isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,633 Commits 1 Branch 0 Tags
b51d1a9f679cffb831208affb106e97570f6d0a6
Commit Graph

6633 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
b51d1a9f67 Correct last change date. 2013-02-05 16:14:05 -05:00
Todd C. Miller
14bf23c4a2 Remove duplicated sudo.conf info in the sudo, sudoers and sudo_plugin 
manuals and cross-reference the new sudo.conf manual.
 2013-02-05 16:12:39 -05:00
Todd C. Miller
5debfeeaf7 Fix typos 2013-02-05 16:10:16 -05:00
Todd C. Miller
f6e61640d2 Fix some typos. 2013-02-05 16:09:26 -05:00
Todd C. Miller
c5816ca6ae Add standalone sudo.conf manual page. 2013-02-05 11:43:02 -05:00
Todd C. Miller
f0fdf41d2a add group_source example 2013-02-05 11:42:46 -05:00
Todd C. Miller
0bd79612b1 Use PLUGINDIR in the manuals and fix a typo in the sample sudo.conf. 2013-02-05 10:56:58 -05:00
Todd C. Miller
380fa828dc Sync with translationproject.org 2013-02-05 10:53:59 -05:00
Todd C. Miller
e96d583045 Sync with translationproject.org 2013-02-03 13:46:48 -05:00
Todd C. Miller
78ca828a3c Sync with translationproject.org 2013-02-01 16:00:50 -05:00
Todd C. Miller
9a76946cd5 Clarify ttyname changes. 2013-01-31 16:06:49 -05:00
Todd C. Miller
5fb8749bf6 Add 1.8.6p6 2013-01-31 11:45:33 -05:00
Todd C. Miller
23649bef16 Remove ttyname() fall back code on systems where we can query the 
kernel for the tty device via /proc or sysctl().  If there is no
controlling tty, it is better to just treat the tty as unknown
rather than to blindly use what is hooked up to std{in,out,err}.
 2013-01-31 11:05:56 -05:00
Todd C. Miller
630b47e22f Add group_source setting in sudo.conf to allow the admin to specify 
how a user's groups are looked up.  Legal values are static (just
the kernel list from getgroups), dynamic (whatever the group database
includes) and adaptive (only use group db if kernel group list is
full).
 2013-01-27 13:53:11 -05:00
Todd C. Miller
8ab7cf61bd Pass back exec_background to front end if it is enabled in sudoers. 2013-01-27 13:45:35 -05:00
Todd C. Miller
9ed1f0287e Mention that exec_background is for 1.8.7 and higher only. 2013-01-27 13:43:02 -05:00
Todd C. Miller
479cd25b21 Add missing test files. 2013-01-24 12:05:33 -05:00
Todd C. Miller
c2e678d73a Add regress test for bug 361 2013-01-24 11:57:38 -05:00
Todd C. Miller
f2beaaa89f Add __dso_public to extern declaration of declaration to match 
actual definition.
 2013-01-24 09:01:03 -05:00
Todd C. Miller
210ab24499 Add 1.8.6p5 2013-01-24 07:44:10 -05:00
Todd C. Miller
db7ea4123a Add test for visudo cycle check core dump; test case from Daniel Kopecek 2013-01-23 08:24:11 -05:00
Todd C. Miller
6fe6ccb048 Fix potential stack overflow due to infinite recursion in alias 
cycle detection.  From Daniel Kopecek.
 2013-01-23 07:52:09 -05:00
Todd C. Miller
ef8e141248 Ignore duplicate entries in sudo.conf and report the line number 
when there is an error.  Warn, don't abort if there is more than
one policy plugin.
 2013-01-23 06:33:53 -05:00
Todd C. Miller
c00c968010 Use strtoul() not atoi(). 2013-01-23 06:21:45 -05:00
Todd C. Miller
0fdb89e3b3 regen depends for to add compat/nss_dbdefs.h for getgrouplist.lo 2013-01-22 15:48:52 -05:00
Todd C. Miller
e1859cac14 Fix typo that breaks the build on HP-UX. 2013-01-22 15:48:16 -05:00
Todd C. Miller
6bc3d4aed5 Use nss_search() to implement getgrouplist() where available. Tested 
on Solaris and HP-UX.  We need to include a compatibility header
for HP-UX which uses the Solaris nsswitch implementation but doesn't
ship nss_dbdefs.h.
 2013-01-22 15:41:15 -05:00
Todd C. Miller
e764604485 Remove extra flag to sudo_sigaction(). We want to trap the signal 
regardless of whether or not it is ignored by the underlying command
since there's no way to know what signal handlers the command will
install.  Now we just use sudo_sigaction() to set a flag in
saved_signals[] to indicate whether a signal needs to be restored
before exec.
 2013-01-19 15:10:01 -05:00
Todd C. Miller
a06a14838f Use _getgroupsbymember() on Solaris to get the groups list. Fixes 
performance problems with the getgroupslist() compat on Solaris
systems with network-based group databases.
 2013-01-18 14:58:12 -05:00
Todd C. Miller
872e168836 Document signal handler behavior in plugin API 1.3 2013-01-17 15:13:32 -05:00
Todd C. Miller
855a11af2b Move signal code into its own source file and add sudo_sigaction() 
wrapper that has an extra flag to check the saved_signals list to
only install the handler if the signal is not already ignored.
Bump plugin API version for the new front-end signal behavior.
 2013-01-17 13:29:46 -05:00
Todd C. Miller
99704cc101 Catch SIGINT, SIGQUIT and SIGTSTP in the front end before we execute 
the command.  If we get SIGINT or SIGQUIT, call the plugin close()
functions as if the command was interrupted.  If we get SIGTSTP,
uninstall the handler and deliver SIGTSTP to ourselves.
 2013-01-17 09:20:45 -05:00
Todd C. Miller
541315212e Rename handle_signals() to dispatch_signals(). 
Block other signals in handler() so we don't have to worry about
the write() being interrupted.
 2013-01-17 09:17:54 -05:00
Todd C. Miller
2be741d8ae Rename signal handler to avoid name clash with one in exec.c 2013-01-16 15:28:36 -05:00
Todd C. Miller
90c6ace770 Add missing call to save_signals(). 2013-01-13 15:24:12 -05:00
Todd C. Miller
70976f30ea Fill in the comment block at the top of the .pot files and preserve 
it when regenerating them.
 2013-01-11 17:08:49 -05:00
Todd C. Miller
9479bb623b Add exec_background option in plugin command info and a sudoers 
option to match.  When set, commands are started in the background
and automatically foregrounded as needed.  There are issues with
some ill-mannered programs (like Linux su) so this is not the
default.
 2013-01-11 14:34:09 -05:00
Todd C. Miller
a6f3517f23 regen 2013-01-11 14:29:37 -05:00
Todd C. Miller
64bf4bb057 Add SESH_OBJS variable for sesh object files. 2013-01-11 14:28:52 -05:00
Todd C. Miller
4bc616b677 Update copyright year. 2013-01-11 14:14:10 -05:00
Todd C. Miller
8b3edcc4a8 Always resume the command in the foreground if sudo itself is the 
foreground process.  This helps work around poorly behaved programs
that catch SIGTTOU/SIGTTIN but suspend themselves with SIGSTOP.  At
worst, sudo will go into the background but upon resume the command
will be runnable.  Otherwise, we can get into a situation where the
command will immediately suspend itself.
 2013-01-11 10:09:06 -05:00
Todd C. Miller
adbc8a574f Use -fstack-protector-all in preference to -fstack-protector 
where supported.
 2013-01-11 09:39:59 -05:00
Todd C. Miller
34d018fb91 Only test for -fstack-protector and -fvisibility=hidden on GNU 
compatible compilers.
 2013-01-10 21:27:40 -05:00
Todd C. Miller
726a7daa63 Add Sudo 1.8.6p4 2013-01-03 14:52:10 -05:00
Todd C. Miller
6e560f2bab Break out stack smashing protector options into SSP_CFLAGS and 
SSP_LDFLAGS so we can use it everywhere (unlike LT_LDFLAGS).
 2013-01-03 14:20:49 -05:00
Todd C. Miller
90d58685ff In rbrepair(), make sure we never try to change the color of the 
sentinel node, which is the first entry, not the root.
From Michael King
 2013-01-01 13:31:40 -05:00
Todd C. Miller
782da0aa81 No need to restore default signal handler for SIGSTOP as it is not 
catchable.  Attempting to do so is harmless but sigaction() will
fail and set errno to EINVAL which makes it looks like there is an
error.
 2012-12-28 11:03:23 -05:00
Todd C. Miller
d129290ec3 Print SIGCONT_FG and SIGCONT_BG properly in debug output. 2012-12-28 11:01:36 -05:00
Todd C. Miller
948253a156 Disable PIE on FreeBSD/ia64, otherwise sudo will segfault. 2012-12-27 16:25:51 -05:00
Todd C. Miller
a449e8b3e7 Add howmany() macro since some systems have this in sys/param.h 
which we no longer include.
 2012-12-20 14:46:45 -05:00