isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,977 Commits 1 Branch 0 Tags
a76630000720a0c6e793f47c5444b58fcd7154b5
Commit Graph

447 Commits

Author SHA1 Message Date
Todd C. Miller
03f5f4087c Fix a bug when set_runaspw() is used as a callback. We don't want to 
reset the contents of runas_pw if the user specified a user via the -u flag.

Avoid unnecessary passwd lookups in set_authpw().  In most cases we already
have the info in runas_pw.
 2004-01-17 18:49:59 +00:00
Todd C. Miller
febc09e147 Add set_runaspw() function to fill in runas_pw. This will be used 
as a callback to update runas_pw when the runas user changes.
 2004-01-16 23:09:20 +00:00
Todd C. Miller
ecfc813757 PERM_RUNAS -> PERM_FULL_RUNAS 2004-01-16 23:07:03 +00:00
Todd C. Miller
d55c3f63c7 Use closefrom() instead of doing the equivalent inline. 2004-01-12 19:03:54 +00:00
Todd C. Miller
8e421c95b8 update copyright year 2004-01-05 17:15:32 +00:00
Todd C. Miller
7536a781f0 Add support for preloading a shared object containing a dummy execve() 
function that just sets error and returns -1.  This adds a
"noexec_file" option to load the filename as well as a "noexec" flag
to enable it unconditionally.  There is also a NOEXEC tag that can
be attached to specific commands and an EXEC tag to disable it.
 2004-01-05 02:48:09 +00:00
Todd C. Miller
caf389c2fa Rename EXEC macro -> EXECV 2004-01-05 01:39:57 +00:00
Todd C. Miller
02f37dc2da Add support for tuples in def_data.in; these are implemented as an 
enum type.  Currently there is only a single tuple enum but in the
future we may have one tuple enum per T_TUPLE entry in def_data.in.
Currently listpw, verifypw and lecture are tuples.  This avoids the
need to have two entries (one ival, one str) for pwflags and syslog
values.

lecture is now a tuple with the following values: never, once, always

We no longer use both an int and string entry for syslog facilities
and priorities.  Instead, there are logfac2str() and logpri2str()
functions that get used when we need to print the string values.
 2003-12-30 22:31:30 +00:00
Todd C. Miller
6ad252765b Create def_* macros for each defaults value so we no longer need 
the def_{flag,ival,str,list,mode} macros (which have been removed).
This is a step toward more flexible data types in def_data.in.
 2003-12-30 22:20:21 +00:00
Todd C. Miller
7f773be1fe If we are in -k/-K mode, just spew to stderr. It is not unusual for 
users to place "sudo -k" in a .logout file which can cause sudo to
be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died.
Previously, this would result in useless mail and logging.
 2003-12-23 02:18:13 +00:00
Todd C. Miller
f13528b0b1 add DARPA credit on affected files 2003-04-16 00:42:10 +00:00
Todd C. Miller
e15de8443d Don't change rl.rlim_max for RLIMIT_CORE. We need only set rl.rlim_cur 
to 0 to turn off core dumps.  This may be needed for the RLIMIT_CORE
restoration on some OSes.
 2003-04-09 20:13:04 +00:00
Todd C. Miller
dcf1a5acce Use warn/err and getprogname() throughout. The main exception is 
openlog().  Since the admin may be filtering logs based on the
program name in the log files, hard code this to "sudo".
 2003-04-02 18:25:30 +00:00
Todd C. Miller
632dbebef0 fix strlcpy() rval check (innocuous) 2003-04-01 15:02:49 +00:00
Todd C. Miller
48229cbac6 update copyright year 2003-03-15 20:31:02 +00:00
Todd C. Miller
b18a141ae9 Cast [ug]ids to unsigned long and printf with %lu 2003-03-15 20:19:58 +00:00
Todd C. Miller
4b7b3c7f59 Use stat_sudoers macro so --with-stow can work 2003-03-15 18:02:02 +00:00
Todd C. Miller
eebc763bd3 Use strlc{at,py} for paranoia's sake and exit on overflow. In all 
cases the strings were either pre-allocated to the correct size of
length checks were done before the copy but a little paranoia can
go a long way.
 2003-03-13 20:00:45 +00:00
Todd C. Miller
96376b6d4e snprintf() a uid as %lu, not %ld to match the MAX_UID_T_LEN test in 
configure.
 2003-03-13 16:58:25 +00:00
Todd C. Miller
804caf3956 Use snprintf() for paranoia 2003-03-12 23:46:54 +00:00
Todd C. Miller
c96a62e26c Use emalloc2() to allocate N things of a certain size. 2003-03-12 21:45:51 +00:00
Todd C. Miller
897b551372 fix typo in comment; Pedro Bastos 2002-11-26 17:09:59 +00:00
Todd C. Miller
b152da4cdb Revamp set_perms. We now use a version based on setresuid() or setreuid() 
when possible since that allows us to support the stay_setuid option and
we always know exactly what the semantics will be (various Linux kernels
have broken POSIX saved uid support).
 2002-11-22 19:09:49 +00:00
Todd C. Miller
faabf3bac7 Before exec, restore state of signal handlers to be the same as 
when we were initialy invoked instead of just reseting to SIG_DFL.
Fixes a problem when using sudo with nohup.  Based on a patch from
Paul Markham.
 2002-11-22 18:33:47 +00:00
Todd C. Miller
4f2d87e28c o timestamp_uid should be uid_t, not int 
o clarify error message when sudo is run by root and no_root_sudo is set
 2002-11-22 18:23:24 +00:00
Todd C. Miller
0f60107a1c No need for dump_badenv() now that dump_defaults() knows how to dump lists. 2002-05-05 19:58:29 +00:00
Todd C. Miller
c289159953 g/c second arg to set_perms--it is no longer used 2002-05-05 00:43:38 +00:00
Todd C. Miller
a30951d34c Add support for non-root timestamp dirs. This allows the timestamp 
dir to be shared via NFS (though this is not recommended).
 2002-05-03 22:48:17 +00:00
Todd C. Miller
99cc62452d Move endpwent() to be after set_perms(PERM_RUNAS, ...) and also call 
endgrent() at the same time.
 2002-03-12 03:19:04 +00:00
Todd C. Miller
ea24bef19c The SHELL environment variable was preserved from the user's 
environment instead of being reset based on the passwd database
when the "env_reset" option was used.  Now it is reset as it should be.
 2002-01-15 23:43:59 +00:00
Todd C. Miller
f039427253 Add a configure option to turn off use of POSIX saved IDs 2002-01-15 22:47:29 +00:00
Todd C. Miller
eb97ce45ea Only OR in MODE_RESET_HOME if MODE_RUN is set. 
Fixes a problem where "sudo -l" would not work if always_set_home was set.
 2002-01-15 20:39:59 +00:00
Todd C. Miller
26e835b096 o Move the call to rebuild_env() until after MODE_RESET_HOME is set. 
Otherwise, the set_home option has no effect.

o Fix use of freed memory when the "fqdn" flag is set.  This was
  introduced by the fix for the "segv when gethostbynam() fails" bug.
  Also, we no longer call set_fqdn() if the "fqdn" flag is not set so
  there is no need to check the "fqdn" flag in set_fqdn() itself.
 2002-01-15 01:53:02 +00:00
Todd C. Miller
9eac6eeaa3 If set_perms == set_perms_posix and the stay_setuid flag is not 
set, set all uids to 0 and use set_perms_fallback().
 2002-01-13 18:29:23 +00:00
Todd C. Miller
a82e7a8efe (c) 2002 2002-01-08 15:00:18 +00:00
Todd C. Miller
53299b78a0 Defer assigning new environment until right before the exec. 2002-01-08 14:20:57 +00:00
Todd C. Miller
afe8333fc2 XXX - should call find_path() as runas user, not root. Can't do 
that until the parser changes though.
 2001-12-15 00:45:13 +00:00
Todd C. Miller
cfadcb1733 If find_path() fails as root, try again as the invoking user (useful 
for NFS).  Idea from Chip Capelik.
 2001-12-15 00:38:06 +00:00
Todd C. Miller
761b119e2e Add new sudoers option "preserve_groups". Previously sudo would not 
call initgroups() if the target user was root.  Now it always calls
initgroups() unless the -P command line option or the "preserve_groups"
sudoers option is set.  Idea from TJ Saunders.
 2001-12-15 00:24:27 +00:00
Todd C. Miller
65fad4df35 o Reorder some headers and use STDC_HEADERS define properly 
o Update copyright year
 2001-12-14 19:52:54 +00:00
Todd C. Miller
2e677e1023 Remove "secure_path" Defaults option since it cannot work with the 
existing parser.
 2001-12-14 06:40:03 +00:00
Todd C. Miller
f590093e46 Unset "secure_path" if user_is_exempt() 2001-12-14 06:26:55 +00:00
Todd C. Miller
cf92836ecf Only need to do 'lc = login_getclass(NULL)' if lc == NULL 2001-12-13 02:42:45 +00:00
Todd C. Miller
678f56e2e8 o Defer call to set_fqdn() until it is safe to use log_error() 
o Don't print errno string value if gethostbyname fails, it is not relevant
 2001-12-13 01:24:45 +00:00
Todd C. Miller
4cad1daa76 Must reset signal handlers before we exec 2001-12-09 05:20:34 +00:00
Todd C. Miller
60bbfa42df Don't block keyboard interrupt signals, just set them to SIG_IGN. 2001-12-09 05:09:10 +00:00
Todd C. Miller
241cb64cc4 Kill POSIX_SIGNALS define and old signal support now that we emulate POSIX ones 
Also be sure to correctly initialize struct sigaction.
 2001-12-08 19:44:30 +00:00
Todd C. Miller
63ae9ec2ad Dump default bad env table when 'sudo -V' is run by root. 2001-11-12 18:08:30 +00:00
Todd C. Miller
29871e4422 If we fail to lookup a login class, apply the default one. 2001-08-23 21:43:38 +00:00
Todd C. Miller
11127e3468 Use setpwent()/endpwent() + all the shadow variants to make sure 
we don't inadvertantly leak an fd to the child.  Apparently Linux's
shadow routines leave the fd open even if you don't call setspent().
Reported by mike@gistnet.com; different patch used.
 2001-05-10 18:55:12 +00:00