isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,388 Commits 1 Branch 0 Tags
a06f7540f7650ce11aabfc7d54e7a94ffcda4798
Commit Graph

559 Commits

Author SHA1 Message Date
Todd C. Miller
90f2cfa589 Build .man.in and .cat files from .mdoc.in files. 
Add new --with-man and --with-mdoc configure options.
 2012-07-19 13:41:14 -04:00
Todd C. Miller
958e39fc6a Define NO_VIZ for zlib when gcc doesn't support symbol visibility 
attributes.
 2012-07-02 13:34:35 -04:00
Todd C. Miller
f38349a026 Use the autoconf cache when checking for symbol export control support. 2012-07-02 11:20:05 -04:00
Todd C. Miller
f8f0021710 Add configure check for building PIE executables instead of doing 
it in mkpkg.
 2012-07-02 10:12:41 -04:00
Todd C. Miller
effd6cd911 Add -Wc,-fstack-protector to LT_LDFLAGS instead of adding 
-fstack-protector to LDFLAGS so it doesn't get stripped out.  Libtool
will strip -fstack-protector from the linker flags and we always
link with libtool.
 2012-07-01 13:47:25 -04:00
Todd C. Miller
3c57d6a06d Add support for ldaps using Tivoli LDAP libraries. 
Add ldap.conf option to specify Tivoli key db password.
Allow TLS ciphers to be configured for Tivoli.
 2012-06-29 12:14:45 -04:00
Todd C. Miller
9497df293a Don't run regress tests or sudoers sanity check (using the newly-built 
visudo) when cross compiling.  Bug #560
 2012-06-20 13:38:17 -04:00
Todd C. Miller
bcfeddc998 Rename foo.sym -> foo.exp 
Remove foo.map from the repo and generate it on demand
Use a loader option file for HP-UX ld to explicitly export symbols
 2012-06-20 12:58:16 -04:00
Todd C. Miller
b567282f86 Adjust ld map file support to use an anonymous scope to match the 
updated .map files.
 2012-06-19 13:23:37 -04:00
Todd C. Miller
c74d406313 Older versions of Solaris lack ngettext() 2012-06-18 14:29:06 -04:00
Todd C. Miller
af8a211e4b Move the check for -static-libgcc until after AC_LANG_WERROR 
has been called and use AX_CHECK_COMPILE_FLAG().
 2012-06-18 14:10:50 -04:00
Todd C. Miller
fdcc8e1fce Link check_symbols with SUDO_LIBS to make sure we link with the 
requisite libraries to successfully dlopen sudoers.so.  This is
needed on HP-UX where a program dlopen()ing a shared object that
uses pthreads must also be linked with pthreads (and HP-UX LDAP
uses pthreads).
 2012-06-18 10:21:05 -04:00
Todd C. Miller
7e67a9153a Additional ${foo} -> $(foo) Makefile tweaks. 2012-06-18 09:50:42 -04:00
Todd C. Miller
0888101bb3 sudo 1.8.6 2012-06-15 14:34:15 -04:00
Todd C. Miller
60a3019483 Add support for controlling symbol visibility using the HP and 
Solaris C compilers.
 2012-06-15 14:18:23 -04:00
Todd C. Miller
47abbb90a2 Don't use a map file for sudo_noexec.so since Solaris ld doesn't 
allow '*' in the global section.  The libtool export flag is now
added to LT_LDFLAGS instead of commenting/uncommenting lines.
 2012-06-14 11:35:02 -04:00
Todd C. Miller
1fe3f9f40f The visibility attribute was actually added in gcc 3.3.x, not 4.0. 
Just assume that if -fvisibility=hidden works that the attribute
is usable.
 2012-06-13 16:57:49 -04:00
Todd C. Miller
6f6b0dec6c Use gcc's visibility attribute to specify when symbols are visible 
or hidden, if available.  If not available, use an ELF version
script if it is supported.  If all else fails, fall back to using
libtool's -export-symbols.
 2012-06-13 14:01:16 -04:00
Todd C. Miller
a8e0687ca9 Install shared objects with mode 0644 except on HP-UX which needs 
the executable bit set.
 2012-06-11 10:45:34 -04:00
Todd C. Miller
8d4c6bbbd0 Replace out of date MAN_POSTINSTALL with MANCOMPRESS and MANCOMPRESSEXT 
which can be used to compress the installed manual pages.
Compress the man pages for .deb files to appease lintian.
 2012-05-31 14:03:41 -04:00
Todd C. Miller
7720a7fc89 When checking for -fstack-protector, treat warnings as fatal errors. 2012-05-24 11:03:10 -04:00
Todd C. Miller
e54a007263 Fix test for -z relro 2012-05-22 15:45:50 -04:00
Todd C. Miller
e417fb3da1 Build with -fstack-protector and link with -zrelo where supported. 
Added --disable-hardening option to disable hardening options.
 2012-05-22 13:23:19 -04:00
Todd C. Miller
d29aede203 No longer throw an error if sudoers is a symbolic link. Deprecated 
the --with-stow option as that is now (effectively) the default.
 2012-05-21 13:30:59 -04:00
Todd C. Miller
fe5bf03061 Update for 1.8.5p1 2012-05-17 15:53:37 -04:00
Todd C. Miller
994d2ff69a Add group plugin that does lookups by name using the system group 
database.
 2012-05-08 13:35:52 -04:00
Todd C. Miller
cf3fce6651 Use AC_HEADER_MAJOR to determine where major/minor are defined. 2012-04-16 10:25:49 -04:00
Todd C. Miller
dbcd7222a1 Include sys/mkdev.h if present instead of sys/sysmacros.h for 
minor().  This is needed on Solaris (at least) where the makedev
macros in sysmacros.h are obsolete and library functions should be
used instead.
 2012-04-16 10:18:32 -04:00
Todd C. Miller
05eec0c627 Remove b8 from version number. 2012-04-13 16:16:40 -04:00
Todd C. Miller
b0993d8777 If struct dirent has d_type, use it to avoid an extra stat(). 2012-04-13 08:36:58 -04:00
Todd C. Miller
83fc02bc97 Rototill code to determine the tty. For Linux, we now look up the 
tty device in /proc/pid/stat instead of trying to open /proc/pid/fd/[0-2].
The sudo_ttyname_dev() function maps the given device number to a
string.  On BSD, we can use devname().  On Solaris, _ttyname_dev()
does what we want.
TODO: write /dev/ traversal code for the generic sudo_ttyname_dev().
 2012-04-11 14:48:08 -04:00
Todd C. Miller
11f13be0dd Check for SVR4-style struct psinfo.pr_ttydev and use that to determine 
the tty if std{in,out,err} are not ttys.
 2012-04-10 15:53:41 -04:00
Todd C. Miller
0d108287b9 Do not use GLOB_BRACE or GLOB_TILDE flags to glob()--we want the 
glob() and fnmatch() results to be consistent.
 2012-04-08 18:00:31 -04:00
Todd C. Miller
9ceea5cb7b Add execvpe(), exect(), posix_spawn() and posix_spawnp() wrappers 
to sudo_noexec.c.
 2012-03-30 09:36:30 -04:00
Todd C. Miller
8393ec0501 Fix building the builtin zlib from a build dir. 
When a zlib dir was specified, prepend its include path instead of
appending so we get the right zlib headers.
 2012-03-29 10:32:29 -04:00
Todd C. Miller
9cd65dafc6 Add check for pam_getenvlist() 2012-03-14 20:55:11 -04:00
Todd C. Miller
ed774f2b13 Bump version to 1.8.5 2012-03-14 14:17:44 -04:00
Todd C. Miller
37770ecf1e Initial cut at a hooks implementation. The plugin can register 
hooks for getenv, putenv, setenv and unsetenv.  This makes it
possible for the plugin to trap changes to the environment made by
authentication methods such as PAM or BSD auth so that such changes
are reflected in the environment passed back to sudo for execve().
 2012-03-07 16:35:42 -05:00
Todd C. Miller
06e390a566 Add check for variadic macro support in cpp. 2012-03-01 13:05:03 -05:00
Todd C. Miller
966fa83a9a Prefer KERN_PROC2 over KERN_PROC. Fixes compilation on some versions 
of OpenBSD versions that have KERN_PROC2 but not KERN_PROC.
 2012-02-28 10:33:16 -05:00
Todd C. Miller
22f4f10a3a Check for LD_PRELOAD variants in configure instead of checkign cpp 
symbols.  In disable_execute(), compute the length of the new envp
and allocate it once instead of reallocating on demand.  Also append
old value of LD_PRELOAD (if any) to the new value.
 2012-02-21 13:26:02 -05:00
Todd C. Miller
054e448081 Don't permanently add -D_FORTIFY_SOURCE=2 to CPPFLAGS 2012-02-10 14:28:10 -05:00
Todd C. Miller
8c1d8a7b15 Make a copy of the struct passwd in exec_setup() to make sure nothing 
in the policy init modifies it.
 2012-02-06 10:56:39 -05:00
Todd C. Miller
f1fef17d83 Error out if user specified --with-pam but we can't find the headers 
or library.  Also throw an error if the headers are present but the
library is not and vice versa.
 2012-02-01 11:27:50 -05:00
Todd C. Miller
c894f802d3 Verify that we can link executables built with -D_FORTIFY_SOURCE 
before using it.
 2012-01-30 14:09:17 -05:00
Todd C. Miller
7908621ba0 Add rudimentary check for _FORTIFY_SOURCE support by checking for 
__sprintf_chk, one of the functions used by gcc to support it.
 2012-01-30 10:09:23 -05:00
Todd C. Miller
da6fe1230f Use AC_HEADER_STDBOOL instead of checking for stdbool.h ourselves. 2012-01-30 09:28:11 -05:00
Todd C. Miller
e852bf4374 Add custom version of AC_CHECK_LIB that uses the extra libs in the 
cache value name.  With this we no longer need to rely on a modified
version of autoconf.
 2012-01-20 10:28:56 -05:00
Todd C. Miller
d337a532ac Better handling of network functions that need -lsocket -lnsl 2012-01-19 14:19:37 -05:00
Todd C. Miller
8e3691c38e Remove "WARNING: unable to find foo() trying -lsocket -lnsl" 2012-01-19 11:09:22 -05:00