isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,831 Commits 1 Branch 0 Tags
c341608072a33c74fa3e534e987d6d3513f19b51
Commit Graph

11831 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
02966f059e Mention --enable-static-sudoers fix. 2021-09-08 17:10:30 -06:00
Todd C. Miller
4b365300a7 Fix typo introduced in 1.9.7 that set SUDO_LDFLAGS to SUDOERS_LDFLAGS. 
Copy pasta is not always the best kind of pasta.
 2021-09-08 15:31:08 -06:00
Todd C. Miller
3a4aec7a62 sudo_intercept.so: only replace execvpe() if it is present. 
execvpe() is a GNU extension also found on *BSD (but not macOS).
 2021-09-08 11:09:59 -06:00
Todd C. Miller
6d5f450a62 We now intercept more than just execve(). 2021-09-08 09:52:10 -06:00
Todd C. Miller
6c456127b3 Implement simple PATH resolution for execvp(). 
We want to use PATH from the current value of the environment, not
the initial value of PATH when the policy was opened.
This is a little different from how real execvp() works since we
use stat() instead of just execve().
 2021-09-07 19:55:47 -06:00
Todd C. Miller
7ae62866e4 Add support for execl, execle, execlp, execvp, and execvpe. 
Currently, PATH traversal is handled by sudoers which uses
the original PATH, not the one updated by the shell.
 2021-09-07 19:55:45 -06:00
Todd C. Miller
bf60451845 Remove conditional include of alloca.h, we don't define HAVE_ALLOCA_H. 
The configure check for alloca() was removed long ago but this got
missed.
 2021-09-03 16:03:48 -06:00
Todd C. Miller
aac09cf7be Define RBAC and mention incompatibility with intercept/log_subcmds. 2021-09-03 14:19:32 -06:00
Todd C. Miller
157ceadfab Fix computation of the token address when handling a partial read. 
We want to treat it as an array of bytes, not an array of tokens.
Coverity CID 240011
 2021-09-02 14:15:50 -06:00
Todd C. Miller
f64d71674e Quiet a PVS-Studio format string warning. 2021-09-02 13:37:36 -06:00
Todd C. Miller
9a9a22e93e Regen .pot files. 2021-09-02 12:20:08 -06:00
Todd C. Miller
2f6cacd1ec Updated translations from translationproject.org 2021-09-02 12:20:05 -06:00
Todd C. Miller
967bcab4db regen 2021-09-01 13:37:17 -06:00
Todd C. Miller
38d884a62d Do not compile intercept code if --disable-intercept is specified. 2021-09-01 13:35:47 -06:00
Todd C. Miller
5c2f1ebbcf We now intercept execv() too. 2021-09-01 13:11:42 -06:00
Todd C. Miller
190e495b64 INSTALL: --disable-intercept will also disable "log_subcmds" 2021-09-01 13:10:15 -06:00
Todd C. Miller
f40afd73fe Can't use intercept or log_subcmds with SELinux RBAC. 
SELinux policy will prevent the inherited socket from sudo from
being used and may also restrict the ability to connect back to the
sudo process.
 2021-09-01 11:09:17 -06:00
Todd C. Miller
242e4d070f Fix typo in comment. 2021-09-01 11:07:36 -06:00
Todd C. Miller
4ca5c7d643 Updated translations from translationproject.org 2021-09-01 10:57:26 -06:00
Todd C. Miller
9a690a8984 Switch to a 128-bit token instead of a 64-bit secret. 
Protobuf doesn't have a 128-bit type so use two u64s.
We now support partial reads of the token.
 2021-09-01 10:17:26 -06:00
Todd C. Miller
4bff82cab4 Fix random uuid generation, no need to convert between byte order. 
Also add regression test.
 2021-08-31 19:53:28 -06:00
Todd C. Miller
9137909c7d sudo_intercept.so: send the secret immediately after connecting. 
Sending the secret out of band, before the message size is read,
should make it harder to mount a DoS attack.
 2021-08-31 16:33:54 -06:00
Todd C. Miller
26938012f8 Handle reading large messages that don't fit in a single recv(). 
We know the length of what we are receiving so just loop until
we have it all, get EOF or an error.
 2021-08-31 12:09:05 -06:00
Todd C. Miller
c0630a36c8 Add checks for -fstack-clash-protection and -Wl,-z,noexecstack 
We use -Wc,-fstack-clash-protection as the linker flag to prevent
libtool from removing it from the link line.
 2021-08-31 09:57:11 -06:00
Todd C. Miller
a078bc64bb Make the sudo side of the intercept socket non-blocking. 2021-08-31 07:46:58 -06:00
Todd C. Miller
3c26b92a75 Handle partial read/write by dropping back into the event loop. 2021-08-31 07:36:54 -06:00
Todd C. Miller
33d1b26c6a intercept_check_policy: Fix double free introduced in last commit 
If the command is not accepted we don't rebuild command_info[] and
must not free it.  It will be freed by the policy instead.
 2021-08-31 05:50:52 -06:00
Todd C. Miller
168d5c47c9 Update runcwd in command_info[] before passing it to the audit plugin. 
Since sudoers does rejected commands itself the runcwd will still
not be correct for those.
 2021-08-27 15:58:19 -06:00
Todd C. Miller
22de92b0da Fix LD_PRELOAD formatting when there is an existing LD_PRELOAD var. 2021-08-27 13:19:58 -06:00
Todd C. Miller
75bac8dee9 intercept_check_policy: fix potential NUL dereference on the error path. 2021-08-26 17:29:30 -06:00
Todd C. Miller
ba171724f7 Rename log_children -> log_subcmds 2021-08-26 16:36:41 -06:00
Todd C. Miller
d8d4023335 Updated translations from translationproject.org 2021-08-26 13:17:46 -06:00
Todd C. Miller
dcab17900b Add sudo_debug_register_v2() stub for fuzzing build. 2021-08-26 10:43:15 -06:00
Todd C. Miller
3d8b327c60 Fix use-after-free on error. 
Also remove useless free of a ptr that is always NULL on the error path.
 2021-08-26 10:07:50 -06:00
Todd C. Miller
dc30c842bb No longer need to remap intercept fd but we do need to remap debug fd. 
The intercept fd is closed in the ctor but the debug fd will still be open.
 2021-08-26 09:57:25 -06:00
Todd C. Miller
70aef0eb2d sudo_debug_register: add minfd argument to specify lowest fd number 
Use this in sudo_intercept.so to avoid allocating a low-numbered
fd which the shell reserves for use by scripts.
 2021-08-26 09:57:24 -06:00
Todd C. Miller
d6a71fe32e Fix command name of sub-command in logs when log_children is set. 2021-08-26 09:46:26 -06:00
Todd C. Miller
ec751c63eb log_allowed: pass struct eventlog * instead of argv[] and envp[]. 
This lets us log based on the command_info[] list passed in from
the front-end.  Previously, much of the struct eventlog was constructed
from internal sudoers state instead.
 2021-08-25 17:29:15 -06:00
Todd C. Miller
e199dd8254 sudo_compat.h: include unistd.h on HP-UX to safely redefine pread/pwrite 
HP-UX 11.31 defines static functions for pread() and pwrite() which
will conflict with our macros.
 2021-08-25 16:31:46 -06:00
Todd C. Miller
438a0cf07e Add a state variable to intercept_closure, replaces policy_result. 2021-08-25 14:24:36 -06:00
Todd C. Miller
c465d8971d Change intercept IPC to use a localhost socket instead of inherited fd. 
This allows intercept mode to work with shells that close all open
fds upon startup.  The ctor in sudo_intercept.so requests the port
number and secret over the socket inherited from the parent then
closes it.  For each policy request, a TCP connection is made to
the sudo parent process to perform the policy check.  Child processes
re-use the TCP socket to request the port number and secret just like
the initial process started by sudo does.
 2021-08-25 14:24:36 -06:00
Todd C. Miller
448536e0f7 Fold intercept_closure_reset() into intercept_close(). 2021-08-24 13:00:52 -06:00
Todd C. Miller
0aedc965f8 command_matches: avoid printf("%s") of NULL in debug for sudo ALL. 2021-08-25 13:11:57 -06:00
Todd C. Miller
9980357a73 Merge pull request #111 from commodo/fix-cflags 
lib/util/Makefile.in: use host CFLAGS and CPPFLAGS for mksig{name,list}
 2021-08-25 08:09:00 -06:00
Alexandru Ardelean
a12b15b436 lib: util: Makefile.in: use host CFLAGS and CPPFLAGS for mksig{name,list} 
When cross-build support was added for mkig{name,list} was added, the
CFLAGS and CPPFLAGS should have been updated to the HOSTCFLAGS/HOSTCPPFLAGS
vars.

In a cross-build scenario, some of these flags don't match what the
compiler can understand (because they may be architecture specific) and
may fail the build.

Using the HOSTCFLAGS/HOSTCPPFLAGS works and builds successfully.
Also the output binary works on the target.

This is in continuation of
- https://github.com/sudo-project/sudo/pull/104
- https://github.com/sudo-project/sudo/pull/109

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 2021-08-25 15:24:21 +03:00
Todd C. Miller
222d6f94cd Fix typo that caused SUDO_INTERCEPT_FD to overwrite LD_PRELOAD. 2021-08-24 08:51:43 -06:00
Todd C. Miller
1391813443 Fix off-by-one that could result in duplicate SUDO_INTERCEPT_FD vars. 2021-08-24 08:34:14 -06:00
Todd C. Miller
df68f4c8d9 Fix typo in macOS execv change. 2021-08-24 08:09:20 -06:00
Todd C. Miller
98401c0588 Add execv(3) support to sudo_intercept.so. 
This allows intercept to work with csh which uses execv(3) not execve(2).
 2021-08-21 08:44:16 -06:00
Todd C. Miller
02b78c38ed Sync the list of functions trapped by sudo_noexec.so. 2021-08-20 18:41:32 -06:00