isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9,409 Commits 1 Branch 0 Tags
cdd5bb32eb56b02dfc802a05ebad8051a644c360
Commit Graph

248 Commits

Author SHA1 Message Date
Todd C. Miller
e5dee1557e Add NOTBEFORE and NOTAFTER command options similar to what is 
already available in LDAP.
 2017-02-18 15:35:48 -07:00
Todd C. Miller
c392e469db sudo 1.8.20 2017-01-27 06:18:42 -07:00
Todd C. Miller
63deb77705 Add regress for vsyslog replacement. 2017-01-15 19:07:59 -07:00
Todd C. Miller
09698b8a31 Define HAVE_NANOSLEEP if we find nanosleep in librt 2017-01-13 21:29:02 -07:00
Todd C. Miller
f589897f8d sudo_nanosleep not nanosleep in util.exp.in 2017-01-13 21:02:31 -07:00
Todd C. Miller
e636f96c48 add nanosleep to util.exp.in if needed 2017-01-13 20:40:26 -07:00
Todd C. Miller
08b662bf0b sudo 1.8.19p2 2017-01-13 16:45:14 -07:00
Todd C. Miller
2f0295373a When waiting for the parent to grant us the tty, use nanosleep 
instead of spinning to avoid hogging the CPU.
 2017-01-12 10:44:26 -07:00
Todd C. Miller
0c3a8085b3 Avoid using the system strnlen/strndup on AIX < 6. Even if configure 
correctly detects it is working on the build machine, the sudo
package may be run on a system with an old libc were it is broken.
 2017-01-05 06:22:58 -07:00
Todd C. Miller
6c2cb6cb95 sudo 1.8.19p1 2016-12-20 10:26:50 -07:00
Todd C. Miller
ae76e1a229 Use getgrouplist_2() on macOS if available. 2016-12-13 10:39:32 -07:00
Todd C. Miller
334350af45 id_t is 64-bits on FreeBSD so use strtoll() there. 
Fixes the strtoid regress.
 2016-11-30 07:32:59 -07:00
Todd C. Miller
695784e6ee Add support for getpwnam_shadow() on OpenBSD 2016-11-17 17:55:44 -07:00
Todd C. Miller
cb7e82acca Use AX_APPEND_FLAG instead of SUDO_APPEND_CPPFLAGS and direct 
modification of LDFLAGS.
 2016-11-17 10:16:51 -07:00
Todd C. Miller
a77ecca7d3 Remove aixcrypt.exp, it was a remnant of the 90's crypto wars where 
crypt() was not exported.
 2016-11-17 08:11:59 -07:00
Todd C. Miller
6dff4ac7fd Always define _PATH_SUDO_NOEXEC, _PATH_SUDO_SESH, _PATH_SUDO_PLUGIN_DIR, 
even if only defined to NULL.  This means the accessors can always be
present.

Use RTLD_PRELOAD_VAR instead of _PATH_SUDO_NOEXEC to tell when
noexec is available.

Add ENABLE_SUDO_PLUGIN_API and use it instead of _PATH_SUDO_PLUGIN_DIR
to tell when the plugin API is available.

Add sudo_conf_clear_paths() to clear the path values so the
regress tests are not affected by compile-time settings.
 2016-11-16 10:13:26 -07:00
Todd C. Miller
bdbb3e9855 Add ASAN_CFLAGS and ASAN_LDFLAGS and use -Wc prefix in ASAN_LDFLAGS 
to prevent libtool from strippign them out.
Avoid using ASAN flags when building sudo_noexec.so.
 2016-11-15 10:15:36 -07:00
Todd C. Miller
589e129c87 Disable noexec for HP-UX 10.x which probably doesn't support LD_PRELOAD 2016-11-14 16:42:16 -07:00
Todd C. Miller
08a4a28592 Remove SunOS 4 support, it is not modern enough to run sudo. 2016-11-14 14:40:50 -07:00
Todd C. Miller
b56bce3127 Remove HP-UX 9 support, it is not modern enough for sudo. 2016-11-14 14:38:01 -07:00
Todd C. Miller
9d11b725c5 Remove Ultrix support, modern sudo can't run on Ultrix anyway. 2016-11-14 14:33:43 -07:00
Todd C. Miller
66af45eb24 Add regress for noexec functionality 2016-11-14 14:21:08 -07:00
Todd C. Miller
60bf139451 Don't enable noexec for AIX 5.0-5.2, we need 5.3 and above. 2016-11-14 11:00:43 -07:00
Todd C. Miller
43bf2fdb90 sudo 1.8.19 2016-10-29 10:23:33 -06:00
Todd C. Miller
19c96da44d add vsyslog() for systems without it. 2016-10-19 11:32:36 -06:00
Todd C. Miller
c18ff022e0 Use vsyslog() if available. 2016-10-18 17:00:53 -06:00
Todd C. Miller
45b396598b sudo 1.8.18p1 2016-10-09 19:58:54 -06:00
Todd C. Miller
8e49ce07f6 Fix configure check for seccomp filter on Linux 2016-10-09 11:24:29 -06:00
Todd C. Miller
237e2f964d Use a seccomp filter on Linux to disable execve(2) and execveat(2). 
This still relies on LD_PRELOAD to work so it has the same issues
as the existing mether with respect to running 32-bit binaries on
a 64-bit kernel.
 2016-10-08 19:09:17 -06:00
Todd C. Miller
d0ccd947d0 Wrap wordexp(3) in sudo_noexec. 2016-10-05 20:21:18 -06:00
Todd C. Miller
1349bb760b sudo 1.8.18 2016-07-20 09:51:11 -06:00
Todd C. Miller
144e3bb53f Only keep backups of installed files on HP-UX where you cannot 
unlink a shared library that is in use.
 2016-07-08 12:37:41 -06:00
Todd C. Miller
9cc354aae3 Some versions of HP-UX 11.11 do not expose struct sockaddr_ext if 
_XOPEN_SOURCE_EXTENDED is defined.  Only define _XOPEN_SOURCE_EXTENDED
if we can still compile net/if.h.
 2016-06-27 05:55:31 -06:00
Todd C. Miller
c4118f66f4 Sudo 1.8.17p1 2016-06-22 10:26:08 -06:00
Todd C. Miller
9b027676c0 Use the value of ipa_hostname from /etc/sssd/sssd.conf if present 
instead of the system hostname.
 2016-06-04 19:52:10 -06:00
Todd C. Miller
3b043207b2 Sudo 1.8.17 2016-05-06 09:28:42 -06:00
Todd C. Miller
b20b411e71 Define NO_LEAKS when sudo is built with Coverity. 2016-05-04 13:01:57 -06:00
Todd C. Miller
9d5c6fbd64 Remove the check for __sprintf_chk when checking for _FORTIFY_SOURCE, 
Some implementations are purely header-file based.  As long as we
can link a test program using sprintf() when _FORTIFY_SOURCE=2 it
should be safe to use.
 2016-04-28 15:27:53 -06:00
Todd C. Miller
e0f12d81a7 Remove configure checks for dev_t, id_t, ino_t, ptrdiff_t, size_t 
and ssize_t.  These have been specified by either ANSI C or POSIX
for long enough that if the system doesn't support them, it is
unlikely to be able to compile sudo anyway.
 2016-04-28 15:09:46 -06:00
Todd C. Miller
48dff84081 Work around an ambiguity in the PAM spec with respect to the conversation 
function.  It is not clear whether the "struct pam_message **msg" is an
array of pointers or a pointer to an array.  Linux-PAM and OpenPAM use
an array of pointers while Solaris/HP-UX/AIX uses a pointer to an array.
Bug #726.
 2016-03-09 09:39:46 -07:00
Todd C. Miller
4b079ee7e6 Don't check for posix_spawn() or posix_spawnp() if we were unable 
to find spawn.h.  This should only be a problem on systems with
broken headers.  Bug #730
 2016-02-24 16:00:08 -07:00
Todd C. Miller
4f7b0b1159 Remove last remnants of the deprecated --with-stow option. 2016-02-18 16:18:30 -07:00
Todd C. Miller
6cbba7d665 Add an administrative domain to the passwd/group cache key for 
AIX which can have different name <-> ID mappings depending
on whether the database is local, LDAP, etc.
 2016-02-01 11:08:58 -07:00
Todd C. Miller
3d0b0f061e Add --enable-asan configure flag to enable address sanitizer 2016-01-27 15:37:25 -07:00
Todd C. Miller
41a32a1c58 When calling setauthdb(), save the old registry value so we can 
restore it properly.  Previously we were setting the registry to
unrestricted instead of actually restoring it.
 2016-01-22 17:04:58 -07:00
Todd C. Miller
c1b1481204 Use faccessat(2) for directory writability instead of doing the 
checks manually where possible.  This also allows us to remove the
#ifdef __linux__ bits since we no longer use fstat(2) on Linux with
an O_PATH fd.
 2016-01-18 10:45:47 -07:00
Todd C. Miller
4bcef637f8 Work around the buggy pread(2) on 32-bit HP-UX 11.00 by using 
pread64() on that platform.
 2016-01-13 11:10:33 -07:00
Todd C. Miller
b20977d445 Add support for using fexecve() if supported on commands that are 
checksummed.
 2016-01-04 10:35:18 -07:00
Todd C. Miller
3b338830cf Add missing square brackets in configure option descriptions. 2015-12-16 14:57:37 -07:00
Todd C. Miller
d13bb39d1d Use https in sudo.ws urls 2015-11-20 10:51:11 -07:00