:09 +00:00
Todd C. Miller
a55e6898e1 o Add pam_prep_user function to call pam_setcred() for the target user; 
on Linux this often sets resource limits.
 2001-12-31 17:18:05 +00:00
Todd C. Miller
761b119e2e Add new sudoers option "preserve_groups". Previously sudo would not 
call initgroups() if the target user was root.  Now it always calls
initgroups() unless the -P command line option or the "preserve_groups"
sudoers option is set.  Idea from TJ Saunders.
 2001-12-15 00:24:27 +00:00
Todd C. Miller
65fad4df35 o Reorder some headers and use STDC_HEADERS define properly 
o Update copyright year
 2001-12-14 19:52:54 +00:00
Todd C. Miller
d956d77528 Move defaults info into its own files from which we generate 
.h and .c files.  This makes adding or rearranging variables
much simpler.
 2000-12-31 01:38:37 +00:00
Todd C. Miller
572b4cf39a Don't try and build saved uid version of set_perms on systems w/o them. 
Rename set_perms_saved_uid() -> set_perms_posix()
Make set_perms_setreuid simply be set_perms_fallback() and simply include
  the appropriate function at compile time (setreuid() vs. setuid()).
 2000-12-30 03:59:40 +00:00
Todd C. Miller
998631b73a New Defaults options: 
o stay_setuid - sudo will remain setuid if system has saved uids or setreuid(2)
 o env_reset - reset the environment to a sane default
 o env_keep - preserve environment variables that would otherwise be cleared

No longer use getenv/putenv/setenv functions--do environment munging by hand.
Potentially dangerous environment variables can be cleared only if they
contain '/' pr '%' characters to protect buggy programs.
Moved environment routines into env.c (new file)
 2000-12-30 03:29:47 +00:00
Todd C. Miller
744917ed67 Add missing #ifdef HAVE_LOGIN_CAP_H; ayamura@ayamura.org 2000-12-13 17:23:07 +00:00
Todd C. Miller
7ea65e54bd Move set_perms() to its own file and use POSIX saved uid or setreuid() 
if available.

Added stay_setuid option for systems that have libraries that perform
extra paranoia checks in system libraries for setuid programs (ie:
anything with issetugid(2)).
 2000-11-03 05:37:44 +00:00