For AIX, if dlopen() fails we try again with RTLD_MEMBER set
and a default member (shr.o or shr_64.o). However, if that
also fails, the user will receive a useless error message
that doesn't correspond to the actual problem. We now retry
the original dlopen() if the fallback to RTLD_MEMBER fails,
which has the effect of restoring the original error message.
Resolves an issue where certain message sizes result in an incorrect
checksum. Specifically, when:
(n*8) mod 1024 == 896
where n is the file size in bytes.
We can now verify that the arguments match what we accepted before
the command actually runs. If there is a mismatch, the process is
killed. Shell scripts must be handled specially since the path
executed will be the interpreter, not the script name.
Linux allows interpreters to be nested up to 4 deep.
Qt needs `XDG_CURRENT_DESKTOP` to be set to determine the correct theme.
Since `DISPLAY` and `XAUTHORITY` are already in the default table of
variables to preserve in the environment, just add `XDG_CURRENT_DESKTOP`
to it.
Bug: https://launchpad.net/bugs/1958055
Signed-off-by: Benjamin Drung <bdrung@ubuntu.com>
Otherwise, attempts to run "./command" from a shell with intercept
set will fail if the current working directory is different from
the main sudo process.
These allocate memory via mmap anonymous regions and store the mapped
size immediately before the returned pointer as an unsigned long.
They are intended to be used in cases where malloc(3) and free(3)
are unsuitable due to concerns about corrupting global state in
multi-threaded programs or signal handlers.
In most unix-style LDAP servers, uid is a utf8 string defined by
OID 1.3.6.1.4.1.1466.115.121.1.15. However, sudoUser was defined
as an IA5 String (OID 1.3.6.1.4.1.1466.115.121.1.26) which meant
that sudoUser could only represent a subset of possible values.
In some cases when using sudoers.ldap, the uid from the machine
which was utf8 was fed back into sudo which would then issue a
search for sudoUsers. If this uid contained utf8 characters, the
ldap server would refuse to match into sudoUsers because these
were limited to IA5.
This is a safe-forward upgrade as IA5 is a subset of UTF8 meaning
that this change will not impact existing deployments and their
rules.
In command_matches_all(), if the command is fully-qualified and
open_cmnd() return false, only treat it as an error if we are able
to stat(2) the command. For "sudo ALL" a non-existent command is
not an error.
