isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9,843 Commits 1 Branch 0 Tags
c9f26ebbb4739d7db2a4fcdb3e69ac1ec2a0353c
Commit Graph

9843 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
282263c113 Use openat(2) when opening files in the I/O log directory. 2019-10-24 20:04:31 -06:00
Todd C. Miller
7ba7c5835e Enable sudo_logsrvd.conf settings. 2019-10-24 20:04:31 -06:00
Todd C. Miller
059b55ce72 Refactor code in sudoers that creates I/O log files to share with logsrvd. 2019-10-24 20:04:31 -06:00
Todd C. Miller
e0c9a9dfa3 Move mkdir_parents to libsudo_util. 2019-10-24 20:04:31 -06:00
Todd C. Miller
a808dd45c2 Add config file support for logsrvd 2019-10-24 20:04:31 -06:00
Todd C. Miller
240d589136 Command line option processing for logsrvd 2019-10-24 20:04:31 -06:00
Todd C. Miller
e76d2e8201 Add support for restarting I/O log transfers. 2019-10-24 20:04:30 -06:00
Todd C. Miller
8a16e62a88 Import protobuf-c source since to avoid an external dependency. 
The files generated with protoc-c are not standalone.
We need to include protobuf-c.c and protobuf-c.h from the protobuf-c
distribution too.  Building protoc-c requires a relative recent
version of gcc which limits its portability.
 2019-10-24 20:04:30 -06:00
Todd C. Miller
706553f9d3 Add debugging for logsrvd and sendlog 2019-10-24 20:04:30 -06:00
Todd C. Miller
0d69de5b25 Move openat() emulation to lib/util and at unlinkat() emulation. 2019-10-24 20:04:30 -06:00
Todd C. Miller
4dacf81082 Refactor I/O log code so it can be shared between sudoers and logsrvd 2019-10-24 20:04:29 -06:00
Todd C. Miller
2272430716 Import proof of concept sudo log server. 2019-10-24 20:04:29 -06:00
Todd C. Miller
aa99594575 Avoid invalid read when minval > maxval 2019-10-24 18:35:45 -06:00
Todd C. Miller
271ead2fd3 Don't pass an invalid session or process group ID to the plugin. 
Fixes a regression in 1.8.28 when there is no terminal session leader.
 2019-10-23 12:47:44 -06:00
Todd C. Miller
0375eaca58 regen 2019-10-21 19:55:08 -06:00
Todd C. Miller
5391ee2d5e Not all systems support RLIMIT_NPROC and RLIMIT_RSS 2019-10-21 16:03:10 -06:00
Todd C. Miller
8ea71f9ae0 Sudo 1.8.29 2019-10-21 14:57:24 -06:00
Todd C. Miller
b157b96893 Add depend target to all Makefile.in files. 2019-10-21 15:20:21 -06:00
Todd C. Miller
e80079eaa8 Set resource limits in the sudo process to unlimited. 
We don't want sudo to be limited by the caller's resource limits.
The original resource limits are restore before session setup.
 2019-10-21 11:41:48 -06:00
Todd C. Miller
f57e2d04a3 Older FreeBSD needs sys/param.h included before sys/user.h. 
From Darren Tucker
 2019-10-20 19:18:27 -06:00
Todd C. Miller
c3ce3a84fb Refer to user-ID and group-ID instead of "user ID" and "group ID" 2019-10-19 14:26:41 -06:00
Todd C. Miller
40bf4081be Rename sudo_strtoid() to sudo_strtoidx() and add simplified sudo_strtoid() 2019-10-20 10:21:29 -06:00
Todd C. Miller
6260bf60b4 sudoedit doesn't create a new PAM session so PAM umask does not apply. 2019-10-18 06:43:33 -06:00
Todd C. Miller
b02851dcf3 Change how the umask is handled with PAM and login.conf. 
If the umask is explicitly set in sudoers, use that value regardless
of what is in PAM or login.conf.  If using the default umask from
sudoers, allow PAM or login.conf to override it.  Bug #900
 2019-10-18 06:20:27 -06:00
Todd C. Miller
cf6c60c102 Add log_allowed and log_denied sudoers flags, defaulting to true. 2019-10-17 13:43:04 -06:00
Todd C. Miller
4229dfc566 Enable security auditing malloc options for "make check". 2019-10-17 13:41:53 -06:00
Todd C. Miller
8761217f83 Be more consistent with how we talk about sudoers Defaults settings. 
Use "flag" not "option" when referring to boolean flags.
Use "setting" in place of "Defaults setting" in most places.
Use "the foo option" instead of "sudo's foo option" for command line options.
 2019-10-16 14:29:12 -06:00
Todd C. Miller
cf2f37136f No need to check existing sudoers file when installing to DESTDIR 
This check can cause problems on systems where /etc/sudoers.d is not readable.
 2019-10-16 12:17:06 -06:00
Todd C. Miller
43e44a9982 Inclue sudo_util.h to get sudo_strtonum() prototype. 2019-10-16 11:12:11 -06:00
Todd C. Miller
f5a7585a4f strtonum -> sudo_strtonum 2019-10-16 11:04:09 -06:00
Todd C. Miller
d5ea5b7fbc Add split out strtofoo tests. 2019-10-16 10:21:05 -06:00
Todd C. Miller
1037b685eb Make sure we don't go past the end of the string when out of range. 2019-10-16 10:08:33 -06:00
Todd C. Miller
e339d9950d Fix stronum() regress test and the errno value for out of range numbers. 2019-10-16 09:37:41 -06:00
Todd C. Miller
29afe160a2 Split atofoo.c regress into multiple tests. 2019-10-16 08:45:32 -06:00
Todd C. Miller
b6aa80b5f8 Sudo 1.8.28p1 2019-10-16 05:57:58 -06:00
Todd C. Miller
d494b81556 The fix for bug #869 broke "sudo -v" when verifypw=all (the default) 2019-10-15 07:23:51 -06:00
Todd C. Miller
2512f6efbf Use sudo_strtonum() explicitly instead of via a macro. 2019-10-14 10:09:30 -06:00
Todd C. Miller
04a17095be Always use our own strtonum and implement sudo_strtoid in terms of it. 2019-10-14 10:09:29 -06:00
Todd C. Miller
9d5867eaed Use errno in warning when sudo_make_*_item() fails. 
Previously we always said "out of memory" if not ENOENT.
 2019-10-14 10:09:28 -06:00
Todd C. Miller
3edd6afedf Reject non-LDIF input when converting from LDIF to sudoers or JSON. 2019-10-14 10:09:27 -06:00
Todd C. Miller
8e58e6715a More case-insensitive compare for LDAP attributes and string lists. 
Only the ALL keyword should be compared case-sensitive.
 2019-09-05 08:09:53 -06:00
Todd C. Miller
208a52c613 regen 2019-10-10 10:12:08 -06:00
Todd C. Miller
396bc57fef Add sudo_strtoid() tests for -1 and range errors. 
Also adjust testsudoers/test5 which relied upon gid -1 parsing.
 2019-10-10 10:04:13 -06:00
Todd C. Miller
f752ae5cee Treat an ID of -1 as invalid since that means "no change". 
Fixes CVE-2019-14287.
Found by Joe Vennix from Apple Information Security.
 2019-10-10 10:04:13 -06:00
Todd C. Miller
fd5d0f511e Back out compiler override for now. 2019-10-06 10:46:18 -06:00
Todd C. Miller
364821602d Only prefer clang over gcc on BSD systems. 2019-10-06 08:35:28 -06:00
Todd C. Miller
c64add170e Fix "make pvs-studio" run in a build dir 2019-10-05 14:34:11 -06:00
Todd C. Miller
45a79cf86f regen 2019-09-27 15:38:52 -06:00
Todd C. Miller
ab6cfc404a Bug #898 2019-09-27 15:36:20 -06:00
Todd C. Miller
112dff276a Fix restoring the file context of the user's tty with SELinux. 
Also fix broken tty labeling when running a command in a pty.
Includes a fix for a typo introduced in the last change set.
 2019-09-27 15:32:49 -06:00