isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,359 Commits 1 Branch 0 Tags
a2d27bc9ec55b569c25ffa0481855b9c94fe8b8c
Commit Graph

11359 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
eaee7a0ebe Fix fuzzer build with when --enable-static-sudoers is used. 
This introduces a sudoers-specific version of LT_STATIC instead of
appending the --tag=disable-shared to SUDOERS_LDFLAGS.
I've also removed the -static flag as it should not be needed.
 2021-10-07 08:19:11 -06:00
Todd C. Miller
f6fc70e5dd Mention --security-opt=seccomp=unconfined workaround for bleeding edge. 
May be needed for Fedora rawhide and Ubuntu testing, among others.
 2021-10-05 13:10:03 -06:00
Todd C. Miller
8350307a2f Try to handle the case where libasan.so is a linker script. 
Fixes check_noexec with ASAN on Fedora where libasan.so just includes
the actual library file.
 2021-10-05 13:08:48 -06:00
Todd C. Miller
8508044721 Enable address and undefined behavior sanitizers in CI builds. 
We need to disable leak sanitizer during "make check" because it
uses ptrace which is not allowed for unprivileged containers.
 2021-10-05 08:40:00 -06:00
Todd C. Miller
49611d6cca Switch to Ubuntu latest for circleci build. 2021-10-04 19:19:24 -06:00
Todd C. Miller
3fa025281f Add build user for circleci instead of running as root. 2021-10-04 19:13:10 -06:00
Todd C. Miller
8d98a447c5 Use circleci for continuous integegration. 
Build container descriptions are in the new docker directory.
 2021-10-04 18:49:06 -06:00
Todd C. Miller
a02af3a45c Update ignore file. 2021-10-03 09:07:46 -06:00
Todd C. Miller
4e4b506f22 Sync "sudo -l" output with normal sudo log format. 
It now prints runchroot and runcwd (falling back on cwd).
As a result, submithost is now printed first, matching sudo.
Also avoid printing NULL pointers and skip entries that don't have
at least command, submituser and runuser set.
 2021-10-01 10:33:55 -06:00
Todd C. Miller
3575e995a9 iolog_parse_json_object: optimize for large argv 2021-10-01 08:44:52 -06:00
Todd C. Miller
c5f983c643 Add "-fcf-protection" to SSP_CFLAGS and SSP_LDFLAGS if supported. 
Can be disabled via --disable-hardening.
 2021-09-29 15:50:57 -06:00
Todd C. Miller
edf30c7273 Add "-z now" to hardened link options if supported. 
Can be disabled via --disable-hardening.
 2021-09-29 13:31:47 -06:00
Todd C. Miller
d15e117c2e find_editor: remove the env_error argument 
There is no case where we should fail to find an editor just because
the values of EDITOR, VISUAL and SUDO_EDITOR are unavailable.  Both
sudoedit and the "env_editor" sudoers setting are documented as
falling back on the hard-coded list of editors in the "editors"
sudoers setting.  Bug #1000
 2021-09-29 10:25:19 -06:00
Todd C. Miller
dde951a098 Use sudo_printf(SUDO_CONV_ERROR_MSG) instead of fprintf(stderr). 
Avoids extraneous output in the fuzzer.
 2021-09-29 09:15:24 -06:00
Todd C. Miller
2aa6cb13a5 Stub out sudo_printf() and avoid other use of stderr in fuzzers. 
This makes it possible to parse sudoers without using quiet mode,
resulting in better coverage.
 2021-09-29 09:03:24 -06:00
Todd C. Miller
eefb7b0d54 Use a consistent version of fuzz_conversation() with all fuzzers. 
Also undo a change to fuzz_sudoers.c that snuck in to the last commit.
 2021-09-28 20:20:28 -06:00
Todd C. Miller
7d964875df Fuzzers should not produce output. 
Excessive output makes the fuzzer runs much less efficient.
 2021-09-28 18:53:49 -06:00
Todd C. Miller
dea7e6aefd expand_buf: fix conditional for when we need to preserve existing data 
It is possible for the buffer offset to be zero when the length is
non-zero.  The proper value to use is the same as is used for the
memcpy/memmove size.  Fixes buffer corruption caused by a very long
command line that usually results in a dropped connection.
 2021-09-28 13:24:21 -06:00
Todd C. Miller
476f00b82f Emulate closefrom() on macOS using proc_pidinfo(). 
This avoids relying on /dev/fd which may not exist in a chroot jail.
Adapted from a change in OpenSSH by likan_999.student AT sina.com
 2021-09-27 13:44:41 -06:00
Todd C. Miller
73e9256f9d Handle EMLINK and EFTYPE errno values for O_NOFOLLOW failure. 
FreeBSD returns EMLINK and NetBSD returns EFTYPE instead of ELOOP.
This is only used to present the user with a more appropriate error
message.
 2021-09-26 08:05:08 -06:00
Todd C. Miller
1d203c8344 Fix typo in last commit, use boolean AND not bitwise. 2021-09-24 10:57:12 -06:00
Todd C. Miller
1831176a1a Add the ability to filter/match by command via the -m option. 
For example "cvtsudoers -m cmd=/bin/ls" would only display entries
that would allow /bin/ls to be allowed or denied.
 2021-09-24 10:44:13 -06:00
Todd C. Miller
41f116050f Add --group-file and --passwd-file options to cvtsudoers. 
These are based on the code in testsudoers.
 2021-09-23 19:18:25 -06:00
Todd C. Miller
a7367ce47d Move cppcheck suppression annotation to where it needs to be. 2021-09-22 15:51:45 -06:00
Todd C. Miller
99655f28de format string fix: print signal number as unsigned. 
Quiets a cppcheck warning; mksiglist.c already has this fixed.
 2021-09-22 11:23:41 -06:00
Todd C. Miller
86df86ed94 Fix memory leak on error path if snprintf() overflows. 
Coverity CID 188804
 2021-09-22 11:17:55 -06:00
Todd C. Miller
b9b8451830 Avoid reinitializing other auth methods. 2021-09-21 20:05:35 -06:00
Todd C. Miller
4a49f16967 expand_include: add bounds checking when expanding %h escape. 2021-09-21 19:33:51 -06:00
Todd C. Miller
dc90df8de5 Check snprintf() return values even if we preallocated the correct amount. 
There are no remaining unchecked snprintf() that can actually overflow.
 2021-09-21 19:13:35 -06:00
Todd C. Miller
23d04dde24 iolog_nextid(): make iolog_dir argument const. 
We make a copy of the directory so there's no real reason that
parameter can't be const.
 2021-09-21 19:09:21 -06:00
Todd C. Miller
0f2252f898 Amend truncation fix, the real problem was the size passed to snprintf(). 
sudo_rcstr_alloc() takes a length (not a size) parameter so when
calling snprintf() we need to add one to the length.
 2021-09-21 19:01:22 -06:00
Todd C. Miller
e23874d0fa Fix truncation of the last char of the sudoRole cn passed to append_default(). 
This string is primarily used for warning messages.
Also check the snprintf() return value to avoid silent truncation.
GitHub issue #115
 2021-09-21 12:49:18 -06:00
Todd C. Miller
4fef09e1c2 Sudo 1.9.8p2 2021-09-20 18:40:48 -06:00
Todd C. Miller
0340a9056e Standardize on "front-end" not "front end" in the man pages. 2021-09-20 16:01:08 -06:00
Todd C. Miller
a036cb0252 fix typo 2021-09-20 15:59:47 -06:00
Todd C. Miller
a78d3cc25d Reuse existing journal file for an accepted/rejected sub-command. 
Otherwise we end up with zero-length files in the incoming queue
dir and may end up relaying one of those instead of the actual
journal file.
 2021-09-20 15:33:10 -06:00
Todd C. Miller
b6561831b4 Re-enable error output for the sudoers parser. 
It is only the alias and defaults warnings we need to suppress.
 2021-09-20 12:46:37 -06:00
Todd C. Miller
5421c61828 Add intercept_cleanup() stub for when building w/o intercept support. 2021-09-20 09:01:05 -06:00
Todd C. Miller
a8c4d9800b Add intercept_cleanup() to free the closure used by intercept_accept_cb(). 2021-09-20 08:50:42 -06:00
Todd C. Miller
328bc282e0 Don't re-initialize PAM for sub-commands. 2021-09-20 08:14:28 -06:00
Todd C. Miller
8cc7e4bb5e sudo_logsrvd: only send log ID for first command of a session 
There is no need to send the log ID for each sub-command.
 2021-09-20 07:57:31 -06:00
Todd C. Miller
0eb677b74a Only store the first log id received from the server. 
Plugs a small memory leak in intercept mode if the log server sends
the log ID again for sub-commands.
 2021-09-20 07:49:31 -06:00
Todd C. Miller
77ef8baa97 fuzz_sudoers: don't warn about unknown defaults entries 
Some fuzzing inputs cause a huge number of warnings and displaying
them all can result in the fuzz run timing out.  If we disable the
warnings we can avoid the timeout.
 2021-09-19 19:36:25 -06:00
Todd C. Miller
0ea561ca6a Limit paths for command, cwd and chroot to PATH_MAX bytes. 
This helps prevent the fuzzer from going off the rails.
 2021-09-19 18:13:43 -06:00
Todd C. Miller
7ab66eb3a8 sudo -i: missing NULL terminator when moving argv to make room for --login 
Fixes a potential crash for "sudo -i" when the target user has bash
as the shell (which needs the --login option).  Bug #998.
 2021-09-19 13:58:56 -06:00
Todd C. Miller
518bc1b25f Only append argv[] to the log line if argv[0] is not NULL. 
It should not be possible to reach this point with a command defined
but argv[] empty but it doesn't hurt to check.
 2021-09-19 13:56:56 -06:00
Todd C. Miller
613468e4d2 Only warn about an undefined alias or a cycle a single time. 
There's no point in warning about the same problem multiple times.
This implementation assumes a small number of warnings and so just
uses a simple listed link.
 2021-09-18 13:41:51 -06:00
Todd C. Miller
1d2512ae10 Remove now-unused CHECK_INTERCEPT variable. 2021-09-18 13:38:55 -06:00
Todd C. Miller
d9e8c852ba Quiet pvs-studio false positive: V557 Array overrun is possible. 
Make the zero length check explicit so as not to confuse static
(or human) analyzers.
 2021-09-18 09:51:32 -06:00
Todd C. Miller
292916f43c Test that digest matching works with LDAP sudoCommand: ALL 2021-09-17 20:41:34 -06:00