isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,186 Commits 1 Branch 0 Tags
bff4e3ce16f287f18ad23e290c22820e1de9dd03
Commit Graph

29 Commits

Author SHA1 Message Date
Todd C. Miller
bff4e3ce16 set_cmnd_path: apply runchroot if set when finding the command path 
Previously we would prepend runchroot to the path we were checking
but that does not properly handle symbolic links.
 2023-02-21 13:24:33 -07:00
Todd C. Miller
1e0bb704c2 Restore the line that set errno to ENOENT when find_path() fails. 
This was inadvertently removed when the "goto bad" was added.
 2023-01-19 10:08:38 -07:00
Todd C. Miller
0274a4f3b4 sudoedit: do not permit editor arguments to include "--" (CVE-2023-22809) 
We use "--" to separate the editor and arguments from the files to edit.
If the editor arguments include "--", sudo can be tricked into allowing
the user to edit a file not permitted by the security policy.
Thanks to Matthieu Barjole and Victor Cutillas of Synacktiv
(https://synacktiv.com) for finding this bug.
 2023-01-12 15:55:27 -07:00
Todd C. Miller
e66f34d250 copy_arg: fix copying an escaped backslash 
GitHub issue #179
 2022-09-23 12:30:51 -06:00
Todd C. Miller
13672f28df Make sudo pass -Wwrite-strings 2022-06-28 16:33:15 -06:00
Todd C. Miller
d15e117c2e find_editor: remove the env_error argument 
There is no case where we should fail to find an editor just because
the values of EDITOR, VISUAL and SUDO_EDITOR are unavailable.  Both
sudoedit and the "env_editor" sudoers setting are documented as
falling back on the hard-coded list of editors in the "editors"
sudoers setting.  Bug #1000
 2021-09-29 10:25:19 -06:00
Todd C. Miller
ffdd7920cd resolve_editor: sudoers_gc_remove(editor) before freeing it. 2021-08-11 07:45:26 -06:00
Todd C. Miller
9798fd86bf Add garbage collection to resolve_editor(). 
Fixes a leak when evaluating the policy multiple times if sudoedit
is set.
 2021-08-10 12:58:18 -06:00
Todd C. Miller
6907376ae9 When spliting EDITOR check for escaped quote characters. 
Also add check_editor to sudoers "make check".
 2021-04-25 19:12:50 -06:00
Todd C. Miller
5e5131dec3 Treat a lone backslash at the end of a string as a literal backslash. 
GitHub issue #99
 2021-04-24 14:19:46 -06:00
Todd C. Miller
92c88d4105 Quiet a few harmless cppcheck warnings. 2021-01-06 13:01:10 -07:00
Todd C. Miller
aeef6db85e Support EDITOR environment variable that includes quotes. 
Quote support is limited to the beginning of a word.
Also handles characters escaped with a backslash.
 2020-11-12 16:04:05 -07:00
Todd C. Miller
e0c2635fb3 Apply Google inclusive language guidelines. 
Also replace backwards with backward.
 2020-10-30 10:15:30 -06:00
Todd C. Miller
b6dbfe5094 Take the chroot into account when search for the command. 
This could a a user-specific chroot via the -R option, a runchroot
Defaults value, or a per-command CHROOT spec in the sudoers rule.
 2020-09-09 15:26:44 -06:00
Todd C. Miller
446ae3f507 Include string.h unconditionally and only use strings.h for strn?casecmp() 
In the pre-POSIX days BSD had strings.h, not string.h.
Now strings.h is only used for non-ANSI string functions.
 2020-05-18 07:59:24 -06:00
Todd C. Miller
dd88460800 We no longer need to include headers we don't use for sudo*.h files. 
Previously we needed to include headers required by the various
sudo*h files.  Now those files are more self-sufficient and we
should only include headers needed by code in the various .c files.
 2020-05-18 06:47:04 -06:00
Todd C. Miller
486ee2b71f debug_decl and debug_decl_vars now require a semicolon at the end. 2019-12-22 08:48:16 -07:00
Todd C. Miller
1e1ef61902 Add SPDX-License-Identifier to files. 2019-04-29 07:21:51 -06:00
Todd C. Miller
6c3d20cb41 Convert PVS-Studio comment to ANSI C. 2018-10-26 08:39:09 -06:00
Todd C. Miller
64e5d34c57 Add comments in .c files so PVS-Studio will check them. 2018-10-21 08:46:05 -06:00
Todd C. Miller
23ac62cfb5 Also honor SUDO_EDITOR in visudo. Previously is was only used 
by sudoedit.
 2017-12-22 10:22:33 -07:00
Todd C. Miller
48fba3c2cc update my email to Todd.Miller@sudo.ws 2017-12-03 17:53:40 -07:00
Todd C. Miller
b4cb1c0a1f Fix memory leaks in resolve_editor() in the error path. 
Coverity CID 104109, 104110
 2016-05-06 09:23:22 -06:00
Todd C. Miller
0b241088b3 There's no need to conditionalize the #include <unistd.h>, we require 
a POSIX system.
 2015-07-02 09:08:28 -06:00
Todd C. Miller
4a07b472f0 Only include stddef.h where it is needed. 2015-06-20 05:34:35 -06:00
Todd C. Miller
c36415417f Add function name to "unable to allocate memory" warnings. 2015-06-19 14:51:17 -06:00
Todd C. Miller
dc883f2454 We require ANSI C so stop using the obsolete STDC_HEADERS. 2015-06-19 14:29:27 -06:00
Todd C. Miller
4f9cabd005 Remove obsolete memory.h include. 2015-06-18 21:02:57 -06:00
Todd C. Miller
ac13264b44 Use a common function for resolviong the user's editor in sudoedit 
and visudo.  The find_path() function now returns a dynamically
allocated path instead of using a static string.
 2015-06-18 09:51:36 -06:00