isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,436 Commits 1 Branch 0 Tags
ba91ebb14befa5aad77c8c0e08eeee4977e6fb8c
Commit Graph

8436 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
98a15d9879 Add a struct sudo_conv_callback that contains on_suspend and on_resume 
function pointer args plus a closure pointer and at it to the
conversation function.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
af47293800 Make hook_version and hook_type unsigned. 2015-09-02 08:00:27 -06:00
Todd C. Miller
bfb1cead60 When decoding base64, avoid using '=' in the decoded temporary array 
as a sentinel as it can legitimately be present.  Instead, just use
the count of bytes stored in the temp array to determine which bytes
to fold into the destination.
 2015-09-01 10:24:59 -06:00
Todd C. Miller
333faa20e2 When parsing def_editor, break out of the loop when we find the 
first valid editor.  Bug #714
 2015-08-21 11:25:02 -06:00
Todd C. Miller
7df2487165 The condition for adding a missing newline at the end of sudoers 
was never reached.  Keep track of the last character and write a
newline character if when copying to the temp file.  Found by Radovan
Sroka.
 2015-08-18 08:57:53 -06:00
Todd C. Miller
7ef9b5827e Remove extraneous while() from botched do {} while() loop 
conversion to use sudo_strsplit.  Noticed by Radovan Sroka.
 2015-08-18 08:34:10 -06:00
Todd C. Miller
2b6085760c In sudo_pam_begin_session() and sudo_pam_end_session() return 
AUTH_FATAL on error, not AUTH_FAILURE.  In sudo_auth_begin_session()
treat anything other than AUTH_SUCCESS as a fatal error.
 2015-08-10 20:17:02 -06:00
Todd C. Miller
13869d349c Linux sets si_pid in struct siginfo to 0 when the process that sent 
the signal is in a different container since the PID namespaces in
different conatiners are separate.  Avoid looking up the process
group by id when si_pid is 0 since getpgid(0) returns the process
group of the current process.  Since sudo ignores signals sent
by processes in its own process group, this had the effect of
ignoring signals sent from other containers.  From Maarten de Vries
 2015-08-10 15:13:37 -06:00
Todd C. Miller
db5376001f Sprinkle some debugging. 2015-08-10 10:56:47 -06:00
Todd C. Miller
ad9a51bd9d Document that sudo uses the real uid to map from uid to passwd file 
user name.
 2015-08-09 16:22:16 -06:00
Todd C. Miller
b2f1bbfb02 disable_coredump can be set to no on modern OSes without 
security consequences.
 2015-08-09 16:12:00 -06:00
Todd C. Miller
f1053af3b5 Emphasis on the never. 2015-08-07 17:05:50 -06:00
Todd C. Miller
d4f1aeb196 Explicitly tell people not to grant sudoedit to directories the 
user can write to.  While sudoedit will no longer open symbolic
links, hard links are still an issue.
 2015-08-07 17:01:15 -06:00
Todd C. Miller
c12dd68d1e Add warning about writable directories and sudo/sudoedit. 2015-08-07 17:00:42 -06:00
Todd C. Miller
796911b3fa Emphasize that wildcards are not regexps. Bug #692 2015-08-07 12:37:15 -06:00
Todd C. Miller
329a8dee8a Emphasize that wildcards in command line arguments are dangerous. 
Document the failings of the passwd example on GNU systems.
Bug #691
 2015-08-07 12:21:37 -06:00
Todd C. Miller
dc5ccf4736 Escape the colons in [[:alpha:]] as required by sudoers. 2015-08-07 12:00:12 -06:00
Todd C. Miller
2fbce103f6 Change warning when user tries to sudoedit a symbolic link. 2015-08-07 07:09:01 -06:00
Todd C. Miller
531bcc8aa6 regen 2015-08-06 13:21:37 -06:00
Todd C. Miller
5b2ea42d47 regen 2015-08-06 13:20:36 -06:00
Todd C. Miller
3354d27a17 Do not follow symbolic links in sudoedit by default. This behavior 
can be controlled by the sudoedit_follow Defaults flag as well as
the FOLLOW/NOFOLLOW tags.
 2015-08-06 13:20:01 -06:00
Todd C. Miller
079167d2c4 Sudo 1.8.15 2015-08-06 13:15:00 -06:00
Todd C. Miller
f11e02ddd5 add .json regress files to MANIFEST 2015-08-06 13:39:59 -06:00
Todd C. Miller
4501b7416a Check JSON output of sudoers test files too. 2015-08-06 10:57:42 -06:00
Todd C. Miller
4abc13bfca Move comment to match moved code. 2015-08-04 16:15:11 -06:00
Todd C. Miller
e0969c162e maxseq is an int not a string 2015-08-04 11:28:43 -06:00
Todd C. Miller
918190fce9 Include sys/types.h for id_t. Bug #711 2015-08-02 19:59:32 -06:00
Todd C. Miller
1965da8c33 Avoid a potential out of bounds read found by enh while fuzzing 
with address sanitizer enabled.
 2015-07-31 16:10:03 -06:00
Todd C. Miller
d536626b18 Set sssd lib location to /usr/lib64 on 64-bit RHEL/Centos. 
Bug #710
 2015-07-27 07:07:38 -06:00
Todd C. Miller
01bfae5bad Add Jakub Wilk 2015-07-08 15:14:55 -06:00
Todd C. Miller
ddd35459c3 The init.d files are generated from a .in file so we need to install 
from top_builddir not top_srcdir.  From Ross Burton.  Bug #708
 2015-07-24 13:38:03 -06:00
Todd C. Miller
e941f97eb4 Replace two "return 0" with debug_return_bool(false). 2015-07-22 19:11:32 -06:00
Todd C. Miller
0765f5fe7f fix typo in previous commit 2015-07-22 06:21:21 -06:00
Todd C. Miller
620f8a33eb Sudo 1.8.14p3 2015-07-22 06:09:14 -06:00
Todd C. Miller
83d8cbf811 Fix errno value from get_process_ttyname() when no tty is present. 2015-07-21 15:20:49 -06:00
Todd C. Miller
aeaa6a6111 On AIX, only convert the tty device number from dev64_t to dev32_t 
if dev_t is 32-bits.
 2015-07-21 15:02:56 -06:00
Todd C. Miller
ef47c692c3 Sudo 1.8.14p2 2015-07-20 20:27:40 -06:00
Todd C. Miller
8f84857977 Fix creation of the timestamp file; bug #704 2015-07-20 20:16:14 -06:00
Todd C. Miller
d96f8bcabb Avoid needless memory allocation when resolving the tty name. 2015-07-19 20:19:22 -06:00
Todd C. Miller
c0b8e71488 Sudo 1.8.14p1 2015-07-17 15:28:26 -06:00
Todd C. Miller
db8607fe4e Fix typo in sudo_sss_attrcpy() that caused a memory allocation error. 2015-07-17 13:58:26 -06:00
Todd C. Miller
6eb4d142e3 rebuild 2015-07-15 12:36:02 -06:00
Todd C. Miller
d4211081c0 Add some debugging printfs when malloc fails and we don't have an 
explicit call to sudo_warnx().
 2015-07-14 15:28:01 -06:00
Todd C. Miller
108bfb7af3 Add missing warnings for memory allocation failure. 
Add function name to memory allocation warnings.
 2015-07-14 14:50:36 -06:00
Todd C. Miller
3c644f5bc0 Return -1 if realloc() fails. 2015-07-14 14:48:04 -06:00
Todd C. Miller
f2f5c2949c Add line number to debug log for memory allocation errors. 2015-07-14 14:47:12 -06:00
Todd C. Miller
7187c19c83 Add warning if calloc() fails. 
Add debugging for other unexpected errors.
 2015-07-14 14:00:18 -06:00
Todd C. Miller
ff5b6dbb60 Add missing check for calloc(3) return value. 2015-07-14 13:56:29 -06:00
Todd C. Miller
5125f82c4e Document that the values printed by "sudo -V" are affected by 
Defaults settings in sudoers.
 2015-07-13 12:58:25 -06:00
Todd C. Miller
374146f70f Avoid calling dlerror() multiple times since it clear the error 
status after printing the error.
Problem caused by sudo_warn/sudo_fatal being macros...
 2015-07-10 10:31:21 -06:00