isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9,039 Commits 1 Branch 0 Tags
d5d170252a1065a6b10c3e8d0a7df1aee13a33df
Commit Graph

9039 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
37f591d2dd Enable passprompt_override by default if SUDO_PROMPT is present in 
the environment.  This is consistent with how "sudo -p prompt" is
handled.
 2017-07-20 11:40:49 -06:00
Todd C. Miller
1918ec4a55 When reading a single character via a switch() use "default: instead 
of "case 1:" to quiet a coverity warning.
 2017-07-17 14:44:18 -06:00
Todd C. Miller
6509482bfd Initialize ch in getsize_cb() in case we are called with the wrong 
initial state.
 2017-07-17 14:13:08 -06:00
Todd C. Miller
58858513f0 remove unused variable 2017-07-17 14:09:48 -06:00
Todd C. Miller
034132774d Call install_sudoers() even when doedit is false. If a file in a 
#includedir has a syntax error it will still have been edited and
we need to install the edited temp file.
 2017-07-17 09:42:42 -06:00
Todd C. Miller
5bc80d3ddb Reparse sudoers if a new #include file was added. 
Otherwise the new file will not get its syntax checked.
Bug #791
 2017-07-17 09:26:00 -06:00
Todd C. Miller
28fe335017 don't restore the cursor when setting terminal size, we don't want the cursor to move 2017-07-14 14:30:43 -06:00
Todd C. Miller
dbddf1bc36 Read the xterm terminal size using an event so we can easily time 
out if needed.
 2017-07-14 10:10:00 -06:00
Todd C. Miller
7f8765d327 If we free the default base in sudo_ev_base_free(), reset the default 
base to NULL.
 2017-07-14 10:09:58 -06:00
Todd C. Miller
d2a0bfbb12 Add the ability to set a default event base, to be used by plugins 
which don't have access to the event base.
 2017-07-13 13:59:31 -06:00
Todd C. Miller
9a76678317 Allow sudoreplay to adjust the window size on xterm-like terminals. 2017-07-13 11:20:45 -06:00
Todd C. Miller
f79a236533 Log window size change events in the sudoers I/O plugin. 
Let sudoreplay parse a timing file with window change events
(currently ignored).
 2017-07-12 05:47:28 -06:00
Todd C. Miller
8898ec1f9c Pass window size change events to the plugin. 2017-07-12 05:47:28 -06:00
Todd C. Miller
6505d05803 Clear input, output, control and local flags before copying them 
from the source terminal.  Otherwise, flags that are disabled
in the source terminal may still be enabled in the destination.
 2017-07-12 05:47:28 -06:00
Todd C. Miller
e70a953fb4 Remove pointless subshells in targets that simply change the directory 
and execute a command.  The command is already run in a shell so
there is no need to execute a subshell in this case.
 2017-07-12 05:45:46 -06:00
Todd C. Miller
a7759b6261 Store the debug instance ID for I/O plugins too. 
Now iolog_open() is consistent with policy_open().
 2017-07-10 16:28:10 -06:00
Todd C. Miller
88bf0337e9 Move the bits to fill in the new event base to sudo_ev_base_init(), 
which is not currently exported.
 2017-06-01 09:45:23 -06:00
Todd C. Miller
c000189684 Use getentropy() in mkstemp/mkdtemp replacement. 2017-06-29 18:11:30 -06:00
Todd C. Miller
6d4d4594b7 Use _PATH_DEV consistently 2017-06-29 18:10:53 -06:00
Todd C. Miller
c77c5d026a When copying terminal settings from one tty to another only copy a 
subset of the flags.  Sudo now copies the same set of flags that
OpenSSH uses, which should be safe.
 2017-06-15 12:59:46 -06:00
Todd C. Miller
f5b60ef749 Add debug warning when we have wait status but don't overwrite the 
existing cstat.
 2017-06-15 07:51:02 -06:00
Todd C. Miller
c8c586ee0b Better handling of SIGCONT from in command in the monitor. It is 
useful to know when the command continued but we don't want to
inform the parent or store the wait status in this case.  Fixes a
hang after multiple suspends on Linux.
 2017-06-15 07:51:00 -06:00
Todd C. Miller
022ac87d66 avoid padding in struct cmndspec 2017-06-09 08:58:44 -06:00
Todd C. Miller
60146c2959 Fix the man section of sudo_plugin in cross-references. 2017-06-07 16:25:46 -06:00
Todd C. Miller
ab59834a00 Don't treat an unchanged file as an error. From Xin Li. 2017-06-05 07:47:43 -06:00
Todd C. Miller
0d70e868f1 sudo_edit() must return a wait status but if there is an error, or 
even if no changes were made to the file, it was returning 1 instead
which would be interpreted as the command having received SIGHUP.
Use the W_EXITCODE() to construct a proper wait status in the error
case too.
 2017-06-05 07:11:09 -06:00
Todd C. Miller
26d9043bf4 Avoid sign extension when assigning the value of tty_nr in 
/proc/self/stat on Linux.  It is an unsigned int value that
is printed as a signed int but dev_t is unsigned long long.
We need to cast to unsigned int before assigning to a dev_t.
 2017-06-03 08:45:29 -06:00
Todd C. Miller
e1e2162dcf Instead of hard-coding a check for bash functions in env_should_delete(), 
use a "*=()* " pattern in initial_badenv_table[] to match them instead.
This allows the user to remove the check via env_delete.
 2017-06-03 08:43:32 -06:00
Todd C. Miller
0ab00964ec Mac OS X -> macOS 2017-06-02 16:10:37 -06:00
Todd C. Miller
7526869d87 devsearch is ignored on BSD, macOS and Solaris 2017-06-02 15:47:35 -06:00
Todd C. Miller
13633ae5ac Sudo 1.8.20p2 2017-05-31 09:14:31 -06:00
Todd C. Miller
c13ebffbce A command name may also contain newline characters so read 
/proc/self/stat until EOF.  It is not legal for /proc/self/stat to
contain embedded NUL bytes so treat the file as corrupt if we see
any.  With help from Qualys.

This is not exploitable due to the /dev traversal changes in sudo
1.8.20p1 (thanks Solar!).
 2017-05-31 09:14:31 -06:00
Todd C. Miller
15901c9487 Use /proc/self consistently on Linux. As far as I know, only AIX 
doesn't support /proc/self.
 2017-05-30 10:44:11 -06:00
Todd C. Miller
cc71b99849 Add a new "devsearch" Path setting to sudo.conf for configuring the 
/dev paths to traverse instead of hard-coding a list in ttyname.c
The default value can be set at configure time.
 2017-05-30 10:44:11 -06:00
Todd C. Miller
777abca382 After opening a tty device, fstat() and error out if it is not 
a character device.
 2017-05-30 10:44:11 -06:00
Todd C. Miller
71e496a901 Sudo 1.8.20p1 2017-05-29 14:36:17 -06:00
Todd C. Miller
b3fe46ce65 Fix for CVE-2017-1000367, parsing of /proc/pid/stat on Linux when 
the process name contains spaces.  Since the user has control over
the command name this could be used by a user with sudo access to
overwrite an arbitrary file.
Thanks to Qualys for investigating and reporting this bug.

Also stop performing a breadth-first traversal of /dev when looking
for the device.  Only the directories specified in search_devs[]
are checked.
 2017-05-29 14:32:53 -06:00
Todd C. Miller
20a0fa1284 Fix potential memory leak on reallocarray() error. Coverity CID 169639 2017-05-23 13:26:54 -06:00
Todd C. Miller
b2770313c6 Only fall back to deprecated getaudit() on FreeBSD. Fixes compiler warnings on macOS. 2017-05-23 13:19:50 -06:00
Todd C. Miller
f794de9503 Use clang on macOS if present 2017-05-23 12:56:59 -06:00
Todd C. Miller
b53a531cc9 fix paths to LICENSE and NEWS files for macOS packages 2017-05-23 11:52:40 -06:00
Todd C. Miller
ad8c1ae07a To avoid overwriting existing command status, check for CMD_INVALID 
instead of CMD_ERRNO or CMD_WSTATUS.
 2017-05-18 13:53:15 -06:00
Todd C. Miller
47df575f68 Add some patterns that could result in exponential run time for 
poorly written '*' matching.
 2017-05-18 13:10:52 -06:00
Todd C. Miller
c91b6777d3 On HP-UX 11.0, sys/ioctl.h is not sufficient to make struct winsize 
visisble, we need termios.h too.
 2017-05-15 09:37:58 -06:00
Todd C. Miller
ea9120ee24 Always used TIOCGWINSZ. 2017-05-15 09:21:00 -06:00
Todd C. Miller
6a8eaef4b8 Move exec_setup(), unlimit_nproc() and restore_nproc() from sudo.c 
to exec.c.
 2017-05-15 09:01:10 -06:00
Todd C. Miller
befa862f75 No need to include selinux.h here. 2017-05-15 09:00:15 -06:00
Todd C. Miller
f60030b903 Fix compilation error on macOS 2017-05-15 08:57:45 -06:00
Todd C. Miller
7db97c7835 Avoid a clang analyzer false positive. 2017-05-12 10:02:18 -06:00
Todd C. Miller
1dc39e9d99 Add cov-build and cov-submit targets for checking with coverity. 2017-05-12 10:02:18 -06:00