isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,831 Commits 1 Branch 0 Tags
c341608072a33c74fa3e534e987d6d3513f19b51
Commit Graph

11831 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
1e795b5487 Add a Debug example for sudo_intercept.so 
Don't try to enumerate all the sudo programs that support debugging
since all of them do.
 2021-08-20 16:07:02 -06:00
Todd C. Miller
bb40491c99 Update sudoers Debug example to match the debug changes from sudo 1.8.12. 2021-08-20 15:50:02 -06:00
Todd C. Miller
8ccb7f0096 sudo_intercept.so only intercepts execve(2) for now. 2021-08-20 14:25:49 -06:00
Todd C. Miller
7df245dc91 Fix formatting for bound defaults with multiple entries in the binding. 
The entries in the binding were separated with " ," instead of ", ".
 2021-08-20 14:01:44 -06:00
Todd C. Miller
4ccd966e22 Add exports file for sudo_intercept.so that only exports execve() 2021-08-20 11:49:22 -06:00
Todd C. Miller
dc281f0366 Add some debugging to the sudo_intercept.so. 2021-08-20 11:32:29 -06:00
Todd C. Miller
680fd4a629 Use AC_FUNC_FSEEKO instead of AC_CHECK_FUNCS_ONCE([fseeko]). 
This will define _LARGEFILE_SOURCE, if needed, to make the prototype
visible on older systems.
 2021-08-20 10:59:52 -06:00
Todd C. Miller
ad28b90c4d We still need the pread/pwrite hack for HP-UX 11.11 at least. 
This time around, avoid defining _LARGEFILE64_SOURCE and just declare
pread64/pwrite64 ourselves.
 2021-08-19 19:18:24 -06:00
Todd C. Miller
23e5304b78 Fix prototypes for sudo_pread() and sudo_pwrite(). 2021-08-19 19:05:50 -06:00
Todd C. Miller
5d3ab032f2 intercept_fd_cb: store the passed fd in newfd, not fd 
only affects the old BSD-style fd passing code, not POSIX-style.
 2021-08-19 13:10:44 -06:00
Todd C. Miller
d333f484ec Fix mksiglist and mksigname dependencies. 2021-08-19 10:30:02 -06:00
Todd C. Miller
52e7594ae5 set-user-ID and set-group-ID not set user-ID and set group-ID. 2021-08-19 09:59:32 -06:00
Todd C. Miller
09f160779b The fix for bug #989 will make sudo 1.9.8. 
Also mention intercept_authenticate and intercept_allow_setid.
 2021-08-19 09:54:18 -06:00
Todd C. Miller
90aee138ba regen 2021-08-19 09:51:23 -06:00
Todd C. Miller
bb5843055e Replace messages like "unknown foo: %s" with "unknown foo %s". 
The colon really doesn't belong there; we generally use a colon to
separate a message from the warning detail.
 2021-08-19 09:44:11 -06:00
Todd C. Miller
b40f74cb24 Cross-build support for mksigname and mksiglist 
We must build these with the host C compiler but use the target
preprocessor to generate the output.
 2021-08-19 09:50:05 -06:00
a1346054
bf7d20b482 Minor cleanup (#110) 
* fix trivial shell script issues
* remove trailing whitespace
 2021-08-19 09:48:01 -06:00
Todd C. Miller
1c52c24a93 log_server_peer_cert and log_server_peer_key are not required by default. 
They are only required if sudo_logsrvd has tls_checkpeer enabled.
 2021-08-19 09:15:12 -06:00
Todd C. Miller
e17003b35c Sync warning messages with sudoers/logging.c 
Avoids 3 translation strings that were effectively duplicated.
 2021-08-19 09:09:19 -06:00
Todd C. Miller
ad5feeb40b regen 2021-08-18 15:48:05 -06:00
Todd C. Miller
f9d3f46fa7 Add intercept_allow_setid sudoers option, disabled by default. 
With this change, a shell in intercept mode cannot run a setuid or
setgid binary by default.  On most systems, the dynamic loader will
ignore LD_PRELOAD for setuid/setgid binaries such as sudo which
would effectively disable intercept mode.
 2021-08-18 15:43:26 -06:00
Todd C. Miller
53a95e3a50 Always allocate a struct sudo_command for the command, even for ALL. 
Previously we special-cased handling of ALL but this complicates
some upcoming changes.
 2021-08-18 09:12:19 -06:00
Todd C. Miller
dad40a50a1 Update TAGS_CHANGED macro based on parse.h 2021-08-16 13:28:19 -06:00
Todd C. Miller
fc9a01936c Better document the limitations of intercept mode. 
Also mention log_children under "Preventing shell escapes"
 2021-08-16 12:44:49 -06:00
Todd C. Miller
e4809d634d Update .pot files for 1.9.8. 2021-08-16 10:46:34 -06:00
Todd C. Miller
a85cf1f3fd Try to clarify log_server_peer_key and log_server_peer_cert. 
These are client-side not server-side.
 2021-08-16 10:45:51 -06:00
Todd C. Miller
bfcc31b19b Print the section when warning about an illegal key in the conf file. 
This should make it easier to tell when a setting is present in the
wrong section.
 2021-08-16 10:44:48 -06:00
Todd C. Miller
5902c0e21c new_logline: limit offset to two significant digits after the decimal 
Now instead of TSID=0001L3@5.168230749 we would log TSID=0001L3@5.16.
 2021-08-14 13:22:48 -06:00
Todd C. Miller
9248ea6bbe Set umask to be less restrictive before creating parent directories. 
Otherwise we could end up creating them with a more restrictive
mode than indended.  Coverity CID 221592
 2021-08-14 10:49:51 -06:00
Todd C. Miller
babb498c6e new_logline: handle case where evlog is NULL 2021-08-14 09:24:39 -06:00
Todd C. Miller
6d3cf0ffda store_alert_local: fix memory leak on error path 
Coverity CID 238642
 2021-08-14 09:18:55 -06:00
Todd C. Miller
e2abcd6cb6 log_server_accept: fix memory leak of evlog when logging a sub-command. 
Coverity CID 238643
 2021-08-14 09:11:02 -06:00
Todd C. Miller
340d753947 Fix memory leak when client requests secret. 
Move closure allocation closer to where it is used.
 2021-08-14 08:54:36 -06:00
Todd C. Miller
4add9c2c00 store_accept_local: fix return value on error 2021-08-14 08:47:44 -06:00
Todd C. Miller
0f6a74f180 Cast iolog_offset.tv_sec to long long for %lld printf format. 
Quiets a compiler warning on systems where tv_sec in struct timeval
is not long long.
 2021-08-13 16:19:58 -06:00
Todd C. Miller
4aefd43948 For intercepted commands, log an offset into the current I/O log. 
This can be used with sudoreplay to jump to when a specific command
was executed within a session log.
 2021-08-13 16:00:00 -06:00
Todd C. Miller
695f4bea05 Add support for an optional offset when parsing the ID to replay. 
The offset is a suffix in the form of @sec[.nanosec]
 2021-08-13 16:00:00 -06:00
Todd C. Miller
064981fb14 Don't overwrite closure->evlog for sub-commands. 2021-08-13 15:59:59 -06:00
Todd C. Miller
62aca803ce Older Solaris has getusershell() et al but does not declare it. 2021-08-13 09:52:02 -06:00
Todd C. Miller
a55b54329e Add missing stdint.h and sudo_rand.h includes. 
Needed for arc4random() and uin64_t.
 2021-08-13 09:25:01 -06:00
Todd C. Miller
eaf03a382b Pass a secret value to sudo_intercept.so and verify after policy check. 
The goal is to make it harder for someone to have a fake policy checker.
This will not stop a determined adversary since the secret is present
in the address space of the running process.
 2021-08-13 09:10:44 -06:00
Todd C. Miller
c9d9225469 Split off intercept code into exec_intercept.c. 2021-08-11 16:00:47 -06:00
Todd C. Miller
3f30704ab7 Add trivial support for FreeBSD packages. 
The actual FreeBSD port supports multiple options but this is sufficient
for testing purposes.
 2021-08-11 15:09:00 -06:00
Todd C. Miller
374d499818 FreeBSD: Set default directory and file mode if not specified in %files 
Otherwise, a mode of 0 will be used, potentially rendering the
system unusable.
 2021-08-11 14:59:27 -06:00
Todd C. Miller
f327a19f34 Use same check for intercepted commands as log_server_accept(). 
Previously, log_server_reject() and log_server_alert() just
checked whether client_closure has been set.
 2021-08-11 14:10:05 -06:00
Todd C. Miller
0e2094471b Call shutdown() on sockets before closing() if they are connected. 
This should ensure that the other side sees any queued data before
the connection is dropped.
 2021-08-11 14:08:48 -06:00
Todd C. Miller
79129613e5 If SSL_shutdown() returns 0 it needs to be called one more time. 2021-08-11 10:16:36 -06:00
Todd C. Miller
ffdd7920cd resolve_editor: sudoers_gc_remove(editor) before freeing it. 2021-08-11 07:45:26 -06:00
Todd C. Miller
ef91b90ad6 Sync siglist.in with the generated files. 
The change to prefer SIGSYS over SIGUNUSED wasn't made to siglist.in.
Also, mksigname.c doesn't need to explicitly set sudo_sys_signame[0].
 2021-08-10 19:55:28 -06:00
Todd C. Miller
9798fd86bf Add garbage collection to resolve_editor(). 
Fixes a leak when evaluating the policy multiple times if sudoedit
is set.
 2021-08-10 12:58:18 -06:00