isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,541 Commits 1 Branch 0 Tags
c05fe93669e60dba1e290d448254503bd84c8ca3
Commit Graph

10541 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Fabrice Fontaine
c05fe93669 lib/eventlog/Makefile.in: fix static build without closefrom 
Since version 1.9.4 and
bd1ca79cca,
when closefrom is not available, libsudo_eventlog.a depends on
libsudo_util.a. So reflect this dependency in the libtool file to avoid
the following static build failure of logsrvd:

/bin/bash ../libtool --tag=disable-static --mode=link /home/buildroot/autobuild/instance-1/output-1/host/bin/powerpc-linux-gcc -o sudo_logsrvd logsrv_util.o iolog_writer.o logsrvd.o logsrvd_conf.o -static -Wl,--enable-new-dtags -Wl,-z,relro    ../lib/iolog/libsudo_iolog.la ../lib/eventlog/libsudo_eventlog.la ../lib/logsrv/liblogsrv.la
/bin/bash ../libtool --tag=disable-static --mode=link /home/buildroot/autobuild/instance-1/output-1/host/bin/powerpc-linux-gcc -o sudo_sendlog logsrv_util.o sendlog.o -static -Wl,--enable-new-dtags -Wl,-z,relro    ../lib/iolog/libsudo_iolog.la ../lib/eventlog/libsudo_eventlog.la ../lib/logsrv/liblogsrv.la
libtool: link: /home/buildroot/autobuild/instance-1/output-1/host/bin/powerpc-linux-gcc -o sudo_logsrvd logsrv_util.o iolog_writer.o logsrvd.o logsrvd_conf.o -static -Wl,--enable-new-dtags -Wl,-z -Wl,relro  ../lib/iolog/.libs/libsudo_iolog.a /home/buildroot/autobuild/instance-1/output-1/build/sudo-1.9.5p1/lib/util/.libs/libsudo_util.a -lpthread -lz ../lib/eventlog/.libs/libsudo_eventlog.a ../lib/logsrv/.libs/liblogsrv.a
/home/buildroot/autobuild/instance-1/output-1/host/opt/ext-toolchain/bin/../lib/gcc/powerpc-buildroot-linux-uclibc/8.3.0/../../../../powerpc-buildroot-linux-uclibc/bin/ld: ../lib/eventlog/.libs/libsudo_eventlog.a(eventlog.o): in function `send_mail.constprop.1':
eventlog.c:(.text+0x149c): undefined reference to `sudo_closefrom'
collect2: error: ld returned 1 exit status

Fixes:
 - http://autobuild.buildroot.org/results/515b45f876fa9de03c9235f86017f4dc10eb3b54

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 2021-01-22 07:00:18 -07:00
Todd C. Miller
376ad5e6b4 Do not add an unfinished write buffer to the queue if it is already present. 
In client_msg_cb() we only remove a buffer from the queue when it is
finished.  Inserting the buf again can cause a cycle in the queue.
 2021-01-21 12:46:48 -07:00
Todd C. Miller
eb536d8b7c Fix problem when SSL_read() returns SSL_ERROR_WANT_WRITE. This can 
happen when the socket cannot be written to immediately.
We need to set the read_instead_of_write flag in that case, _not_
write_instead_of_read.  Also sync comments with sendlog.c.
Bug #954
 2021-01-20 11:25:23 -07:00
Todd C. Miller
d98dd5f98d Fix setprogname() emulation on systems without it. 
For fully-qualified paths, store the string starting after the last slash,
not at the slash itself.
 2021-01-15 15:25:44 -07:00
Todd C. Miller
e60ff9058b Sudo 1.9.5p1 2021-01-11 18:47:22 -07:00
Todd C. Miller
3a13f1bf0c Run the editor with the user's real and effective uid and gid. 
Fixes a bug introduced in sudo 1.9.5 where the editor was run setuid
root unless SELinux RBAC was in use.
 2021-01-11 18:41:19 -07:00
Todd C. Miller
ea150d5918 fix typo 2021-01-11 08:16:53 -07:00
Todd C. Miller
01d0bbfb85 Add casts to quiet two warnings on Solaris. 2021-01-11 07:35:33 -07:00
Todd C. Miller
9e111eae57 Sudo 1.9.5 2021-01-08 19:52:45 -07:00
Todd C. Miller
250cccfe4c Update .pot files for 1.9.5. 2021-01-09 12:59:48 -07:00
Todd C. Miller
1b72d6a5cc Allow SELinux support to be disabled via the sudoers file. 
Defaults to true if sudo is built with SELinux support and SELinux
is not disabled on the system.
 2021-01-08 19:29:17 -07:00
Todd C. Miller
4603da02af Add a comment to verify_import() to clarify its purpose. 2021-01-06 19:16:26 -07:00
Todd C. Miller
4e11bc0e26 Suppress PVS Studio false positives. 2021-01-06 14:27:09 -07:00
Todd C. Miller
108e29446d Plug a memory leak in sudoerserrorf(). 2021-01-06 14:12:04 -07:00
Todd C. Miller
92c88d4105 Quiet a few harmless cppcheck warnings. 2021-01-06 13:01:10 -07:00
Todd C. Miller
84b3a1dae1 Remove the --force option from the cppcheck args, it causes errors. 2021-01-06 13:01:09 -07:00
Todd C. Miller
83ff164690 Split up sesh_sudoedit() so it is organized more like sudo_edit.c. 
The new sesh_edit_create_tfiles() and sesh_edit_copy_tfiles() functions
are analogous to sudo_edit_create_tfiles() and sudo_edit_copy_tfiles().
Also use "sudoedit" in the warning/error messages from sesh_sudoedit().
Otherwise, the user gets a mix of messages from sudoedit and sesh.
 2021-01-06 13:01:09 -07:00
Todd C. Miller
9e068c15e0 Add setprogname(3) for those without it. 2021-01-06 13:01:09 -07:00
Todd C. Miller
7788581473 Rename run_cred -> cur_cred and stash existing creds in set_tmpdir(). 
For sudo_edit_open() et al what we need is a copy of the current
cred to restore after dir_is_writable() changes to the user cred.
 2021-01-06 13:01:09 -07:00
Todd C. Miller
ece5adc662 Add struct sudo_cred to hold the invoking or runas user credentials. 
We can use this when we need to pass around credential info instead
of the user_details and command_details structs.
 2021-01-06 13:01:09 -07:00
Todd C. Miller
46e2d7290a Add directory writability checks for SELinux RBAC sudoedit. 
These were never added to the SELinux RBAC path.
 2021-01-06 13:01:09 -07:00
Todd C. Miller
a5be62c68f Move safe open code out of sudo_edit.c and into edit_open.c. 2021-01-06 13:01:09 -07:00
Todd C. Miller
397a07e86f In sudoedit, use sudo_check_temp_file() for non-SELinux too. 2021-01-06 13:01:09 -07:00
Todd C. Miller
7cd36222e7 Add security checks before using temp files for SELinux RBAC sudoedit. 
Otherwise, it may be possible for the user running sudoedit to
replace the newly-created temporary files with a symbolic link and
have sudoedit set the owner of an arbitrary file.
Problem reported by Matthias Gerstner of SUSE.
 2021-01-06 10:16:00 -07:00
Todd C. Miller
db1f27c035 Fix potential directory existing info leak in sudoedit. 
When creating a new file, sudoedit checks to make sure the parent
directory exists so it can provide the user with a sensible error
message.  However, this could be used to test for the existence of
directories not normally accessible to the user by pointing to them
with a symbolic link when the parent directory is controlled by the
user.  Problem reported by Matthias Gerstner of SUSE.
 2021-01-06 10:16:00 -07:00
Todd C. Miller
71339c574f Check the return value of fcntl() when setting FD_CLOEXEC. 
This should never fail unless the fd is invalid.
Problem reported by Matthias Gerstner of SUSE.
 2021-01-06 10:16:00 -07:00
Todd C. Miller
b132def0b1 For sudo, only allow "sudo" or "sudoedit" as the program name. 
The program name is also used when matching Debug lines in sudo.conf.
We don't want the user to be able to influence sudo.conf Debug matching.
The string "sudoedit" is treated the same as "sudo" in sudo.conf.
Problem reported by Matthias Gerstner of SUSE.
 2021-01-06 10:16:00 -07:00
Todd C. Miller
a29cac8bd6 Fix the buffer size parameter when serializing the interface list. 
Problem reported by Matthias Gerstner of SUSE.
 2020-12-21 10:44:22 -07:00
Todd C. Miller
295f099cfc Updated translations from translationproject.org 2021-01-06 10:12:40 -07:00
Todd C. Miller
741cf082a3 Use debug_return_int() not debug_return_bool() to return -1. 
Found by PVS Studio.
 2021-01-04 14:48:43 -07:00
Todd C. Miller
4ea6f73060 Fix a crash introduced in 1.9.4 when running "sudo -i" as an unknown user. 2021-01-04 14:48:42 -07:00
Todd C. Miller
7f34b8bbbd Make sure lecture file is a regular file before reading it. 2021-01-03 14:29:38 -07:00
Todd C. Miller
6e1986e915 Remove #ifdefs around code using pread(3) and pwrite(3). 2021-01-02 10:43:34 -07:00
Todd C. Miller
06bfbecd64 Add emulation of pread(3) and pwrite(3) for systems without them. 
This makes it possible to remove some ugly #ifdefs and only affects
very old systems.
 2021-01-02 10:43:34 -07:00
Todd C. Miller
267b9a8a23 Cannot do direct exec of a command when SELinux RBAC is enabled. 2021-01-02 10:43:34 -07:00
Todd C. Miller
f6452c7caf Avoid potential use after free with eventlog-only connections. 
Coverity CID 215884.
 2021-01-02 10:43:34 -07:00
Todd C. Miller
8617833385 Minor fixes pointed out by cppcheck. 
Also add compareBoolExpressionWithInt to suppression list.
 2021-01-02 10:43:34 -07:00
Todd C. Miller
8ea19e294b Regen now that ldap.c and sssd.c no longer need gram.h 2021-01-02 10:32:21 -07:00
Todd C. Miller
9547755c3f Fix deregistration of a callback that is not at the head of the list. 
The SLIST_FOREACH_PREVPTR macro doesn't work the way I thought it did.
Just store our own prev pointer and use that instead.
 2020-12-30 07:09:35 -07:00
Todd C. Miller
4151d8fc80 Sudo 1.9.4p2 2020-12-20 08:50:48 -07:00
Todd C. Miller
b3173fdedc The runas user must be set before applying runas-based Defaults. 
This effectively backs out changeset f738f5ac5350, which made
it possible to log the command when an invalid user was specified.
The policy plugin API doesn't supply the command until the check
function, at which point we've already denied the command due to
the invalid user.  Bug #951.
 2020-12-20 08:43:34 -07:00
Todd C. Miller
4c00a4e5b7 Don't enable mod_remove_empty_return 
We like to use an empty return for stub functions.
 2020-12-18 09:01:53 -07:00
Todd C. Miller
4949fd2913 Sudo 1.9.4p1 2020-12-15 16:01:05 -07:00
Todd C. Miller
4551b19f6c The lower bounds for the "closefrom" option is 3, not 4. 
This is a regression introduced in sudo 1.8.9 with the strtonum()
conversion.  Bug #950.
 2020-12-16 18:22:40 -07:00
Todd C. Miller
f41b2c1f59 Direct execution of a command is incompatible with using a log server. 2020-12-11 09:45:14 -07:00
Todd C. Miller
5c66e9532e Set sudoers_audit.close to NULL if not using a log server. 2020-12-11 08:46:39 -07:00
Todd C. Miller
0e3e13d872 Define _DARWIN_UNLIMITED_GETGROUPS on macOS to suport > 16 groups. 
On macOS 10.6 and above, getgroups(2) can return more than NGROUPS_MAX
if _DARWIN_UNLIMITED_GETGROUPS or _DARWIN_C_SOURCE is defined.
Bug #946
 2020-12-07 13:15:25 -07:00
Todd C. Miller
1cdc4716c2 Comment out the default plugin lines in the example sudo.conf. 
Fixes a problem when there are multiple versions of sudo installed
and not all suport the audit plugin, such as on macOS.
GitHub issue #75
 2020-12-05 09:08:43 -07:00
Todd C. Miller
63739dd326 Store the user-provided runas user and group name in struct sudo_user. 
This makes it available for event logging in case the name doesn't resolve.
 2020-12-05 09:05:42 -07:00
Todd C. Miller
bac76512fb Log submit group to event log. 2020-12-05 08:51:06 -07:00