isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,013 Commits 1 Branch 0 Tags
c184a241a27d4f436efbcbb7e7bf1035342d34b4
Commit Graph

12013 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
c184a241a2 Mention the audit plugin in the "Process model" section. 
Remove extraneous information describing how sudo may exec the
command directly, this is already included in the non-pty section.
 2022-12-12 16:35:00 -07:00
Todd C. Miller
62dd5734a2 Plug a memory leak of list_cmnd in the fuzzers. 2022-12-11 14:29:14 -07:00
Todd C. Miller
25c709c4d8 Suppress PVS Studio watning about reassigning a variable the same value. 
Working around the warning would result in more fragile code.
 2022-12-11 13:46:06 -07:00
Todd C. Miller
f26a2e7626 Fix some dead stores noted by PVS Studio. 
Since rc is initialized to SUDO_RC_ERROR there is no need to set
it to SUDO_RC_ERROR again on failure if rc has not been changed
since initialization.
 2022-12-11 13:46:04 -07:00
Todd C. Miller
a04557c3d4 Fix memory leak in multiarch_test to quiet leak sanitizer. 2022-12-11 13:46:04 -07:00
Todd C. Miller
a514a6eed5 Add "list" pseudo-command to allow a user to list another user's 
privs.  Previously, only root or a user with the ability to run any
command as either root or the target user on the current host could
use the -U option.  For "sudo -l [-U otheruser] command", NewArgv[0]
is now set to "list" (just like "sudo -l") and the actual command
to be checked starts with NewArgv[1].
 2022-12-11 13:46:00 -07:00
Todd C. Miller
8c16c8faf6 Adjust a line to quiet codespell warning. 2022-12-09 19:23:48 -07:00
Todd C. Miller
934a8793b2 Only build ChangeLog from a repo checkout, not a release tarball. 
The CODEOWNERS file is not present in the release tarball so we can
use that when determining what is (or is not) a repo checkout.
 2022-12-08 14:03:18 -07:00
Todd C. Miller
95a6731ff1 Add CODEOWNERS file, currently all owned by @millert. 2022-12-08 14:00:29 -07:00
Todd C. Miller
179fd32472 Only regenerate ChangeLog if there have been changes. 
Also check that "hg --version" or "git --version" works before using
hg or git.  Bug #1043.
 2022-12-08 10:10:41 -07:00
Todd C. Miller
f5488d733d Fix potential crash introduced in the fix for GitHub issue #134. 
If a user's sudoers entry did not have any RunAs user's set, running
"sudo -U otheruser -l" would dereference a NULL pointer.  We need
to compare the default RunAs user if the sudoers entry does not
specify one explicitly.  Problem reported by Andreas Mueller who
also suggested a different solution in PR #219.
 2022-12-07 10:25:00 -07:00
Todd C. Miller
31684dccc0 Defer installing the SIGCHLD handler until after non-job commands run. 
Lock the socket dir to avoid races in open_persistent_connection().
Also avoid using "ssh -f" since that may return before the socket is created.
Strip carriage returns from log when running in a pty.
 2022-12-07 07:44:44 -07:00
Todd C. Miller
2e322c0943 Fix a typo in SUDO_CHECK_NET_FUNC. 2022-12-06 18:28:49 -07:00
Todd C. Miller
185fe31fea Fix -Wsign-compare warning. 2022-12-06 18:21:49 -07:00
Todd C. Miller
104a0294e1 Initialize "found" in SUDO_CHECK_NET_FUNC. 2022-12-06 16:45:47 -07:00
Todd C. Miller
11264cd49b Fix pasto introduced in last commit. 2022-12-06 16:36:30 -07:00
Todd C. Miller
3df7b64d80 Fix failure in check targets when there is no UTF-8 C locale. 2022-12-06 16:26:34 -07:00
Todd C. Miller
3d2082cdf3 Add SUDO_CHECK_NET_FUNC to check functions in the network libraries. 
If a function is not found, check again with "-lsocket", "-linet",
"-lsocket -lnsl", or "-lresolv".
Also display network libs in final summary as well as the different
linker flags.
 2022-12-06 16:09:26 -07:00
Todd C. Miller
f9639aca89 Make sure HAVE_MAILLOCK_H is defined on Solaris 10. 2022-12-06 14:03:40 -07:00
Todd C. Miller
2c97e7f471 Remove extraneous "(cached)" line when the -C option is used. 
We do not need to call AC_CACHE_VAL() to ensure that a variable is
cached, its name just needs to match the pattern *_cv_*.
 2022-12-06 13:47:03 -07:00
Todd C. Miller
3cdd044c68 Make path checks in sudo.m4 cachable. 2022-12-06 13:40:12 -07:00
Todd C. Miller
1b76f76122 Use AC_PATH_PROGS_FEATURE_CHECK to find mandoc/nroff. 
We don't use the NROFFPROG or MANDOCPROG any longer so no need
to set those.
 2022-12-06 12:18:26 -07:00
Todd C. Miller
dd1eb1f6c5 Don't check for _sys_siglist if sys_siglist is found. 2022-12-06 10:05:03 -07:00
Todd C. Miller
fd6484917e Fix check for sys_sigabbrev. 2022-12-06 08:55:44 -07:00
Todd C. Miller
29c36a3c1d Skip test for __func__ on C99 and above, avoid extra _sys_signame test. 2022-12-05 19:26:57 -07:00
Todd C. Miller
38ffd03cd6 Move gettext checks to m4/gettext.m4 2022-12-05 19:26:50 -07:00
Todd C. Miller
12da6bd0ce Move LDAP library checks to m4/ldap.m4 and make more tests cacheable. 2022-12-05 16:52:34 -07:00
Todd C. Miller
00e22508a7 Move OpenSSL/wolfSSL checks to m4/openssl.m4 2022-12-05 16:45:18 -07:00
Todd C. Miller
f515c238bc Move PIE executable checks to m4/pie.m4 2022-12-05 12:34:12 -07:00
Todd C. Miller
4220e6631b Move address sanitizer and fuzzer checks to m4/sanitizer.m4 2022-12-05 12:33:44 -07:00
Todd C. Miller
ea5668086c Move symbol visibility checks to m4/visibility.m4 2022-12-05 12:33:42 -07:00
Todd C. Miller
5bf5a4e26c Move hardening checks to m4/hardening.m4 2022-12-05 12:32:53 -07:00
Todd C. Miller
8718fc2083 Make cpp variadic arguments check into a macro and move to sudo.m4. 
Also move the PVS-Studio.cfg generation to sudo.m4.
 2022-12-05 09:47:21 -07:00
Todd C. Miller
ee6420ad5b Sync with OpenBSD. 2022-12-03 09:04:25 -07:00
Todd C. Miller
31152ba4d7 Merge pull request #218 from sohomdatta1/snprintf 
[snprintf] Check for '\0' to prevent undef memory read
 2022-12-03 06:54:53 -07:00
Sohom
8ac89f8d05 [snprintf] Check for '\0' to prevent undef memory read 2022-12-03 08:14:14 +05:30
Todd C. Miller
e707ffe58b Place C23 attributes before keywords in function declarations. 
In practice this means we must use "sudo_noreturn static foo(void)"
instead of "static sudo_noreturn foo(void)".
 2022-12-01 12:54:53 -07:00
Todd C. Miller
a44a005f0b Convert from using IPC::Open3 to IPC::Run. 
Run tests in a pty so check_ttyname works as expected.
Explicitly set short command line options letters in GetOptions().
Add a debug flag to help see what is going on internally.
Add hook for die() to kill running jobs when we are dying.
SSH_AGENT_PID will not be present if the agent is forwarded.
In close_persistent_connections() only close active connections.
 2022-11-30 11:19:44 -07:00
Todd C. Miller
16ae61dcd7 Use C23 [[__fallthrough__]] and [[__noreturn__]] attributes if supported. 
If the C23 attributes are not supported, use gcc-style attributes
where possible.
 2022-11-29 16:28:27 -07:00
Todd C. Miller
cfdcd96b63 Move the check for the fallthrough attribute outside the warnings block. 
Use AX_APPEND_FLAG instead of addind to CFLAGS directly.
 2022-11-29 16:04:14 -07:00
Todd C. Miller
63e58cbbec The distributed package build script I use to build all sudo packages. 
This is not included in the release tarball because it is of limited
use to other people.
 2022-11-28 12:46:32 -07:00
Todd C. Miller
a9cab46f88 Pass the list of files to include in the tarball on stdin. 
This avoids any limit on the size of argv.
 2022-11-25 11:01:38 -07:00
Todd C. Miller
9a36698164 Merge pull request #214 from BornThisWay/1124_repeated_invocation 
check_syntax(): Remove duplicate calls to init_defaults()
 2022-11-23 19:33:46 -07:00
modric
26cf125fb9 check_syntax(): Remove duplicate calls to init_defaults() 2022-11-24 09:42:05 +08:00
Todd C. Miller
46d286947e build_command_info: free command_info on failure. 
Once upon a time, command_info was a stack variable, now it is
dynamically allocated.  Coverity CID 299987.
 2022-11-22 17:26:24 -07:00
Todd C. Miller
eb4ae10ab4 Better handling of out-of-memory conditions. 2022-11-22 11:57:42 -07:00
Todd C. Miller
9fff5a5fae Keep group file open until the call to myendgrent(). 
This restores the previous behavior.
 2022-11-22 11:55:34 -07:00
Todd C. Miller
f066ff9e01 Eliminate a few harmless dead stores. 
Quiets warnings from Infer.
 2022-11-22 11:18:24 -07:00
Todd C. Miller
2f97da316e sudo_ldap_parse_option: add explicit NULL check for strchr(). 
This should not be needed since we only use the returned pointer
if it is larger than the string passed to strchr().
Quiets a warning from Infer.
 2022-11-22 11:17:30 -07:00
Todd C. Miller
a0d9963fe6 journal_fdopen: free journal_path and close journal before setting 
Fixes a potential resource leak that currently cannot happen.
Quiets a warning from Infer.
 2022-11-22 11:15:21 -07:00