isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,104 Commits 1 Branch 0 Tags
cc97c2e75ccbbd00719a1ce993a731d7f79dd25f
Commit Graph

6104 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
cc97c2e75c Add some more debugging. 2012-02-27 14:42:22 -05:00
Todd C. Miller
28db1fbbed We need sysconfdir in compat/Makfile to get the proper sudo.conf 
path.  Add standard prefix and foodir expansion in all Makefiles
to avoid this problem in the future.
 2012-02-27 13:28:15 -05:00
Todd C. Miller
5c970b2179 New Lithuanian sudoers translation from translationproject.org 2012-02-25 13:42:26 -05:00
Todd C. Miller
5802083375 Update from translationproject.org 2012-02-25 13:40:32 -05:00
Todd C. Miller
4f9da8fdaa When adding gids to the LDAP filter, only add the primary gid once. 
This is consistent with the space computation/allocation.
From Eric Lakin
 2012-02-24 15:17:48 -05:00
Todd C. Miller
5a941fb41c Add entry for AIX enhanced RBAC config. 2012-02-24 14:32:57 -05:00
Todd C. Miller
640c229b57 Target Mac OS X 10.5 when building packages. 2012-02-24 13:40:39 -05:00
Todd C. Miller
415454ff59 Relax the user/group/mode checks on sudoers files. As long as the 
file is owned by the right user, not world-writable and not writable
by a group other than the one specified at configure time (gid 0
by default), the file is considered OK.  Note that visudo will still
set the mode to the value specified at configure time.
 2012-02-22 13:04:03 -05:00
Todd C. Miller
98486afbdf Add AIX-specific version of permission setting code to make sure 
that the saved uid gets restored properly.
 2012-02-21 16:07:28 -05:00
Todd C. Miller
22f4f10a3a Check for LD_PRELOAD variants in configure instead of checkign cpp 
symbols.  In disable_execute(), compute the length of the new envp
and allocate it once instead of reallocating on demand.  Also append
old value of LD_PRELOAD (if any) to the new value.
 2012-02-21 13:26:02 -05:00
Todd C. Miller
6fb0090db9 Fix the description of noexec. 2012-02-21 05:15:48 -05:00
Todd C. Miller
f6fdc909b4 The "op" parameter to set_default() must be int, not bool since it is 
set to '+' or '-' for list add and subtract.
 2012-02-21 05:13:13 -05:00
Todd C. Miller
0370e129ff Make sure sudoers is writable before calling ed script. 2012-02-21 04:54:08 -05:00
Todd C. Miller
f38afb532d Update contributors. Now includes translators and authors of compat 
code.
 2012-02-17 11:30:42 -05:00
Todd C. Miller
dfaf443687 regen 2012-02-16 17:03:46 -05:00
Todd C. Miller
1ceadea526 Build flat packages, not package bundles, on Mac OS X. 2012-02-16 11:27:22 -05:00
Todd C. Miller
4ef2006eb3 Move macos section to be with the other OS-specific sections. 2012-02-10 16:22:21 -05:00
Todd C. Miller
d439d8b489 Sync with translationproject.org 2012-02-10 14:30:01 -05:00
Todd C. Miller
054e448081 Don't permanently add -D_FORTIFY_SOURCE=2 to CPPFLAGS 2012-02-10 14:28:10 -05:00
Todd C. Miller
ef7dcd5197 Add Mac OS X support, printing the latest chunk of the NEWS file 
and the license text in the installer.
 2012-02-10 12:50:15 -05:00
Todd C. Miller
37570290c7 Add explicit file modes that match those used by "make install" 2012-02-10 12:35:41 -05:00
Todd C. Miller
86f809ab47 Sync with upstream for Mac OS X fixes. 2012-02-10 11:34:08 -05:00
Todd C. Miller
dfbd6e429b Got back to using "install-sh -M" for files installed as non-readable 
by owner.  This fixes "make install" as non-root for package building.
 2012-02-10 11:31:54 -05:00
Todd C. Miller
5c941edc97 Sync with translationproject.org 2012-02-09 11:17:35 -05:00
Todd C. Miller
cb66fc6f10 Use -m not -M for install-sh for everything except setuid. 
Install locale .mo files mode 0444, not 0644.
If timedir parent doesn't exist, use default dir mode, not 0700.
 2012-02-09 11:11:58 -05:00
Todd C. Miller
12eba56fdc Re-sync with upstream; no longer need a local patch. 2012-02-07 13:26:27 -05:00
Todd C. Miller
5afbdab23b Add support for building Mac OS X packages. 2012-02-07 11:49:46 -05:00
Todd C. Miller
8891688e64 Sync with upstream 2012-02-07 11:45:42 -05:00
Todd C. Miller
c4d3f289f3 No longer need to define _PATH_SUDO_CONF here. 2012-02-07 11:45:11 -05:00
Todd C. Miller
cd0e10e1b7 Fix noexec for Mac OS X. 2012-02-07 00:18:08 -05:00
Todd C. Miller
d35f50bd65 Move _PATH_SUDO_CONF override to common to match sudo_debug.c 2012-02-06 15:57:26 -05:00
Todd C. Miller
e066ff5caf More complete fix for LDR_PRELOAD on AIX. The addition of 
set_perm(PERM_ROOT) before calling the nss open functions (needed
to avoid a GNU TLS bug) also broke LDR_PRELOAD.  Setting the effective
and then real uid to 0 for PERM_ROOT works around the issue.
 2012-02-06 15:46:17 -05:00
Todd C. Miller
8dd16b63d2 regen 2012-02-06 13:40:24 -05:00
Todd C. Miller
c6ef580100 Set real uid to root before calling sudo_edit() or run_command() 
so that the monitor process is owned by root and not by the user.
Otherwise, on AIX at least, the monitor process shows up in ps as
belonging to the user (and can be killed by the user).
 2012-02-06 13:33:46 -05:00
Todd C. Miller
656807823d For PERM_ROOT when using setreuid(), only set the euid to 0 prior 
to the call to setuid(0) if the current euid is non-zero.  This
effectively restores the state of things prior to rev 7bfeb629fccb.
Fixes a problem on AIX where LDR_PRELOAD was not being honored for
the command being executed.
 2012-02-06 13:29:19 -05:00
Todd C. Miller
8c1d8a7b15 Make a copy of the struct passwd in exec_setup() to make sure nothing 
in the policy init modifies it.
 2012-02-06 10:56:39 -05:00
Todd C. Miller
b28dfa5011 update copyright 2012-02-05 13:35:20 -05:00
Todd C. Miller
e16ae617e4 g/c now-unused debug subsystems 2012-02-05 10:17:26 -05:00
Todd C. Miller
c32bd3db54 Enumerate the debug subsystems used by sudo and sudoers. 2012-02-05 10:17:09 -05:00
Todd C. Miller
c970d464cb Normally, sudo disables core dumps while it is running. This 
behavior can now be modified at run time with a line in sudo.conf
like "Set disable_coredumps false"
 2012-02-03 14:57:03 -05:00
Todd C. Miller
e6fbba6986 Mention Spanish translation 2012-02-03 12:31:24 -05:00
Todd C. Miller
c91f5ee680 Make sure we don't try to fall back to using the conversation 
function for debugging in the main sudo process if we are unable
to open the debug file.
 2012-02-03 12:30:07 -05:00
Todd C. Miller
2a2d2c4cd5 Add sudo Spanish translation from translationproject.org 2012-02-03 09:15:14 -05:00
Todd C. Miller
3da971ba33 Better debug subsystem usage 2012-02-02 11:28:33 -05:00
Todd C. Miller
f5f9aadccc Remove duplicate function prototypes 2012-02-02 11:28:19 -05:00
Todd C. Miller
f1fef17d83 Error out if user specified --with-pam but we can't find the headers 
or library.  Also throw an error if the headers are present but the
library is not and vice versa.
 2012-02-01 11:27:50 -05:00
Todd C. Miller
491b4495f5 Fix the sudoers permission check when the expected sudoers mode is 
owner-writable.
 2012-01-31 16:24:57 -05:00
Todd C. Miller
c894f802d3 Verify that we can link executables built with -D_FORTIFY_SOURCE 
before using it.
 2012-01-30 14:09:17 -05:00
Todd C. Miller
ca4a338c45 Fix potential off-by-one when making a copy of the environment for 
LD_PRELOAD insertion.  Fixes bug #534
 2012-01-30 13:49:24 -05:00
Todd C. Miller
7908621ba0 Add rudimentary check for _FORTIFY_SOURCE support by checking for 
__sprintf_chk, one of the functions used by gcc to support it.
 2012-01-30 10:09:23 -05:00