isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,902 Commits 1 Branch 0 Tags
a62cd4b4fe25eda6f99d73d7277a6db90a36337c
Commit Graph

851 Commits

Author SHA1 Message Date
Todd C. Miller
749cdc9d95 Make PC insults the default and add new configure option, 
enable-offensive-insults, to enable the offensive insults.
 2017-09-18 10:45:02 -06:00
Todd C. Miller
87eba6c892 sudo 1.8.21p2 2017-09-06 21:02:11 -06:00
Todd C. Miller
f5425a80a2 Sudo 1.8.21p1 2017-09-01 14:09:43 -06:00
Todd C. Miller
63d954d1fc Replace tty_tickets option with timestamp_type which can be 
global, ppid or tty.  Defaults to tty (no change in behavior).
Some users want the ppid behavior.
 2017-08-01 16:14:54 -06:00
Todd C. Miller
beece91719 Add support for --enable-sasl and --disable-sasl to make it possible 
to enable/disable support for LDAP with SASL authentication.  Sudo
compiles in support for SASL authentiation by default if the
ldap_sasl_interactive_bind_s() function is detected.
Bug #788
 2017-07-28 13:52:55 -06:00
Todd C. Miller
c000189684 Use getentropy() in mkstemp/mkdtemp replacement. 2017-06-29 18:11:30 -06:00
Todd C. Miller
6d4d4594b7 Use _PATH_DEV consistently 2017-06-29 18:10:53 -06:00
Todd C. Miller
cc71b99849 Add a new "devsearch" Path setting to sudo.conf for configuring the 
/dev paths to traverse instead of hard-coding a list in ttyname.c
The default value can be set at configure time.
 2017-05-30 10:44:11 -06:00
Todd C. Miller
71e496a901 Sudo 1.8.20p1 2017-05-29 14:36:17 -06:00
Todd C. Miller
d979898e71 Remove use of non-standard sigaction_t 2017-05-12 10:02:18 -06:00
Todd C. Miller
9c3783a175 sudo 1.8.21 2017-05-12 10:02:17 -06:00
Todd C. Miller
80f8960fc6 Move the invocation of check_noexec into the main "check" target 
but only run it if not cross compiling and whe CHECK_NOEXEC is not
empty.
 2017-05-03 11:58:40 -06:00
Todd C. Miller
ec5b78335f back out unintentional change to the version number 2017-03-30 07:10:36 -06:00
Todd C. Miller
bdc9251184 Make check_digest test sudo_filedigest() itself instead of the 
underlying SHA2 functions.  That way we can test it regardless of
whether we use sudo's SHA2 functions or a library version.
 2017-03-27 14:45:24 -06:00
Todd C. Miller
7aa89c49b5 Emulate pipe2() on systems without it. 2017-03-13 12:11:51 -06:00
Todd C. Miller
b9954fb9b9 Add support for using the message digest functions in libgcrypt 
instead of sudo's own SHA2 implementation.
 2017-02-20 16:44:12 -07:00
Todd C. Miller
199a594f43 Add support for using the message digest functions in OpenSSL instead 
of sudo's own SHA2 implementation.
 2017-02-20 16:44:12 -07:00
Todd C. Miller
fd40d88ba7 strftime() was in C89 so use it unconditionally. 2017-02-18 16:23:40 -07:00
Todd C. Miller
e5dee1557e Add NOTBEFORE and NOTAFTER command options similar to what is 
already available in LDAP.
 2017-02-18 15:35:48 -07:00
Todd C. Miller
c392e469db sudo 1.8.20 2017-01-27 06:18:42 -07:00
Todd C. Miller
63deb77705 Add regress for vsyslog replacement. 2017-01-15 19:07:59 -07:00
Todd C. Miller
09698b8a31 Define HAVE_NANOSLEEP if we find nanosleep in librt 2017-01-13 21:29:02 -07:00
Todd C. Miller
f589897f8d sudo_nanosleep not nanosleep in util.exp.in 2017-01-13 21:02:31 -07:00
Todd C. Miller
e636f96c48 add nanosleep to util.exp.in if needed 2017-01-13 20:40:26 -07:00
Todd C. Miller
08b662bf0b sudo 1.8.19p2 2017-01-13 16:45:14 -07:00
Todd C. Miller
2f0295373a When waiting for the parent to grant us the tty, use nanosleep 
instead of spinning to avoid hogging the CPU.
 2017-01-12 10:44:26 -07:00
Todd C. Miller
0c3a8085b3 Avoid using the system strnlen/strndup on AIX < 6. Even if configure 
correctly detects it is working on the build machine, the sudo
package may be run on a system with an old libc were it is broken.
 2017-01-05 06:22:58 -07:00
Todd C. Miller
6c2cb6cb95 sudo 1.8.19p1 2016-12-20 10:26:50 -07:00
Todd C. Miller
2eeb191b94 sync with translationproject.org 2016-12-13 10:39:48 -07:00
Todd C. Miller
334350af45 id_t is 64-bits on FreeBSD so use strtoll() there. 
Fixes the strtoid regress.
 2016-11-30 07:32:59 -07:00
Todd C. Miller
695784e6ee Add support for getpwnam_shadow() on OpenBSD 2016-11-17 17:55:44 -07:00
Todd C. Miller
cb7e82acca Use AX_APPEND_FLAG instead of SUDO_APPEND_CPPFLAGS and direct 
modification of LDFLAGS.
 2016-11-17 10:16:51 -07:00
Todd C. Miller
a77ecca7d3 Remove aixcrypt.exp, it was a remnant of the 90's crypto wars where 
crypt() was not exported.
 2016-11-17 08:11:59 -07:00
Todd C. Miller
6dff4ac7fd Always define _PATH_SUDO_NOEXEC, _PATH_SUDO_SESH, _PATH_SUDO_PLUGIN_DIR, 
even if only defined to NULL.  This means the accessors can always be
present.

Use RTLD_PRELOAD_VAR instead of _PATH_SUDO_NOEXEC to tell when
noexec is available.

Add ENABLE_SUDO_PLUGIN_API and use it instead of _PATH_SUDO_PLUGIN_DIR
to tell when the plugin API is available.

Add sudo_conf_clear_paths() to clear the path values so the
regress tests are not affected by compile-time settings.
 2016-11-16 10:13:26 -07:00
Todd C. Miller
bdbb3e9855 Add ASAN_CFLAGS and ASAN_LDFLAGS and use -Wc prefix in ASAN_LDFLAGS 
to prevent libtool from strippign them out.
Avoid using ASAN flags when building sudo_noexec.so.
 2016-11-15 10:15:36 -07:00
Todd C. Miller
589e129c87 Disable noexec for HP-UX 10.x which probably doesn't support LD_PRELOAD 2016-11-14 16:42:16 -07:00
Todd C. Miller
08a4a28592 Remove SunOS 4 support, it is not modern enough to run sudo. 2016-11-14 14:40:50 -07:00
Todd C. Miller
b56bce3127 Remove HP-UX 9 support, it is not modern enough for sudo. 2016-11-14 14:38:01 -07:00
Todd C. Miller
9d11b725c5 Remove Ultrix support, modern sudo can't run on Ultrix anyway. 2016-11-14 14:33:43 -07:00
Todd C. Miller
66af45eb24 Add regress for noexec functionality 2016-11-14 14:21:08 -07:00
Todd C. Miller
60bf139451 Don't enable noexec for AIX 5.0-5.2, we need 5.3 and above. 2016-11-14 11:00:43 -07:00
Todd C. Miller
43bf2fdb90 sudo 1.8.19 2016-10-29 10:23:33 -06:00
Todd C. Miller
17d8734581 Update to libtool 2.4.6 2016-10-21 10:03:02 -06:00
Todd C. Miller
19c96da44d add vsyslog() for systems without it. 2016-10-19 11:32:36 -06:00
Todd C. Miller
c18ff022e0 Use vsyslog() if available. 2016-10-18 17:00:53 -06:00
Todd C. Miller
45b396598b sudo 1.8.18p1 2016-10-09 19:58:54 -06:00
Todd C. Miller
8e49ce07f6 Fix configure check for seccomp filter on Linux 2016-10-09 11:24:29 -06:00
Todd C. Miller
237e2f964d Use a seccomp filter on Linux to disable execve(2) and execveat(2). 
This still relies on LD_PRELOAD to work so it has the same issues
as the existing mether with respect to running 32-bit binaries on
a 64-bit kernel.
 2016-10-08 19:09:17 -06:00
Todd C. Miller
d0ccd947d0 Wrap wordexp(3) in sudo_noexec. 2016-10-05 20:21:18 -06:00
Todd C. Miller
1349bb760b sudo 1.8.18 2016-07-20 09:51:11 -06:00