isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,241 Commits 1 Branch 0 Tags
cccefb962b76505fd9916e39c3ae7108b09c0bcc
Commit Graph

11241 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
cccefb962b Improve macOS version detection to support macOS 11 and simplify legacy logic 
From Jeremy Huddleston Sequoia
 2021-10-20 19:31:57 -06:00
Todd C. Miller
14873832c6 sudo_sendlog: send multiple I/O log records together if possible 
Try to fill the write buffer and then send to the server instead
of sending records one at a time.
 2021-10-20 19:16:23 -06:00
Todd C. Miller
1a26d2c883 sudo_sendlog: support multiple write buffers like sudo_logsrvd 2021-10-20 19:03:19 -06:00
Todd C. Miller
9fbbca7b7a Always link libsudo_util.so with libcrypto.so if using OpenSSL. 
We may need to use RAND_bytes() in the getentropy() emulation.
 2021-10-20 18:59:13 -06:00
Todd C. Miller
23eef895f4 Add an explicit check for sys/sysctl.h. 
This test needs to be done after AC_LANG_WERROR to avoid including
sys/sysctl.h on systems where it is marked as deprecated via a
#warning directive.
 2021-10-20 10:31:35 -06:00
Todd C. Miller
00e53b32e5 Use our own getentropy() by default on Linux. 
The glibc getentropy() emulation will fail on older kernels that
don't support getrandom().
Also use sudo_fatal() instead of sending SIGKILL on getentropy() failure.
GitHub issue #117.
 2021-10-20 09:53:01 -06:00
Todd C. Miller
de4fd4a31d Use the OpenSSL RAND_bytes() function if getrandom() fails. 2021-10-20 09:51:17 -06:00
Todd C. Miller
badd6267bd Fix compilation of standalone arc4random_buf(). 
Apparently this code was never compiled anywhere.
 2021-10-20 08:52:04 -06:00
Todd C. Miller
9dd6304940 sudo_uuid_create: no longer need a union for the uuid. 2021-10-20 07:55:35 -06:00
Todd C. Miller
803fc56bef eventlog_free: free signal_name too 2021-10-19 13:14:37 -06:00
Todd C. Miller
f49c7ac5a5 Add new log.json keywords 2021-10-19 13:13:59 -06:00
Todd C. Miller
89b53d5edd fuzz_iolog_json: initialize exit_value to -1 2021-10-19 13:13:29 -06:00
Todd C. Miller
02e77e656b Fix potential use-after-free when calling iolog_flush_all(). 
We need to call iolog_flush_all() _before_ scheduling the commit point.
If we fail to schedule to commit point, the closure will be freed.
Coverity CID 220557
 2021-10-19 11:57:32 -06:00
Todd C. Miller
5eebc30987 sendlog: use runargv from log.json if available 2021-10-19 09:42:48 -06:00
Todd C. Miller
a71d1f7ce6 sudo_sendlog: send exit data in eventlog if present 2021-10-19 09:42:46 -06:00
Todd C. Miller
bddf03fe45 No longer need to pass exit params to eventlog_exit(), use struct eventlog. 
Now that struct eventlog includes the exit parameters we can simplify
how eventlog_exit() is called.
 2021-10-19 08:58:34 -06:00
Todd C. Miller
d415624ffc Read command run_time, signal and exit_value from I/O log log.json file. 2021-10-19 08:58:33 -06:00
Todd C. Miller
d21c935a15 Log the command run-time and exit status in the I/O log. 2021-10-19 08:50:02 -06:00
Todd C. Miller
77c339858d Handle a missing run_time in an ExitMessage. 
It is now possible to pass a NULL run_time to eventlog_exit().
 2021-10-18 15:34:48 -06:00
Todd C. Miller
f73bc6dee3 format_json: fix pasto when setting dumped_core boolean 2021-10-19 08:46:28 -06:00
Todd C. Miller
15b4427b9a No need to flush logs before commit point if we flush after each write. 
Also document that logs are flushed before sending a commit point
even when flushing is disabled.
 2021-10-16 07:58:44 -06:00
Todd C. Miller
a554629d84 Flush I/O logs before we send a commit point. 
The commit point message means we have written the data to disk so
we should not be buffering it any longer.
We do not currently fsync(2) the data after flushing, perhaps we should.
 2021-10-15 19:10:34 -06:00
Todd C. Miller
3e4f6aa2e3 Do not treat a resume point of [0, 0] as an error. 
If the connecton is interrupted before sudo sends back a commit_point
message, resuming at [0, 0] is correct.
Also add a warning on unexpected EOF parsing the timing file.
 2021-10-15 12:24:53 -06:00
Todd C. Miller
369d21323b Display a more helpful message if the user tries to run "sudo cd". 
Since "cd" is a shell built-in command it cannot be run directly
via sudo.  The user either needs to spawn a shell via "sudo -s"
or use the -D option to run a command in a specific directory.
 2021-10-11 11:05:58 -06:00
Todd C. Miller
64e5798318 Don't install sudoers.a when configured with --enable-static-sudoers. 
We already avoid installing it when --disable-shared-util is specified.
 2021-10-11 11:04:40 -06:00
Todd C. Miller
7a56c9871e mkpkg: preserve make exit value on exit 
Fixes a problem where the exit value from mkpkg was 0 even on error.
 2021-10-10 16:14:52 -06:00
Todd C. Miller
4b7b3c05e9 Fix typos in SELinux and Solaris priv support. 2021-10-10 16:06:01 -06:00
Todd C. Miller
430048d167 cvtsudoers: initial support for CSV output 
For CSV output we double quotes strings that contain commas.  For
each literal double quote character present inside the string, two
double quotes are output.
 2021-10-10 14:24:31 -06:00
Todd C. Miller
de5ca187b8 regenerate dependencies 2021-10-10 14:23:13 -06:00
Todd C. Miller
a4fb31aa06 Fix typo and avoid a codespell false positive. 2021-10-10 14:14:56 -06:00
Todd C. Miller
032575f57b Add build-nointercept and test-nointercept 2021-10-08 08:20:11 -06:00
Todd C. Miller
25129cb775 circleci: test multiple build options 
We now do separate builds with LDAP/SSSD enabled, logsrv client/server
disabled, and static-sudoers enabled.
 2021-10-07 08:21:59 -06:00
Todd C. Miller
eaee7a0ebe Fix fuzzer build with when --enable-static-sudoers is used. 
This introduces a sudoers-specific version of LT_STATIC instead of
appending the --tag=disable-shared to SUDOERS_LDFLAGS.
I've also removed the -static flag as it should not be needed.
 2021-10-07 08:19:11 -06:00
Todd C. Miller
f6fc70e5dd Mention --security-opt=seccomp=unconfined workaround for bleeding edge. 
May be needed for Fedora rawhide and Ubuntu testing, among others.
 2021-10-05 13:10:03 -06:00
Todd C. Miller
8350307a2f Try to handle the case where libasan.so is a linker script. 
Fixes check_noexec with ASAN on Fedora where libasan.so just includes
the actual library file.
 2021-10-05 13:08:48 -06:00
Todd C. Miller
8508044721 Enable address and undefined behavior sanitizers in CI builds. 
We need to disable leak sanitizer during "make check" because it
uses ptrace which is not allowed for unprivileged containers.
 2021-10-05 08:40:00 -06:00
Todd C. Miller
49611d6cca Switch to Ubuntu latest for circleci build. 2021-10-04 19:19:24 -06:00
Todd C. Miller
3fa025281f Add build user for circleci instead of running as root. 2021-10-04 19:13:10 -06:00
Todd C. Miller
8d98a447c5 Use circleci for continuous integegration. 
Build container descriptions are in the new docker directory.
 2021-10-04 18:49:06 -06:00
Todd C. Miller
a02af3a45c Update ignore file. 2021-10-03 09:07:46 -06:00
Todd C. Miller
4e4b506f22 Sync "sudo -l" output with normal sudo log format. 
It now prints runchroot and runcwd (falling back on cwd).
As a result, submithost is now printed first, matching sudo.
Also avoid printing NULL pointers and skip entries that don't have
at least command, submituser and runuser set.
 2021-10-01 10:33:55 -06:00
Todd C. Miller
3575e995a9 iolog_parse_json_object: optimize for large argv 2021-10-01 08:44:52 -06:00
Todd C. Miller
c5f983c643 Add "-fcf-protection" to SSP_CFLAGS and SSP_LDFLAGS if supported. 
Can be disabled via --disable-hardening.
 2021-09-29 15:50:57 -06:00
Todd C. Miller
edf30c7273 Add "-z now" to hardened link options if supported. 
Can be disabled via --disable-hardening.
 2021-09-29 13:31:47 -06:00
Todd C. Miller
d15e117c2e find_editor: remove the env_error argument 
There is no case where we should fail to find an editor just because
the values of EDITOR, VISUAL and SUDO_EDITOR are unavailable.  Both
sudoedit and the "env_editor" sudoers setting are documented as
falling back on the hard-coded list of editors in the "editors"
sudoers setting.  Bug #1000
 2021-09-29 10:25:19 -06:00
Todd C. Miller
dde951a098 Use sudo_printf(SUDO_CONV_ERROR_MSG) instead of fprintf(stderr). 
Avoids extraneous output in the fuzzer.
 2021-09-29 09:15:24 -06:00
Todd C. Miller
2aa6cb13a5 Stub out sudo_printf() and avoid other use of stderr in fuzzers. 
This makes it possible to parse sudoers without using quiet mode,
resulting in better coverage.
 2021-09-29 09:03:24 -06:00
Todd C. Miller
eefb7b0d54 Use a consistent version of fuzz_conversation() with all fuzzers. 
Also undo a change to fuzz_sudoers.c that snuck in to the last commit.
 2021-09-28 20:20:28 -06:00
Todd C. Miller
7d964875df Fuzzers should not produce output. 
Excessive output makes the fuzzer runs much less efficient.
 2021-09-28 18:53:49 -06:00
Todd C. Miller
dea7e6aefd expand_buf: fix conditional for when we need to preserve existing data 
It is possible for the buffer offset to be zero when the length is
non-zero.  The proper value to use is the same as is used for the
memcpy/memmove size.  Fixes buffer corruption caused by a very long
command line that usually results in a dropped connection.
 2021-09-28 13:24:21 -06:00