isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,902 Commits 1 Branch 0 Tags
a62cd4b4fe25eda6f99d73d7277a6db90a36337c
Commit Graph

8902 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
8c8d078f66 Don't allow the user to specify an I/O log file mode that sudo can't 
read or write to.  I/O logs must always be readable and writable
by the owner.
 2017-03-17 10:56:17 -06:00
Todd C. Miller
8b3845c1ca Regenerate the cat pages with newer mandoc which formats double 
quotes as "foo" instead of ``foo''.
 2017-03-14 09:13:25 -06:00
Todd C. Miller
4bdbc6b290 Make it clear that I/O logs will be complete even if the command 
run by sudo is terminated by a signal.  The I/O log buffering just
prevents the logs from being displayed in real-time as the command
is running.
 2017-03-14 09:11:56 -06:00
Todd C. Miller
35e4bd3e9f Replace pipe_nonblock() with pipe2() 2017-03-13 12:11:52 -06:00
Todd C. Miller
7aa89c49b5 Emulate pipe2() on systems without it. 2017-03-13 12:11:51 -06:00
Todd C. Miller
b63df21ba5 Fix declaration of sudo_krb5_verify() in the case where krb5_verify_user() 
is not present.  Bug #777
 2017-03-10 11:52:49 -07:00
Todd C. Miller
453360666c Use HAVE_STDBOOL_H to detect systems w/o stdbool.h. 
Bug #778
 2017-03-10 11:49:07 -07:00
Todd C. Miller
a86d399ef6 regen 2017-03-09 12:00:18 -07:00
Todd C. Miller
867fd16343 Move SIGCHLD handling into handle_sigchld() functions and move the 
remaining bits of dispatch_signal() into signal_pipe_cb()
 2017-03-09 08:36:40 -07:00
Todd C. Miller
78f3f8bb9d e_termination should be set to the value of WTERMSIG not WEXITSTATUS 2017-03-08 09:17:53 -07:00
Todd C. Miller
af1482f487 Add tcsetpgrp_nobg() which acts like tcsetpgrp() but returns -1 
for a background process.  This is safer than blocking SIGTTOU
which would cause tcsetpgrp() to succeed in the background.
 2017-03-07 12:29:21 -07:00
Todd C. Miller
2f074d33ab Prevent sudo from receiving SIGTTOU when it tries to restore the 
controlling terminal.  There appears to be a race with the shell
(bash) which we may lose.
 2017-03-06 13:05:17 -07:00
Todd C. Miller
00b4732c9d Add some casts to quiet gcc warnings on Solaris and remove a 
now-useless debug printf.
 2017-03-03 11:20:56 -07:00
Todd C. Miller
a788144094 change debug info when suspending sudo 2017-03-03 11:20:25 -07:00
Todd C. Miller
6dba84dca9 Reorganize the command execution code to separate out the pty and 
non-pty code paths into their own event loops.  The non-pty exec
code is now contained in exec_nopty.c and the pty exec code is split
between exec_pty.c (parent process) and exec_monitor.c (session leader).
This results in a small bit of duplicated code but improves readability.
Some of the duplicated code will fall out in future changes to the
event subsystem (the signal pipe).
 2017-03-03 10:35:11 -07:00
Todd C. Miller
4b1f0c4176 Remove support for the TIOCGSIZE ioctl. Systems that use this 
rather than TIOCGWINSZ are too old for sudo to build on anyway.
 2017-02-26 16:41:25 -07:00
Todd C. Miller
13fcdb4f5f Set the child pid to -1 after we've waited for it and take care to 
avoid killing pid -1.  This makes it a bit more explicit and removes
the need for a separate variable to track the child's status.
Sudo already stops processing signals after it receives SIGCHLD so
it is not vulnerable to CVE-2017-2616.
 2017-02-24 15:14:56 -07:00
Todd C. Miller
05e52c7b82 Update the description of strict mode to current reality. Aliases 
haven't needed to be defined before they are used since sudo 1.7.
 2017-02-22 14:13:07 -07:00
Todd C. Miller
daa728fd88 Go back to using a Warning/Error prefix in the message printed to 
stderr for alias problems.  Requested by Tomas Sykora.
 2017-02-22 06:38:33 -07:00
Todd C. Miller
143620bb25 fix copyright years 2017-02-21 09:03:57 -07:00
Todd C. Miller
b9954fb9b9 Add support for using the message digest functions in libgcrypt 
instead of sudo's own SHA2 implementation.
 2017-02-20 16:44:12 -07:00
Todd C. Miller
199a594f43 Add support for using the message digest functions in OpenSSL instead 
of sudo's own SHA2 implementation.
 2017-02-20 16:44:12 -07:00
Todd C. Miller
b5e7b7bd2c Move the file digest code out of match.c and into filedigest.c. 
Inspired by RedHat changes that used libgcrypt.
Also add digest_type_to_name() to map a sudo digest type (int)
to a name (string) and use it.
 2017-02-20 16:44:12 -07:00
Todd C. Miller
00b76afe46 Check for gmtime() or localtime() returning NULL and just use a 
zero offset in that case.  Should not be possible.
 2017-02-20 16:44:02 -07:00
Todd C. Miller
b3fdb26c41 Add support for ROLE, TYPE, PRIVS, LIMITPRIVS, TIMEOUT, NOTBEFORE 
and NOTAFTER.
 2017-02-18 16:44:56 -07:00
Todd C. Miller
fd40d88ba7 strftime() was in C89 so use it unconditionally. 2017-02-18 16:23:40 -07:00
Todd C. Miller
e5dee1557e Add NOTBEFORE and NOTAFTER command options similar to what is 
already available in LDAP.
 2017-02-18 15:35:48 -07:00
Todd C. Miller
3b19d05fe9 regen 2017-02-16 10:28:13 -07:00
Todd C. Miller
31540e6228 Bump version to 1.11 for timeout entry in settings[] 2017-02-16 10:28:08 -07:00
Todd C. Miller
b030c96a86 regen 2017-02-16 10:13:48 -07:00
Todd C. Miller
c86a6a23ad Add a command line option to specify the command timeout, as long 
as sudoers does not specify a shorter time limit.
 2017-02-16 09:58:18 -07:00
Todd C. Miller
9b0622b58f Better error message when the timeout value does not parse. 2017-02-15 15:13:37 -07:00
Todd C. Miller
8bffd09881 set errno to ERANGE not EOVERFLOW on range error 2017-02-15 10:51:39 -07:00
Todd C. Miller
635f330a43 regen 2017-02-14 16:24:10 -07:00
Todd C. Miller
e5266f9eba Only inhibit ASAN leak detector for tests that result in a parse 
error.  The parser cannot currently clean up completely on error.
 2017-02-14 15:56:34 -07:00
Todd C. Miller
0f3f4e028a Plug some memory leaks found by ASAN. 2017-02-14 15:56:34 -07:00
Todd C. Miller
e954facb9d List SELinux role/type for "sudo -l" with LDAP and SSSd backends. 
Also fix printing of the timeout.
 2017-02-14 15:56:34 -07:00
Todd C. Miller
d7f7cf7a79 Only inherit SELinux role/type and Solaris privilege sets if 
the command does not include any.  Previously, a command with
only a role would inherit a type from the previous command
which is not what was intended.
 2017-02-14 15:56:34 -07:00
Todd C. Miller
24cdbb8de1 Split out tags again so they must precede the command and not allow 
them to be mixed in with options.
 2017-02-14 15:56:34 -07:00
Todd C. Miller
3980f1531b Add support for command timeouts in sudoers. After the timeout, 
the command will be terminated.
 2017-02-14 15:56:34 -07:00
Todd C. Miller
4f9dcd7264 Merge command tags, SELinux type/role and Solaris privs settings 
into "command options".  This relaxes the order of things so tags
and other options can be interspersed.
 2017-02-14 15:56:34 -07:00
Todd C. Miller
fb419ba066 supress cppcheck memory leak false positive 2017-02-14 14:38:31 -07:00
Todd C. Miller
47b82acd78 fix typo that prevented compilation on FreeBSD 2017-02-14 13:19:45 -07:00
Todd C. Miller
4dad181be3 Link vsyslog.lo directly into vsyslog_test to make sure the syslog() 
stub gets called.  Otherwise, the real syslog will get called via
libutil on AIX.
 2017-02-13 20:33:42 -07:00
Todd C. Miller
f59327bc5c Fix final test with a format > 2048 bytes. 
Keep track of tests run in the syslog() stub so we can
detect if the stub is not being called.
 2017-02-13 20:30:45 -07:00
Todd C. Miller
6263cc55a5 avoid redefining the MIN macro 2017-02-13 15:03:57 -07:00
Todd C. Miller
09438e5b42 Include parse.h in timestr.c which is where function prototype lives. 2017-02-13 13:44:11 -07:00
Todd C. Miller
359cacc40f Fix for including a sudoers file that begins with the letter 'i'. 
The hack to determine whether we are parsing an include or includedir
is no longer safe now that relative include paths are permitted.
Bug #776.
 2017-02-13 13:38:24 -07:00
Todd C. Miller
8c1da9b69e Display the value of syslog_maxlen in sudo -V output. 2017-02-10 15:08:44 -07:00
Todd C. Miller
3742f7a46e Add ignore_unknown_defaults flag to ignore unknown Defaults entries 
in sudoers instead of producing a warning.
 2017-02-06 05:41:57 -07:00