isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,574 Commits 1 Branch 0 Tags
c6987aa26ea12569e65bc7ab18e702b06ab8d715
Commit Graph

1652 Commits

Author SHA1 Message Date
Todd C. Miller
4e11bc0e26 Suppress PVS Studio false positives. 2021-01-06 14:27:09 -07:00
Todd C. Miller
92c88d4105 Quiet a few harmless cppcheck warnings. 2021-01-06 13:01:10 -07:00
Todd C. Miller
84b3a1dae1 Remove the --force option from the cppcheck args, it causes errors. 2021-01-06 13:01:09 -07:00
Todd C. Miller
83ff164690 Split up sesh_sudoedit() so it is organized more like sudo_edit.c. 
The new sesh_edit_create_tfiles() and sesh_edit_copy_tfiles() functions
are analogous to sudo_edit_create_tfiles() and sudo_edit_copy_tfiles().
Also use "sudoedit" in the warning/error messages from sesh_sudoedit().
Otherwise, the user gets a mix of messages from sudoedit and sesh.
 2021-01-06 13:01:09 -07:00
Todd C. Miller
7788581473 Rename run_cred -> cur_cred and stash existing creds in set_tmpdir(). 
For sudo_edit_open() et al what we need is a copy of the current
cred to restore after dir_is_writable() changes to the user cred.
 2021-01-06 13:01:09 -07:00
Todd C. Miller
ece5adc662 Add struct sudo_cred to hold the invoking or runas user credentials. 
We can use this when we need to pass around credential info instead
of the user_details and command_details structs.
 2021-01-06 13:01:09 -07:00
Todd C. Miller
46e2d7290a Add directory writability checks for SELinux RBAC sudoedit. 
These were never added to the SELinux RBAC path.
 2021-01-06 13:01:09 -07:00
Todd C. Miller
a5be62c68f Move safe open code out of sudo_edit.c and into edit_open.c. 2021-01-06 13:01:09 -07:00
Todd C. Miller
397a07e86f In sudoedit, use sudo_check_temp_file() for non-SELinux too. 2021-01-06 13:01:09 -07:00
Todd C. Miller
7cd36222e7 Add security checks before using temp files for SELinux RBAC sudoedit. 
Otherwise, it may be possible for the user running sudoedit to
replace the newly-created temporary files with a symbolic link and
have sudoedit set the owner of an arbitrary file.
Problem reported by Matthias Gerstner of SUSE.
 2021-01-06 10:16:00 -07:00
Todd C. Miller
db1f27c035 Fix potential directory existing info leak in sudoedit. 
When creating a new file, sudoedit checks to make sure the parent
directory exists so it can provide the user with a sensible error
message.  However, this could be used to test for the existence of
directories not normally accessible to the user by pointing to them
with a symbolic link when the parent directory is controlled by the
user.  Problem reported by Matthias Gerstner of SUSE.
 2021-01-06 10:16:00 -07:00
Todd C. Miller
b132def0b1 For sudo, only allow "sudo" or "sudoedit" as the program name. 
The program name is also used when matching Debug lines in sudo.conf.
We don't want the user to be able to influence sudo.conf Debug matching.
The string "sudoedit" is treated the same as "sudo" in sudo.conf.
Problem reported by Matthias Gerstner of SUSE.
 2021-01-06 10:16:00 -07:00
Todd C. Miller
a29cac8bd6 Fix the buffer size parameter when serializing the interface list. 
Problem reported by Matthias Gerstner of SUSE.
 2020-12-21 10:44:22 -07:00
Todd C. Miller
267b9a8a23 Cannot do direct exec of a command when SELinux RBAC is enabled. 2021-01-02 10:43:34 -07:00
Todd C. Miller
8617833385 Minor fixes pointed out by cppcheck. 
Also add compareBoolExpressionWithInt to suppression list.
 2021-01-02 10:43:34 -07:00
Todd C. Miller
0e3e13d872 Define _DARWIN_UNLIMITED_GETGROUPS on macOS to suport > 16 groups. 
On macOS 10.6 and above, getgroups(2) can return more than NGROUPS_MAX
if _DARWIN_UNLIMITED_GETGROUPS or _DARWIN_C_SOURCE is defined.
Bug #946
 2020-12-07 13:15:25 -07:00
Todd C. Miller
cbb7b4afa6 Audit errors from policy_init_session(), audit_accept(), and audit_reject(). 2020-12-03 14:10:30 -07:00
Todd C. Miller
02ebdfd7f2 Do not run the command if the audit accept function fails. 
Also add warnings if the audit reject or error functions fail.
 2020-12-03 13:20:32 -07:00
Todd C. Miller
24d812d037 Pass command_info[] to audit plugin on I/O log plugin reject or error. 
The audit plugin should cope with a NULL command_info but there's no
reason not to pass the info when we have it.
 2020-11-17 13:15:15 -07:00
Todd C. Miller
b2ccbb3a90 Stay setuid until just before executing the command. 
Fixes a problem with pam_xauth which checks effective and real uids
to get the real identity of the user.
 2020-11-11 09:34:50 -07:00
Todd C. Miller
fe9e65754c Add event_alloc to the audit plugin API. 
The sudoers audit plugin will use this to communicate with sudo_logsrvd.
 2020-11-02 15:28:21 -07:00
Todd C. Miller
e0c2635fb3 Apply Google inclusive language guidelines. 
Also replace backwards with backward.
 2020-10-30 10:15:30 -06:00
Todd C. Miller
79921387a3 regen Makefiles 2020-10-20 19:23:46 -06:00
Todd C. Miller
88dcdcd11d Fix -Wshadow warnings. 2020-09-25 15:09:45 -06:00
Todd C. Miller
44a1058aa3 Fix typo in last commit. 2020-09-18 06:09:57 -06:00
Todd C. Miller
90bcae7986 Only use faccessat(3) if AT_EACCESS is defined. 
Apparently Android (bionic) has faccessat() but not AT_EACCESS.
Bug #940.
 2020-09-17 20:17:38 -06:00
Todd C. Miller
4f1fff953b Guard use of ttyslot() with HAVE_TTYSLOT, fix guard for utmp_setid(). 
This should make it easier to compile sudo on Android which doesn't
provide a way to write to the utmp file.  Bug #940.
 2020-09-17 20:05:30 -06:00
Todd C. Miller
cc8e6c6015 Check that the files are character devices before comparing st_rdev. 2020-09-04 19:13:50 -06:00
Todd C. Miller
a0092ce31f Fix regress when ttyname(3) returns the same device under a different name. 
On systems that have both new and old pty names we can end up with
a name mismatch even though the underlying device is the same.
 2020-09-04 19:02:26 -06:00
Todd C. Miller
24b35393e3 Add sudoers_audit to sudo_sudoers_plugin_symbols[] array. 
Fixes loading of sudoers_audit when configured with --enable-static-sudoers.
GitHub issue #61
 2020-09-04 10:59:41 -06:00
Todd C. Miller
0106343032 Use correct size for curlim and maxlim. 2020-09-03 10:20:28 -06:00
Todd C. Miller
1676f0ceeb Support "*" for CWD/CHROOT to allow user to specify cwd or chroot. 
Adds two new command line options, -D (--chdir) and -R (--chroot)
that can only be used when sudoers sets runcwd or runchroot to "*".
 2020-09-01 14:10:02 -06:00
Todd C. Miller
c4a579cf8a Pass resource limits values to the plugin in user_info[] 
Sudo resets the resource limits early in its execution so
the plugin cannot tell what the original limits were itself.
 2020-08-31 16:37:01 -06:00
Todd C. Miller
84e6e6ccf9 Update copyright year on some files where it was out of date. 2020-08-31 14:09:36 -06:00
Todd C. Miller
a3364c1e95 Fix sudoers_policy plugin options when sudoers_audit is not listed. 
As of sudo 1.9.1 the sudoers file is opened by the audit plugin,
not the policy plugin.  As a result, plugin options set for
sudoers_policy have no effect.  If sudoers_policy has plugin options
in sudo.conf and sudoers_audit is not listed, move the options to
sudoers_audit so they will have an effect.
 2020-08-17 13:45:16 -06:00
Todd C. Miller
a940a2c78e Fix some warnings from pvs-studio 2020-08-12 20:01:39 -06:00
Todd C. Miller
961a4afe67 Fix some warnings from pvs-studio 2020-08-12 13:45:09 -06:00
Todd C. Miller
cbad17a994 Move inclusion of compat headers up with the system headers. 
Now that sudo_dso_public is defined in config.h we don't need sudo_compat.h
before including the compat headers.
 2020-08-12 10:07:07 -06:00
Todd C. Miller
985af422d2 Rename __dso_public -> sudo_dso_public and move to config.h. 2020-08-12 09:57:42 -06:00
Todd C. Miller
076d0376db We no longer need to include sudo_gettext.h before sudo_compat.h 2020-08-12 09:50:35 -06:00
Todd C. Miller
ce97ca28db Use OpenBSD-compatible freezero() in place of explicit_bzero() + free() 2020-08-10 19:24:33 -06:00
Todd C. Miller
cef6e3687e Switch from memset_s() -> explicit_bzero(). 
memset_s() (and all of Annex K) is likely to be removed from the
a future version of the standard.
 2020-08-10 19:24:32 -06:00
Todd C. Miller
fa5d44b8b5 Quiet some clang 10 analyzer warnings. 2020-08-07 14:22:56 -06:00
Todd C. Miller
03ad96e445 Use the fallthrough attribute instead of /* FALLTHROUGH */ comments. 2020-08-01 13:10:50 -06:00
Todd C. Miller
6ee98cf453 Prompt user before truncating a file to zero bytes. Bug #922. 2020-07-22 07:42:40 -06:00
Todd C. Miller
df49897bd0 Replace or remove use of `scare quotes' 
These don't translate well and look odd in many fonts.
 2020-06-24 05:40:18 -06:00
Todd C. Miller
1cec928d17 Fix implicit fallthrough warning and add break to default cases. 2020-06-20 14:11:40 -06:00
Todd C. Miller
8bb5aedacf Replace master/slave in code with leader/follower. 2020-06-15 16:21:32 -06:00
Todd C. Miller
bee9950593 Clean up temporary sudoedit files on success; Bug #929 
This is a regression introduced in sudo 1.9.0.
 2020-06-14 16:40:21 -06:00
Todd C. Miller
1198dfc930 Only display an error in the built-in policy close if command is set. 
If a policy or approval plugin denies the command, command_details
will not have been filled out.
 2020-06-04 13:31:03 -06:00