isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,574 Commits 1 Branch 0 Tags
c6987aa26ea12569e65bc7ab18e702b06ab8d715
Commit Graph

1652 Commits

Author SHA1 Message Date
Todd C. Miller
c6f8f4b545 Move init.d and sudo.pp to the etc dir. 2019-12-23 14:29:27 -07:00
Todd C. Miller
486ee2b71f debug_decl and debug_decl_vars now require a semicolon at the end. 2019-12-22 08:48:16 -07:00
Todd C. Miller
4392b5726e Output the name of the limit when warning about setrlimit or getrlimit. 
From Kimmo Suominen.
 2019-12-18 09:42:14 -07:00
Robert Manner
c0d53d75eb src/load_plugins, plugins/sudoers: added developer_mode sudo.conf option 
It can be used to disable the enforcement that a plugin (shared object or
an imported python module) must be owned by root and not modifiable by
others.
This can make plugin development easier.
 2019-12-14 12:55:42 -07:00
Todd C. Miller
718e6997fc Save/restore the raw form of the file context in case mctrans is not available. 2019-12-11 13:06:05 -07:00
Todd C. Miller
d0b80b404c Replace timeleft with pending in sudo plugin event API. 2019-12-07 08:42:10 -07:00
Todd C. Miller
f976a5d866 For plugin API 1.15 and up, always call the plugin close function. 
Previously, it was only called when a command was run (including
sudoedit).  Now, plugin operations list, validate, invalidate, and
show_version are also closed.
 2019-11-20 10:57:47 -07:00
Todd C. Miller
e0a4b2d68a Fix potential fd leak when converting trailing newline to cr + nl. 
Coverity CID 205872
 2019-11-19 18:57:22 -07:00
Todd C. Miller
368e12b0f9 If there is no session or terminal group ID, pass the plugin a value of 0. 
This behavior already matches what is documented in the sudo_plugin
manual for "sid" but the "tcpgid" entry needed to be updated.
 2019-11-18 16:25:52 -07:00
Todd C. Miller
82237194dd Add support for logging to the log server 2019-11-15 13:41:51 -07:00
Todd C. Miller
5793023ffd Add a plugin interface to sudo main event loop. 2019-11-15 13:36:01 -07:00
Todd C. Miller
9309ca0074 Simplify resource limit fallback logic a bit. 2019-11-12 07:26:14 -07:00
Todd C. Miller
f3ebe5025a Don't set the RLIMIT_STACK soft/hard limits to unlimited. 
Use 8Mb for soft and 64Mb for hard.
Works around issues on macOS and docker.  See also Bug #908
 2019-11-11 17:57:10 -07:00
Todd C. Miller
4a893912ce Restore resource limits before executing the askpass program. 
Linux with docker seems to have issues executing a program when the
stack size is unlimited.  Bug #908
 2019-11-11 16:07:43 -07:00
Todd C. Miller
ad52ce6612 Check for replies pointer being NULL just in case. 2019-11-11 14:10:13 -07:00
Todd C. Miller
6863a848d6 Convert trailing newline to carriage return + newline for tty. 
Does not currently handle embedded newlines.
 2019-11-09 10:13:56 -07:00
Todd C. Miller
655fdde22b We haven't needed -I$(top_srcdir) for a long time. 2019-11-02 12:00:04 -06:00
Todd C. Miller
356287557f Use dup3() instead of dup2(). 
This is less error prone since dup3() returns an error if old == new.
Sudo guarantees that fds 0-2 are already open.
 2019-11-02 10:55:50 -06:00
Todd C. Miller
352212c7bf Open all pipes using pipe2() with O_CLOEXEC. 
We no longer depend on calling closefrom() before exec.
 2019-11-02 10:52:34 -06:00
Todd C. Miller
7acbfc18a9 Call closefrom() before we change to a non-root UID. 
This prevents another process from changing the NOFILE resource limit
of the child process and defeating the closefrom() call.
Reported by Joe Vennix from Apple Information Security.
 2019-11-02 10:51:49 -06:00
Todd C. Miller
0d8062c100 macOS does not allow rlim_cur to be set to RLIM_INFINITY for RLIMIT_NOFILE. 
We need to use OPEN_MAX instead as per the macOS setrlimit manual.
Bug #904
 2019-10-29 08:28:52 -06:00
Todd C. Miller
059b55ce72 Refactor code in sudoers that creates I/O log files to share with logsrvd. 2019-10-24 20:04:31 -06:00
Todd C. Miller
0d69de5b25 Move openat() emulation to lib/util and at unlinkat() emulation. 2019-10-24 20:04:30 -06:00
Todd C. Miller
271ead2fd3 Don't pass an invalid session or process group ID to the plugin. 
Fixes a regression in 1.8.28 when there is no terminal session leader.
 2019-10-23 12:47:44 -06:00
Todd C. Miller
5391ee2d5e Not all systems support RLIMIT_NPROC and RLIMIT_RSS 2019-10-21 16:03:10 -06:00
Todd C. Miller
b157b96893 Add depend target to all Makefile.in files. 2019-10-21 15:20:21 -06:00
Todd C. Miller
e80079eaa8 Set resource limits in the sudo process to unlimited. 
We don't want sudo to be limited by the caller's resource limits.
The original resource limits are restore before session setup.
 2019-10-21 11:41:48 -06:00
Todd C. Miller
f57e2d04a3 Older FreeBSD needs sys/param.h included before sys/user.h. 
From Darren Tucker
 2019-10-20 19:18:27 -06:00
Todd C. Miller
c3ce3a84fb Refer to user-ID and group-ID instead of "user ID" and "group ID" 2019-10-19 14:26:41 -06:00
Todd C. Miller
40bf4081be Rename sudo_strtoid() to sudo_strtoidx() and add simplified sudo_strtoid() 2019-10-20 10:21:29 -06:00
Todd C. Miller
b02851dcf3 Change how the umask is handled with PAM and login.conf. 
If the umask is explicitly set in sudoers, use that value regardless
of what is in PAM or login.conf.  If using the default umask from
sudoers, allow PAM or login.conf to override it.  Bug #900
 2019-10-18 06:20:27 -06:00
Todd C. Miller
4229dfc566 Enable security auditing malloc options for "make check". 2019-10-17 13:41:53 -06:00
Todd C. Miller
2512f6efbf Use sudo_strtonum() explicitly instead of via a macro. 2019-10-14 10:09:30 -06:00
Todd C. Miller
112dff276a Fix restoring the file context of the user's tty with SELinux. 
Also fix broken tty labeling when running a command in a pty.
Includes a fix for a typo introduced in the last change set.
 2019-09-27 15:32:49 -06:00
Todd C. Miller
bcf8c3dd5e Add some debugging around context setting and tty labeling 
Also be more extact with error return values
 2019-09-27 08:47:41 -06:00
Todd C. Miller
d35670d1ae Silence a warning from clang about string concatenation. 2019-09-17 08:25:33 -06:00
Todd C. Miller
ab9a2ecac2 Create new files with the umask specified in sudoers. 2019-09-11 16:26:56 -06:00
Todd C. Miller
d94798e5d0 Enable asserts for Coverity too. 2019-08-30 14:05:03 -06:00
Todd C. Miller
ffaef7939a Add asserts() to avoid static analyzer false positives. 2019-08-30 11:13:35 -06:00
Todd C. Miller
972670bfca Use the SUDO_CONV_PREFER_TTY flag during authentication. 
This prevents the password and PAM prompts from being redirected.
Bug #895
 2019-08-26 19:30:11 -06:00
Todd C. Miller
5e692576c9 Restore core dump resource limit before the PAM session module is run. 
Otherwise, we may override the limits set by PAM.
Bug #894
 2019-08-20 07:25:53 -06:00
Todd C. Miller
dfc32e5b3e Disable stringop-truncation false positive warnings on gcc 8. 
Strings in struct utmp/utmpx are not guaranteed to be NUL-terminated.
 2019-07-30 12:42:07 -06:00
Todd C. Miller
aa200cda6a Replace non-essential strncpy() calls. 2019-07-30 11:37:26 -06:00
Todd C. Miller
15db0c3f82 More verbose error message when a password is required and no terminal 
is present.  Bug #828.
 2019-07-19 11:51:20 -06:00
Todd C. Miller
9d8f374397 Add ssizeof macro that returns ssize_t. 
We can use this instead of casting the result of size_t to int.
Also change checks for snprintf() returning <=0 to <0.
 2019-06-25 09:45:10 -06:00
Todd C. Miller
82920726fa Don't refuse to use the tty unless /dev/tty is unavailable. 
We don't care whether sudo was able to get the tty name from the kernel.
All that really matters is whether we are able to disable echo as needed.
 2019-06-19 20:29:08 -06:00
Todd C. Miller
19c548fd57 Add -B option to ring the bell before the password prompt. 2019-05-27 08:49:43 -06:00
Todd C. Miller
1e1ef61902 Add SPDX-License-Identifier to files. 2019-04-29 07:21:51 -06:00
Todd C. Miller
0766e0c647 Better comment about EOVERFLOW and pstat_getproc(). 
Also remove some useless casts.
 2019-03-06 20:15:11 -07:00
Todd C. Miller
8ee2de9980 Fix error message when a fully-qualified plugin path does not exist. 2019-03-05 10:23:07 -07:00