getutline() advances the file pointer until it matches or reaches EOF. pututline() starts from the current position in utmp. This rewinds the file pointer to the beginning to avoid allocating additional spurious utmp entries.
On systems where getgroups() returns results based on more than
just the per-process group vector in the kernel it is possible for
the number of groups to change in between invocations.
Based on GitHub PR #106 from Pierre-Olivier Martel.
In selinux_edit_copy_tfiles() when there is only one file and the open()
fails then number of arguments is lower than expected.
Sudo should return error with or without "Defaults !sudoedit_checkdir" set.
This was found with regression testing of CVE-2021-23240.
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
On Darwin, shared modules and shared libraries are not interchangable
and since we preload sudo_noexec.so via DYLD_INSERT_LIBRARIES it
must be a library, not a module. We must relax the requirement
that libraries begin with a "lib" prefix to work around this
difference. This does mean you must use sudo's libtool on Darwin
(macOS) but that is already a requirement on other systems (notably
HP-UX and SCO) due to a number of libtool patches we require that
haven't be accepted upstream. This is a different fix for PR #102.
This should only be set for signals that terminate the process.
Fixes a bug where the sudo front-end could call the plugin close
function with a non-terminal signal argument.
If SIGCHLD is ignored there is a race condition between when the
process is executed and when the SIGCHLD handler is installed.
This fixes the bug described by GitHub PR #98
Currently only used for RLIMIT_DATA and RLIMIT_AS.
This works around a problem on HP-UX where setting RLIMIT_DATA
changes the resource limits for both 32-bit and 64-bit processes.
HP-UX processes start out with RLIMIT_DATA set based on the values
of the maxdsiz and maxdsiz_64bit kernel tunables, depending on
whether they are 32-bit or 64-bit. By default this limit is 1GB
for 32-bit processes and 4GB for 64-bit. However, once RLIMIT_DATA
is changed, it does not appear to be possible to restore the old
values. This can result in a 64-bit process that is executed by a
32-bit shell getting the 32-bit RLIMIT_DATA instead of the 64-bit
one. Bug #973
Under normal circumstances the existing group list will match the
list fetched by sudo. However, if sudo is executed by a process
that has changed the group list via setgroups(2) and "group_source"
in sudo.conf is set to "dynamic" it is possible for them to be
different.
If group_source in sudo.conf is set to "dynamic" it is possible
for the group list
Now that we store the string version of the address before fetching
the netmask we can just re-use ifr. This simplifies things and is
safer since if there is space for the address there must also be
space for the mask.
HP-UX has a SIOCGLIFCONF but it is incompatible (and appears to only
return IPv6 addresses).
Also add IPv6 support using SIOCGIFCONF (probably AIX only) and make
sure ifr_tmpbuf[] is properly aligned.
It's purpose is to run the fuzzers are part of a normal "make check"
to avoid bit rot, not to perform a fuzzer run.
The fuzz_logsrvd_conf fuzzer was not wired up to "make check" previously.
The ngroups parameter is an out parameter that is filled in with
the actual number of groups, which may be less than the static
number allocated when max_groups is set in sudo.conf.
Fixes a potential out of bounds read found by LLVM libFuzzer.
While this is how the kernel behaves it is not a portable assumption.
The assumption may also be violated if getopt_long(3) permutes arguments.
Found by Qualys.
This is consistent with how the -e option is handled.
Also reject -H and -P flags for sudoedit as was done in sudo 1.7.
Found by Qualys, this is part of the fix for CVE-2021-3156.
