isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9,039 Commits 1 Branch 0 Tags
d5d170252a1065a6b10c3e8d0a7df1aee13a33df
Commit Graph

1055 Commits

Author SHA1 Message Date
Todd C. Miller
1186f39842 Use SUDO_EV_SIGNAL and SUDO_EV_SIGINFO instead of managing the 
signal_pipe explicitly.
 2017-05-12 10:02:17 -06:00
Todd C. Miller
e18a5c7d74 Fix a hang introduced in the last commit. Don't close the pty slave 
until after we have the controlling tty.
 2017-05-05 14:45:35 -06:00
Todd C. Miller
44dc15d02d If any of std{in,out,err} are not hooked up to a tty only interpose 
ourselves with a pipe if the plugin will actually log the data.
This avoids a problem with non-interactive commands where no tty
is present where sudo will consume stdin even when log_input is not
enabled in sudoers.
 2017-05-05 14:27:42 -06:00
Todd C. Miller
80f8960fc6 Move the invocation of check_noexec into the main "check" target 
but only run it if not cross compiling and whe CHECK_NOEXEC is not
empty.
 2017-05-03 11:58:40 -06:00
Todd C. Miller
ecbf895097 Move @CHECK_NOEXEC@ to TEST_PROGS so it gets cleaned up properly. 2017-05-03 11:32:56 -06:00
Todd C. Miller
dab8651ed2 We no longer need to write to the tty if the command was killed by 
a signal.  Sudo will terminate itself with the same signal the
command died from.  Unfortunately, we lose the "core dumped" bit
since sudo itself will not dump core, but there doesn't appear to
be a way around that.
 2017-04-28 10:32:15 -06:00
Todd C. Miller
f57629c953 On Linux, if the command we ran dumped core, set PR_SET_DUMPABLE 
to 0.  This will prevent sudo itself from dumping core in this case.
 2017-04-27 12:28:08 -06:00
Todd C. Miller
91aec9730e If the command terminated due to a signal, sudo will send that same 
signal to itself so the parent shell knows the command died from
a signal.  However, we don't want sudo itself to dump core.
 2017-04-27 10:34:30 -06:00
Todd C. Miller
9ee50beaa7 The fix for Bug #722 contained a typo/thinko that resulted in the 
exit status being 0 when a command was killed by a signal other
than SIGINT.  This fixes the signal handler setup so sudo will
terminate with the same signal as the command.  Bug #784.
 2017-04-26 20:17:34 -06:00
Todd C. Miller
54a23d2c5d Don't install the rc.d link when installing to a DESTDIR. 
DESTDIR is generally only set when installing to a temporary
directory for packaging in which case the link should be
made in a post-install script.
 2017-04-26 14:49:05 -06:00
Todd C. Miller
9f1afe23fe Use the standard idiom for popping all entries from a tail queue. 
The llvm checker gets confused by TAILQ_REMOVE and generate
use-after-free false positives.
 2017-04-20 16:13:14 -06:00
Todd C. Miller
c60259bd63 rewrite errpipe callbacks 2017-04-20 16:12:53 -06:00
Todd C. Miller
c2176c32a7 use pipe2() with O_CLOEXEC instead of pipe() + fcntl() and FD_CLOEXEC 2017-04-20 15:10:57 -06:00
Todd C. Miller
6e75179528 init io_pipe[][] to -1, not 0 2017-04-20 15:09:07 -06:00
Todd C. Miller
a245fedc22 Avoid unused variable when getgrouplist_2() is available. 
It would be nicer to just provide getgrouplist_2() (or the equivalent)
and avoid the ugly #ifdefs.
 2017-04-19 09:39:55 -06:00
Todd C. Miller
d989f8af30 In sudo_ttyname_scan() if dir is the empty string, set errno to 
ENOENT before returning.
 2017-04-12 17:06:48 -06:00
Todd C. Miller
c6f9f06c45 Check return value of dispatch_pending_signals() in case we received 
SIGINT or SIGQUIT before executing the command.
 2017-04-07 08:38:56 -06:00
Todd C. Miller
35e4bd3e9f Replace pipe_nonblock() with pipe2() 2017-03-13 12:11:52 -06:00
Todd C. Miller
867fd16343 Move SIGCHLD handling into handle_sigchld() functions and move the 
remaining bits of dispatch_signal() into signal_pipe_cb()
 2017-03-09 08:36:40 -07:00
Todd C. Miller
78f3f8bb9d e_termination should be set to the value of WTERMSIG not WEXITSTATUS 2017-03-08 09:17:53 -07:00
Todd C. Miller
af1482f487 Add tcsetpgrp_nobg() which acts like tcsetpgrp() but returns -1 
for a background process.  This is safer than blocking SIGTTOU
which would cause tcsetpgrp() to succeed in the background.
 2017-03-07 12:29:21 -07:00
Todd C. Miller
2f074d33ab Prevent sudo from receiving SIGTTOU when it tries to restore the 
controlling terminal.  There appears to be a race with the shell
(bash) which we may lose.
 2017-03-06 13:05:17 -07:00
Todd C. Miller
00b4732c9d Add some casts to quiet gcc warnings on Solaris and remove a 
now-useless debug printf.
 2017-03-03 11:20:56 -07:00
Todd C. Miller
a788144094 change debug info when suspending sudo 2017-03-03 11:20:25 -07:00
Todd C. Miller
6dba84dca9 Reorganize the command execution code to separate out the pty and 
non-pty code paths into their own event loops.  The non-pty exec
code is now contained in exec_nopty.c and the pty exec code is split
between exec_pty.c (parent process) and exec_monitor.c (session leader).
This results in a small bit of duplicated code but improves readability.
Some of the duplicated code will fall out in future changes to the
event subsystem (the signal pipe).
 2017-03-03 10:35:11 -07:00
Todd C. Miller
4b1f0c4176 Remove support for the TIOCGSIZE ioctl. Systems that use this 
rather than TIOCGWINSZ are too old for sudo to build on anyway.
 2017-02-26 16:41:25 -07:00
Todd C. Miller
13fcdb4f5f Set the child pid to -1 after we've waited for it and take care to 
avoid killing pid -1.  This makes it a bit more explicit and removes
the need for a separate variable to track the child's status.
Sudo already stops processing signals after it receives SIGCHLD so
it is not vulnerable to CVE-2017-2616.
 2017-02-24 15:14:56 -07:00
Todd C. Miller
c86a6a23ad Add a command line option to specify the command timeout, as long 
as sudoers does not specify a shorter time limit.
 2017-02-16 09:58:18 -07:00
Todd C. Miller
dde2b5eb2c Close execfd in parent processes where it is not needed. 2017-01-22 18:56:13 -08:00
Todd C. Miller
2f0295373a When waiting for the parent to grant us the tty, use nanosleep 
instead of spinning to avoid hogging the CPU.
 2017-01-12 10:44:26 -07:00
Todd C. Miller
0ef26ff0b7 Use ROOT_UID instead of 0 2017-01-12 10:42:26 -07:00
Todd C. Miller
ae76e1a229 Use getgrouplist_2() on macOS if available. 2016-12-13 10:39:32 -07:00
Todd C. Miller
52d6a5e40d Solaris 10 wordexp() returns 127 on execve() failure like popen() 
does.
 2016-11-30 11:05:42 -07:00
Todd C. Miller
1aea3f6e3e Just use malloc_options "S" on OpenBSD instead of "AFGJPR". 2016-11-25 09:04:00 -07:00
Todd C. Miller
6c5936296f Add SUDO_DEBUG_INSTANCE_ERROR return value for sudo_debug_register() 
and check for it in places where we check the return value of
sudo_debug_register().
 2016-11-21 06:37:23 -10:00
Todd C. Miller
f70f595b5b Add umask to user_info passed in from the front end to the plugin. 2016-11-17 16:00:06 -07:00
Todd C. Miller
6dff4ac7fd Always define _PATH_SUDO_NOEXEC, _PATH_SUDO_SESH, _PATH_SUDO_PLUGIN_DIR, 
even if only defined to NULL.  This means the accessors can always be
present.

Use RTLD_PRELOAD_VAR instead of _PATH_SUDO_NOEXEC to tell when
noexec is available.

Add ENABLE_SUDO_PLUGIN_API and use it instead of _PATH_SUDO_PLUGIN_DIR
to tell when the plugin API is available.

Add sudo_conf_clear_paths() to clear the path values so the
regress tests are not affected by compile-time settings.
 2016-11-16 10:13:26 -07:00
Todd C. Miller
bdbb3e9855 Add ASAN_CFLAGS and ASAN_LDFLAGS and use -Wc prefix in ASAN_LDFLAGS 
to prevent libtool from strippign them out.
Avoid using ASAN flags when building sudo_noexec.so.
 2016-11-15 10:15:36 -07:00
Todd C. Miller
66af45eb24 Add regress for noexec functionality 2016-11-14 14:21:08 -07:00
Todd C. Miller
068f96a213 Unbreak sudo_noexec on macOS where shared libraries and dynamic 
modules are different.  We still want to install sudo_noexec.so
without the "lib" prefix so some hackery is required.
 2016-11-14 11:04:29 -07:00
Todd C. Miller
07cc9d8153 Need to link sudo_noexec.so with -ldl for dlsym() on some platforms. 
Otherwise, the wordexp(3) wrapper will fail due to an undefined
symbol.  Bug #761
 2016-11-13 16:00:31 -07:00
Todd C. Miller
efe957544f Add the argument vector allocated for -s and -i mode to the garbage 
collector list.  Avoids an ASAN warning on exit when the -s or -i
flags are used.
 2016-11-10 10:11:18 -07:00
Todd C. Miller
8133cdfdf6 Use sys/stat.h defines instead of bare octal values. 2016-11-07 13:36:05 -07:00
Todd C. Miller
7c56179c7d Use "double quotes" in messages instead of a combination of the 
accent (grave) mark and apostrophe.
 2016-11-02 17:10:17 -06:00
Todd C. Miller
e8af335eb8 Fix pasto when setting I/O plugin debug files 2016-10-31 13:12:35 -06:00
Todd C. Miller
5a7936209e Quiet a PVS-Studio warning about the spin loop when waiting for the 
parent to assign us the terminal pgrp.
 2016-10-26 13:49:04 -06:00
Todd C. Miller
fc1b4155d7 Replace bare ";" in the body of for() loops with "continue;" for 
improved readability.
 2016-10-26 10:42:28 -06:00
Todd C. Miller
f632e0a63d Don't generate SIGTOU when restoring the terminal modes. It doen't 
make sense to suspend the process only to restore the terminal
settings since in this case the shell has already taken ownership
of the tty.
 2016-10-17 09:02:34 -06:00
Todd C. Miller
9b886f6b2c The flush parameter of sudo_term_restore() is bool, not int. 2016-10-17 08:57:17 -06:00
Todd C. Miller
ddbbcb9441 Need RTLD_NEXT for wordexp() on dlopen() systems. It is missing on AIX 5.1 at least. 2016-10-10 08:38:50 -06:00