isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,905 Commits 1 Branch 0 Tags
d242261dd45e505211f118bb23f44aa5862cfd3a
Commit Graph

11905 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
d242261dd4 Store raw sudoers lines in the debug log. 
Also add a "sudoerslex" prefix to the token debug info in
sudoers_trace_print().
 2022-11-01 09:32:14 -06:00
Todd C. Miller
966731311d The line numbers in sudoers_trace_print() were off by one. 
The line counter is incremented when a newline is seen so the output
actually refers to the previous line.
 2022-10-31 10:21:39 -06:00
Todd C. Miller
4da22b101e Make the second arg to the sudo auth verify function const. 
This may be either a plaintext password or a password prompt.
Either way it should not be modified by the verify function.
 2022-10-31 09:11:32 -06:00
Todd C. Miller
bd209b9f16 Fix CVE-2022-43995, potential heap overflow for passwords < 8 characters. 
Starting with sudo 1.8.0 the plaintext password buffer is dynamically
sized so it is not safe to assume that it is at least 9 bytes in size.
Found by Hugo Lefeuvre (University of Manchester) with ConfFuzz.
 2022-10-28 07:29:55 -06:00
Todd C. Miller
c78e78dc5e Move debugging info from hostname_matches() to host_matches(). 2022-10-29 11:39:05 -06:00
Todd C. Miller
6a3fb3fd73 Add debugging to sudo_set_grlist() and sudo_set_gidlist(). 2022-10-28 16:58:16 -06:00
Todd C. Miller
366217571e configure: better test for -fstack-clash-protection 
The gcc front-end may accept -fstack-clash-protection even if the
machine-specific code does not support it.  We use a test program
with a large stack allocation to try to cause the compiler to insert
the stack clash protection code, or fail if not supported.
GitHub issue #191
 2022-10-27 20:02:37 -06:00
Todd C. Miller
6a2075b671 Check that compiler accepts -fstack-clash-protection and -fcf-protection. 
Previously, we only checked that linker accepted them.
GitHub issue #191
 2022-10-27 18:33:41 -06:00
Todd C. Miller
7944494196 Fix compilation error on Linux/mips. 2022-10-26 16:35:30 -06:00
Todd C. Miller
802e500cca Regenerate dependencies for src/sesh.c. 2022-10-21 11:30:04 -06:00
Todd C. Miller
ebd285850d Sync clean target with other Makefile.in files. 2022-10-21 11:24:38 -06:00
Todd C. Miller
8087604e5a Build the sample plugin but do not install it by default. 
We no longer install the sample approval plugin.
 2022-10-21 09:12:11 -06:00
Todd C. Miller
45ea248335 Adapt to current plugin API and fix warnings. 2022-10-21 07:51:00 -06:00
Todd C. Miller
9b9404b6fa Disable admin_flag by setting to NULL, not false. 
Found by cppcheck.
 2022-10-20 13:45:36 -06:00
Todd C. Miller
3a6083f043 Bug #1042. 2022-10-20 09:30:33 -06:00
Todd C. Miller
803998d2bd Only add trailing carriage return to messages if output is a raw tty. 
If output is being written to a terminal in "raw" mode, we need to
add a carriage return after the newline to avoid "stair-step" output.
However, we should not write the carriage return if the terminal
is in "cooked" mode, output to a pipe, or output redirected to a file.
Bug #1042.
 2022-10-20 08:55:26 -06:00
Todd C. Miller
d744271a63 Make it clear that runas_default sets the default user for Runas_Spec. 
Also use mention runas_default in other parts of the manual, use
@runas_default@ instead of root and add markup around user names.
GitHub issue #186.
 2022-10-20 08:08:48 -06:00
Todd C. Miller
3ca21f9506 Fix a typo, muti-arch -> multi-arch 
GitHub issue #185
 2022-10-20 06:57:37 -06:00
Todd C. Miller
82db62ec6b Mention log_servers eventlog fix. 2022-10-19 19:03:00 -06:00
Todd C. Miller
e7db62f645 Don't NULL out the plugin close function when logging to a log server. 
If sudo calls execve(2) directly the accept info will not be sent.
We also need the sudo front-end to wait until the command finishes
to send the exit status.
 2022-10-19 17:05:36 -06:00
Todd C. Miller
d251dfd554 Fix numbering in "Simple sudo installation" 2022-10-17 15:51:38 -06:00
Todd C. Miller
5c5ff3fdaa zlib 1.2.13 update 2022-10-14 12:38:29 -06:00
Todd C. Miller
5dbb8ac6e4 Updated translations from translationproject.org 2022-10-14 12:37:20 -06:00
Todd C. Miller
6185c4f84b Don't define _LARGEFILE64_SOURCE or _LFS64_LARGEFILE. 
We don't need them and the missing prototype for crc32_combine_gen64()
issue has been fixed upstream.
 2022-10-14 08:13:35 -06:00
Todd C. Miller
51a1a7d63f Update embedded copy of zlib to version 1.2.13. Fixes CVE-2022-37434. 2022-10-13 17:04:24 -06:00
Todd C. Miller
0be0757d64 Add fchownat() for systems without it. 2022-10-13 15:10:40 -06:00
Todd C. Miller
23e1d32934 Update NEWS for 1.9.12. 2022-10-10 09:13:36 -06:00
Todd C. Miller
3b205bc412 Update .pot files for 1.9.12 2022-10-10 09:13:22 -06:00
Todd C. Miller
3bdb585481 Use getopt() and getopt_long() for sesh command line options. 2022-10-10 09:12:48 -06:00
Todd C. Miller
8d5e59c8a8 Update the description of intercept_verify 2022-10-10 09:12:47 -06:00
Todd C. Miller
fbd8de0276 Silence a warning from the Solaris Studio compiler. 2022-10-07 11:22:58 -06:00
Todd C. Miller
57b5ff8e8c Avoid a -Wshadow warning on Solaris 9. 2022-10-07 11:00:17 -06:00
Todd C. Miller
0eb136d65c Fix a build error on Solaris 9. 2022-10-07 09:28:27 -06:00
Todd C. Miller
af83e3c10f Fix display of command tags and options in "sudo -l" when RunAs changes. 
A new line is started when RunAs changes which means we need to display
the command tags and options again.  GitHub issue #184
 2022-10-06 16:29:54 -06:00
Todd C. Miller
6a0f7ccc41 Fix printing of MYSELF when listing another user's privileges. 
We need to use list_pw if it is set instead of user_name.
GitHub issue #183
 2022-10-06 15:02:09 -06:00
Todd C. Miller
282d13532b Update NEWS file with recent changes. 2022-10-06 13:40:00 -06:00
Todd C. Miller
7e20e4b80f Apply multiarch rules when loading plugins too. 2022-10-06 12:46:38 -06:00
Todd C. Miller
0b506a2d07 sudo_dso_load: try multi-arch on Linux if we can't load the path. 
For example, if loading /usr/lib/libsss_sudo.so fails, try again
with /usr/lib/x86_64-linux-gnu/libsss_sudo.so.
 2022-10-05 15:26:14 -06:00
Todd C. Miller
b37bf44cdd Add test for sudo open_parent_dir() 2022-10-05 12:36:14 -06:00
Todd C. Miller
2e2dd48bef Add test for matching a literal "" command line argument as "" in sudoers. 
GitHub issue #182.
 2022-10-05 10:10:31 -06:00
Todd C. Miller
fa952bfbb7 Add -I flag to disable editing include files unless there is an error. 
This can be used when you only want to edit a single sudoers file
unless there is a pre-existing syntax error.
 2022-10-04 16:11:45 -06:00
Todd C. Miller
575200e734 Do not match a literal "" command line argument as "" in sudoers. 
If the empty string is specified in sudoers, no user args are allowed.
GitHub issue #182.
 2022-10-04 13:37:32 -06:00
Todd C. Miller
3940020c94 sudo_secure_open_{file,dir}: always check thatreturn value is not -1. 
Avoids false positives from static analyzers that can't figure out
that the fd is always valid when error is SUDO_PATH_SECURE.
 2022-10-04 09:33:44 -06:00
Todd C. Miller
59765dd360 Correct return value when mkdtempat() fails. 2022-10-04 09:01:44 -06:00
Todd C. Miller
719b7f933f sudo_open_parent_dir: stop before creating the last path component 
Fix a regression introduced in sudo 1.9.9 where the entire directory
path was created instead of just the parent directory.
 2022-10-04 08:51:36 -06:00
Todd C. Miller
371b974e07 Use "hg log --template" instead of "hg log --style". 2022-10-01 16:59:07 -06:00
Todd C. Miller
afaeb0ed57 Mark code that escapes/unescapes "sudo -s cmd args..." for removal. 
A future version of the plugin API will defer any such escaping
to the policy plugin so it can be configurable.
 2022-09-29 13:43:20 -06:00
Todd C. Miller
63efad271a Update with recent changes. 2022-09-29 11:16:21 -06:00
Todd C. Miller
6cd99d0b71 Improve the description of JSON output. 2022-09-29 10:52:32 -06:00
Todd C. Miller
d2a13a8154 Fix typos found by codespell 2.2.1. 2022-09-28 16:39:19 -06:00