isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,786 Commits 1 Branch 0 Tags
bc5016296d19e399984691c2a7fbb48ee87fc97c
Commit Graph

11786 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
c2bd52edf8 Allow test harness to be run from any directory. 
Also add missing copyright notice.
 2022-02-28 19:39:33 -07:00
Todd C. Miller
a4f847b1d6 Adapt test harness for lib/util and move to regress directory. 2022-02-28 19:23:41 -07:00
Todd C. Miller
a57e979962 Adapt test harness for lib/util and move to regress directory. 2022-02-28 14:15:43 -07:00
Todd C. Miller
6a84523671 Make fuzzer stub main() quiet by default. 
LLVM LibFuzzer displays the input and running time by default but
we don't care about that for the stub fuzzer library.
 2022-02-28 13:33:54 -07:00
Todd C. Miller
f35bbd5a3f Move the cvtsudoers/sudoers/testsudoers/visudo tests into a script. 
It is easier to maintain these tests in script form.  The output
now more closely matches that of the other tests.  The harness
script can be invoked directly and supports running specific tests.
 2022-02-28 11:29:38 -07:00
Todd C. Miller
e7b7c902db Updated translations from translationproject.org 2022-02-27 09:03:54 -07:00
Todd C. Miller
e703feeae2 sudo_regex_compile_v1 stub: set errstr on error 2022-02-25 14:07:22 -07:00
Todd C. Miller
590c4cf62f fuzz_logsrvd_conf: add stub version of sudo_regex_compile_v1(). 
We want to fuzz our parser, not the libc regular expression code.
 2022-02-25 10:13:34 -07:00
Todd C. Miller
e5bbd33834 testsudoers/test18: don't rely on /usr/bin/w being present 
Fixes a test failure on Alpine Linux.
 2022-02-25 09:46:26 -07:00
Todd C. Miller
42f735c8dd Add configure check for gzclearerr() when using system zlib. 2022-02-24 19:13:53 -07:00
Todd C. Miller
68bc030c0c Fix PVS-Studio platform check for macOS. 2022-02-24 08:15:01 -07:00
Todd C. Miller
22a01410bd sudo_ldap_parse_options: fix memory leak of sudoRole cn string. 
Coverity CID 249976
 2022-02-24 07:56:38 -07:00
Todd C. Miller
f793042bec command_allowed: plug memory leak on strdup() failure. 
Coverity CID 249972
 2022-02-24 07:49:30 -07:00
Todd C. Miller
b1fd1ec0fc display_lecture: just return if callback is NULL 2022-02-23 21:09:33 -07:00
Todd C. Miller
330b4e821b For alert messages it is possible for evlog to be NULL. 
Coverity CID 238641
 2022-02-23 20:55:46 -07:00
Todd C. Miller
8290a1e57a iolog_seekto: initialize struct timing_closure before using. 
Coverity CID 249977
 2022-02-23 20:47:18 -07:00
Todd C. Miller
2315c0b3bb iolog_rewrite: initialize struct timing_closure before using. 
Coverity CID 249971
 2022-02-23 20:17:58 -07:00
Todd C. Miller
79d8500347 Allow ARCH_FLAGS to be overridden and handle macOS 12. 2022-02-23 20:04:21 -07:00
Todd C. Miller
9f427b0172 Prefer if [ ... ]; then over if test ...; then. 2022-02-23 20:03:33 -07:00
Todd C. Miller
77164836f1 Do not build with -Werror on macOS. 
Some macOS warnings are bogus, for instance it has an incorrect
getgrouplist(3) definition.
 2022-02-23 10:21:52 -07:00
Todd C. Miller
cf84511273 Build and test macos with circleci. 2022-02-23 10:10:39 -07:00
Todd C. Miller
c7fb513594 Mention lecture behavior change. 2022-02-22 17:02:40 -07:00
Todd C. Miller
eaf76278ec Fix compilation on systems without a real openat(2). 2022-02-22 14:13:15 -07:00
Todd C. Miller
b0fa769504 Better warning message when the digest in sudoers is the wrong length. 2022-02-22 12:15:34 -07:00
Todd C. Miller
41bc52302b Do not disable fuzzer output if SUDO_FUZZ_VERBOSE env variable is set. 2022-02-22 12:04:10 -07:00
Todd C. Miller
2911c31dd7 Display the lecture immediately before prompting for a password. 
This means we no longer display the lecture unless the user is going
to enter a password.  Authentication methods that don't interact
with the user via the terminal don't trigger the lecture.
 2022-02-21 19:34:06 -07:00
Todd C. Miller
9757d29a24 Add back warning when a user is not allowed to run a command. 
Previously, the warning was displayed when a user was not in the
sudoers file, or was present but not listed for the local host.
The new behavior is to display the warning if a command is denied
and mail is sent to the administrator.  Whether or not mail is sent
is controlled by the "mail_*" flags in sudoers.  The warning text
is now "This incident has been reported to the administrator." which
is hopefully less confusing.  The message will not be printed if
either the "mailto" or "mailerpath" sudoers settings are disabled.
 2022-02-21 14:03:05 -07:00
Todd C. Miller
973a8f08f9 Document that negating mailto or mailerpath disables sending mail. 2022-02-21 13:50:49 -07:00
Todd C. Miller
98ac09de38 Don't try to send mail if mailto not set or the mailer is not present. 2022-02-20 19:11:33 -07:00
Todd C. Miller
81d63244e9 Remove obsolete TODO file. 2022-02-21 13:22:07 -07:00
Todd C. Miller
bde48fb4c5 Updated translations from translationproject.org 2022-02-18 09:45:52 -07:00
Todd C. Miller
cadfbfedb9 Add tests for iolog filtering. 
This is the functionality used by the log_passwords and passprompt_regex
options.
 2022-02-18 09:40:40 -07:00
Todd C. Miller
b19bd98531 iolog_pwfilt_run: apply regex on ttyout even if we disabled filtering. 
The heuristic used to decide when to disable filtering is when we
see another ttyout buffer or find a cr or nl in the ttyin buffer.
However, we should also check the buffer that caused us to disable
filtering for a matching regex that would re-enable filtering.
Programs that prompt for a password twice might otherwise not have
the second password filtered.
 2022-02-18 09:14:35 -07:00
Todd C. Miller
9f5615e5b1 Avoid using "note that" and "note: " in documentation. 2022-02-16 16:38:44 -07:00
Todd C. Miller
9175954895 Remove "please" from the documentation, it is considered bad style. 2022-02-16 12:33:32 -07:00
Todd C. Miller
c4fc9b695b Mention regular expressions and "sudo -l -U user" behavior change. 2022-02-16 11:01:59 -07:00
Todd C. Miller
339ef82d62 Add security notes about regular expressions in sudoers rules. 2022-02-16 10:41:29 -07:00
Todd C. Miller
03484c0c1d Update NEWS for GitHub issue #134. 2022-02-16 09:10:36 -07:00
Todd C. Miller
de52b8e443 fmt_authfail_message: compute the exact amount of space needed. 
Instead of truncating on overflow, warn and return NULL.
 2022-02-15 19:48:06 -07:00
Todd C. Miller
274468d7d2 do_logfile_sudo: plug memory leak of full_line 
Coverity CID 249329
 2022-02-15 19:53:35 -07:00
Todd C. Miller
f01b044010 log_server_alert: plug potential memory leak 
Coverity CID 249328
 2022-02-15 19:50:55 -07:00
Todd C. Miller
72961fe433 Fix potential NULL deref if getpwuid(0) fails. 
Coverity CID 249326
 2022-02-15 19:41:31 -07:00
Todd C. Miller
9f695f0fcc Restrict "sudo -U other -l" to users with sudo ALL for root or "other". 
Having "sudo ALL" permissions in no longer sufficient to be able to
list another user's privileges.  The invoking user must now have
"sudo ALL" for root or the target user.
GitHub issue #134
 2022-02-14 13:09:55 -07:00
Todd C. Miller
df1bb3814b Reword some of the NEWS items for 1.9.10. 2022-02-13 08:55:01 -07:00
Todd C. Miller
33f54c853b Limit regular expressions to 1024 characters each. 
Avoids a problem with the fuzzer creating large regular expressions
that blow up the glibc regcomp().
 2022-02-12 09:33:02 -07:00
Todd C. Miller
63b2a62f8a Substitute values in the example syslog.conf too. 
Also update ignore files for example changes
 2022-02-11 19:19:09 -07:00
Todd C. Miller
0bbe4b1813 Substitute paths set by configure in examples. Bug #1023 2022-02-11 19:07:08 -07:00
Todd C. Miller
0e2e4b6882 Update Project-Id-Version to 1.9.10. 2022-02-11 18:34:04 -07:00
Todd C. Miller
541c165e65 Update .pot files for 1.9.10 2022-02-11 14:15:31 -07:00
Todd C. Miller
85f9f2beb6 Sudo 1.9.10 2022-02-11 14:14:32 -07:00