isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,831 Commits 1 Branch 0 Tags
c341608072a33c74fa3e534e987d6d3513f19b51
Commit Graph

11831 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
e66e1ca383 In SECURITY NOTES, clarify that PATH may be overridden by the policy. 
Bug #1014
 2021-12-11 09:08:03 -07:00
Todd C. Miller
c13b21c199 Avoid TOCTOU in sudo_mkdir_parents() using openat(2) and mkdirat(2). 
This also allows us to make path const as it should be.
 2021-12-11 08:35:18 -07:00
Todd C. Miller
55db239243 Sudo parsed "deref" and "tls_reqcert" in ldap.conf but didn't set the options. 
The switch() in the sudo_ldap_set_options_table() function needed to be
updated to treat CONF_DEREF_VAL and CONF_REQCERT_VAL data types as int.
Fix from Dennis Filder.  Bug #1013.
 2021-12-11 08:35:14 -07:00
Todd C. Miller
a2aa709707 Minor formatting tweak so we can import into the sudo web site. 2021-12-10 20:14:48 -07:00
Todd C. Miller
83defd3a6f Fix CodeQL "Multiplication result converted to larger type" warnings. 2021-12-10 13:33:07 -07:00
Todd C. Miller
014339948c Surround email addresses with angle brackets, not square backets. 2021-12-09 18:51:37 -07:00
Todd C. Miller
3cd0ffade8 Updated translations from translationproject.org 2021-12-08 10:23:37 -07:00
Todd C. Miller
27121cff65 Update .pot files for 1.9.9 2021-12-08 10:22:02 -07:00
Todd C. Miller
d324a53065 Minor formatting tweaks. 2021-12-06 09:27:54 -07:00
Todd C. Miller
3bd572ba80 Convert README and docs files to markdown. 
This makes things look better on GitHub and we can use the
markdown version directly in the new sudo web site.
 2021-12-05 21:02:04 -07:00
Todd C. Miller
2c754a8d49 Policy -> Disclosure Policy 2021-12-04 16:29:49 -07:00
Todd C. Miller
9497ab99c6 Merge pull request #124 from juspence/main 
Allow sudo -g anyone and sudo -u anyone -g anytwo
 2021-12-04 16:27:24 -07:00
juspence
1d13533ea3 Allow sudo -g anyone and sudo -u anyone -g anytwo 
When only the user (ALL) is specified explicitly, and the group is implied, only sudo -u works. Specifying both the user and group, like (ALL:ALL), is required to:

1) Use sudo -g by itself (with no -u user)
2) Use sudo -u and -g together, with a -g group that is different from the -u user's primary group
 2021-12-04 17:41:13 -05:00
Todd C. Miller
aae130eb73 Add build dir to include search path for mksiglist.h and mksigname.h 
Fixes out of tree builds on systems without sys_siglist[] or
sys_signame[].  GitHub issue #123.
 2021-12-02 07:19:43 -07:00
Todd C. Miller
0608a4ea6f cvtsudoers: better merging of lists that are not exact duplicates 
When merging rules, if one list would be overridden by another,
remove the overridden rule and continue merging.
 2021-11-29 11:50:40 -07:00
Todd C. Miller
a9f3032b5b Update NEWS with latest changes. 2021-11-28 08:45:31 -07:00
Todd C. Miller
f9f39cde20 dir_is_writable: don't treat EPERM from faccessat() as a fatal error. 
We can get EPERM on Linux with SELinux.  GitHub issue #122.
 2021-11-27 12:34:16 -07:00
Todd C. Miller
003f9550f1 cvtsudoers: add -l option to log merge actions 
The "-l logfile" option can be used to store a log of what
actions cvtsudoers took when merging multiple files.
For example, which aliases were renamed, which entries were overriden
or removed as duplicated.
 2021-11-24 06:52:51 -07:00
Todd C. Miller
ce9c6d17c5 Sudo 1.9.9 2021-11-24 06:52:50 -07:00
Todd C. Miller
409410b029 New Persian (Farsi) translation from translationproject.org 2021-11-21 09:53:50 -07:00
Todd C. Miller
d83321388d Quiet a PVS Studio warning. 
The warning that need_comma is always false is correct but in this
case it is better to use a consistent construct so that if the code
is re-ordered no bugs are introduced.
 2021-11-20 09:40:06 -07:00
Todd C. Miller
dc5ac7424b Pass correct size to free_zero(). 
Coverity CID 241233
 2021-11-20 09:14:04 -07:00
Todd C. Miller
e64a089aea Add reference counting to Defaults bindings. 
Previously, we checked that the previous entry's binding pointer
was not the same while freeing.  However, to be able to merge
Defaults records we cannot rely on Defaults entries with the same
binding being immediately adjacent.  This removes the prev_binding
checks in favor of a reference count which allows us to plug the
memory leak in cvtsudoers when merging Defaults.
 2021-11-20 08:01:37 -07:00
Todd C. Miller
aed51033e1 cvtsudoers: use init_parse_tree() to initialize a parse tree. 
Also free the parse tree before exit.
 2021-11-19 12:29:21 -07:00
Todd C. Miller
730ebabdba init_parse_tree() now takes ownership of lhost and shost, if any. 
This means that lhost and shost in struct sudoers_parse_tree
are no longer const and that free_parse_tree() will free lhost/shost.
The only consumer that passed in lho.st/shost was the SSSD back-end
which has been updated to avoid a double-free.
 2021-11-19 12:29:21 -07:00
Todd C. Miller
cc79038730 Document how to merge sudoers files with cvtsudoers. 2021-11-19 12:29:21 -07:00
Todd C. Miller
f5c6e2df7b cvtsudoers: merge userspecs when multiple sudoers files are specified 
If a hostname is specified with the sudoers file, it will be used to
make the userspec host-specific, if possible.  Duplicate userspecs
are removed but conflicting entries are not currently pruned.
 2021-11-19 12:29:21 -07:00
Todd C. Miller
d31109ded2 cvtsudoers: merge Defaults when multiple sudoers files are specified 
If a hostname is specified with the sudoers file, it will be used to
make the Defaults setting host-specific, if possible.
Duplicate Defaults settings are removed and conflicts are warned about.
It is not possible to resolve all conflicts automatically.
 2021-11-19 12:29:21 -07:00
Todd C. Miller
ab9e44a6ca cvtsudoers: merge aliases when multiple sudoers files are specified 
Duplicate aliases are remove.  If there are conflicting alias names,
the conflicts are renamed by appending a numerical suffix.
For example, if there are two SERVERS Host_Aliases, the second one
will be renamed to SERVERS_1.
 2021-11-19 12:29:21 -07:00
Todd C. Miller
33fbf59467 Add support for specifying the hostname as a prefix to the sudoers file. 
If present, the host name is copied into the struct sudoers_parse_tree.
 2021-11-16 19:00:56 -07:00
Todd C. Miller
4cb34a2015 cvtsudoers: parse multiple sudoers files and store them in a tail queue 
In the future the parsed files will be merged before they are output.
 2021-11-11 16:04:45 -07:00
Todd C. Miller
b1309f76db Add sudoers_parse_tree_list, a tail queue of struct sudoers_parse_tree. 
This will be used to store multiple parse trees and merge them
into a single sudoers_parse_tree.
 2021-11-11 15:40:51 -07:00
Todd C. Miller
7baee707b0 Add a background image for the macOS installer. 2021-11-19 12:26:31 -07:00
Todd C. Miller
7b0b186994 Update PolyPkg 2021-11-19 12:26:30 -07:00
Todd C. Miller
0a89b87a3f mkpkg: handle a macOS SDK that just uses the major version. 
For example, MacOSX11.sdk instead of MacOSX11.3.sdk.
 2021-11-18 15:40:36 -07:00
Todd C. Miller
70c0d35faa Add missing dependencies for timegm. 2021-11-18 13:28:19 -07:00
Todd C. Miller
3ab280fc61 Fix formatting of links. 2021-11-11 14:19:22 -07:00
Todd C. Miller
781a4fb691 Add contributing guide. 2021-11-11 13:56:36 -07:00
Todd C. Miller
658eba7ee4 Create codeql-analysis.yml 2021-11-11 09:46:55 -07:00
Todd C. Miller
85325a7d2f Add security doc, inspired by the Microsoft template. 2021-11-10 17:26:26 -07:00
Todd C. Miller
289a045a4f Rename "doc" directory to "docs" for better GitHub compatibility. 2021-11-10 16:45:16 -07:00
Todd C. Miller
5faf46de6f Use $(SED), not sed, when generating mksiglist.h/mksigname.h 2021-11-10 13:35:44 -07:00
Todd C. Miller
09b82a22ca Add configure check for sha1sum and use "openssh dgst -sha1" if missing. 
Only needed when building the seed corpus zip files.
 2021-11-10 13:31:42 -07:00
Todd C. Miller
c2d03f7cca sudo_compat.h: include unistd.h regardless of OS type 
This helps to avoid issues with mismatched headers and libraries.
 2021-11-10 13:30:27 -07:00
Todd C. Miller
55d17eaa34 install_sudoers: fix return value when there is no temp file to install 
This can happen when no changes were made.  Also preserve the edited
temp file on error if we are unable to move it into place.
 2021-11-09 16:09:48 -07:00
Todd C. Miller
def7a51f4d Bump plugin version in test data to 1.18. 2021-11-09 13:59:36 -07:00
Todd C. Miller
8e656b63c8 free_defs_val: free rlimits like strings (which they are). 2021-11-09 13:45:06 -07:00
Todd C. Miller
288bb82543 Rename {check,set}_perms variable to {check,set}_mode. 
Avoids a name clash with the set_perms() function.
 2021-11-09 13:41:27 -07:00
Todd C. Miller
7085a64475 Avoid symbol name clash with is_writable() function variable. 
Rename "is_writable" variable to "writable".
 2021-11-09 13:39:30 -07:00
Todd C. Miller
03927f998f Mention that the core dump size resource limit now defaults to 0. 2021-11-09 13:33:39 -07:00