isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,796 Commits 1 Branch 0 Tags
c91b6777d3d8fbfa65d016857fa36ecabff848f6
Commit Graph

8796 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
7918f7e7eb Use sudo_strsplit() instead of doing the equivalent manually. 2016-08-26 11:07:19 -06:00
Todd C. Miller
c50b835255 Move SIGPIPE bug fix to 1.8.18 where it belongs 2016-08-25 13:24:03 -06:00
Todd C. Miller
a246c9570a Fix memset size typo in previous commit. 2016-08-25 10:36:53 -06:00
Todd C. Miller
c5cfc9584c Add regress for check_defaults() use-after-free bug. 2016-08-25 08:33:07 -06:00
Todd C. Miller
99b9699793 Fix use-after-free in check_defaults(), reported by Radovan Sroka 
of RedHat.
 2016-08-25 08:32:45 -06:00
Todd C. Miller
403b904abe SIGPIPE bug fix 2016-08-24 09:01:28 -06:00
Todd C. Miller
7625f06841 Now that we ignore SIGPIPE in sudo we need to restore it at exec 
time.  Problem reported by Radovan Sroka of RedHat.
 2016-08-24 08:59:37 -06:00
Todd C. Miller
d54148bbdd Fix appending to make_opts 2016-08-22 07:13:02 -06:00
Todd C. Miller
5a432b9612 Add Bug #753 and fix reference to Bug #752. 2016-08-22 06:32:54 -06:00
Todd C. Miller
8d89d8395f sync with translationproject.org 2016-08-21 19:23:52 -06:00
Todd C. Miller
ba91ebb14b regen pot files 2016-08-21 14:10:56 -06:00
Todd C. Miller
8f9869df7e Update with logging changes. 2016-08-17 15:23:33 -06:00
Todd C. Miller
d8a65715d6 Avoid duplicate warnings when we cannot write to the log file. 
Also send the warning in mail if possible.
 2016-08-17 14:51:20 -06:00
Todd C. Miller
3e4c7eed31 Move the ignoring of I/O log plugin errors into the I/O log plugin 
itself.
 2016-08-17 14:38:00 -06:00
Todd C. Miller
ed18d0d5f8 Make the behavior when we cannot write to a log or audit file 
configurable.  File log failures are ignored by default for consistency
with syslog.  Audit errors are ignored by default to allow the admin
to fix the issue.  I/O log file errors are still fatal by default
since if I/O logging is activated it is usually to have an audit trail.
Bug #751
 2016-08-17 07:22:51 -06:00
Todd C. Miller
9ccd260842 Make sure we print an error message to stderr (and not just send 
mail) if do_logfile() fails.  Bug #751
 2016-08-15 07:25:18 -06:00
Todd C. Miller
043b3d223b Separate out the supplemental group ID checks from the supplemental 
group name checks in user_in_group().  We now call sudo_get_gidlist()
only when the group name in sudoers begins with a '#' (which is
seldom used).
 2016-08-13 21:12:22 -06:00
Todd C. Miller
985ab1dd3e Cache the user's group IDs and group names separately and only 
resolve group IDs -> names when needed.  If the sudoers file doesn't
contain groups we will no longer try to resolve all the user's group
IDs to names, which can be expensive on some systems.
 2016-08-13 16:27:44 -06:00
Todd C. Miller
c3b8e97a6e Remove the "op" parameter from all the store_foo() functions except 
store_list() where it is actually needed.  For the others, a NULL
value indicates the setting was negated.  This unconfuses static
analyzers (and perhaps humans too).
 2016-08-12 16:41:51 -06:00
Todd C. Miller
8c2b6fb34e Flags always have a NULL value. Regression introduced by refactor 
of set_default_entry().
 2016-08-12 15:03:54 -06:00
Todd C. Miller
1ca261c305 Set rc to true when setting a flag Defaults value. 2016-08-12 11:32:36 -06:00
Todd C. Miller
25f39ff31d suppress a cppcheck false positive 2016-08-12 11:11:49 -06:00
Todd C. Miller
caf064e17b Refactor the error parts of set_default_entry() so the switch() is 
mostly just calls to store_foo() functions.  Avoids a lot of
duplicated error checking and silences a cppcheck false positive.
 2016-08-12 10:37:41 -06:00
Todd C. Miller
9051c92cb3 In set_default_entry() check for unsupported Defaults type. 2016-08-12 09:37:11 -06:00
Todd C. Miller
f17f9ba9b2 Add missing break in switch that sets the max limit for RLIMIT_NOFILE. 
Found by cppcheck.
 2016-08-12 09:24:41 -06:00
Todd C. Miller
7ac77b094c Check sudoers_initlocale return value and treat as oom. 
Coverity CID 141832
 2016-08-12 06:00:17 -06:00
Todd C. Miller
a08ea1b14d Set runas_pw early and adjust runaslist_matches() to deal. Since 
we now set runas_default early there is no need to call update_defaults
with SETDEF_RUNAS after sudoers has been parsed.
 2016-08-10 10:56:05 -06:00
Todd C. Miller
56ead73886 Load sudoers group plugin via an early callback. 2016-08-09 13:14:31 -06:00
Todd C. Miller
a9973c2e68 System Integrity Protection on Mac OS X won't allow us to write 
directly to /etc or /var.  We must install in /private/{etc,var}
instead.
 2016-08-09 12:35:08 -06:00
Todd C. Miller
d17bc132de Document that fqdn, runas_default and sudoers_locale are parsed early. 2016-08-09 10:26:02 -06:00
Todd C. Miller
ac20b8ddff Regen for 1.8.18 2016-08-09 10:25:50 -06:00
Todd C. Miller
9d94ee11c0 Avoid passing around struct defaults when it is not needed. As a 
result, we no longer need to include gram.h in the LDAP and SSSD
backends.
 2016-08-08 20:09:59 -06:00
Todd C. Miller
0bf2d9b162 Instead of deferring setting early defaults until we have traversed 
the entire defaults list, just defer running the callbacks.  Otherwise,
if the last early default setting we see has a bad value we won't
set any defaults of that type even if there was an earlier one that
was valid.
 2016-08-08 17:04:20 -06:00
Todd C. Miller
e5a7891ec8 Run callbacks once in set_default_entry() instead of each of the 
store_foo() functions.
 2016-08-08 16:47:11 -06:00
Todd C. Miller
14c9d203e8 Use /proc/cpuinfo on Linux instead of running lscpu 2016-08-03 06:31:17 -06:00
Todd C. Miller
820934082f If using GNU make on a multi-cpu system, use the -j flag to run 
make jobs in parallel, up to the number of cpus/cores.
 2016-08-03 06:15:25 -06:00
Todd C. Miller
54efa54c0e Only check SUDO_USER if euid is 0 2016-07-31 18:47:36 -06:00
Todd C. Miller
f85e95329f Initialize sudo_user based on the SUDO_USER environment variable 
if present.  This allows things like :Defaults:username editor=foo"
to work when visudo is run via sudo.
 2016-07-30 15:27:36 -06:00
Todd C. Miller
4352bb9ca9 Add function name in "command resumed" debug message 2016-07-28 06:23:39 -06:00
Todd C. Miller
383debee9f If waitpid() returns 0 or -1, display a warning, this should never happen. 
Add a check for unhandled wait status (also should never happen).
 2016-07-28 06:16:43 -06:00
Todd C. Miller
2b150925dc Flag settings have a NULL value so we can't use that to test whether 
an entry in struct early_default is set or not.  Add a "set" member
and use that instead.
 2016-07-28 06:05:39 -06:00
Todd C. Miller
4f47a2ad7d Explicitly check for a continued process with waitpid(2). Otherwise, 
waitpid() will return 0 when the command is resumed after being
suspended, which we were treating the same as -1.  Fixes suspend
and resume on Linux and probably others.
 2016-07-27 16:17:41 -06:00
Todd C. Miller
a014a2abd4 Fix --with-fqdn, the value should be NULL since it is a flag. 2016-07-27 15:03:48 -06:00
Todd C. Miller
16551031f9 Add support for early defaults to the ldap and sssd backends. 2016-07-27 14:20:17 -06:00
Todd C. Miller
cc31c2b241 Repair symlink check in sudo_edit_openat_nofollow() on systems 
without O_NOFOLLOW, it must be done relative to dfd.  Previously
the lstat() would always fail, possibly leading to a false positive.
Also add an early symlink check like in sudo_edit() while here.
 2016-07-25 10:41:33 -06:00
Todd C. Miller
bf82b3f2ba On systems that lack the O_NOFOLLOW open(2) flag, check in 
sudo_edit_open() whether the path to be opened is symlink before
opening it.  This is racey but we detect losing the last post-open
and it is better to fail early if possible.  When editing a link
to a non-existent file, a zero-length file will be left behind but
it is too dangerous to try and remove it after the fact.
Bug #753
 2016-07-25 10:26:54 -06:00
Todd C. Miller
2663575118 Update debug_decl for sudo_edit_openat_nofollow() 
Remove unused variables when O_NOFOLLOW is not present.
 2016-07-25 10:22:29 -06:00
Todd C. Miller
2c21663b22 Split set_default_entry() out of set_default() so we can call it 
from check_defaults() to validate the defaults value.  In visudo,
suppress warnings from update_defaults() and rely on check_defaults()
to provide warnings.
 2016-07-23 09:10:48 -06:00
Todd C. Miller
29d842dbaf Split binding match code out of default_type_matches() into 
default_binding_matches().  We can now use default_type_matches()
in check_defaults().
 2016-07-23 08:45:43 -06:00
Todd C. Miller
e0ac766473 Pass quiet flag to init_parser() and update_defaults() when doing 
first parse of sudoers.
 2016-07-23 05:53:35 -06:00