isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,241 Commits 1 Branch 0 Tags
cccefb962b76505fd9916e39c3ae7108b09c0bcc
Commit Graph

11241 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
eab915ae97 Bug #994. 2021-09-16 11:36:50 -06:00
Todd C. Miller
0c30976ae6 Always allocate a struct sudo_command for the command, even for ALL. 
This was missed in the previous set of changes, resulting in a crash
for LDAP and SSSD rules that give sudo "ALL" privileges.
Bug #994.
 2021-09-16 11:24:26 -06:00
Todd C. Miller
31e4a0a0a6 Add SUDOERS_LDFLAGS to FUZZ_LDFLAGS 
Fixes a fuzzer link error when building with ldap if the ldap libs
are not in the default library search path.
 2021-09-16 11:01:07 -06:00
Todd C. Miller
2d632937e6 Fix the OpenSSL link order for the non-pkg-config case. 
Since -lssl depends on -lcrypto, -lcrypto must be listed after -lssl.
Fixes linking of non-dynamic OpenSSL libs.
 2021-09-16 10:04:22 -06:00
Todd C. Miller
e1653be435 Sudo 1.9.8p1 2021-09-15 11:32:52 -06:00
Todd C. Miller
51d5f05e67 sudo_interposer_init: verify message type from sudo 
We should only get a HelloResponse from sudo at this point.
 2021-09-15 11:20:45 -06:00
Todd C. Miller
db750232c5 Avoid symbol name clash to fix --enable-static-sudoers linking. 2021-09-15 11:19:03 -06:00
Todd C. Miller
d7cdf1e47c append_defaults() should not be passed a value for boolean flags. 
The operation should simply be set to true/false.
Also treat a NULL file as coming from the front-end.
Bug #993.
 2021-09-14 08:02:37 -06:00
Todd C. Miller
4b5a67cf8e Add src/intercept.exp to ignore files. 2021-09-09 12:21:20 -06:00
Todd C. Miller
197d4ced38 regen 2021-09-08 17:24:50 -06:00
Todd C. Miller
02966f059e Mention --enable-static-sudoers fix. 2021-09-08 17:10:30 -06:00
Todd C. Miller
4b365300a7 Fix typo introduced in 1.9.7 that set SUDO_LDFLAGS to SUDOERS_LDFLAGS. 
Copy pasta is not always the best kind of pasta.
 2021-09-08 15:31:08 -06:00
Todd C. Miller
3a4aec7a62 sudo_intercept.so: only replace execvpe() if it is present. 
execvpe() is a GNU extension also found on *BSD (but not macOS).
 2021-09-08 11:09:59 -06:00
Todd C. Miller
6d5f450a62 We now intercept more than just execve(). 2021-09-08 09:52:10 -06:00
Todd C. Miller
6c456127b3 Implement simple PATH resolution for execvp(). 
We want to use PATH from the current value of the environment, not
the initial value of PATH when the policy was opened.
This is a little different from how real execvp() works since we
use stat() instead of just execve().
 2021-09-07 19:55:47 -06:00
Todd C. Miller
7ae62866e4 Add support for execl, execle, execlp, execvp, and execvpe. 
Currently, PATH traversal is handled by sudoers which uses
the original PATH, not the one updated by the shell.
 2021-09-07 19:55:45 -06:00
Todd C. Miller
bf60451845 Remove conditional include of alloca.h, we don't define HAVE_ALLOCA_H. 
The configure check for alloca() was removed long ago but this got
missed.
 2021-09-03 16:03:48 -06:00
Todd C. Miller
aac09cf7be Define RBAC and mention incompatibility with intercept/log_subcmds. 2021-09-03 14:19:32 -06:00
Todd C. Miller
157ceadfab Fix computation of the token address when handling a partial read. 
We want to treat it as an array of bytes, not an array of tokens.
Coverity CID 240011
 2021-09-02 14:15:50 -06:00
Todd C. Miller
f64d71674e Quiet a PVS-Studio format string warning. 2021-09-02 13:37:36 -06:00
Todd C. Miller
9a9a22e93e Regen .pot files. 2021-09-02 12:20:08 -06:00
Todd C. Miller
2f6cacd1ec Updated translations from translationproject.org 2021-09-02 12:20:05 -06:00
Todd C. Miller
967bcab4db regen 2021-09-01 13:37:17 -06:00
Todd C. Miller
38d884a62d Do not compile intercept code if --disable-intercept is specified. 2021-09-01 13:35:47 -06:00
Todd C. Miller
5c2f1ebbcf We now intercept execv() too. 2021-09-01 13:11:42 -06:00
Todd C. Miller
190e495b64 INSTALL: --disable-intercept will also disable "log_subcmds" 2021-09-01 13:10:15 -06:00
Todd C. Miller
f40afd73fe Can't use intercept or log_subcmds with SELinux RBAC. 
SELinux policy will prevent the inherited socket from sudo from
being used and may also restrict the ability to connect back to the
sudo process.
 2021-09-01 11:09:17 -06:00
Todd C. Miller
242e4d070f Fix typo in comment. 2021-09-01 11:07:36 -06:00
Todd C. Miller
4ca5c7d643 Updated translations from translationproject.org 2021-09-01 10:57:26 -06:00
Todd C. Miller
9a690a8984 Switch to a 128-bit token instead of a 64-bit secret. 
Protobuf doesn't have a 128-bit type so use two u64s.
We now support partial reads of the token.
 2021-09-01 10:17:26 -06:00
Todd C. Miller
4bff82cab4 Fix random uuid generation, no need to convert between byte order. 
Also add regression test.
 2021-08-31 19:53:28 -06:00
Todd C. Miller
9137909c7d sudo_intercept.so: send the secret immediately after connecting. 
Sending the secret out of band, before the message size is read,
should make it harder to mount a DoS attack.
 2021-08-31 16:33:54 -06:00
Todd C. Miller
26938012f8 Handle reading large messages that don't fit in a single recv(). 
We know the length of what we are receiving so just loop until
we have it all, get EOF or an error.
 2021-08-31 12:09:05 -06:00
Todd C. Miller
c0630a36c8 Add checks for -fstack-clash-protection and -Wl,-z,noexecstack 
We use -Wc,-fstack-clash-protection as the linker flag to prevent
libtool from removing it from the link line.
 2021-08-31 09:57:11 -06:00
Todd C. Miller
a078bc64bb Make the sudo side of the intercept socket non-blocking. 2021-08-31 07:46:58 -06:00
Todd C. Miller
3c26b92a75 Handle partial read/write by dropping back into the event loop. 2021-08-31 07:36:54 -06:00
Todd C. Miller
33d1b26c6a intercept_check_policy: Fix double free introduced in last commit 
If the command is not accepted we don't rebuild command_info[] and
must not free it.  It will be freed by the policy instead.
 2021-08-31 05:50:52 -06:00
Todd C. Miller
168d5c47c9 Update runcwd in command_info[] before passing it to the audit plugin. 
Since sudoers does rejected commands itself the runcwd will still
not be correct for those.
 2021-08-27 15:58:19 -06:00
Todd C. Miller
22de92b0da Fix LD_PRELOAD formatting when there is an existing LD_PRELOAD var. 2021-08-27 13:19:58 -06:00
Todd C. Miller
75bac8dee9 intercept_check_policy: fix potential NUL dereference on the error path. 2021-08-26 17:29:30 -06:00
Todd C. Miller
ba171724f7 Rename log_children -> log_subcmds 2021-08-26 16:36:41 -06:00
Todd C. Miller
d8d4023335 Updated translations from translationproject.org 2021-08-26 13:17:46 -06:00
Todd C. Miller
dcab17900b Add sudo_debug_register_v2() stub for fuzzing build. 2021-08-26 10:43:15 -06:00
Todd C. Miller
3d8b327c60 Fix use-after-free on error. 
Also remove useless free of a ptr that is always NULL on the error path.
 2021-08-26 10:07:50 -06:00
Todd C. Miller
dc30c842bb No longer need to remap intercept fd but we do need to remap debug fd. 
The intercept fd is closed in the ctor but the debug fd will still be open.
 2021-08-26 09:57:25 -06:00
Todd C. Miller
70aef0eb2d sudo_debug_register: add minfd argument to specify lowest fd number 
Use this in sudo_intercept.so to avoid allocating a low-numbered
fd which the shell reserves for use by scripts.
 2021-08-26 09:57:24 -06:00
Todd C. Miller
d6a71fe32e Fix command name of sub-command in logs when log_children is set. 2021-08-26 09:46:26 -06:00
Todd C. Miller
ec751c63eb log_allowed: pass struct eventlog * instead of argv[] and envp[]. 
This lets us log based on the command_info[] list passed in from
the front-end.  Previously, much of the struct eventlog was constructed
from internal sudoers state instead.
 2021-08-25 17:29:15 -06:00
Todd C. Miller
e199dd8254 sudo_compat.h: include unistd.h on HP-UX to safely redefine pread/pwrite 
HP-UX 11.31 defines static functions for pread() and pwrite() which
will conflict with our macros.
 2021-08-25 16:31:46 -06:00
Todd C. Miller
438a0cf07e Add a state variable to intercept_closure, replaces policy_result. 2021-08-25 14:24:36 -06:00