isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,066 Commits 1 Branch 0 Tags
b40f74cb24c5ecd377bd35b69d503d615c67b0a5
Commit Graph

1048 Commits

Author SHA1 Message Date
Todd C. Miller
b40f74cb24 Cross-build support for mksigname and mksiglist 
We must build these with the host C compiler but use the target
preprocessor to generate the output.
 2021-08-19 09:50:05 -06:00
Todd C. Miller
62aca803ce Older Solaris has getusershell() et al but does not declare it. 2021-08-13 09:52:02 -06:00
Todd C. Miller
aa20eccad4 Sudo 1.9.8 2021-08-09 15:50:26 -06:00
Todd C. Miller
dfe26f8c34 If building with address sanitizer make sure its DSO is first. 
Address sanitizer requires that it be preloaded before any other
DSO in LD_PRELOAD.  This should not be required for clang, which
links in asan statically by default.
 2021-08-09 15:50:26 -06:00
Todd C. Miller
8f8a9c37b3 Require that our dso be first in the list to make sure it takes effect. 
Otherwise, another dso could take precedence and ours would not be run.
 2021-08-09 15:50:26 -06:00
Todd C. Miller
0ea5efd8b7 If msg_control is not present in struct msghdr use msg_accrights instead. 
Fixes building on Solaris and probably others.  It is possible to
expose msg_control on Solaris but this requires a specific set of
feature flag defines which can cause other complications.
 2021-08-09 15:50:26 -06:00
Todd C. Miller
5d4120fa5d Add separate convenience lib for protobuf-c 
We need to use it for sudo <-> sudo_intercept.so communication.
 2021-08-09 15:50:25 -06:00
Todd C. Miller
6287e8ca7d Add support for loading the sudo_intercept.so DSO. 2021-08-09 15:50:25 -06:00
Todd C. Miller
40496f510b Prefix sanitizer and fuzzer options with -XCClinker in ASAN_LDFLAGS. 
Otherwise libtool may ignore the options when linking.
 2021-07-29 09:29:07 -06:00
Todd C. Miller
625ab9d298 Bump version to 1.9.7p2 2021-07-26 18:03:14 -06:00
Todd C. Miller
36fbb13c4c Use TLS_method() instead of TLS_client_method() throughout. 
OpenSSL returns an error for SSL_accept() if TLS_client_method()
was used to generate the context (LibreSSL doesn't care).

Prior to sudo 1.9.7, TLS_client_method() and TLS_server_method()
were used in the TLS client and server initialization code respectively.
This was refactored in sudo 1.9.7 to allow the code to be shared.
Bug #988
 2021-07-26 13:40:25 -06:00
Todd C. Miller
f8e05dd984 Use AC_CACHE_CHECK in place of AC_MSG_CHECKING + AC_CACHE_VAL where possible. 2021-07-25 19:29:25 -06:00
Todd C. Miller
4a90deb2a0 Add configure check for va_copy instead of using #ifdef 
This prevents the va_copy compat #define from being used if
sudo_compat.h is somehow included before stdarg.h.
 2021-07-25 15:51:23 -06:00
Todd C. Miller
cc3b4ffb04 Remove vsyslog(3) emulation, it is no longer used. 2021-06-14 13:11:39 -06:00
Todd C. Miller
df1895f66f Sudo 1.9.7p1 2021-06-11 12:50:23 -06:00
Todd C. Miller
f7f1617826 Disable nss_search()-based group lookups on HP-UX for now. 
There is a crash when "group: compat" is used in /etc/nsswitch.conf
that I haven't been able to debug.  Since HP-UX doesn't ship the
appropriate headers it is likely that there is a mismatch between
include/compat/nss_dbdefs.h and what HP actually uses.
 2021-06-09 10:43:04 -06:00
Todd C. Miller
2e492267e7 Build sudo_noexec.so as a module on systems other then Darwin. 
On Darwin, shared modules and shared libraries are not interchangable
and since we preload sudo_noexec.so via DYLD_INSERT_LIBRARIES it
must be a library, not a module.  We must relax the requirement
that libraries begin with a "lib" prefix to work around this
difference.  This does mean you must use sudo's libtool on Darwin
(macOS) but that is already a requirement on other systems (notably
HP-UX and SCO) due to a number of libtool patches we require that
haven't be accepted upstream.  This is a different fix for PR #102.
 2021-05-13 12:45:56 -06:00
Todd C. Miller
31e6138115 Use -Wno-deprecated-declarations on macOS 
This quiets warnings about LDAP and audit libraries being deprecated.
We will use them until they are removed in a future version of macOS.
 2021-05-13 09:52:09 -06:00
Todd C. Miller
2efa903521 Remove redundant "configuring Sudo version X.YY" line. 
We now display this along with the summary info at the end.
 2021-05-07 08:01:07 -06:00
Todd C. Miller
841e1b33fb Don't check for -Wl,-z,relro twice. 2021-05-07 07:56:33 -06:00
Todd C. Miller
9b33594a43 Remove shell-style quotes in configure warning/error/notice messages. 
Square bracket quotes are used, no need for shell-style double quotes.
 2021-05-06 14:41:35 -06:00
Todd C. Miller
96436787a1 Summarize configure settings after all tests have run. 
This makes it a lot easier to see what features have been enabled.
 2021-05-06 13:14:58 -06:00
Todd C. Miller
d71731e50d Remove --with-efence option, there are better options available. 2021-05-04 19:03:55 -06:00
Todd C. Miller
fda17ecfda Rename logsrvd log dir to /var/log/sudo_logsrvd. 2021-05-02 08:28:19 -06:00
Todd C. Miller
66c6edada2 Sudo 1.9.7 2021-04-26 13:12:28 -06:00
Todd C. Miller
6f5b353e87 Add configuration for sudo_logsrvd store-and-forward mode. 
Adds "relay_dir" and "store_first" settings to sudo_logsrvd.conf
in the [relay] section.  Also adds a --with-relaydir configure
argument to change the default value (usually /var/log/logsrvd-relay.
 2021-04-23 16:54:15 -06:00
Todd C. Miller
b0a32fe738 Remove the HP-UX 11.0 pread64() hack, it causes problems on modern HP-UX. 2021-04-20 14:59:19 -06:00
Todd C. Miller
5ffa915c9c determine Python (3.10) version number correctly. 
from upstream automake
 2021-04-16 14:06:07 -06:00
Todd C. Miller
d76cc96af6 Add hiuxmpp where we have hpux for special cases. 
Also move the HP-UX 11.00 pread(2) workaround into the section where
pread(2) is tested for, not before it.
 2021-04-15 13:07:13 -06:00
Todd C. Miller
28d41cecad Enable the use of OpenSSL if log client/server not disabled. 
This adds a dependency on OpenSSL unless it is explicitly disabled
(--disable-openssl) or the sudo log client and server are disabled
(--disable-log-client and --disable-log-server).
 2021-04-12 14:10:49 -06:00
Todd C. Miller
d4517e0a1c Move autoconf auxiliary files to the scripts directory. 2021-04-06 14:23:38 -06:00
Todd C. Miller
cf8feb2876 Remove support for obsolete ISC UNIX and MIPS RISC/OS systems. 
They were getting in the way of net_its.c simplification.
 2021-03-24 08:54:17 -06:00
Todd C. Miller
d03805c413 Use --allow-multiple-definition to work around an issue with ld.lld. 
For fuzz_policy we redefine getaddrinfo/freeaddrinfo to work around
a DNS timeout problem with name resolution and CIfuzz.  However,
this causes a link failure when sanitizers are enabled on systems
that use ld.lld as their linker.  Use a big hammer to avoid the
link error.
 2021-03-18 11:45:41 -06:00
Todd C. Miller
85d77fb3d9 Sudo 1.9.6p1 2021-03-15 10:49:47 -06:00
Todd C. Miller
b8e588565b Add -Wno-unknown-pragmas along with -Wall. 
We don't want warnings about unknown pragmas in system headers.
 2021-03-10 07:47:23 -07:00
Todd C. Miller
0e2ba920ee Compare OS name against freebsd* and netbsd* not freebsd and netbsd. 
Fixes an issue on NetBSD where host_os starts with netbsdelf.
 2021-03-08 14:05:39 -07:00
Todd C. Miller
7bce330ffa AIX 6.1 may have a broken fmemopen(). 
We only use it for the fuzzers so ignore it for AIX < 7.1.
 2021-03-07 07:51:59 -07:00
Todd C. Miller
06beb6f064 No longer need to define _DARWIN_UNLIMITED_GETGROUPS on macOS. 
We now define _DARWIN_C_SOURCE which accomplishes the same thing.
 2021-03-03 11:26:02 -07:00
Todd C. Miller
90534b5b27 Add --disable-ssp configure option. 
This allows for disabling -fstack-protector without turning off the
other hardening options.
 2021-02-18 13:58:09 -07:00
Todd C. Miller
b736804cf0 Sudo 1.9.6 2021-02-17 09:56:04 -07:00
Todd C. Miller
a5504148a5 Add admin_flag sudoers option and make --enable-admin-flag take a path. 
It is now possible to disable the Ubuntu admin flag in sudoers
or change its location.
GitHub issue #56
 2021-02-16 13:20:02 -07:00
Todd C. Miller
440febff86 Error out if fuzzer/sanitizer enabled but not supported by the compiler. 2021-02-13 15:40:48 -07:00
Todd C. Miller
942b11149c Do not pass AX_APPEND_FLAG more than a single flag. 
GitHub issue #92
 2021-02-12 07:16:32 -07:00
Todd C. Miller
a527c583dc illumos has a broken fmemopen(3), don't use it. 2021-02-09 08:59:11 -07:00
Todd C. Miller
e392646ed4 Add configure check for SSIZE_MAX 2021-02-08 18:38:17 -07:00
Todd C. Miller
a046e3bbb0 Add -fsanitize=fuzzer-no-link to ASAN_LDFLAGS too, not just ASAN_CFLAGS. 2021-02-08 05:27:26 -07:00
Todd C. Miller
30d9497eb6 Add stub library that just feeds files to the fuzzing target. 
This will allow the fuzzers to be run as part of "make check".
 2021-02-07 15:43:51 -07:00
Todd C. Miller
a72d743ec8 Fall back to a temp file if fmemopen() is not available(). 2021-02-07 13:56:15 -07:00
Todd C. Miller
55df5efdce Add --enable-fuzzer-linker and --enable-fuzzer-engine options. 
These will allow the fuzzers to be built as part of oss-fuzz.
 2021-02-07 05:52:45 -07:00
Todd C. Miller
6216fb3cca Add --enable-fuzzer option to use when building fuzzers 2021-02-06 13:28:39 -07:00