isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,796 Commits 1 Branch 0 Tags
c91b6777d3d8fbfa65d016857fa36ecabff848f6
Commit Graph

8796 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
9ee50beaa7 The fix for Bug #722 contained a typo/thinko that resulted in the 
exit status being 0 when a command was killed by a signal other
than SIGINT.  This fixes the signal handler setup so sudo will
terminate with the same signal as the command.  Bug #784.
 2017-04-26 20:17:34 -06:00
Todd C. Miller
2180eab1f9 Better check for /etc/rc.d/rc2.d/S90sudo on AIX 2017-04-26 15:49:10 -06:00
Todd C. Miller
54a23d2c5d Don't install the rc.d link when installing to a DESTDIR. 
DESTDIR is generally only set when installing to a temporary
directory for packaging in which case the link should be
made in a post-install script.
 2017-04-26 14:49:05 -06:00
Todd C. Miller
9bccceaea1 In "make install", install sample sudoers file as /etc/sudoers.dist 
and copy it to /etc/sudoers if there is no existing /etc/sudoers.
Packages either contain /etc/sudoers (RPM and Debian) or /etc/sudoers.dist
(everything else).
 2017-04-26 13:52:49 -06:00
Todd C. Miller
495931f4a8 Allow "make dist" and "make depend" to work for out of tree builds. 2017-04-26 10:43:42 -06:00
Todd C. Miller
f7df250625 Add missing $(srcdir) prefix to shlib_exp definition. 2017-04-24 10:05:38 -06:00
Todd C. Miller
11c82e2f1b Fix typo in killpg macro. 2017-04-21 09:25:17 -06:00
Todd C. Miller
18c8ce10ea Fix the killpg macro for systems without killpg() in libc. 2017-04-21 07:28:45 -06:00
Todd C. Miller
9f1afe23fe Use the standard idiom for popping all entries from a tail queue. 
The llvm checker gets confused by TAILQ_REMOVE and generate
use-after-free false positives.
 2017-04-20 16:13:14 -06:00
Todd C. Miller
c60259bd63 rewrite errpipe callbacks 2017-04-20 16:12:53 -06:00
Todd C. Miller
c2176c32a7 use pipe2() with O_CLOEXEC instead of pipe() + fcntl() and FD_CLOEXEC 2017-04-20 15:10:57 -06:00
Todd C. Miller
6e75179528 init io_pipe[][] to -1, not 0 2017-04-20 15:09:07 -06:00
Todd C. Miller
f3daaba1c4 In sudo_sss_check_user() it is not possible for handle to be NULL. 2017-04-19 14:30:30 -06:00
Todd C. Miller
583fac17ea Fix a use after free when the fqdn sudoOption is set and no hostname 
value is present in sssd.conf.
 2017-04-19 14:15:18 -06:00
Todd C. Miller
a245fedc22 Avoid unused variable when getgrouplist_2() is available. 
It would be nicer to just provide getgrouplist_2() (or the equivalent)
and avoid the ugly #ifdefs.
 2017-04-19 09:39:55 -06:00
Todd C. Miller
871b912f46 sync with translationproject.org 2017-04-19 09:07:55 -06:00
Todd C. Miller
7c63dbf65e regen 2017-04-13 13:45:00 -06:00
Todd C. Miller
d989f8af30 In sudo_ttyname_scan() if dir is the empty string, set errno to 
ENOENT before returning.
 2017-04-12 17:06:48 -06:00
Todd C. Miller
0b81e0b195 Try to make it clear that when match_group_by_gid is enabled, groups 
in sudoers are looked up by group name instead of group ID.  This
doesn't usually cause problems, but if there are conflicting group
entries (for example, from a local /etc/group file and an LDAP or
AD group database), whether the group is resolved by name or ID can
be used to work around conflicts.
 2017-04-11 16:56:04 -06:00
Todd C. Miller
f7251f806c sync with translationproject.org 2017-04-07 10:32:52 -06:00
Todd C. Miller
491e6ae9fc plug memory leak in check_digest 2017-04-07 09:56:47 -06:00
Todd C. Miller
c6f9f06c45 Check return value of dispatch_pending_signals() in case we received 
SIGINT or SIGQUIT before executing the command.
 2017-04-07 08:38:56 -06:00
Todd C. Miller
ec5b78335f back out unintentional change to the version number 2017-03-30 07:10:36 -06:00
Todd C. Miller
04d83c41c7 sync with translationproject.org 2017-03-28 10:56:30 -06:00
Todd C. Miller
bdc9251184 Make check_digest test sudo_filedigest() itself instead of the 
underlying SHA2 functions.  That way we can test it regardless of
whether we use sudo's SHA2 functions or a library version.
 2017-03-27 14:45:24 -06:00
Todd C. Miller
272a9c8e9b Document that commands matched by "sudo ALL" are not affected by 
fdexec.
 2017-03-27 11:10:18 -06:00
Todd C. Miller
ba15306c97 Update for 1.8.20 2017-03-24 16:29:09 -06:00
Todd C. Miller
a58c7d7db5 regen for restricted_env_file 2017-03-24 15:37:14 -06:00
Todd C. Miller
7f26338071 Mention that iolog_user is useful for NFS. 2017-03-24 15:36:03 -06:00
Todd C. Miller
4df6b62b56 Only retry mkdir or create with PERM_IOLOG if errno is EACCES. 
Also always use PERM_IOLOG for mkdtemp() since we cannot retry
if it fails.  Since we are guaranteed to create a new directory
there's no real need to try w/o PERM_IOLOG in this case.
 2017-03-23 17:00:27 -06:00
Todd C. Miller
31b16fd3e9 Add fallback to PERM_IOLOG when making the final componenet of iolog_dir. 2017-03-22 15:55:16 -06:00
Todd C. Miller
b3af85ddc8 Add restricted_env_file which is like env_file but subject to the 
same restrictions as the user's own environment.
 2017-03-22 13:39:25 -06:00
Todd C. Miller
4621e43676 quiet a warning on older zlib 2017-03-22 08:47:10 -06:00
Todd C. Miller
8d1e994d84 cast mode_t to unsigned int when printing with %o 2017-03-22 08:37:12 -06:00
Todd C. Miller
7f1fa00be9 regen 2017-03-21 16:34:17 -06:00
Todd C. Miller
7668b4b42b Set umask temporarily when creating files instead of changing the 
mode after the fact.  This is slightly less error prone.
 2017-03-21 16:21:17 -06:00
Todd C. Miller
2a37590b7d remove now-useless variable 2017-03-21 15:04:47 -06:00
Todd C. Miller
2caddff3f9 Don't set owner/mode on directories that already exist, only on 
newly-created ones.
 2017-03-21 14:55:19 -06:00
Todd C. Miller
1bd90d8fff Explicitly set the file mode of I/O log files so the mode is not 
affected by the invoking user's umask.
 2017-03-21 13:54:27 -06:00
Todd C. Miller
8d57491dc1 Add PERM_IOLOG so we can create I/O log files on an NFS-mounted 
filesystem where root is remapped to an unprivileged user.
 2017-03-21 13:41:14 -06:00
Todd C. Miller
cfb15106e3 Restore the '/' in the path before returning if we encounter an error. 2017-03-21 10:15:31 -06:00
Todd C. Miller
2dbd091443 When creating the timestamp directory, use the group of the timestamp 
owner instead of inheriting the group of the parent directory.
 2017-03-20 12:59:28 -06:00
Todd C. Miller
a1322d7dd9 zero out nss->handle after it has been freed to make sure we cannot free it twice 2017-03-21 09:52:51 -06:00
Todd C. Miller
c4e703696a Add iolog_flush option. 2017-03-20 10:25:58 -06:00
Todd C. Miller
8c8d078f66 Don't allow the user to specify an I/O log file mode that sudo can't 
read or write to.  I/O logs must always be readable and writable
by the owner.
 2017-03-17 10:56:17 -06:00
Todd C. Miller
8b3845c1ca Regenerate the cat pages with newer mandoc which formats double 
quotes as "foo" instead of ``foo''.
 2017-03-14 09:13:25 -06:00
Todd C. Miller
4bdbc6b290 Make it clear that I/O logs will be complete even if the command 
run by sudo is terminated by a signal.  The I/O log buffering just
prevents the logs from being displayed in real-time as the command
is running.
 2017-03-14 09:11:56 -06:00
Todd C. Miller
35e4bd3e9f Replace pipe_nonblock() with pipe2() 2017-03-13 12:11:52 -06:00
Todd C. Miller
7aa89c49b5 Emulate pipe2() on systems without it. 2017-03-13 12:11:51 -06:00
Todd C. Miller
b63df21ba5 Fix declaration of sudo_krb5_verify() in the case where krb5_verify_user() 
is not present.  Bug #777
 2017-03-10 11:52:49 -07:00