isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,322 Commits 1 Branch 0 Tags
978aa90021c439235a504b2405d0d6ca2cb15c1c
Commit Graph

508 Commits

Author SHA1 Message Date
Todd C. Miller
f5d0b7abf7 Remove portable getcwd.c, nothing uses it anymore. 
Any operating system supported by sudo already includes getcwd(3).
 2023-03-16 15:01:41 -06:00
Todd C. Miller
33cb885cf6 Replace eventlog_json.h with parse_json.h. 2023-03-14 13:09:43 -06:00
Todd C. Miller
1b3991b717 Add tests for JSON and sudo-style log output. 2023-03-13 19:42:54 -06:00
Todd C. Miller
86ab362fd4 Move JSON log parsing from libsudo_iolog.la to libsudo_eventlog.la 
It will be used in the upcoming log output tests.
 2023-03-13 15:02:03 -06:00
Todd C. Miller
fc253048f5 Add LDAP-specific innetgr() implementation. 
Wheh netgroup_base is set we now do out own netgroup lookups using
LDAP.  Previously, LDAP was queried directly to get a list of the
netgroups the user belongs to but other netgroups queries went
through innetgr(3).  This makes it possible to use netgroups
in LDAP sudoers on systems that don't have an innetgr() function.
GitHub issue #251.
 2023-03-10 10:05:33 -07:00
Todd C. Miller
dea110a848 Add tests for SHA2 digest support. 
This uses the NIST byte-oriented short message test vectors.
 2023-03-07 12:45:13 -07:00
Todd C. Miller
172515c94d Add test for using "list" as user, runas and host. 2023-02-28 08:56:44 -07:00
Todd C. Miller
87ce692468 Fix potential double free for rules that include a CHROOT= option. 
If a rule with a CHROOT= option matches the user, host and runas,
the user_cmnd variable could be freed twice.
 2023-02-21 20:01:13 -07:00
Todd C. Miller
0339337103 Run the editor in its own process group. 
This fixes suspending the editor on GNU Hurd which doesn't seem to
have proper process group signal handling.
 2023-02-21 16:14:14 -07:00
Todd C. Miller
0ef5373678 Add canon_path(), a realpath() wrapper that performs caching. 
This also adds a new user_cmnd_dir variable that stores the
canonicalized parent directory of the command to be run.
 2023-02-21 13:24:33 -07:00
Todd C. Miller
0443d14578 Add checks for realpath(3) and a version from NetBSD for those without it. 2023-02-12 13:27:17 -07:00
Todd C. Miller
13a311bc71 Add pivot_root() and unpivot_root() to switch the root dir and restore it. 
This will be used to more accurately handling command resolution and
path matching when a new root directory is specified.
 2023-02-21 13:24:33 -07:00
Todd C. Miller
a80dcc6aca Add compiled version of the sudoers Georgian translation. 2023-02-14 09:52:06 -07:00
Todd C. Miller
ab9b20be9e New Georgian translation from translationproject.org 2023-01-26 13:29:31 -07:00
Todd C. Miller
6b80ab74ea Decode \u00XX in a JSON string now that we escape control chars. 
We don't write Unicode to the log.json file, only 8-bit ASCII.
 2023-01-03 15:59:23 -07:00
Todd C. Miller
e5d98da014 Move hexchar() from the sudoers plugin to lib/util. 2023-01-03 15:50:42 -07:00
Todd C. Miller
224a3b6470 Add some addition entries for the I/O log fuzzer seed corpus. 2022-12-30 11:10:40 -07:00
Todd C. Miller
148e5ad95b Add dictionaries for fuzz_iolog_legacy and fuzz_iolog_timing. 2022-12-30 10:52:54 -07:00
Todd C. Miller
4baa6e103b Zap trailing whitespace. 2022-12-26 08:10:45 -07:00
Todd C. Miller
50958a05da Remove developer mode from sudo.conf, it is no longer used. 2022-12-26 07:43:55 -07:00
Todd C. Miller
fa1b86fca6 Remove the Python plugin import blocker code. 
The sudo.conf file is considered a trusted source of information
and these checks suffer from TOCTOU issues anyway.
 2022-12-26 07:43:55 -07:00
Todd C. Miller
0614c1f626 check_pattern: check bounds as a repetition operator too. 
Add regess to verify check_pattern() via sudo_regex_compile().
 2022-12-17 15:09:30 -07:00
Todd C. Miller
2f32b45d59 New Albanian translation from translationproject.org 2022-12-17 11:11:31 -07:00
Todd C. Miller
797cc917a8 Add basic regress for JSON functions. 
Fix a bug in escaped control character handling.
Roll back changes to buffer if sudo_json_add_value() fails.
 2022-12-15 19:49:11 -07:00
Todd C. Miller
38ffd03cd6 Move gettext checks to m4/gettext.m4 2022-12-05 19:26:50 -07:00
Todd C. Miller
12da6bd0ce Move LDAP library checks to m4/ldap.m4 and make more tests cacheable. 2022-12-05 16:52:34 -07:00
Todd C. Miller
00e22508a7 Move OpenSSL/wolfSSL checks to m4/openssl.m4 2022-12-05 16:45:18 -07:00
Todd C. Miller
f515c238bc Move PIE executable checks to m4/pie.m4 2022-12-05 12:34:12 -07:00
Todd C. Miller
4220e6631b Move address sanitizer and fuzzer checks to m4/sanitizer.m4 2022-12-05 12:33:44 -07:00
Todd C. Miller
ea5668086c Move symbol visibility checks to m4/visibility.m4 2022-12-05 12:33:42 -07:00
Todd C. Miller
5bf5a4e26c Move hardening checks to m4/hardening.m4 2022-12-05 12:32:53 -07:00
Todd C. Miller
b8e9fc1b12 Add a regress check for the cvtsudoers filter crash. 
GitHub issue #198.
 2022-11-11 07:05:24 -07:00
Todd C. Miller
75008a0570 Copy some LDIF test data from the cvtsudoers tests to the seed corpus. 
This includes a test to exercise the fix in PR #196.
 2022-11-10 09:54:59 -07:00
Todd C. Miller
8b898b2ca2 Test parsing LDIF when a backslash is the last char of the file. 
If run with address sanitizer, this test will crash when the fix
in ceaf706ab74b is reverted.
 2022-11-09 12:58:41 -07:00
Todd C. Miller
7e20e4b80f Apply multiarch rules when loading plugins too. 2022-10-06 12:46:38 -06:00
Todd C. Miller
b37bf44cdd Add test for sudo open_parent_dir() 2022-10-05 12:36:14 -06:00
Todd C. Miller
2e2dd48bef Add test for matching a literal "" command line argument as "" in sudoers. 
GitHub issue #182.
 2022-10-05 10:10:31 -06:00
Todd C. Miller
803b4939be Move exec code to call into I/O log plugin to exec_iolog.c. 
This will be shared with exec_nopty.c in the future to log
stdin/stdout/stderr without running the command in a pty.
Both exec_pty.c and exec_nopty.c now use the same closure.
 2022-09-27 13:35:45 -06:00
Todd C. Miller
376d18b5da Add fchownat() systems without it. 2022-09-21 19:08:12 -06:00
Todd C. Miller
fccf3c9c56 Add sudo_mmap_{alloc,allocarrary,strdup,free} functions. 
These allocate memory via mmap anonymous regions and store the mapped
size immediately before the returned pointer as an unsigned long.
They are intended to be used in cases where malloc(3) and free(3)
are unsuitable due to concerns about corrupting global state in
multi-threaded programs or signal handlers.
 2022-07-25 15:08:11 -06:00
Todd C. Miller
2d6b9d22e1 For logsrvd_conf_test include both tls and non-tls configs. 2022-06-02 11:38:43 -06:00
Todd C. Miller
d7b2ff3214 Add a simple regression test for logsrvd.conf parser. 
Unlike the parser fuzzer, this includes sample certs and keys.
This test would have detected the BIO_new_file() bug in set_dhparams().
 2022-06-02 11:13:18 -06:00
kernelmethod
bd25b85a66 Add an apparmor_profile sudo setting 
Define a new sudo setting, `apparmor_profile`, that can be used to pass
in an AppArmor profile that should be used to confine commands. If
apparmor_profile is specified, sudo will execute the command using the
new `apparmor_execve` function, which confines the command under the
provided profile before exec'ing it.
 2022-05-23 13:41:42 -06:00
Todd C. Miller
0ea431e392 Move code to suspend sudo when no pty is in use to separate file. 
Use this in test_ptrace.c to be able to suspend just like sudo does.
 2022-05-18 07:29:55 -06:00
Todd C. Miller
040e75a07b Add test_ptrace program to test ptrace-based intercept support. 2022-05-11 20:07:55 -06:00
Todd C. Miller
35ea534b3e Move register definitions to exec_ptrace.h 2022-05-05 13:37:26 -06:00
Todd C. Miller
77979932b1 New Georgian translation from translationproject.org 2022-04-29 13:32:29 -06:00
Todd C. Miller
8e375445fb Check the policy for ptrace-based intercept mode. 2022-04-29 13:08:59 -06:00
Todd C. Miller
01733a5214 Add scaffolding for ptrace-based intercept mode. 2022-04-29 12:35:31 -06:00
Todd C. Miller
c414a89eb3 Remove ABOUT-NLS file, it is no longer maintained as part of GNU gettext. 
Expand the Translations section in CONTRIBUTING.md.
 2022-04-20 12:58:11 -06:00