isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,574 Commits 1 Branch 0 Tags
c6987aa26ea12569e65bc7ab18e702b06ab8d715
Commit Graph

1652 Commits

Author SHA1 Message Date
Todd C. Miller
9c694e9a65 copy_vector: plug memory leak in error path 
Only the array was being freed, not the contents.
GitHub issue #202.
 2022-11-18 07:19:47 -07:00
Todd C. Miller
5683fc6f7a The name of the C locale w/ UTF-8 support is not always C.UTF-8. 
Use a pattern to find it (if present) and use that value instead
of hard-coding C.UTF-8.  This works around a leak sanitizer crash
on certain inputs.
 2022-11-11 07:05:21 -07:00
Todd C. Miller
82150340a6 Include linux/elf.h, not elf.h to make sure we get NT_ARM_SYSTEM_CALL. 
The NT_PRSTATUS define is present in both files.
 2022-11-10 08:08:09 -07:00
Todd C. Miller
045d08bec9 Pass sudo's process ID to suspend_sudo_nopty() since we already know it. 
Saves an unnecessary getpid(2) call.
 2022-11-07 14:51:43 -07:00
Todd C. Miller
f87fac3b55 Don't kill the parent process group on suspend if it is not sudo's pid. 
If sudo is not the process group leader we must only send the suspend
signal to sudo itself.  When sudo is run via a shell script, it
usually has the same process group as the shell script interpreter.
We do not want to suspend the script itself when the command run
by sudo is suspended.
 2022-11-07 14:51:43 -07:00
Todd C. Miller
bbe4fbaaae Call terminate_command() with use_pgrp = false when not running in a pty. 
When sudo runs a command in the user's existing terminal the command
is run in the same process group as sudo itself.  The proper way
to terminate it is to use kill(2), not killpg(3)
 2022-11-07 14:51:42 -07:00
Todd C. Miller
36742deec3 Fix handling of signal forwarding when running commands in a script. 
We need to forward signals from a process in the same pgrp if the
pgrp leader is not either sudo or the command itself.
 2022-11-07 14:51:41 -07:00
Todd C. Miller
c7071f6da0 Make test_ptrace compile again after recent changes. 2022-11-07 14:51:39 -07:00
Todd C. Miller
8db1eb0c8b Update the cwd for log_subcmds too. 
Fixes a problem for intercept_method=trace when running a relative
command from a different directory than what sudo ws started from.
GitHub issue #194
 2022-11-07 12:14:15 -07:00
Todd C. Miller
b2c8e1b1b9 Display sudo_mode in hex in debug log. 
This makes it easier to match against the MODE_ defines.
 2022-11-03 12:03:08 -06:00
Todd C. Miller
7944494196 Fix compilation error on Linux/mips. 2022-10-26 16:35:30 -06:00
Todd C. Miller
802e500cca Regenerate dependencies for src/sesh.c. 2022-10-21 11:30:04 -06:00
Todd C. Miller
803998d2bd Only add trailing carriage return to messages if output is a raw tty. 
If output is being written to a terminal in "raw" mode, we need to
add a carriage return after the newline to avoid "stair-step" output.
However, we should not write the carriage return if the terminal
is in "cooked" mode, output to a pipe, or output redirected to a file.
Bug #1042.
 2022-10-20 08:55:26 -06:00
Todd C. Miller
3bdb585481 Use getopt() and getopt_long() for sesh command line options. 2022-10-10 09:12:48 -06:00
Todd C. Miller
fbd8de0276 Silence a warning from the Solaris Studio compiler. 2022-10-07 11:22:58 -06:00
Todd C. Miller
57b5ff8e8c Avoid a -Wshadow warning on Solaris 9. 2022-10-07 11:00:17 -06:00
Todd C. Miller
7e20e4b80f Apply multiarch rules when loading plugins too. 2022-10-06 12:46:38 -06:00
Todd C. Miller
afaeb0ed57 Mark code that escapes/unescapes "sudo -s cmd args..." for removal. 
A future version of the plugin API will defer any such escaping
to the policy plugin so it can be configurable.
 2022-09-29 13:43:20 -06:00
Todd C. Miller
d2a13a8154 Fix typos found by codespell 2.2.1. 2022-09-28 16:39:19 -06:00
Todd C. Miller
cf95f8d5ae HP-UX has struct winsize in termios.h. 2022-09-27 14:57:56 -06:00
Todd C. Miller
f360a8006c Regen dependencies 2022-09-27 14:16:03 -06:00
Todd C. Miller
87b7209ebb Add support for logging stdin/stdout/stderr in the non-pty exec path. 
If we are logging I/O but not terminal input/output (either because
no terminal is present or because that is what the plugin requested),
the non-pty exec path is now taken.
 2022-09-27 13:46:55 -06:00
Todd C. Miller
803b4939be Move exec code to call into I/O log plugin to exec_iolog.c. 
This will be shared with exec_nopty.c in the future to log
stdin/stdout/stderr without running the command in a pty.
Both exec_pty.c and exec_nopty.c now use the same closure.
 2022-09-27 13:35:45 -06:00
Todd C. Miller
7464b300d9 new_container: no need to initialize container pointer in declaration. 
From Li zeming.
 2022-09-20 10:18:09 -06:00
Todd C. Miller
304726a215 Move gcc-style __attribute__ macros to config.h.in 
Renamed __malloc -> sudo_malloclike, __printflike -> sudo_printflike,
__printf0like -> sudo_printf0like.
Add sudo_noreturn instead of __attribute__((__noreturn__)).
We do not use stdnoreturn.h since it has been deprecated in C23
in favor of the [[noreturn]] attribute.
 2022-09-07 07:48:31 -06:00
Todd C. Miller
a326411903 Use $(GREP) and $(EGREP) variables in Makefile.in files. 2022-09-12 16:30:52 -06:00
Todd C. Miller
a6472710e6 Zero out register struct before calling ptrace_getregs(). 
Quiets a spurious valgrind warning.
 2022-08-30 07:35:43 -06:00
Todd C. Miller
817f63b05d Realloc the buffer used to store argv and envp as needed. 
We now store the vector immediately after the string table.
It is possible for argv and its contents to be invalidated
by realloc() when reading envp so we store the pointers as
offsets until we are done allocating.
 2022-08-29 12:47:42 -06:00
Todd C. Miller
0d2f1c4a2b ptrace_verify_post_exec: use /proc/PID/cmdline and /proc/PID/environ 
There is no reason to read these directly from the tracee
when we rely on /proc being mounted to access /proc/PID/exe.
 2022-08-28 18:59:41 -06:00
Todd C. Miller
234c56b87f Protect ptrace_readv_string() with #ifdef HAVE_PROCESS_VM_READV 2022-08-28 08:27:30 -06:00
Todd C. Miller
2902ebe067 intercept_check_policy_req: an empty argv[] is now supported 2022-08-25 14:21:12 -06:00
Todd C. Miller
14356c1940 Use process_vm_readv(2) and process_vm_writev(2) if available. 
This is faster than reading/writing from/to the remote process one
word at a time using PTRACE_PEEKDATA and PTRACE_POKEDATA.
 2022-08-25 12:37:19 -06:00
Todd C. Miller
3d995f7e58 ptrace_getregs: make compat check more generic 
No need to use different checks for mips and non-mips, the compiler
will optimize away the superfluous check.
 2022-08-22 11:46:46 -06:00
Todd C. Miller
4d58fc904d Correct type of sudoers_audit. 
GitHub issue #61
 2022-08-22 09:04:44 -06:00
Todd C. Miller
a3a181df07 Fix shadowed variable warning. 2022-08-20 14:36:29 -06:00
Todd C. Miller
c948717bd4 Fix shadowed variable warning on aarch64. 2022-08-19 13:37:49 -06:00
Todd C. Miller
8145ad12da Quiet another -Wwrite-strings warning. 2022-08-19 11:37:38 -06:00
Todd C. Miller
8eb619ac2b ptrace_getregs: try to determine compat mode if caller doesn't know. 
In ptrace_verify_post_exec(), we don't know whether the executable
that is now running is a native or compat binary.  In most cases
ptrace_getregs() will be able to figure it out for us.
 2022-08-19 11:34:40 -06:00
Todd C. Miller
b2d8909c19 ptrace_intercept_execve: fail syscall rather than killing process on error. 
If the execve(2) args are bogus pointers, we should just return an
error instead of killing the process.  For consistency with the
kernel, convert EIO from ptrace(2) to EFAULT.
Also convert some ptrace(2) warnings to debug printfs so sudo is less chatty.
 2022-08-19 11:05:10 -06:00
Todd C. Miller
9f552471bc Treat argv and closure->run_argv of different sizes as a mismatch. 
If argv and closure->run_argv match up to the point where we hit a
NULL but one of them has additional entries, we still need to rewrite
argv.
 2022-08-18 15:15:06 -06:00
Todd C. Miller
aef4a61886 Handle the case where argc is 0 when allocating space for argv. 
We need to pass the pathname to the policy plugin in argv[0] so we
must be sure to allocate space for it even if argc is 0.
 2022-08-18 15:12:21 -06:00
Todd C. Miller
76bd1bcc95 copy_vector: treat a NULL pointer as an empty vector. 
Linux execve(2) allows argv to be NULL so we must allocate an empty
vector in this case and not return an error.
 2022-08-18 15:10:42 -06:00
Todd C. Miller
48a9126a1b Update debug_decl name for sudo_preload_dso -> sudo_preload_dso_alloc change. 2022-08-18 15:08:38 -06:00
Todd C. Miller
bc5016296d Handle the case where argc is 0 when rebuilding argv. 
We need to pass the pathname to the policy plugin in argv[0] so we
must be sure to allocate space for it even if argc is 0.
 2022-08-18 15:07:25 -06:00
Todd C. Miller
23fa22975c Handle sysconf(_SC_ARG_MAX) failure, Coverity CID 276504. 2022-08-18 10:32:19 -06:00
Todd C. Miller
2f3afd14ed In putenv(3) replacement reject a string with no '=' or that starts with one. 2022-08-08 07:43:00 -06:00
Todd C. Miller
9c61d7e6e9 Bump the sudo plugin minor version. 
The "update_ticket" entry was added to the settings list and the
"intercept_verify" entry was added to the command_info list.
 2022-08-02 14:28:29 -06:00
Todd C. Miller
556dacf1ff Add a way to run a command without updating the cached credentials. 
This can also be used to test for whether or not the user's
credentials are currently cached.
 2022-08-02 14:28:28 -06:00
Todd C. Miller
cf250354fc Defer chdir(2) until sesh when running with SELinux. 
We need to be running with the correct security context or the
chdir(2) may fail.  GitHub issue #160.
 2022-08-01 13:40:47 -06:00
Todd C. Miller
3ce19efca9 Add intercept_verify sudoers option to control execve(2) argument checking. 2022-07-29 15:22:27 -06:00