isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,831 Commits 1 Branch 0 Tags
c341608072a33c74fa3e534e987d6d3513f19b51
Commit Graph

11831 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
c341608072 Remove most uses of the deprecated Li macro which has no effect. 
Also fix some other incorrect markup.
 2022-09-13 19:56:45 -06:00
Todd C. Miller
a326411903 Use $(GREP) and $(EGREP) variables in Makefile.in files. 2022-09-12 16:30:52 -06:00
Todd C. Miller
f235390d1e Merge pull request #177 from a1346054/fixes 
Makefile.in: replace `egrep` and fix target name
 2022-09-12 16:18:50 -06:00
a1346054
5c1c276e28 Fix incorrect makefile target name 2022-09-12 21:54:53 +00:00
a1346054
6fac1f5186 Use grep -E instead of egrep 2022-09-12 21:52:32 +00:00
Todd C. Miller
3194d16674 Document apparmor_profile, intercept_verify, and update_ticket. 2022-09-11 19:06:26 -06:00
Todd C. Miller
5bcec02442 Fix some of the markup to be more consistent with sudo_plugin.mdoc.in. 
Also reword a few awkward phrases.
 2022-09-11 19:06:25 -06:00
Todd C. Miller
a7b200d014 Use correct markup of function arguments and struct members. 
Also remove most uses of the deprecated Li macro which has no effect.
 2022-09-11 19:06:24 -06:00
Todd C. Miller
3f6ffead0b Move the init_session() errstr description to where it belongs. 2022-09-11 19:06:23 -06:00
Todd C. Miller
b85f95cb30 Fix a typo 2022-09-11 19:06:22 -06:00
Todd C. Miller
d6c7abd42e log_parse_error: make errstr const to quiet a -Wwrite-strings warning 2022-09-07 14:45:47 -06:00
Todd C. Miller
89a40741b4 Add __printf0like to visudo_track_error(). 2022-09-07 07:25:31 -06:00
Todd C. Miller
7f169da832 Back out unintended change in last commit. 2022-09-06 15:47:29 -06:00
Todd C. Miller
965e2a0c09 It is possibble for sudoerserrorf() to be called with a NULL format. 
So log_parse_error() needs to check fmt for NULL before using it.
 2022-09-06 15:40:59 -06:00
Todd C. Miller
67be673856 Mention how to restore the historic core resource limit behavior. 2022-09-03 09:50:00 -06:00
Todd C. Miller
2815b77e47 Update with latest changes. 2022-09-02 15:28:33 -06:00
Todd C. Miller
02e92c2afd Set MODE_POLICY_INTERCEPTED for log_subcmds too. 
This fixes a problem where sub-commands were not being logged to
the remote log server, if configured.  Since we don't go through
sudoers_policy_main() again for log_subcmds, we set the flag in
sudoers_audit_accept() instead.  The reason this is complicated is
that when I/O logging is enabled the initial accept message gets
sent as part of the remote logging handshake.  GitHub issue #174
 2022-09-03 09:43:41 -06:00
Todd C. Miller
21b48a3034 Fix typo. 2022-09-02 15:22:40 -06:00
Todd C. Miller
49e9e5eb85 Only check the admin flag file once in intercept mode. 2022-09-02 14:45:57 -06:00
Todd C. Miller
159bdb1cb7 Document cvtsudoers CSV output format 2022-09-02 14:01:43 -06:00
Todd C. Miller
37ae66062d Document cvtsudoers JSON output format 2022-08-31 11:33:04 -06:00
Todd C. Miller
a6472710e6 Zero out register struct before calling ptrace_getregs(). 
Quiets a spurious valgrind warning.
 2022-08-30 07:35:43 -06:00
Todd C. Miller
caa0408a8a intercept_verify is fast, but the policy check is (relatively) slow. 2022-08-29 14:10:49 -06:00
Todd C. Miller
817f63b05d Realloc the buffer used to store argv and envp as needed. 
We now store the vector immediately after the string table.
It is possible for argv and its contents to be invalidated
by realloc() when reading envp so we store the pointers as
offsets until we are done allocating.
 2022-08-29 12:47:42 -06:00
Todd C. Miller
0d2f1c4a2b ptrace_verify_post_exec: use /proc/PID/cmdline and /proc/PID/environ 
There is no reason to read these directly from the tracee
when we rely on /proc being mounted to access /proc/PID/exe.
 2022-08-28 18:59:41 -06:00
Todd C. Miller
234c56b87f Protect ptrace_readv_string() with #ifdef HAVE_PROCESS_VM_READV 2022-08-28 08:27:30 -06:00
Todd C. Miller
922772c6cb Rework the intercept section in "Preventing shell escapes". 2022-08-25 19:01:59 -06:00
Todd C. Miller
351175eb26 Update CodeQL Action to v2 using current example config. 2022-08-25 14:42:26 -06:00
Todd C. Miller
0af393e75b Suppress PVS-Studio false positive. 2022-08-25 14:22:21 -06:00
Todd C. Miller
2902ebe067 intercept_check_policy_req: an empty argv[] is now supported 2022-08-25 14:21:12 -06:00
Todd C. Miller
14356c1940 Use process_vm_readv(2) and process_vm_writev(2) if available. 
This is faster than reading/writing from/to the remote process one
word at a time using PTRACE_PEEKDATA and PTRACE_POKEDATA.
 2022-08-25 12:37:19 -06:00
Todd C. Miller
36747f89a8 Skip all of check_user() for intercept unless intercept_authenticate set. 
Previously we were calling the PAM approval modules even in intercept
mode which can take a lot of time.  We may wish to make PAM approval
configurable in intercept mode in the future.
 2022-08-25 09:35:42 -06:00
Todd C. Miller
22dad3f59c Only set MODE_POLICY_INTERCEPTED on subsequent policy checks. 
This fixes a bug where MODE_POLICY_INTERCEPTED was set too early
if the intercept option was set globally in sudoers.  It should
only be set after the original command has executed.
 2022-08-25 09:33:42 -06:00
Todd C. Miller
966eae6bf3 intercept_verify also compares the environment. 
Also mention the overhead involved in checking things.
 2022-08-23 11:12:51 -06:00
Todd C. Miller
3d995f7e58 ptrace_getregs: make compat check more generic 
No need to use different checks for mips and non-mips, the compiler
will optimize away the superfluous check.
 2022-08-22 11:46:46 -06:00
Todd C. Miller
4d58fc904d Correct type of sudoers_audit. 
GitHub issue #61
 2022-08-22 09:04:44 -06:00
Todd C. Miller
a3a181df07 Fix shadowed variable warning. 2022-08-20 14:36:29 -06:00
Todd C. Miller
c948717bd4 Fix shadowed variable warning on aarch64. 2022-08-19 13:37:49 -06:00
Todd C. Miller
8145ad12da Quiet another -Wwrite-strings warning. 2022-08-19 11:37:38 -06:00
Todd C. Miller
8eb619ac2b ptrace_getregs: try to determine compat mode if caller doesn't know. 
In ptrace_verify_post_exec(), we don't know whether the executable
that is now running is a native or compat binary.  In most cases
ptrace_getregs() will be able to figure it out for us.
 2022-08-19 11:34:40 -06:00
Todd C. Miller
b2d8909c19 ptrace_intercept_execve: fail syscall rather than killing process on error. 
If the execve(2) args are bogus pointers, we should just return an
error instead of killing the process.  For consistency with the
kernel, convert EIO from ptrace(2) to EFAULT.
Also convert some ptrace(2) warnings to debug printfs so sudo is less chatty.
 2022-08-19 11:05:10 -06:00
Todd C. Miller
9f552471bc Treat argv and closure->run_argv of different sizes as a mismatch. 
If argv and closure->run_argv match up to the point where we hit a
NULL but one of them has additional entries, we still need to rewrite
argv.
 2022-08-18 15:15:06 -06:00
Todd C. Miller
aef4a61886 Handle the case where argc is 0 when allocating space for argv. 
We need to pass the pathname to the policy plugin in argv[0] so we
must be sure to allocate space for it even if argc is 0.
 2022-08-18 15:12:21 -06:00
Todd C. Miller
76bd1bcc95 copy_vector: treat a NULL pointer as an empty vector. 
Linux execve(2) allows argv to be NULL so we must allocate an empty
vector in this case and not return an error.
 2022-08-18 15:10:42 -06:00
Todd C. Miller
48a9126a1b Update debug_decl name for sudo_preload_dso -> sudo_preload_dso_alloc change. 2022-08-18 15:08:38 -06:00
Todd C. Miller
bc5016296d Handle the case where argc is 0 when rebuilding argv. 
We need to pass the pathname to the policy plugin in argv[0] so we
must be sure to allocate space for it even if argc is 0.
 2022-08-18 15:07:25 -06:00
Todd C. Miller
23fa22975c Handle sysconf(_SC_ARG_MAX) failure, Coverity CID 276504. 2022-08-18 10:32:19 -06:00
Todd C. Miller
d65bcf2ab3 Avoid a Coverity false positive. 2022-08-18 10:27:01 -06:00
Todd C. Miller
81a3339df9 Remove cast from time_t to int to avoid a Coverity false positive. 
The cast should not be required.
 2022-08-18 10:21:14 -06:00
Todd C. Miller
158facf6d5 Use multilib rules to look for a 64-bit group plugin on failure. 
If sudo_dso_load() fails on a 64-bit system, try to load a 64-bit
native version of the file using system-dependent multilib rules.
If we don't support multilib on the platform, check for a version
of the file that ends in "64" before the .so suffix.
 2022-08-11 19:34:50 -06:00