isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,574 Commits 1 Branch 0 Tags
c6987aa26ea12569e65bc7ab18e702b06ab8d715
Commit Graph

1652 Commits

Author SHA1 Message Date
Todd C. Miller
b80b012de0 Use PTRACE_EVENT_EXEC to stop execution before return from execve(2). 
We can now verify that the arguments match what we accepted before
the command actually runs.  If there is a mismatch, the process is
killed.  Shell scripts must be handled specially since the path
executed will be the interpreter, not the script name.
Linux allows interpreters to be nested up to 4 deep.
 2022-07-29 15:22:26 -06:00
Todd C. Miller
25513b4f37 The length returned by ptrace_read_string() include the NUL. 
We were wasting a extra byte in the string table for each entry.
 2022-07-27 14:11:13 -06:00
Todd C. Miller
6c9b3c7613 fmtstr: add missing va_end() for the overflow case 
Coverity CID 275335
 2022-07-26 12:54:52 -06:00
Todd C. Miller
f5dc739ea3 Quiet some harmless PVS-Studio warnings. 2022-07-26 11:28:38 -06:00
Todd C. Miller
de3d5fe934 Reject relative command paths if runcwd is not set. 
This is now treated as a policy rejection.
 2022-07-26 11:04:29 -06:00
Todd C. Miller
16ea0bb3fd intercept_check_policy: close saved_dir before returning 2022-07-26 08:56:27 -06:00
Todd C. Miller
3c1f3ef102 Change to runcwd during the policy check where possible. 
Otherwise, attempts to run "./command" from a shell with intercept
set will fail if the current working directory is different from
the main sudo process.
 2022-07-26 08:43:44 -06:00
Todd C. Miller
5516cdcd5b For preload DSO make copies of cmnd, argv, envp and map them read-only. 2022-07-25 19:56:54 -06:00
Todd C. Miller
226a6cd754 Use sudo_mmap_alloc functions in DSO-based intercept code. 2022-07-25 16:05:11 -06:00
Todd C. Miller
15fd62f0d5 resolve_path: skip non-regular files 2022-07-25 08:51:49 -06:00
Todd C. Miller
75e97fd5b2 Make sure the plugin provides a command, argv and envp. 2022-07-14 09:49:00 -06:00
Todd C. Miller
e5652fc65a Linux execve(2) allows argv or envp to be NULL. 
Add checks to make sure we don't deference a NULL pointer.
 2022-07-14 09:29:40 -06:00
Todd C. Miller
a5ac29219a intercept_check_policy: add oom label and fix approval failure case. 
If the approval plugin fails we need to set the state to POLICY_REJECT
just like we do if the policy rejected the command.
 2022-07-13 13:06:21 -06:00
Todd C. Miller
a2b0a8330c Fix a few whitespace issues. 2022-07-09 11:21:17 -06:00
Todd C. Miller
f6e4d2765a Add explicit include of unistd.h for getopt(3) and related variables. 2022-07-05 11:35:25 -06:00
Todd C. Miller
fd0c5566ac Merge pull request #161 from likunyur/lky 
sudoers/cvtsudoers: Remove the repeated ';' from code
 2022-07-04 09:00:58 -06:00
Li kunyu
a9a164e71c src/send: Remove the repeated ';' from code 
Signed-off-by: Li kunyu <kunyu@nfschina.com>
 2022-07-04 12:36:11 +08:00
Todd C. Miller
3cd9c5f5e6 Stop sending an InterceptResponse to a PolicyCheckRequest for log_subcmds. 
There's no real reason for the command to wait for sudo send back a
response that will always be a PolicyAcceptMessage.
 2022-06-30 13:35:07 -06:00
Todd C. Miller
424fa7f2b1 sudo_preload_dso: make the envp function argument const 
This lets us fix an inappropriate cast in sudo_intercept_common.c.
 2022-06-21 14:31:30 -06:00
Todd C. Miller
5f534979ef Regenerate dependencies 2022-06-29 10:18:56 -06:00
Todd C. Miller
b6151781ce Quiet some harmless PVS Studio warnings. 2022-06-29 10:08:55 -06:00
Todd C. Miller
3e21c8da5c Add missing PVS Studio Open Source comments. 
Also avoid checking protobuf-c source and protobuf-c generated files.
 2022-06-29 09:45:04 -06:00
Todd C. Miller
13672f28df Make sudo pass -Wwrite-strings 2022-06-28 16:33:15 -06:00
Todd C. Miller
0efd616202 Fix missing prototype warning. 2022-06-27 14:01:29 -06:00
Todd C. Miller
f5ac1317c4 Make sudo pass -Wmissing-prototypes 2022-06-27 12:48:03 -06:00
Todd C. Miller
f432209304 Include inttypes.h if stdint.h is not present. 
Bug #1035
 2022-06-27 07:20:37 -06:00
Todd C. Miller
e9c2695268 intercept_write: remove unused CD_USE_PTRACE code. 
It is not possible to end up in intercept_write when CD_USE_PTRACE
is set.
 2022-06-21 09:54:41 -06:00
Todd C. Miller
33547702f3 readlink(2) does NUL-terminate the buffer, do it manually. 
Fixes a bug where the current working directory could include garbage
in intercept mode using ptrace(2).
 2022-06-21 20:12:58 -06:00
Todd C. Miller
332a6afe77 Set TCP_NODELAY on the socket used for intercept IPC to reduce latency. 
On some systems, Nagle's algorithm was delaying receipt of the data,
causing commands with intercept or log_subcmds to run slowly.
Related to Bug #1034.
 2022-06-20 16:22:29 -06:00
Todd C. Miller
b10201bdc4 Use blocking I/O when talking to the sudo process. 
Also check for EAGAIN/EINTR when reading the message size.
Fixes a problem seen on AIX where recv_intercept_response() could
fail unexpectedly.  Bug #1034.
 2022-06-20 15:02:11 -06:00
Todd C. Miller
8829c028d3 Add debug printfs when send/recv return EAGAIN or EINTR. 
These are not actually errors but can help gain insight into what
is going on and, in the case of EAGAIN, whether or not there may
be a kernel resource starvation problem.
 2022-06-20 14:58:06 -06:00
Todd C. Miller
dfee181d15 Fix compilation on Linux/x32; GitHub issue #158 2022-06-11 16:59:18 -06:00
Todd C. Miller
964bcfa2dd Make read and write events persistent and disable as needed. 
For the read callback, disable reader when the buffer is full.
For the write callback, disable writer when the buffer is consumed.
 2022-06-07 12:40:00 -06:00
Todd C. Miller
7689b8718c Check for SECCOMP_MODE_FILTER not SECCOMP_SET_MODE_FILTER. 
This matches the actual prctl() call we use.
 2022-06-07 10:50:59 -06:00
Pierre Bourdon
d549adf04b exec_ptrace: fix missing sudo_pt_regs on aarch64 
AArch64 already had an existing "user_pt_regs" struct and didn't need a
struct alias before the renaming to "sudo_pt_regs". Make the code build
again by adding the now missing alias.

Fixes: 2eb8ff17
 2022-06-07 17:14:39 +02:00
Todd C. Miller
c2a131714a Reinstall the event handler if we get EAGAIN from read/write callback. 
The read and write events do not set SUDO_EV_PERSIST so we need to
explicitly re-enable the event if there is still data to be read.
Bug #963.
 2022-06-06 19:42:07 -06:00
Todd C. Miller
f19a71a3db Move a comment to the correct location. 2022-06-03 10:32:47 -06:00
Todd C. Miller
898ca50545 Eliminate some dead stores that clang-analyzer complains about. 2022-06-03 10:01:11 -06:00
Todd C. Miller
63e6973ad1 ptrace_read_vec: don't try to free memory on the error path 
This is leftover from when ptrace_read_string() allocated its own memory.
 2022-06-03 10:00:08 -06:00
Todd C. Miller
25a26f5042 Avoid using vfork(2) in the DSO system(3) wrapper. 
Traditional vfork(2) semantics make it unsafe for use for more than
just vfork(2) + execve(2).
 2022-06-03 09:43:34 -06:00
Todd C. Miller
de4d53e488 When using ptrace(2), push the point where we suspend into exec_cmnd(). 
This should reduce the amount of time the child has to wait for
the parent to use PTRACE_SEIZE to seize control and then PTRACE_CONT
to continue the child.
 2022-05-31 19:51:26 -06:00
Todd C. Miller
cec83a05a3 Add configure check for vfork(2) and fall back to fork(2) if missing. 2022-05-31 14:47:39 -06:00
Todd C. Miller
f52342031d Add support for intercepting the system(3) function. 
This also means we can log system(3) with log_subcmds.
 2022-05-31 14:45:00 -06:00
Todd C. Miller
9bb288d10e Regenerate files after merging AppArmor integration. 2022-05-27 08:30:34 -06:00
Todd C. Miller
f16754a1dd Merge branch 'main' into apparmor_support 2022-05-27 08:25:12 -06:00
Todd C. Miller
dc2b28d3e0 Pass envp, not environ, to real execve() from exec_wrapper() if possible. 
The replacement execve() function was passing the global environ
to exec_wrapper() instead of the envp parameter.  This caused the
command to be run with the wrong environment on AIX systems, and
possibly others, when intercept or log_subcmds was enabled.
Bug #1030.
 2022-05-26 16:33:46 -06:00
Todd C. Miller
b6ddf3db6d Consolidate some translatable strings. 2022-05-26 09:37:58 -06:00
Todd C. Miller
38c6e1bffb Standardize protobuf "unable to unpack" warning messages. 2022-05-26 09:35:18 -06:00
Todd C. Miller
9ac42292d1 Bump plugin minor version and document new intercept-related settings. 
There should have been a minor version bump for sudo 1.9.8 when
intercept was originally implemented.
 2022-05-26 09:19:08 -06:00
Todd C. Miller
d6be44db00 Add support for running o32 and n32 binaries on mips64. 2022-05-24 13:43:51 -06:00