isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,902 Commits 1 Branch 0 Tags
a62cd4b4fe25eda6f99d73d7277a6db90a36337c
Commit Graph

8902 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
ec45b77d04 update for 1.8.21 2017-07-27 17:08:09 -06:00
Todd C. Miller
0849e2cac4 No need to call sudo_ev_del() before sudo_ev_free(); sudo_ev_free() 
will delete the event from its base before freeing it.
 2017-07-27 14:12:57 -06:00
Todd C. Miller
1cfaf6c344 Terminate the command if an I/O log function returns 0 or -1. This 
was mistakenly removed by 25b7fd056614 in Sudo 1.8.18 with the
removal of the ignore_iolog_errors variable.
 2017-07-27 14:10:44 -06:00
Todd C. Miller
4b51622914 Quiet a coverity false positive. 2017-07-27 11:36:10 -06:00
Todd C. Miller
2d30c42a03 Change to a single event loop in sudoreplay and use signal events. 2017-07-27 09:45:35 -06:00
Todd C. Miller
9ea9ecb183 start new sentences on a new line 2017-07-21 11:20:04 -06:00
Todd C. Miller
d76d5eaebc Clarify how the variable prompt options interact with each other 
and PAM.
 2017-07-21 11:18:13 -06:00
Todd C. Miller
879ba68879 Don't set passprompt_override when SUDO_PROMPT is present. 
This effectively reverts ed77d255f383.

We treat the SUDO_PROMPT environment variable similar to passprompt
in sudoers: it will only override a PAM prompt if the PAM prompt
is either "Password:" or "username's Password:".
 2017-07-21 09:07:00 -06:00
Todd C. Miller
d129f306ea Add syslog_pid sudoers option to log sudo's process ID when logging 
via syslog.  This is disabled by default to match historic behavior.
 2017-07-20 16:33:12 -06:00
Todd C. Miller
43cbcbc24d When deciding which prompt to use (PAM's or sudo's) treat the PAM 
prompt "username's Password:" as equivalent to "Password:".
Some PAM modules (on AIX at least) use this prompt.
 2017-07-20 16:06:47 -06:00
Todd C. Miller
5923a28113 Add missing argument to a few of the defaults strings in the 
"sudo -V" output.
 2017-07-20 13:58:54 -06:00
Todd C. Miller
52b25940c6 When examining environment variables or variables passed in from 
the front-end, ignore variables with no value specified.
 2017-07-20 12:02:22 -06:00
Todd C. Miller
6b4d871b14 Document that "-p prompt" overrides SUDO_PROMPT. 2017-07-20 11:44:50 -06:00
Todd C. Miller
37f591d2dd Enable passprompt_override by default if SUDO_PROMPT is present in 
the environment.  This is consistent with how "sudo -p prompt" is
handled.
 2017-07-20 11:40:49 -06:00
Todd C. Miller
1918ec4a55 When reading a single character via a switch() use "default: instead 
of "case 1:" to quiet a coverity warning.
 2017-07-17 14:44:18 -06:00
Todd C. Miller
6509482bfd Initialize ch in getsize_cb() in case we are called with the wrong 
initial state.
 2017-07-17 14:13:08 -06:00
Todd C. Miller
58858513f0 remove unused variable 2017-07-17 14:09:48 -06:00
Todd C. Miller
034132774d Call install_sudoers() even when doedit is false. If a file in a 
#includedir has a syntax error it will still have been edited and
we need to install the edited temp file.
 2017-07-17 09:42:42 -06:00
Todd C. Miller
5bc80d3ddb Reparse sudoers if a new #include file was added. 
Otherwise the new file will not get its syntax checked.
Bug #791
 2017-07-17 09:26:00 -06:00
Todd C. Miller
28fe335017 don't restore the cursor when setting terminal size, we don't want the cursor to move 2017-07-14 14:30:43 -06:00
Todd C. Miller
dbddf1bc36 Read the xterm terminal size using an event so we can easily time 
out if needed.
 2017-07-14 10:10:00 -06:00
Todd C. Miller
7f8765d327 If we free the default base in sudo_ev_base_free(), reset the default 
base to NULL.
 2017-07-14 10:09:58 -06:00
Todd C. Miller
d2a0bfbb12 Add the ability to set a default event base, to be used by plugins 
which don't have access to the event base.
 2017-07-13 13:59:31 -06:00
Todd C. Miller
9a76678317 Allow sudoreplay to adjust the window size on xterm-like terminals. 2017-07-13 11:20:45 -06:00
Todd C. Miller
f79a236533 Log window size change events in the sudoers I/O plugin. 
Let sudoreplay parse a timing file with window change events
(currently ignored).
 2017-07-12 05:47:28 -06:00
Todd C. Miller
8898ec1f9c Pass window size change events to the plugin. 2017-07-12 05:47:28 -06:00
Todd C. Miller
6505d05803 Clear input, output, control and local flags before copying them 
from the source terminal.  Otherwise, flags that are disabled
in the source terminal may still be enabled in the destination.
 2017-07-12 05:47:28 -06:00
Todd C. Miller
e70a953fb4 Remove pointless subshells in targets that simply change the directory 
and execute a command.  The command is already run in a shell so
there is no need to execute a subshell in this case.
 2017-07-12 05:45:46 -06:00
Todd C. Miller
a7759b6261 Store the debug instance ID for I/O plugins too. 
Now iolog_open() is consistent with policy_open().
 2017-07-10 16:28:10 -06:00
Todd C. Miller
88bf0337e9 Move the bits to fill in the new event base to sudo_ev_base_init(), 
which is not currently exported.
 2017-06-01 09:45:23 -06:00
Todd C. Miller
c000189684 Use getentropy() in mkstemp/mkdtemp replacement. 2017-06-29 18:11:30 -06:00
Todd C. Miller
6d4d4594b7 Use _PATH_DEV consistently 2017-06-29 18:10:53 -06:00
Todd C. Miller
c77c5d026a When copying terminal settings from one tty to another only copy a 
subset of the flags.  Sudo now copies the same set of flags that
OpenSSH uses, which should be safe.
 2017-06-15 12:59:46 -06:00
Todd C. Miller
f5b60ef749 Add debug warning when we have wait status but don't overwrite the 
existing cstat.
 2017-06-15 07:51:02 -06:00
Todd C. Miller
c8c586ee0b Better handling of SIGCONT from in command in the monitor. It is 
useful to know when the command continued but we don't want to
inform the parent or store the wait status in this case.  Fixes a
hang after multiple suspends on Linux.
 2017-06-15 07:51:00 -06:00
Todd C. Miller
022ac87d66 avoid padding in struct cmndspec 2017-06-09 08:58:44 -06:00
Todd C. Miller
60146c2959 Fix the man section of sudo_plugin in cross-references. 2017-06-07 16:25:46 -06:00
Todd C. Miller
ab59834a00 Don't treat an unchanged file as an error. From Xin Li. 2017-06-05 07:47:43 -06:00
Todd C. Miller
0d70e868f1 sudo_edit() must return a wait status but if there is an error, or 
even if no changes were made to the file, it was returning 1 instead
which would be interpreted as the command having received SIGHUP.
Use the W_EXITCODE() to construct a proper wait status in the error
case too.
 2017-06-05 07:11:09 -06:00
Todd C. Miller
26d9043bf4 Avoid sign extension when assigning the value of tty_nr in 
/proc/self/stat on Linux.  It is an unsigned int value that
is printed as a signed int but dev_t is unsigned long long.
We need to cast to unsigned int before assigning to a dev_t.
 2017-06-03 08:45:29 -06:00
Todd C. Miller
e1e2162dcf Instead of hard-coding a check for bash functions in env_should_delete(), 
use a "*=()* " pattern in initial_badenv_table[] to match them instead.
This allows the user to remove the check via env_delete.
 2017-06-03 08:43:32 -06:00
Todd C. Miller
0ab00964ec Mac OS X -> macOS 2017-06-02 16:10:37 -06:00
Todd C. Miller
7526869d87 devsearch is ignored on BSD, macOS and Solaris 2017-06-02 15:47:35 -06:00
Todd C. Miller
13633ae5ac Sudo 1.8.20p2 2017-05-31 09:14:31 -06:00
Todd C. Miller
c13ebffbce A command name may also contain newline characters so read 
/proc/self/stat until EOF.  It is not legal for /proc/self/stat to
contain embedded NUL bytes so treat the file as corrupt if we see
any.  With help from Qualys.

This is not exploitable due to the /dev traversal changes in sudo
1.8.20p1 (thanks Solar!).
 2017-05-31 09:14:31 -06:00
Todd C. Miller
15901c9487 Use /proc/self consistently on Linux. As far as I know, only AIX 
doesn't support /proc/self.
 2017-05-30 10:44:11 -06:00
Todd C. Miller
cc71b99849 Add a new "devsearch" Path setting to sudo.conf for configuring the 
/dev paths to traverse instead of hard-coding a list in ttyname.c
The default value can be set at configure time.
 2017-05-30 10:44:11 -06:00
Todd C. Miller
777abca382 After opening a tty device, fstat() and error out if it is not 
a character device.
 2017-05-30 10:44:11 -06:00
Todd C. Miller
71e496a901 Sudo 1.8.20p1 2017-05-29 14:36:17 -06:00
Todd C. Miller
b3fe46ce65 Fix for CVE-2017-1000367, parsing of /proc/pid/stat on Linux when 
the process name contains spaces.  Since the user has control over
the command name this could be used by a user with sudo access to
overwrite an arbitrary file.
Thanks to Qualys for investigating and reporting this bug.

Also stop performing a breadth-first traversal of /dev when looking
for the device.  Only the directories specified in search_devs[]
are checked.
 2017-05-29 14:32:53 -06:00