isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
8,424 Commits 1 Branch 0 Tags
caf064e17bbdfa0d3a0149b61c4f427ebb4fee8c
Commit Graph

8424 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
e2add4ae20 Strip whitespace around '!', '=', '+=' and '-=' in Defaults entries. 2015-12-08 15:06:00 -07:00
Todd C. Miller
96201a275e Document the race condition between the digest check and command 
execution.
 2015-12-06 15:34:53 -07:00
Todd C. Miller
29e9273a40 When checking the query results, don't set user_matches in the 
netgroup pass unless sudo_ldap_check_non_unix_group() returns true.
This was preventing the mail_no_user sudoOption from being effective.
 2015-12-02 14:06:37 -07:00
Todd C. Miller
9c9b487b0c In list mode, we always want to clear FLAG_NO_USER and FLAG_NO_HOST 
regardless of whether or not there was an actual match.  Otherwise,
warning mail may be sent which is not what we want in list mode.
This is consistent with what the sudoers file backend does.
 2015-12-02 10:43:41 -07:00
Todd C. Miller
604d350344 Use size_t for length parameters in the fill functions used by the 
lexer.
 2015-11-22 09:22:38 -07:00
Todd C. Miller
90e6bf3180 Use yy_size_t for digest_len since newer flex uses yy_size_t for 
yyleng.  Old flex uses int for yyleng so we need to use a cast to
avoid a sign compare warning.
 2015-11-22 09:19:12 -07:00
Todd C. Miller
d13bb39d1d Use https in sudo.ws urls 2015-11-20 10:51:11 -07:00
Todd C. Miller
79be007bd6 Use https in urls. 2015-11-20 10:36:53 -07:00
Todd C. Miller
48a95973a5 sudo 1.8.16 2015-11-20 10:33:08 -07:00
Todd C. Miller
9c0354730a When preserving variables from the invoking user's environment, if 
there are duplicates only keep the first instance.
 2015-11-20 09:55:18 -07:00
Todd C. Miller
8b12390abf Add debug_return_ssize_t 2015-11-01 15:13:28 -07:00
Todd C. Miller
c6dad0001d Avoid compilation error on Solaris 10 with Stun Studio 12. 
Bug #727
 2015-11-01 15:08:50 -07:00
Todd C. Miller
c752d91a3c sync with translationproject.org 2015-10-31 17:33:51 -06:00
Todd C. Miller
7fd8a7df3c Mention ssp configure fix. 2015-10-31 09:10:58 -06:00
Todd C. Miller
a012fba17e sync with translationproject.org 2015-10-30 10:20:47 -06:00
Todd C. Miller
640e867dbd Don't use CPPFLAGS for the -fstack-protector check. Otherwise on 
systems with _FORTIFY_SOURCE support we'll get an error due to the
lack of optimization flags.  Bug #725
 2015-10-30 10:11:55 -06:00
Todd C. Miller
448f7f25f2 When checking for stack protector support we need to actually link 
the test program.
 2015-10-30 08:49:22 -06:00
Todd C. Miller
b87ac0f0a2 Preserve LDFLAGS when checking for stack protector as they may include 
rpath settings to allow the stack protector lib to be found.  Avoid
using existing CFLAGS since we don't want the compiler to optimize
away the stack variable.
 2015-10-29 14:06:21 -06:00
Todd C. Miller
bdcb83be92 Better configure test for -fstack-protector. Some gcc installations 
may be missing the ssp library even though the compiler supports it.
 2015-10-29 10:51:09 -06:00
Todd C. Miller
9ecf12daa7 Set errno to EISDIR instead of ENOTDIR if directory is writable 
since ENOTDIR can be a legitimate errno.  This avoids a bogus
"directory is writable" error in that case.
 2015-10-25 14:28:38 -06:00
Todd C. Miller
e244b0cda2 Fix the check for whether to include 32-bit arch in Mac OS X packages. 2015-10-25 09:10:15 -06:00
Todd C. Miller
202dd1ccf5 regen 2015-10-24 06:27:55 -06:00
Todd C. Miller
5d66b840d8 When creating a new file, sudoedit will now check that the file's 
parent directory exists before running the editor.
 2015-10-24 06:20:20 -06:00
Todd C. Miller
7761af6d7e Add always_query_group_plugin 2015-10-24 05:43:07 -06:00
Todd C. Miller
4f1912148f Add ABOUT-NLS from GNU gettext. 2015-10-23 14:13:54 -06:00
Todd C. Miller
c50cead833 Add directory writability checks for sudoedit. 2015-10-23 14:04:35 -06:00
Todd C. Miller
54a10726c0 Latest. 2015-10-06 15:23:22 -06:00
Todd C. Miller
e91a10ce45 Ignore the SUDO_CONV_PROMPT_ECHO_OK flag when echo is enabled. 
This was preventing a match of SUDO_CONV_PROMPT_ECHO_ON which
resulted in a masked password instead of an echoed one.
 2015-10-06 15:21:41 -06:00
Todd C. Miller
2afb2f2048 Repair challenge/response prompting for BSD authentication which 
got broken while it was converted to use the conversation function.
 2015-10-06 15:00:47 -06:00
Todd C. Miller
2ecda6d65c Use the auth_getpass (and the plugin conversation fuction) for Tru64 
SIA.  This prevents sudo from sleeping while holding the tty ticket
lock.
 2015-10-06 10:25:53 -06:00
Todd C. Miller
588460405f For env_reset, SHELL should be set based on the target user, not 
the invoking user unless preserved via env_keep.
 2015-10-06 10:25:43 -06:00
Todd C. Miller
e21a5a1cf2 sync with translationproject.org 2015-10-06 09:33:27 -06:00
Todd C. Miller
507150d8f2 Hungarian and Slovak translations 2015-10-05 06:06:52 -06:00
Todd C. Miller
4c7431ecb4 Add new Slovak and Hungarian translations from translationproject.org 2015-10-05 06:03:42 -06:00
Todd C. Miller
6dc5151d5d Remove S_ISREG check from sudo_edit_open(), it is already done in 
the caller.
 2015-10-02 20:35:55 -06:00
Todd C. Miller
37dff5fbcb Open sudoedit files with O_NONBLOCK and fail if they are not regular 
files.
 2015-10-02 14:45:09 -06:00
Todd C. Miller
5ad68edd65 It is possible for WIFSTOPPED to be true even if waitpid() is not 
given WUNTRACED if the child is ptraced.  Don't exit the waitpid()
loop if WIFSTOPPED is true, just in case.
 2015-10-02 11:24:01 -06:00
Todd C. Miller
3f883a80a5 rebuild .mo files 2015-09-30 14:04:39 -06:00
Todd C. Miller
f98b2b260b sync with translationproject.org 2015-09-30 14:04:17 -06:00
Todd C. Miller
37abc1b7e4 There's no point in trying to interpose protected versions of the 
exec family of functions.  Many modern C libraries use hidden symbols
for the functions and syscalls defined in libc such that they cannot
be overridden inside libc itself.  We have to just wrap all the exec
variants plus system and popen.
 2015-09-28 21:20:37 -06:00
Todd C. Miller
d5086dfde4 List all the functions wrapped by sudo_noexec.so. 2015-09-28 16:48:46 -06:00
Todd C. Miller
6b81f0b88c The section is now called "EXEC and NOEXEC" and it is above, not 
below.
 2015-09-28 16:48:20 -06:00
Todd C. Miller
282b921333 Also wrap popen(3). 2015-09-28 15:34:16 -06:00
Todd C. Miller
8695ae1049 Also interpose system(3). On glibc systems you cannot interpose 
the syscalls used internally by libc.
 2015-09-28 15:10:00 -06:00
Todd C. Miller
04457ecee9 Set active debug instance to sudo_debug_instance() during the 
conversation function.
 2015-09-28 12:28:18 -06:00
Todd C. Miller
52ec12f52f LOGNAME and USERNAME are set the same way as USER 2015-09-27 15:40:05 -06:00
Todd C. Miller
4be48e7845 Document behavior when the command dies from a signal in EXIT STATUS. 2015-09-27 08:59:46 -06:00
Todd C. Miller
99322bcf31 Bug #722 2015-09-26 11:02:24 -06:00
Todd C. Miller
9486afb4e5 When the command sudo is running is killed by a signal, sudo will 
now send itself the same signal with the default signal handler
instead of exiting.  The bash shell appears to ignore some signals,
e.g.  SIGINT, unless the command is killed by that signal.  This
makes the behavior of commands run under sudo the same as without
sudo when bash is the shell.  Bug #722
 2015-09-26 10:53:16 -06:00
Todd C. Miller
7b7db55db9 Adjust set_logname description to new behavior when any of LOGNAME, 
USER or USERNAME are preserved.
 2015-09-25 11:19:28 -06:00