isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,796 Commits 1 Branch 0 Tags
c91b6777d3d8fbfa65d016857fa36ecabff848f6
Commit Graph

8796 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
413e1100b8 Add new fdexec sudoers setting to allow choose whether execve() or 
fexecve() is used.
 2017-01-22 18:56:16 -08:00
Todd C. Miller
dde2b5eb2c Close execfd in parent processes where it is not needed. 2017-01-22 18:56:13 -08:00
Todd C. Miller
5514ea6851 Add support for digest matching when the command is a glob-style 
pattern or a directory.  For example:

millert ALL = sha224:TmUvLkp3a2txliSC2X6CiK42626qdKsH72m/PQ== /bin/
millert ALL = sha224:TmUvLkp3a2txliSC2X6CiK42626qdKsH72m/PQ== /bin/*

would only match /bin/ls (assuming the digest matches).

Previously, only explicit path matches checked the digest.
 2017-01-21 16:43:46 -07:00
Todd C. Miller
df03020c4c Add support for SASL_MECH in ldap.conf; Bug #764 2017-01-17 11:09:23 -07:00
Todd C. Miller
34ba901baa Fix documentation bug, the contents of env_file have never been 
subject to env_keep or env_check.  However, variables are only added
if they have not already been preserved.
 2017-01-17 10:10:47 -07:00
Todd C. Miller
57933a8ff3 Safer example for rule that can change non-root passwords. GNU 
getopts allows options to follow arguments so we need to be able
to deny things like "passwd root -q".  From Paul "Joey" Clark.
Bug #772
 2017-01-17 08:55:40 -07:00
Todd C. Miller
b4f524fe7d Don't overwrite the return value of ldap_sasl_interactive_bind_s() 
by the subsequent call to sudo_set_krb5_ccache_name().  From Paul
Zirnik of SUSE.
 2017-01-16 11:20:26 -07:00
Todd C. Miller
deb4c3b19c In sudo_unsetenv_nodebug(), decrement envp.env_len after removing 
the variable.  From Paul Zirnik of SUSE.
 2017-01-16 11:12:56 -07:00
Todd C. Miller
1a59ab8b74 only run vsyslog_test if it exists 2017-01-15 19:13:26 -07:00
Todd C. Miller
63deb77705 Add regress for vsyslog replacement. 2017-01-15 19:07:59 -07:00
Todd C. Miller
09698b8a31 Define HAVE_NANOSLEEP if we find nanosleep in librt 2017-01-13 21:29:02 -07:00
Todd C. Miller
f589897f8d sudo_nanosleep not nanosleep in util.exp.in 2017-01-13 21:02:31 -07:00
Todd C. Miller
e636f96c48 add nanosleep to util.exp.in if needed 2017-01-13 20:40:26 -07:00
Todd C. Miller
08b662bf0b sudo 1.8.19p2 2017-01-13 16:45:14 -07:00
Todd C. Miller
a957a657b0 Double the size of new_fmt[] and remove an extraneous break in the 
%m handling that was leftover from an earlier edit.
 2017-01-13 16:39:31 -07:00
Todd C. Miller
921ad88ab8 Fix typo, want vsnprintf not snprintf. 2017-01-13 16:30:44 -07:00
Todd C. Miller
414b28dc45 move va_start() in mysyslog() 2017-01-13 16:30:08 -07:00
Todd C. Miller
269b8602d8 Only treat failure of expand_iolog_path() as fatal if ignore_iolog_errors 
is not set.
 2017-01-13 15:45:59 -07:00
Todd C. Miller
2f0295373a When waiting for the parent to grant us the tty, use nanosleep 
instead of spinning to avoid hogging the CPU.
 2017-01-12 10:44:26 -07:00
Todd C. Miller
0ef26ff0b7 Use ROOT_UID instead of 0 2017-01-12 10:42:26 -07:00
Todd C. Miller
fabb38c918 regen 2017-01-09 10:45:44 -07:00
Todd C. Miller
90e1f4ec3e Fix crash in visudo introduced in sudo 1.8.9 when an IP address or 
network is used in a host-based Defaults entry.  Bug #766
 2017-01-07 19:50:05 -07:00
Todd C. Miller
0c3a8085b3 Avoid using the system strnlen/strndup on AIX < 6. Even if configure 
correctly detects it is working on the build machine, the sudo
package may be run on a system with an old libc were it is broken.
 2017-01-05 06:22:58 -07:00
Todd C. Miller
6c2cb6cb95 sudo 1.8.19p1 2016-12-20 10:26:50 -07:00
Todd C. Miller
0d9255b2f7 Fix logic bug when matching syslog priority and facility. 2016-12-20 10:24:55 -07:00
Todd C. Miller
87d02bfe2d Dell spun off Quest so simplify the history by just talking 
about Quest and not Dell.
 2016-12-20 06:35:49 -07:00
Todd C. Miller
f847570ba9 Fix copyright year 2016-12-19 12:48:15 -07:00
Todd C. Miller
f9ea84383e typo 2016-12-19 11:34:03 -07:00
Todd C. Miller
6aa43ff1e4 HAVE_DECL_GETGROUPLIST_2 is always defined if HAVE_GETGROUPLIST_2 is, 
we need to check its value, not whether it is defined.
 2016-12-18 06:50:51 -07:00
Todd C. Miller
cc03054800 sync with translationproject.org 2016-12-15 14:26:11 -07:00
Todd C. Miller
2eeb191b94 sync with translationproject.org 2016-12-13 10:39:48 -07:00
Todd C. Miller
ae76e1a229 Use getgrouplist_2() on macOS if available. 2016-12-13 10:39:32 -07:00
Todd C. Miller
56cc9aa02d regen 2016-12-03 19:25:17 -07:00
Todd C. Miller
c62b7dc2ee In set_interfaces() treat a parse error as fatal. 2016-12-03 16:39:43 -07:00
Todd C. Miller
e8f612ead4 Fix a clang warning on macOS 2016-12-02 09:34:08 -07:00
Todd C. Miller
2884816c8e sync with translationproject.org 2016-12-01 11:42:50 -07:00
Todd C. Miller
4fc0c36ef8 update for 1.8.19b2 2016-12-01 11:42:32 -07:00
Todd C. Miller
852ffa5938 Ignore a boot time that is in the future, which can happen when the 
clock is corrected down after boot.  Otherwise, the timestamp file
will be unlinked each time sudo is run and a password is always
required.
 2016-12-01 10:52:05 -07:00
Todd C. Miller
00b6be9dfa Allow syslog priority to be negated or set to "none" to disable 
logging successes or failures.
 2016-11-30 16:26:10 -07:00
Todd C. Miller
cb1f044017 Allow stdin and ttyin to be displayed too. The only one that is 
really useful in sudoreplay is stdin when input is from a pipe.
 2016-11-30 13:38:01 -07:00
Todd C. Miller
52d6a5e40d Solaris 10 wordexp() returns 127 on execve() failure like popen() 
does.
 2016-11-30 11:05:42 -07:00
Todd C. Miller
334350af45 id_t is 64-bits on FreeBSD so use strtoll() there. 
Fixes the strtoid regress.
 2016-11-30 07:32:59 -07:00
Todd C. Miller
70d3e0e987 fix typo 2016-11-29 19:46:59 -07:00
Todd C. Miller
aaf6fff736 Fix the "all" setting for verifypw and listpw; nopass would never 
be true even if all the user's entries had the NOPASSWD tag.
Regression introduce in sudo 1.8.17.  Bug #762
 2016-11-29 19:46:25 -07:00
Todd C. Miller
7bcd0285e1 sync with translationproject.org 2016-11-28 10:47:09 -07:00
Todd C. Miller
1aea3f6e3e Just use malloc_options "S" on OpenBSD instead of "AFGJPR". 2016-11-25 09:04:00 -07:00
Todd C. Miller
4d06a612f7 Update year in license 2016-11-22 11:30:00 -07:00
Todd C. Miller
0382a2d47f regen 2016-11-21 17:47:07 -07:00
Todd C. Miller
94b844ebb5 regen 2016-11-21 17:45:46 -07:00
Todd C. Miller
6c5936296f Add SUDO_DEBUG_INSTANCE_ERROR return value for sudo_debug_register() 
and check for it in places where we check the return value of
sudo_debug_register().
 2016-11-21 06:37:23 -10:00