isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,199 Commits 1 Branch 0 Tags
c5f983c643ec87f078b8a13fd35a718655d19b10
Commit Graph

3175 Commits

Author SHA1 Message Date
Todd C. Miller
d15e117c2e find_editor: remove the env_error argument 
There is no case where we should fail to find an editor just because
the values of EDITOR, VISUAL and SUDO_EDITOR are unavailable.  Both
sudoedit and the "env_editor" sudoers setting are documented as
falling back on the hard-coded list of editors in the "editors"
sudoers setting.  Bug #1000
 2021-09-29 10:25:19 -06:00
Todd C. Miller
dde951a098 Use sudo_printf(SUDO_CONV_ERROR_MSG) instead of fprintf(stderr). 
Avoids extraneous output in the fuzzer.
 2021-09-29 09:15:24 -06:00
Todd C. Miller
2aa6cb13a5 Stub out sudo_printf() and avoid other use of stderr in fuzzers. 
This makes it possible to parse sudoers without using quiet mode,
resulting in better coverage.
 2021-09-29 09:03:24 -06:00
Todd C. Miller
eefb7b0d54 Use a consistent version of fuzz_conversation() with all fuzzers. 
Also undo a change to fuzz_sudoers.c that snuck in to the last commit.
 2021-09-28 20:20:28 -06:00
Todd C. Miller
7d964875df Fuzzers should not produce output. 
Excessive output makes the fuzzer runs much less efficient.
 2021-09-28 18:53:49 -06:00
Todd C. Miller
1d203c8344 Fix typo in last commit, use boolean AND not bitwise. 2021-09-24 10:57:12 -06:00
Todd C. Miller
1831176a1a Add the ability to filter/match by command via the -m option. 
For example "cvtsudoers -m cmd=/bin/ls" would only display entries
that would allow /bin/ls to be allowed or denied.
 2021-09-24 10:44:13 -06:00
Todd C. Miller
41f116050f Add --group-file and --passwd-file options to cvtsudoers. 
These are based on the code in testsudoers.
 2021-09-23 19:18:25 -06:00
Todd C. Miller
86df86ed94 Fix memory leak on error path if snprintf() overflows. 
Coverity CID 188804
 2021-09-22 11:17:55 -06:00
Todd C. Miller
b9b8451830 Avoid reinitializing other auth methods. 2021-09-21 20:05:35 -06:00
Todd C. Miller
4a49f16967 expand_include: add bounds checking when expanding %h escape. 2021-09-21 19:33:51 -06:00
Todd C. Miller
dc90df8de5 Check snprintf() return values even if we preallocated the correct amount. 
There are no remaining unchecked snprintf() that can actually overflow.
 2021-09-21 19:13:35 -06:00
Todd C. Miller
0f2252f898 Amend truncation fix, the real problem was the size passed to snprintf(). 
sudo_rcstr_alloc() takes a length (not a size) parameter so when
calling snprintf() we need to add one to the length.
 2021-09-21 19:01:22 -06:00
Todd C. Miller
e23874d0fa Fix truncation of the last char of the sudoRole cn passed to append_default(). 
This string is primarily used for warning messages.
Also check the snprintf() return value to avoid silent truncation.
GitHub issue #115
 2021-09-21 12:49:18 -06:00
Todd C. Miller
b6561831b4 Re-enable error output for the sudoers parser. 
It is only the alias and defaults warnings we need to suppress.
 2021-09-20 12:46:37 -06:00
Todd C. Miller
328bc282e0 Don't re-initialize PAM for sub-commands. 2021-09-20 08:14:28 -06:00
Todd C. Miller
0eb677b74a Only store the first log id received from the server. 
Plugs a small memory leak in intercept mode if the log server sends
the log ID again for sub-commands.
 2021-09-20 07:49:31 -06:00
Todd C. Miller
77ef8baa97 fuzz_sudoers: don't warn about unknown defaults entries 
Some fuzzing inputs cause a huge number of warnings and displaying
them all can result in the fuzz run timing out.  If we disable the
warnings we can avoid the timeout.
 2021-09-19 19:36:25 -06:00
Todd C. Miller
0ea561ca6a Limit paths for command, cwd and chroot to PATH_MAX bytes. 
This helps prevent the fuzzer from going off the rails.
 2021-09-19 18:13:43 -06:00
Todd C. Miller
7ab66eb3a8 sudo -i: missing NULL terminator when moving argv to make room for --login 
Fixes a potential crash for "sudo -i" when the target user has bash
as the shell (which needs the --login option).  Bug #998.
 2021-09-19 13:58:56 -06:00
Todd C. Miller
613468e4d2 Only warn about an undefined alias or a cycle a single time. 
There's no point in warning about the same problem multiple times.
This implementation assumes a small number of warnings and so just
uses a simple listed link.
 2021-09-18 13:41:51 -06:00
Todd C. Miller
d9e8c852ba Quiet pvs-studio false positive: V557 Array overrun is possible. 
Make the zero length check explicit so as not to confuse static
(or human) analyzers.
 2021-09-18 09:51:32 -06:00
Todd C. Miller
292916f43c Test that digest matching works with LDAP sudoCommand: ALL 2021-09-17 20:41:34 -06:00
Todd C. Miller
702746f96b Allow a digest to be specified with the "ALL" command for ldap/sssd back-ends. 
This has been possible with sudoers file entries since sudo 1.9.0
but no corresponding change was made for ldap/sssd.
 2021-09-17 15:29:00 -06:00
Todd C. Miller
55171df5e5 Check strftime(3) return value in all cases. 
Old versions of strftime(3) didn't guarantee to NUL-terminate the buffer
so we explicitly clear the last byte of the buffer and check it.
 2021-09-17 14:01:28 -06:00
Todd C. Miller
18f1884ddc Use gmtime_r() and localtime_r() instead of gmtime() and localtime(). 2021-09-17 10:55:06 -06:00
Todd C. Miller
4289e9609d Teach mkdep.pl about --tag=disable-static in LTFLAGS. 
If static objs are disabled we need to add explicit dependencies for
.o files.  The OpenBSD libtool doesn't use a pic object file when
linking executables so we need to build the non-pic objects too.
 2021-09-13 09:33:17 -06:00
Todd C. Miller
ecc3aeffc6 Some POSIX yacc fixes for bison 3.8 
yyerror() must be extern void
declare tokens with type instead of using separate %type lines
 2021-09-13 09:33:07 -06:00
Todd C. Miller
cf225d2f10 Add a test to exercise Bug #994 2021-09-17 09:10:27 -06:00
Todd C. Miller
0c30976ae6 Always allocate a struct sudo_command for the command, even for ALL. 
This was missed in the previous set of changes, resulting in a crash
for LDAP and SSSD rules that give sudo "ALL" privileges.
Bug #994.
 2021-09-16 11:24:26 -06:00
Todd C. Miller
31e4a0a0a6 Add SUDOERS_LDFLAGS to FUZZ_LDFLAGS 
Fixes a fuzzer link error when building with ldap if the ldap libs
are not in the default library search path.
 2021-09-16 11:01:07 -06:00
Todd C. Miller
d7cdf1e47c append_defaults() should not be passed a value for boolean flags. 
The operation should simply be set to true/false.
Also treat a NULL file as coming from the front-end.
Bug #993.
 2021-09-14 08:02:37 -06:00
Todd C. Miller
197d4ced38 regen 2021-09-08 17:24:50 -06:00
Todd C. Miller
bf60451845 Remove conditional include of alloca.h, we don't define HAVE_ALLOCA_H. 
The configure check for alloca() was removed long ago but this got
missed.
 2021-09-03 16:03:48 -06:00
Todd C. Miller
f64d71674e Quiet a PVS-Studio format string warning. 2021-09-02 13:37:36 -06:00
Todd C. Miller
9a9a22e93e Regen .pot files. 2021-09-02 12:20:08 -06:00
Todd C. Miller
2f6cacd1ec Updated translations from translationproject.org 2021-09-02 12:20:05 -06:00
Todd C. Miller
f40afd73fe Can't use intercept or log_subcmds with SELinux RBAC. 
SELinux policy will prevent the inherited socket from sudo from
being used and may also restrict the ability to connect back to the
sudo process.
 2021-09-01 11:09:17 -06:00
Todd C. Miller
ba171724f7 Rename log_children -> log_subcmds 2021-08-26 16:36:41 -06:00
Todd C. Miller
d8d4023335 Updated translations from translationproject.org 2021-08-26 13:17:46 -06:00
Todd C. Miller
70aef0eb2d sudo_debug_register: add minfd argument to specify lowest fd number 
Use this in sudo_intercept.so to avoid allocating a low-numbered
fd which the shell reserves for use by scripts.
 2021-08-26 09:57:24 -06:00
Todd C. Miller
ec751c63eb log_allowed: pass struct eventlog * instead of argv[] and envp[]. 
This lets us log based on the command_info[] list passed in from
the front-end.  Previously, much of the struct eventlog was constructed
from internal sudoers state instead.
 2021-08-25 17:29:15 -06:00
Todd C. Miller
0aedc965f8 command_matches: avoid printf("%s") of NULL in debug for sudo ALL. 2021-08-25 13:11:57 -06:00
Todd C. Miller
7df245dc91 Fix formatting for bound defaults with multiple entries in the binding. 
The entries in the binding were separated with " ," instead of ", ".
 2021-08-20 14:01:44 -06:00
Todd C. Miller
90aee138ba regen 2021-08-19 09:51:23 -06:00
Todd C. Miller
bb5843055e Replace messages like "unknown foo: %s" with "unknown foo %s". 
The colon really doesn't belong there; we generally use a colon to
separate a message from the warning detail.
 2021-08-19 09:44:11 -06:00
Todd C. Miller
f9d3f46fa7 Add intercept_allow_setid sudoers option, disabled by default. 
With this change, a shell in intercept mode cannot run a setuid or
setgid binary by default.  On most systems, the dynamic loader will
ignore LD_PRELOAD for setuid/setgid binaries such as sudo which
would effectively disable intercept mode.
 2021-08-18 15:43:26 -06:00
Todd C. Miller
53a95e3a50 Always allocate a struct sudo_command for the command, even for ALL. 
Previously we special-cased handling of ALL but this complicates
some upcoming changes.
 2021-08-18 09:12:19 -06:00
Todd C. Miller
e4809d634d Update .pot files for 1.9.8. 2021-08-16 10:46:34 -06:00
Todd C. Miller
e2abcd6cb6 log_server_accept: fix memory leak of evlog when logging a sub-command. 
Coverity CID 238643
 2021-08-14 09:11:02 -06:00