isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,917 Commits 1 Branch 0 Tags
b561d0d7ddf7e16472abd03fdada1ef2381f55cc
Commit Graph

8917 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
4e67ac56bd In check_input() when switch()ing on the return value of read(), 
use the default label instead of 1 for the success case.  It is
only reading a single byte so the two are equivalent but it reads
better using default.
 2017-05-04 12:25:51 -06:00
Todd C. Miller
1a047b156d Check sudo_ev_add() return value. Coverity CID 168362 2017-05-04 11:10:42 -06:00
Todd C. Miller
1d1ebb6111 Add io_open() wrapper for open(2) that retries with PERM_IOLOG if 
open(2) fails with EACCES.  Use io_open() instead of duplicate
copies of the same fallback code.
 2017-05-04 11:00:22 -06:00
Todd C. Miller
8757691fc7 Don't retry the open() if set_perms() fails. 2017-05-04 10:45:05 -06:00
Todd C. Miller
237eddd95e Fix typo (fd2 vs. fd) caught by coverity, CID 168359. 2017-05-04 10:30:59 -06:00
Todd C. Miller
32ebb4a383 sync with translationproject.org 2017-05-04 09:17:19 -06:00
Todd C. Miller
280d5ac691 Warn people not to use --enable-asan in production. 2017-05-03 12:56:06 -06:00
Todd C. Miller
80f8960fc6 Move the invocation of check_noexec into the main "check" target 
but only run it if not cross compiling and whe CHECK_NOEXEC is not
empty.
 2017-05-03 11:58:40 -06:00
Todd C. Miller
ecbf895097 Move @CHECK_NOEXEC@ to TEST_PROGS so it gets cleaned up properly. 2017-05-03 11:32:56 -06:00
Todd C. Miller
8468f13c69 Move syslog_maxlen to the "Integers" section. Move syslog_goodpri and 
syslog_badpri to the "Strings at can be used in a boolean context" section.
 2017-05-03 10:32:21 -06:00
Todd C. Miller
d9bfaa386e Fix a pasto that resulted in an extra (empty) syslog_goodpri list entry. 2017-05-03 10:24:12 -06:00
Todd C. Miller
c379665556 Add tests for parsing tuples and syslog options. 2017-05-03 09:54:30 -06:00
Todd C. Miller
2d8717bdd2 Allow the syslog Defaults option to be used in a "true" boolean 
context and use the compiled in default log facility in this case.
 2017-05-03 09:53:03 -06:00
Todd C. Miller
631d458b6f Allow a tuple to be set to boolean true. Regression introduced by 
refactor of set_default_entry() in sudo 1.8.18.
 2017-05-03 09:28:36 -06:00
Todd C. Miller
ddf1fa16f8 Replace the list of "dangerous" environment variables and explain 
how sudo handles the environment instead.
 2017-05-01 11:33:51 -06:00
Todd C. Miller
6af6f84670 Fix exponential behavior in glob() with respect to multiple '*'. 
See https://research.swtch.com/glob
Adapted from https://perl5.git.perl.org/perl.git/commit/33252c318625f3c6c89b816ee88481940e3e6f95
 2017-04-28 12:12:00 -06:00
Todd C. Miller
dab8651ed2 We no longer need to write to the tty if the command was killed by 
a signal.  Sudo will terminate itself with the same signal the
command died from.  Unfortunately, we lose the "core dumped" bit
since sudo itself will not dump core, but there doesn't appear to
be a way around that.
 2017-04-28 10:32:15 -06:00
Todd C. Miller
f57629c953 On Linux, if the command we ran dumped core, set PR_SET_DUMPABLE 
to 0.  This will prevent sudo itself from dumping core in this case.
 2017-04-27 12:28:08 -06:00
Todd C. Miller
f0425ca813 Update path to sudo_noexec.so 2017-04-27 12:02:29 -06:00
Todd C. Miller
91aec9730e If the command terminated due to a signal, sudo will send that same 
signal to itself so the parent shell knows the command died from
a signal.  However, we don't want sudo itself to dump core.
 2017-04-27 10:34:30 -06:00
Todd C. Miller
2d13bf3562 sync 2017-04-26 20:33:20 -06:00
Todd C. Miller
9ee50beaa7 The fix for Bug #722 contained a typo/thinko that resulted in the 
exit status being 0 when a command was killed by a signal other
than SIGINT.  This fixes the signal handler setup so sudo will
terminate with the same signal as the command.  Bug #784.
 2017-04-26 20:17:34 -06:00
Todd C. Miller
2180eab1f9 Better check for /etc/rc.d/rc2.d/S90sudo on AIX 2017-04-26 15:49:10 -06:00
Todd C. Miller
54a23d2c5d Don't install the rc.d link when installing to a DESTDIR. 
DESTDIR is generally only set when installing to a temporary
directory for packaging in which case the link should be
made in a post-install script.
 2017-04-26 14:49:05 -06:00
Todd C. Miller
9bccceaea1 In "make install", install sample sudoers file as /etc/sudoers.dist 
and copy it to /etc/sudoers if there is no existing /etc/sudoers.
Packages either contain /etc/sudoers (RPM and Debian) or /etc/sudoers.dist
(everything else).
 2017-04-26 13:52:49 -06:00
Todd C. Miller
495931f4a8 Allow "make dist" and "make depend" to work for out of tree builds. 2017-04-26 10:43:42 -06:00
Todd C. Miller
f7df250625 Add missing $(srcdir) prefix to shlib_exp definition. 2017-04-24 10:05:38 -06:00
Todd C. Miller
11c82e2f1b Fix typo in killpg macro. 2017-04-21 09:25:17 -06:00
Todd C. Miller
18c8ce10ea Fix the killpg macro for systems without killpg() in libc. 2017-04-21 07:28:45 -06:00
Todd C. Miller
9f1afe23fe Use the standard idiom for popping all entries from a tail queue. 
The llvm checker gets confused by TAILQ_REMOVE and generate
use-after-free false positives.
 2017-04-20 16:13:14 -06:00
Todd C. Miller
c60259bd63 rewrite errpipe callbacks 2017-04-20 16:12:53 -06:00
Todd C. Miller
c2176c32a7 use pipe2() with O_CLOEXEC instead of pipe() + fcntl() and FD_CLOEXEC 2017-04-20 15:10:57 -06:00
Todd C. Miller
6e75179528 init io_pipe[][] to -1, not 0 2017-04-20 15:09:07 -06:00
Todd C. Miller
f3daaba1c4 In sudo_sss_check_user() it is not possible for handle to be NULL. 2017-04-19 14:30:30 -06:00
Todd C. Miller
583fac17ea Fix a use after free when the fqdn sudoOption is set and no hostname 
value is present in sssd.conf.
 2017-04-19 14:15:18 -06:00
Todd C. Miller
a245fedc22 Avoid unused variable when getgrouplist_2() is available. 
It would be nicer to just provide getgrouplist_2() (or the equivalent)
and avoid the ugly #ifdefs.
 2017-04-19 09:39:55 -06:00
Todd C. Miller
871b912f46 sync with translationproject.org 2017-04-19 09:07:55 -06:00
Todd C. Miller
7c63dbf65e regen 2017-04-13 13:45:00 -06:00
Todd C. Miller
d989f8af30 In sudo_ttyname_scan() if dir is the empty string, set errno to 
ENOENT before returning.
 2017-04-12 17:06:48 -06:00
Todd C. Miller
0b81e0b195 Try to make it clear that when match_group_by_gid is enabled, groups 
in sudoers are looked up by group name instead of group ID.  This
doesn't usually cause problems, but if there are conflicting group
entries (for example, from a local /etc/group file and an LDAP or
AD group database), whether the group is resolved by name or ID can
be used to work around conflicts.
 2017-04-11 16:56:04 -06:00
Todd C. Miller
f7251f806c sync with translationproject.org 2017-04-07 10:32:52 -06:00
Todd C. Miller
491e6ae9fc plug memory leak in check_digest 2017-04-07 09:56:47 -06:00
Todd C. Miller
c6f9f06c45 Check return value of dispatch_pending_signals() in case we received 
SIGINT or SIGQUIT before executing the command.
 2017-04-07 08:38:56 -06:00
Todd C. Miller
ec5b78335f back out unintentional change to the version number 2017-03-30 07:10:36 -06:00
Todd C. Miller
04d83c41c7 sync with translationproject.org 2017-03-28 10:56:30 -06:00
Todd C. Miller
bdc9251184 Make check_digest test sudo_filedigest() itself instead of the 
underlying SHA2 functions.  That way we can test it regardless of
whether we use sudo's SHA2 functions or a library version.
 2017-03-27 14:45:24 -06:00
Todd C. Miller
272a9c8e9b Document that commands matched by "sudo ALL" are not affected by 
fdexec.
 2017-03-27 11:10:18 -06:00
Todd C. Miller
ba15306c97 Update for 1.8.20 2017-03-24 16:29:09 -06:00
Todd C. Miller
a58c7d7db5 regen for restricted_env_file 2017-03-24 15:37:14 -06:00
Todd C. Miller
7f26338071 Mention that iolog_user is useful for NFS. 2017-03-24 15:36:03 -06:00