isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,616 Commits 1 Branch 0 Tags
c0f149b5331d1f9ed4bedc1b64c6805e47c62715
Commit Graph

534 Commits

Author SHA1 Message Date
Todd C. Miller
632dbebef0 fix strlcpy() rval check (innocuous) 2003-04-01 15:02:49 +00:00
Todd C. Miller
48229cbac6 update copyright year 2003-03-15 20:31:02 +00:00
Todd C. Miller
b18a141ae9 Cast [ug]ids to unsigned long and printf with %lu 2003-03-15 20:19:58 +00:00
Todd C. Miller
4b7b3c7f59 Use stat_sudoers macro so --with-stow can work 2003-03-15 18:02:02 +00:00
Todd C. Miller
eebc763bd3 Use strlc{at,py} for paranoia's sake and exit on overflow. In all 
cases the strings were either pre-allocated to the correct size of
length checks were done before the copy but a little paranoia can
go a long way.
 2003-03-13 20:00:45 +00:00
Todd C. Miller
96376b6d4e snprintf() a uid as %lu, not %ld to match the MAX_UID_T_LEN test in 
configure.
 2003-03-13 16:58:25 +00:00
Todd C. Miller
804caf3956 Use snprintf() for paranoia 2003-03-12 23:46:54 +00:00
Todd C. Miller
c96a62e26c Use emalloc2() to allocate N things of a certain size. 2003-03-12 21:45:51 +00:00
Todd C. Miller
897b551372 fix typo in comment; Pedro Bastos 2002-11-26 17:09:59 +00:00
Todd C. Miller
b152da4cdb Revamp set_perms. We now use a version based on setresuid() or setreuid() 
when possible since that allows us to support the stay_setuid option and
we always know exactly what the semantics will be (various Linux kernels
have broken POSIX saved uid support).
 2002-11-22 19:09:49 +00:00
Todd C. Miller
faabf3bac7 Before exec, restore state of signal handlers to be the same as 
when we were initialy invoked instead of just reseting to SIG_DFL.
Fixes a problem when using sudo with nohup.  Based on a patch from
Paul Markham.
 2002-11-22 18:33:47 +00:00
Todd C. Miller
4f2d87e28c o timestamp_uid should be uid_t, not int 
o clarify error message when sudo is run by root and no_root_sudo is set
 2002-11-22 18:23:24 +00:00
Todd C. Miller
0f60107a1c No need for dump_badenv() now that dump_defaults() knows how to dump lists. 2002-05-05 19:58:29 +00:00
Todd C. Miller
c289159953 g/c second arg to set_perms--it is no longer used 2002-05-05 00:43:38 +00:00
Todd C. Miller
a30951d34c Add support for non-root timestamp dirs. This allows the timestamp 
dir to be shared via NFS (though this is not recommended).
 2002-05-03 22:48:17 +00:00
Todd C. Miller
99cc62452d Move endpwent() to be after set_perms(PERM_RUNAS, ...) and also call 
endgrent() at the same time.
 2002-03-12 03:19:04 +00:00
Todd C. Miller
ea24bef19c The SHELL environment variable was preserved from the user's 
environment instead of being reset based on the passwd database
when the "env_reset" option was used.  Now it is reset as it should be.
 2002-01-15 23:43:59 +00:00
Todd C. Miller
f039427253 Add a configure option to turn off use of POSIX saved IDs 2002-01-15 22:47:29 +00:00
Todd C. Miller
eb97ce45ea Only OR in MODE_RESET_HOME if MODE_RUN is set. 
Fixes a problem where "sudo -l" would not work if always_set_home was set.
 2002-01-15 20:39:59 +00:00
Todd C. Miller
26e835b096 o Move the call to rebuild_env() until after MODE_RESET_HOME is set. 
Otherwise, the set_home option has no effect.

o Fix use of freed memory when the "fqdn" flag is set.  This was
  introduced by the fix for the "segv when gethostbynam() fails" bug.
  Also, we no longer call set_fqdn() if the "fqdn" flag is not set so
  there is no need to check the "fqdn" flag in set_fqdn() itself.
 2002-01-15 01:53:02 +00:00
Todd C. Miller
9eac6eeaa3 If set_perms == set_perms_posix and the stay_setuid flag is not 
set, set all uids to 0 and use set_perms_fallback().
 2002-01-13 18:29:23 +00:00
Todd C. Miller
a82e7a8efe (c) 2002 2002-01-08 15:00:18 +00:00
Todd C. Miller
53299b78a0 Defer assigning new environment until right before the exec. 2002-01-08 14:20:57 +00:00
Todd C. Miller
afe8333fc2 XXX - should call find_path() as runas user, not root. Can't do 
that until the parser changes though.
 2001-12-15 00:45:13 +00:00
Todd C. Miller
cfadcb1733 If find_path() fails as root, try again as the invoking user (useful 
for NFS).  Idea from Chip Capelik.
 2001-12-15 00:38:06 +00:00
Todd C. Miller
761b119e2e Add new sudoers option "preserve_groups". Previously sudo would not 
call initgroups() if the target user was root.  Now it always calls
initgroups() unless the -P command line option or the "preserve_groups"
sudoers option is set.  Idea from TJ Saunders.
 2001-12-15 00:24:27 +00:00
Todd C. Miller
65fad4df35 o Reorder some headers and use STDC_HEADERS define properly 
o Update copyright year
 2001-12-14 19:52:54 +00:00
Todd C. Miller
2e677e1023 Remove "secure_path" Defaults option since it cannot work with the 
existing parser.
 2001-12-14 06:40:03 +00:00
Todd C. Miller
f590093e46 Unset "secure_path" if user_is_exempt() 2001-12-14 06:26:55 +00:00
Todd C. Miller
cf92836ecf Only need to do 'lc = login_getclass(NULL)' if lc == NULL 2001-12-13 02:42:45 +00:00
Todd C. Miller
678f56e2e8 o Defer call to set_fqdn() until it is safe to use log_error() 
o Don't print errno string value if gethostbyname fails, it is not relevant
 2001-12-13 01:24:45 +00:00
Todd C. Miller
4cad1daa76 Must reset signal handlers before we exec 2001-12-09 05:20:34 +00:00
Todd C. Miller
60bbfa42df Don't block keyboard interrupt signals, just set them to SIG_IGN. 2001-12-09 05:09:10 +00:00
Todd C. Miller
241cb64cc4 Kill POSIX_SIGNALS define and old signal support now that we emulate POSIX ones 
Also be sure to correctly initialize struct sigaction.
 2001-12-08 19:44:30 +00:00
Todd C. Miller
63ae9ec2ad Dump default bad env table when 'sudo -V' is run by root. 2001-11-12 18:08:30 +00:00
Todd C. Miller
29871e4422 If we fail to lookup a login class, apply the default one. 2001-08-23 21:43:38 +00:00
Todd C. Miller
11127e3468 Use setpwent()/endpwent() + all the shadow variants to make sure 
we don't inadvertantly leak an fd to the child.  Apparently Linux's
shadow routines leave the fd open even if you don't call setspent().
Reported by mike@gistnet.com; different patch used.
 2001-05-10 18:55:12 +00:00
Todd C. Miller
646bd70349 remove struct env_table decl since that stuff has all moved to env.c 2001-04-13 01:36:59 +00:00
Todd C. Miller
d956d77528 Move defaults info into its own files from which we generate 
.h and .c files.  This makes adding or rearranging variables
much simpler.
 2000-12-31 01:38:37 +00:00
Todd C. Miller
572b4cf39a Don't try and build saved uid version of set_perms on systems w/o them. 
Rename set_perms_saved_uid() -> set_perms_posix()
Make set_perms_setreuid simply be set_perms_fallback() and simply include
  the appropriate function at compile time (setreuid() vs. setuid()).
 2000-12-30 03:59:40 +00:00
Todd C. Miller
998631b73a New Defaults options: 
o stay_setuid - sudo will remain setuid if system has saved uids or setreuid(2)
 o env_reset - reset the environment to a sane default
 o env_keep - preserve environment variables that would otherwise be cleared

No longer use getenv/putenv/setenv functions--do environment munging by hand.
Potentially dangerous environment variables can be cleared only if they
contain '/' pr '%' characters to protect buggy programs.
Moved environment routines into env.c (new file)
 2000-12-30 03:29:47 +00:00
Todd C. Miller
7ce284a132 Use exit(127), not exit(-1) 2000-11-03 14:36:32 +00:00
Todd C. Miller
7ea65e54bd Move set_perms() to its own file and use POSIX saved uid or setreuid() 
if available.

Added stay_setuid option for systems that have libraries that perform
extra paranoia checks in system libraries for setuid programs (ie:
anything with issetugid(2)).
 2000-11-03 05:37:44 +00:00
Todd C. Miller
70f16a284d strip more bits from the environment and add a facility for stripping 
things only if they contain '/' or '%' to address printf format string
vulnerabilities in other programs.
 2000-11-03 01:28:54 +00:00
Todd C. Miller
f31d6ce259 Remove debugging code that should not have been committed, oops. 2000-10-29 22:31:42 +00:00
Todd C. Miller
e23d30b913 Fix a coredump in the logging functions if gethostname(2) fails 
by deferring the call to log_error() until things are better setup.

Fix return value of set_loginclass() in non-BSD-auth case.

Hard-code 'sudo' in the usage message so we can fit more options on a line
 2000-10-27 22:41:48 +00:00
Todd C. Miller
0208b22686 Add support for BSD authentication. 2000-10-26 16:42:40 +00:00
Todd C. Miller
9745a31948 sudo_setenv() now exits on memory alloc failure instead of returning -1. 2000-09-14 20:48:58 +00:00
Todd C. Miller
deb5b07f40 Strip out NLSPATH and PATH_LOCALE from the environment for FreeBSD 
and possibly others.
 2000-09-07 21:41:16 +00:00
Todd C. Miller
ed7827decc Add always_set_home variable 2000-09-07 01:35:39 +00:00