isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,154 Commits 1 Branch 0 Tags
d11cb3d14b1e6bb9dd60ae9e209edf08a406721b
Commit Graph

474 Commits

Author SHA1 Message Date
Todd C. Miller
faabf3bac7 Before exec, restore state of signal handlers to be the same as 
when we were initialy invoked instead of just reseting to SIG_DFL.
Fixes a problem when using sudo with nohup.  Based on a patch from
Paul Markham.
 2002-11-22 18:33:47 +00:00
Todd C. Miller
4f2d87e28c o timestamp_uid should be uid_t, not int 
o clarify error message when sudo is run by root and no_root_sudo is set
 2002-11-22 18:23:24 +00:00
Todd C. Miller
0f60107a1c No need for dump_badenv() now that dump_defaults() knows how to dump lists. 2002-05-05 19:58:29 +00:00
Todd C. Miller
c289159953 g/c second arg to set_perms--it is no longer used 2002-05-05 00:43:38 +00:00
Todd C. Miller
a30951d34c Add support for non-root timestamp dirs. This allows the timestamp 
dir to be shared via NFS (though this is not recommended).
 2002-05-03 22:48:17 +00:00
Todd C. Miller
99cc62452d Move endpwent() to be after set_perms(PERM_RUNAS, ...) and also call 
endgrent() at the same time.
 2002-03-12 03:19:04 +00:00
Todd C. Miller
ea24bef19c The SHELL environment variable was preserved from the user's 
environment instead of being reset based on the passwd database
when the "env_reset" option was used.  Now it is reset as it should be.
 2002-01-15 23:43:59 +00:00
Todd C. Miller
f039427253 Add a configure option to turn off use of POSIX saved IDs 2002-01-15 22:47:29 +00:00
Todd C. Miller
eb97ce45ea Only OR in MODE_RESET_HOME if MODE_RUN is set. 
Fixes a problem where "sudo -l" would not work if always_set_home was set.
 2002-01-15 20:39:59 +00:00
Todd C. Miller
26e835b096 o Move the call to rebuild_env() until after MODE_RESET_HOME is set. 
Otherwise, the set_home option has no effect.

o Fix use of freed memory when the "fqdn" flag is set.  This was
  introduced by the fix for the "segv when gethostbynam() fails" bug.
  Also, we no longer call set_fqdn() if the "fqdn" flag is not set so
  there is no need to check the "fqdn" flag in set_fqdn() itself.
 2002-01-15 01:53:02 +00:00
Todd C. Miller
9eac6eeaa3 If set_perms == set_perms_posix and the stay_setuid flag is not 
set, set all uids to 0 and use set_perms_fallback().
 2002-01-13 18:29:23 +00:00
Todd C. Miller
a82e7a8efe (c) 2002 2002-01-08 15:00:18 +00:00
Todd C. Miller
53299b78a0 Defer assigning new environment until right before the exec. 2002-01-08 14:20:57 +00:00
Todd C. Miller
afe8333fc2 XXX - should call find_path() as runas user, not root. Can't do 
that until the parser changes though.
 2001-12-15 00:45:13 +00:00
Todd C. Miller
cfadcb1733 If find_path() fails as root, try again as the invoking user (useful 
for NFS).  Idea from Chip Capelik.
 2001-12-15 00:38:06 +00:00
Todd C. Miller
761b119e2e Add new sudoers option "preserve_groups". Previously sudo would not 
call initgroups() if the target user was root.  Now it always calls
initgroups() unless the -P command line option or the "preserve_groups"
sudoers option is set.  Idea from TJ Saunders.
 2001-12-15 00:24:27 +00:00
Todd C. Miller
65fad4df35 o Reorder some headers and use STDC_HEADERS define properly 
o Update copyright year
 2001-12-14 19:52:54 +00:00
Todd C. Miller
2e677e1023 Remove "secure_path" Defaults option since it cannot work with the 
existing parser.
 2001-12-14 06:40:03 +00:00
Todd C. Miller
f590093e46 Unset "secure_path" if user_is_exempt() 2001-12-14 06:26:55 +00:00
Todd C. Miller
cf92836ecf Only need to do 'lc = login_getclass(NULL)' if lc == NULL 2001-12-13 02:42:45 +00:00
Todd C. Miller
678f56e2e8 o Defer call to set_fqdn() until it is safe to use log_error() 
o Don't print errno string value if gethostbyname fails, it is not relevant
 2001-12-13 01:24:45 +00:00
Todd C. Miller
4cad1daa76 Must reset signal handlers before we exec 2001-12-09 05:20:34 +00:00
Todd C. Miller
60bbfa42df Don't block keyboard interrupt signals, just set them to SIG_IGN. 2001-12-09 05:09:10 +00:00
Todd C. Miller
241cb64cc4 Kill POSIX_SIGNALS define and old signal support now that we emulate POSIX ones 
Also be sure to correctly initialize struct sigaction.
 2001-12-08 19:44:30 +00:00
Todd C. Miller
63ae9ec2ad Dump default bad env table when 'sudo -V' is run by root. 2001-11-12 18:08:30 +00:00
Todd C. Miller
29871e4422 If we fail to lookup a login class, apply the default one. 2001-08-23 21:43:38 +00:00
Todd C. Miller
11127e3468 Use setpwent()/endpwent() + all the shadow variants to make sure 
we don't inadvertantly leak an fd to the child.  Apparently Linux's
shadow routines leave the fd open even if you don't call setspent().
Reported by mike@gistnet.com; different patch used.
 2001-05-10 18:55:12 +00:00
Todd C. Miller
646bd70349 remove struct env_table decl since that stuff has all moved to env.c 2001-04-13 01:36:59 +00:00
Todd C. Miller
d956d77528 Move defaults info into its own files from which we generate 
.h and .c files.  This makes adding or rearranging variables
much simpler.
 2000-12-31 01:38:37 +00:00
Todd C. Miller
572b4cf39a Don't try and build saved uid version of set_perms on systems w/o them. 
Rename set_perms_saved_uid() -> set_perms_posix()
Make set_perms_setreuid simply be set_perms_fallback() and simply include
  the appropriate function at compile time (setreuid() vs. setuid()).
 2000-12-30 03:59:40 +00:00
Todd C. Miller
998631b73a New Defaults options: 
o stay_setuid - sudo will remain setuid if system has saved uids or setreuid(2)
 o env_reset - reset the environment to a sane default
 o env_keep - preserve environment variables that would otherwise be cleared

No longer use getenv/putenv/setenv functions--do environment munging by hand.
Potentially dangerous environment variables can be cleared only if they
contain '/' pr '%' characters to protect buggy programs.
Moved environment routines into env.c (new file)
 2000-12-30 03:29:47 +00:00
Todd C. Miller
7ce284a132 Use exit(127), not exit(-1) 2000-11-03 14:36:32 +00:00
Todd C. Miller
7ea65e54bd Move set_perms() to its own file and use POSIX saved uid or setreuid() 
if available.

Added stay_setuid option for systems that have libraries that perform
extra paranoia checks in system libraries for setuid programs (ie:
anything with issetugid(2)).
 2000-11-03 05:37:44 +00:00
Todd C. Miller
70f16a284d strip more bits from the environment and add a facility for stripping 
things only if they contain '/' or '%' to address printf format string
vulnerabilities in other programs.
 2000-11-03 01:28:54 +00:00
Todd C. Miller
f31d6ce259 Remove debugging code that should not have been committed, oops. 2000-10-29 22:31:42 +00:00
Todd C. Miller
e23d30b913 Fix a coredump in the logging functions if gethostname(2) fails 
by deferring the call to log_error() until things are better setup.

Fix return value of set_loginclass() in non-BSD-auth case.

Hard-code 'sudo' in the usage message so we can fit more options on a line
 2000-10-27 22:41:48 +00:00
Todd C. Miller
0208b22686 Add support for BSD authentication. 2000-10-26 16:42:40 +00:00
Todd C. Miller
9745a31948 sudo_setenv() now exits on memory alloc failure instead of returning -1. 2000-09-14 20:48:58 +00:00
Todd C. Miller
deb5b07f40 Strip out NLSPATH and PATH_LOCALE from the environment for FreeBSD 
and possibly others.
 2000-09-07 21:41:16 +00:00
Todd C. Miller
ed7827decc Add always_set_home variable 2000-09-07 01:35:39 +00:00
Todd C. Miller
6525e882a4 The listpw and verifypw sudoers options would not take effect because 
the value of the default was checked *before* sudoers was parsed.
Instead of passing in the value of PWCHECK_* to sudoers_lookup(),
pass in the arg for def_ival() so the check can be deferred until
after sudoers is parsed.
 2000-08-12 20:48:29 +00:00
Todd C. Miller
d7050d5615 Add support for using getifaddrs() to get the list of ip addr / netmask 
pairs.  Currently IPv4-only.
 2000-06-04 23:57:22 +00:00
Todd C. Miller
7a2dfb77fb Call clean_env very early in main() for paranoia's sake. Idea from 
Marc Esipovich.
 2000-05-12 20:55:35 +00:00
Todd C. Miller
165bd7fafb Fix root, runas, and target authentication for non-passwd file auth 
methods.
 2000-05-09 15:42:38 +00:00
Todd C. Miller
455f27816f Bracket calls to syslog with an openlog() and closelog() since some 
authentication methods (like PAM) may do their own logging via
syslog.  Since we don't use syslog much (usually just once per
session) this doesn't really incur a performance penalty.
It also Fixes a SEGV with pam_kafs.
 2000-04-17 18:01:14 +00:00
Todd C. Miller
978e3f8bc0 Fix -H flag. runas_homedir is only valid after set_perms(PERM_RUNAS, mode) 2000-04-15 20:32:59 +00:00
Todd C. Miller
f32e054fe5 Make login class support work on BSD/OS 2000-03-24 20:13:12 +00:00
Todd C. Miller
fed49d49eb set_loginclass() should be static like the proto says 2000-03-24 00:16:41 +00:00
Todd C. Miller
78b6514e58 Add support for set_logname run-time default 2000-03-23 00:20:56 +00:00
Todd C. Miller
5684831592 User can always specify a login class if he/she is already root. 2000-03-07 19:26:02 +00:00