isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9,843 Commits 1 Branch 0 Tags
c9f26ebbb4739d7db2a4fcdb3e69ac1ec2a0353c
Commit Graph

9843 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
09f1c26490 Fix typo in closefrom emulation. 2019-11-06 13:41:52 -07:00
Todd C. Miller
71aed42f9e Do not warn about a missing /etc/environment file on Linux without PAM. 
Bug #907
 2019-11-06 09:55:14 -07:00
Todd C. Miller
635445d471 Transparently handle the "sudo sudoedit" problem. 
Some admin are confused about how to give users sudoedit permission
and many users try to run sudoedit via sudo instead of directly.
If the user runs "sudo sudoedit" sudo will now treat it as plain
"sudoedit" after issuing a warning.  If the admin has specified a
fully-qualified path for sudoedit in sudoers, sudo will treat it
as just "sudoedit" and match accordingly.  In visudo (but not sudo),
a fully-qualified path for sudoedit is now treated as an error.
 2019-11-05 15:18:34 -07:00
Todd C. Miller
73031bbb55 Rename cwd -> submitcwd to match man page. 2019-11-05 15:18:07 -07:00
Todd C. Miller
98ce89ee80 Add unit test for parse_host_port and make an empty port an error. 2019-11-05 06:04:13 -07:00
Todd C. Miller
2949d2c47b Fill in host and port pointers on success. 2019-11-04 13:28:09 -07:00
Todd C. Miller
4c54e61ea9 Fix ChangeLog generation on a branch. 2019-10-28 07:52:56 -06:00
Todd C. Miller
b270b0c887 Split out code to parse host:port into a utility function. 2019-11-02 12:04:26 -06:00
Todd C. Miller
f1d0c99e03 Move bufsize_roundup() -> sudo_pow2_roundup() in libsudo_util. 2019-11-02 12:03:44 -06:00
Todd C. Miller
676d3fc67b Add missing depend target 2019-11-02 12:00:07 -06:00
Todd C. Miller
655fdde22b We haven't needed -I$(top_srcdir) for a long time. 2019-11-02 12:00:04 -06:00
Todd C. Miller
ac36cf2d4b In closefrom_fallback() use the interval [OPEN_MAX, INT_MAX]. 
We want to try closing at least OPEN_MAX fds but no more than INT_MAX.
On 64-bit systems it is possible for sysconf(_SC_OPEN_MAX) to return
a value larger than INT_MAX when the number of open files is unlimited.
 2019-11-02 10:56:02 -06:00
Todd C. Miller
356287557f Use dup3() instead of dup2(). 
This is less error prone since dup3() returns an error if old == new.
Sudo guarantees that fds 0-2 are already open.
 2019-11-02 10:55:50 -06:00
Todd C. Miller
43df086186 Add dup3() emulation. 2019-11-02 10:52:55 -06:00
Todd C. Miller
352212c7bf Open all pipes using pipe2() with O_CLOEXEC. 
We no longer depend on calling closefrom() before exec.
 2019-11-02 10:52:34 -06:00
Todd C. Miller
7acbfc18a9 Call closefrom() before we change to a non-root UID. 
This prevents another process from changing the NOFILE resource limit
of the child process and defeating the closefrom() call.
Reported by Joe Vennix from Apple Information Security.
 2019-11-02 10:51:49 -06:00
Todd C. Miller
fd9fa6bcaa Regenerate Makefile and sort MANIFEST 2019-11-02 10:51:46 -06:00
Todd C. Miller
e6fe02d646 Reference timestamp_type and timestamp_timeout in sudoers. 
This should help users find details on how time stamp files work.
 2019-11-01 12:42:41 -06:00
Todd C. Miller
0d8062c100 macOS does not allow rlim_cur to be set to RLIM_INFINITY for RLIMIT_NOFILE. 
We need to use OPEN_MAX instead as per the macOS setrlimit manual.
Bug #904
 2019-10-29 08:28:52 -06:00
Todd C. Miller
0129f3a72a Remove unused copy of iolog_seekto(). 2019-10-27 10:40:29 -06:00
Todd C. Miller
5a1e5e9fae regen 2019-10-24 20:04:33 -06:00
Todd C. Miller
ee91b7360b Simplify expand_iolog_path() 2019-10-24 20:04:33 -06:00
Todd C. Miller
74a0e686ac Redirect std{in,out,err} to /dev/null even when given the -n option. 2019-10-24 20:04:33 -06:00
Todd C. Miller
955fa11b53 Clear the write bit on the timing file for completed logs. 
This allows us to tell whether or not a log can be restarted.
 2019-10-24 20:04:33 -06:00
Todd C. Miller
dbf78d0716 Add fchmodat() and fstatat() emulation. 
Note that fchmodat() emulation does not support AT_SYMLINK_NOFOLLOW
 2019-10-24 20:04:33 -06:00
Todd C. Miller
13e3eaad5f Simplify iolog_set_user and iolog_set_group 2019-10-24 20:04:33 -06:00
Todd C. Miller
56c21243d7 Add iolog_ prefix to exported functions in iolog_util.c 2019-10-24 20:04:33 -06:00
Todd C. Miller
aaf5d0dc6e Read logsrvd.conf in two steps: first read, then apply if OK. 
This fixes a problem where when logsrvd.conf was reloaded while
running (due to SIGHUP) and there was an error we could end up with
a partial config.
 2019-10-24 20:04:33 -06:00
Todd C. Miller
1df3230c2a Document the sudo log server protocol 2019-10-24 20:04:33 -06:00
Todd C. Miller
3b8011ea9e Add NumberList to InfoMessage. 
Also make comments fit in 80 columns when formatted as a man page.
 2019-10-24 20:04:32 -06:00
Todd C. Miller
6c6f0567ba Avoid TOCTOU in sudo_mkdir_parents; Coverity CID 204357 2019-10-24 20:04:32 -06:00
Todd C. Miller
8552b283be Avoid TOCTOU in iolog_mkdirs; Coverity CID 204356 2019-10-24 20:04:32 -06:00
Todd C. Miller
16b3513a95 Fix Coverity CID 204355, resource leak on error path. 2019-10-24 20:04:32 -06:00
Todd C. Miller
822fd99b60 Fix Coverity CID 204353, fd leak on error path. 2019-10-24 20:04:32 -06:00
Todd C. Miller
e74134d04d Fix some warnings from the clang static analyzer. 2019-10-24 20:04:32 -06:00
Todd C. Miller
728ed2100b Rename buffer.c -> logsrv_util.c and add iolog_seekto() 2019-10-24 20:04:32 -06:00
Todd C. Miller
b58ecb7e6d Move read_timing_record() into libsudo_iolog 2019-10-24 20:04:32 -06:00
Todd C. Miller
0ab2d8299b Fix client side of restart. 
Seek to the target point there too so we start sending from the right place.
 2019-10-24 20:04:32 -06:00
Todd C. Miller
3394785f6d Add restart support for compresses I/O logs. 2019-10-24 20:04:32 -06:00
Todd C. Miller
b57054785f Add manual pages for logsrvd and sendlog. 2019-10-24 20:04:32 -06:00
Todd C. Miller
66fc926959 Allow messages up to 2Mb in size. 2019-10-24 20:04:32 -06:00
Todd C. Miller
c25b6dc7ec Add OpenBSD malloc options. 2019-10-24 20:04:32 -06:00
Todd C. Miller
76eec78a33 Add basic support for event logging using a sudo-style log format. 2019-10-24 20:04:32 -06:00
Todd C. Miller
402820e8cf Convert sudo_logsrvd.conf to ini file format 2019-10-24 20:04:32 -06:00
Todd C. Miller
c7f0f9e0fc Return an error to the client on error instead of dropping the connection. 2019-10-24 20:04:32 -06:00
Todd C. Miller
216747476f Add long option support to logsrvd and sendlog. 2019-10-24 20:04:32 -06:00
Todd C. Miller
af7f65fdfd Mark logsrvd and sendlog strings for translation in the sudoers domain 2019-10-24 20:04:32 -06:00
Todd C. Miller
534aba7a3e Make the logsrvd port and list address configurable. 2019-10-24 20:04:32 -06:00
Todd C. Miller
077e9aebbf Rename ExecMessage -> AcceptMessage and add RejectMessage 2019-10-24 20:04:31 -06:00
Todd C. Miller
2e2d9e8694 Add sudo_ prefix to logsrvd and sendlog. 2019-10-24 20:04:31 -06:00