isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,143 Commits 1 Branch 0 Tags
cf225d2f10325cd11dadf11b91ce17de4f6dcba8
Commit Graph

3147 Commits

Author SHA1 Message Date
Todd C. Miller
cf225d2f10 Add a test to exercise Bug #994 2021-09-17 09:10:27 -06:00
Todd C. Miller
0c30976ae6 Always allocate a struct sudo_command for the command, even for ALL. 
This was missed in the previous set of changes, resulting in a crash
for LDAP and SSSD rules that give sudo "ALL" privileges.
Bug #994.
 2021-09-16 11:24:26 -06:00
Todd C. Miller
31e4a0a0a6 Add SUDOERS_LDFLAGS to FUZZ_LDFLAGS 
Fixes a fuzzer link error when building with ldap if the ldap libs
are not in the default library search path.
 2021-09-16 11:01:07 -06:00
Todd C. Miller
d7cdf1e47c append_defaults() should not be passed a value for boolean flags. 
The operation should simply be set to true/false.
Also treat a NULL file as coming from the front-end.
Bug #993.
 2021-09-14 08:02:37 -06:00
Todd C. Miller
197d4ced38 regen 2021-09-08 17:24:50 -06:00
Todd C. Miller
bf60451845 Remove conditional include of alloca.h, we don't define HAVE_ALLOCA_H. 
The configure check for alloca() was removed long ago but this got
missed.
 2021-09-03 16:03:48 -06:00
Todd C. Miller
f64d71674e Quiet a PVS-Studio format string warning. 2021-09-02 13:37:36 -06:00
Todd C. Miller
9a9a22e93e Regen .pot files. 2021-09-02 12:20:08 -06:00
Todd C. Miller
2f6cacd1ec Updated translations from translationproject.org 2021-09-02 12:20:05 -06:00
Todd C. Miller
f40afd73fe Can't use intercept or log_subcmds with SELinux RBAC. 
SELinux policy will prevent the inherited socket from sudo from
being used and may also restrict the ability to connect back to the
sudo process.
 2021-09-01 11:09:17 -06:00
Todd C. Miller
ba171724f7 Rename log_children -> log_subcmds 2021-08-26 16:36:41 -06:00
Todd C. Miller
d8d4023335 Updated translations from translationproject.org 2021-08-26 13:17:46 -06:00
Todd C. Miller
70aef0eb2d sudo_debug_register: add minfd argument to specify lowest fd number 
Use this in sudo_intercept.so to avoid allocating a low-numbered
fd which the shell reserves for use by scripts.
 2021-08-26 09:57:24 -06:00
Todd C. Miller
ec751c63eb log_allowed: pass struct eventlog * instead of argv[] and envp[]. 
This lets us log based on the command_info[] list passed in from
the front-end.  Previously, much of the struct eventlog was constructed
from internal sudoers state instead.
 2021-08-25 17:29:15 -06:00
Todd C. Miller
0aedc965f8 command_matches: avoid printf("%s") of NULL in debug for sudo ALL. 2021-08-25 13:11:57 -06:00
Todd C. Miller
7df245dc91 Fix formatting for bound defaults with multiple entries in the binding. 
The entries in the binding were separated with " ," instead of ", ".
 2021-08-20 14:01:44 -06:00
Todd C. Miller
90aee138ba regen 2021-08-19 09:51:23 -06:00
Todd C. Miller
bb5843055e Replace messages like "unknown foo: %s" with "unknown foo %s". 
The colon really doesn't belong there; we generally use a colon to
separate a message from the warning detail.
 2021-08-19 09:44:11 -06:00
Todd C. Miller
f9d3f46fa7 Add intercept_allow_setid sudoers option, disabled by default. 
With this change, a shell in intercept mode cannot run a setuid or
setgid binary by default.  On most systems, the dynamic loader will
ignore LD_PRELOAD for setuid/setgid binaries such as sudo which
would effectively disable intercept mode.
 2021-08-18 15:43:26 -06:00
Todd C. Miller
53a95e3a50 Always allocate a struct sudo_command for the command, even for ALL. 
Previously we special-cased handling of ALL but this complicates
some upcoming changes.
 2021-08-18 09:12:19 -06:00
Todd C. Miller
e4809d634d Update .pot files for 1.9.8. 2021-08-16 10:46:34 -06:00
Todd C. Miller
e2abcd6cb6 log_server_accept: fix memory leak of evlog when logging a sub-command. 
Coverity CID 238643
 2021-08-14 09:11:02 -06:00
Todd C. Miller
4aefd43948 For intercepted commands, log an offset into the current I/O log. 
This can be used with sudoreplay to jump to when a specific command
was executed within a session log.
 2021-08-13 16:00:00 -06:00
Todd C. Miller
695f4bea05 Add support for an optional offset when parsing the ID to replay. 
The offset is a suffix in the form of @sec[.nanosec]
 2021-08-13 16:00:00 -06:00
Todd C. Miller
f327a19f34 Use same check for intercepted commands as log_server_accept(). 
Previously, log_server_reject() and log_server_alert() just
checked whether client_closure has been set.
 2021-08-11 14:10:05 -06:00
Todd C. Miller
0e2094471b Call shutdown() on sockets before closing() if they are connected. 
This should ensure that the other side sees any queued data before
the connection is dropped.
 2021-08-11 14:08:48 -06:00
Todd C. Miller
79129613e5 If SSL_shutdown() returns 0 it needs to be called one more time. 2021-08-11 10:16:36 -06:00
Todd C. Miller
ffdd7920cd resolve_editor: sudoers_gc_remove(editor) before freeing it. 2021-08-11 07:45:26 -06:00
Todd C. Miller
9798fd86bf Add garbage collection to resolve_editor(). 
Fixes a leak when evaluating the policy multiple times if sudoedit
is set.
 2021-08-10 12:58:18 -06:00
Todd C. Miller
462e8ab471 Avoid some double frees in the fuzzer 
Now that sudoers free old values of NewArgv and command_info the
fuzzer needs to reset those values.  Otherwise we end up with
stashed values that have already been garbage collected.
 2021-08-09 15:50:26 -06:00
Todd C. Miller
dae370fb70 Use a separate uuid for intercepted commands. 
We use the uuid to match the command with its exit status.
 2021-08-09 15:50:26 -06:00
Todd C. Miller
2e99450d40 Fix logging intercepted commands to a log server in sudoers. 
Only available when the server supports the subcommands capability.
 2021-08-09 15:50:26 -06:00
Todd C. Miller
3a090dcdcd Plug some memory leaks when sudoers_policy_main is called multiple times. 
These would get cleaned up a policy close time but we don't want
to bloat sudo's memory footprint when running a shell with multiple
commands.
 2021-08-09 15:50:26 -06:00
Todd C. Miller
788708c9ff Add intercept_authenticate sudoers option, defaults to false. 
By default, sudoers will not require authentication of commands run
via an intercepted session.  To require authenticaton of subsequent
commands, enable intercept_authenticate in sudoers.
 2021-08-09 15:50:26 -06:00
Todd C. Miller
1ae9954c63 Use run_argv and run_envp passed into the audit plugin for event logging. 
Previously we used NewArgv[] and env_get() but now that logging is
performed via an audit plugin we should use the values passed in.
 2021-08-09 15:50:25 -06:00
Todd C. Miller
5e3ce532fe Allow set_perms(PERM_INITIAL) to be called more than once. 
If the perm stack depth is non-zero when set_perms(PERM_INITIAL)
is called, rewind it first and re-initialize the stack depth to 0.
Fixes a user-after-free bug if set_perms(PERM_INITIAL) is called
multiple times.
 2021-08-09 15:50:25 -06:00
Todd C. Miller
132936f8f0 Make it possible to call the sudoers policy check function multiple times. 
We need to reset the Defaults values to their original state.
 2021-08-09 15:50:25 -06:00
Todd C. Miller
786e5865cb Add "intercept" Defaults setting to allow interception of sub-commands. 
This causes "intercept" to be set to true in command_info[] which
the sudo front-end will use to determine whether or not to intercept
attempts to run further commands, such as from a shell.  Also add
"log_children" which will use the same mechanism but only log (audit)
further commands.
 2021-08-09 15:50:25 -06:00
Todd C. Miller
b3e86c65b1 expand_prompt: use correct strlcpy() size parameter 
The available size passed to strlcpy() was computed incorrectly.
Switch to updating the length after writing to the new prompt instead
of computing it each time.  The actual buffer size is computed and
allocated correctly so there is no real consequence to this bug.
Found by Qualys.
 2021-08-09 08:19:40 -06:00
Todd C. Miller
d1c29fb008 Add some debugging info to find_path() 2021-08-02 08:57:35 -06:00
Todd C. Miller
8b009f62eb Plug memory leak in error path when sudoers cannot be opened. 2021-07-29 15:26:04 -06:00
Todd C. Miller
1032fca5b8 Trying to use "+=" or "-=" operators on a non-list is an error. 
Previously, they were simply treated as "=" for non-lists.
 2021-07-29 09:29:10 -06:00
Todd C. Miller
36fbb13c4c Use TLS_method() instead of TLS_client_method() throughout. 
OpenSSL returns an error for SSL_accept() if TLS_client_method()
was used to generate the context (LibreSSL doesn't care).

Prior to sudo 1.9.7, TLS_client_method() and TLS_server_method()
were used in the TLS client and server initialization code respectively.
This was refactored in sudo 1.9.7 to allow the code to be shared.
Bug #988
 2021-07-26 13:40:25 -06:00
Todd C. Miller
532e00aa2b Only replace getaddrinfo for FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION. 
This works around an issue on SCO which uses inline functions in
the header files which call the actual, versioned, library function.
 2021-07-26 11:39:41 -06:00
Todd C. Miller
b48cd11a4b Include signal.h for SIG2STR_MAX and sig2str(). 2021-07-23 15:02:26 -06:00
Todd C. Miller
c234bab7b2 Remove unused info_cb and info arguments from eventlog_exit() 2021-07-15 11:07:25 -06:00
Todd C. Miller
fa7250ead7 Create a UUID and log it in the JSON version of the event log. 2021-07-15 11:07:25 -06:00
Todd C. Miller
17a415ae77 Add log_exit_status sudoers option to log when a command exits. 
This option defaults to off.
 2021-07-09 11:08:44 -06:00
Todd C. Miller
657897b8bf Check that the python module we actually loaded is what we intended. 
This is intended to provide a more useful error message if the
user defines a module which conflicts with a system python module.
For example, a module called test.py would conflicts with the system
python test module.
 2021-07-08 15:50:04 -06:00
Todd C. Miller
ae0e25cf2e Move definition of INADDR_NONE from interfaces.c to net_ifs.c. 
Fixes compilation on Solaris 9.
 2021-06-21 10:09:32 -06:00