isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9,930 Commits 1 Branch 0 Tags
db17cadaf65c7fc85d54c9f1a126136f6a9297b0
Commit Graph

1172 Commits

Author SHA1 Message Date
Todd C. Miller
b02851dcf3 Change how the umask is handled with PAM and login.conf. 
If the umask is explicitly set in sudoers, use that value regardless
of what is in PAM or login.conf.  If using the default umask from
sudoers, allow PAM or login.conf to override it.  Bug #900
 2019-10-18 06:20:27 -06:00
Todd C. Miller
4229dfc566 Enable security auditing malloc options for "make check". 2019-10-17 13:41:53 -06:00
Todd C. Miller
2512f6efbf Use sudo_strtonum() explicitly instead of via a macro. 2019-10-14 10:09:30 -06:00
Todd C. Miller
112dff276a Fix restoring the file context of the user's tty with SELinux. 
Also fix broken tty labeling when running a command in a pty.
Includes a fix for a typo introduced in the last change set.
 2019-09-27 15:32:49 -06:00
Todd C. Miller
bcf8c3dd5e Add some debugging around context setting and tty labeling 
Also be more extact with error return values
 2019-09-27 08:47:41 -06:00
Todd C. Miller
d35670d1ae Silence a warning from clang about string concatenation. 2019-09-17 08:25:33 -06:00
Todd C. Miller
ab9a2ecac2 Create new files with the umask specified in sudoers. 2019-09-11 16:26:56 -06:00
Todd C. Miller
d94798e5d0 Enable asserts for Coverity too. 2019-08-30 14:05:03 -06:00
Todd C. Miller
ffaef7939a Add asserts() to avoid static analyzer false positives. 2019-08-30 11:13:35 -06:00
Todd C. Miller
972670bfca Use the SUDO_CONV_PREFER_TTY flag during authentication. 
This prevents the password and PAM prompts from being redirected.
Bug #895
 2019-08-26 19:30:11 -06:00
Todd C. Miller
5e692576c9 Restore core dump resource limit before the PAM session module is run. 
Otherwise, we may override the limits set by PAM.
Bug #894
 2019-08-20 07:25:53 -06:00
Todd C. Miller
dfc32e5b3e Disable stringop-truncation false positive warnings on gcc 8. 
Strings in struct utmp/utmpx are not guaranteed to be NUL-terminated.
 2019-07-30 12:42:07 -06:00
Todd C. Miller
aa200cda6a Replace non-essential strncpy() calls. 2019-07-30 11:37:26 -06:00
Todd C. Miller
15db0c3f82 More verbose error message when a password is required and no terminal 
is present.  Bug #828.
 2019-07-19 11:51:20 -06:00
Todd C. Miller
9d8f374397 Add ssizeof macro that returns ssize_t. 
We can use this instead of casting the result of size_t to int.
Also change checks for snprintf() returning <=0 to <0.
 2019-06-25 09:45:10 -06:00
Todd C. Miller
82920726fa Don't refuse to use the tty unless /dev/tty is unavailable. 
We don't care whether sudo was able to get the tty name from the kernel.
All that really matters is whether we are able to disable echo as needed.
 2019-06-19 20:29:08 -06:00
Todd C. Miller
19c548fd57 Add -B option to ring the bell before the password prompt. 2019-05-27 08:49:43 -06:00
Todd C. Miller
1e1ef61902 Add SPDX-License-Identifier to files. 2019-04-29 07:21:51 -06:00
Todd C. Miller
0766e0c647 Better comment about EOVERFLOW and pstat_getproc(). 
Also remove some useless casts.
 2019-03-06 20:15:11 -07:00
Todd C. Miller
8ee2de9980 Fix error message when a fully-qualified plugin path does not exist. 2019-03-05 10:23:07 -07:00
Todd C. Miller
c0a12d9d95 Be sure to include sudo_queue.h where needed instead of relying on other headers. 2019-02-19 08:31:08 -07:00
Todd C. Miller
3788c65483 Fix memory leak when there are no network interfaces or an error occurs. 2019-02-02 13:55:30 -07:00
Todd C. Miller
985600e7f0 Minor snprintf() usage tweaks: 
1) don't assume snprintf() returns -1 on error, check for <0
2) when comparing return value of sizeof(foo), cast the sizeof, not the len
3) cast return value to void in cases where snprintf cannot fail
 2019-01-20 07:49:48 -07:00
Todd C. Miller
64d08d8bf2 Update copyright year 2019-01-03 11:09:00 -07:00
Todd C. Miller
b2f7983c84 Fix setting of utmp entry when running command in a pty. 
Regression introduced in sudo 1.8.22.
 2019-01-02 07:39:33 -07:00
Todd C. Miller
e91e5ee820 Don't run the command in a pty if no I/O plugins are logging anything. 
That way an I/O plugin that doesn't actually log anything won't cause
the command to be run in a pty.
 2018-12-05 10:43:14 -07:00
Todd C. Miller
ecd9688818 Add support for utmps as found in HP-UX. 2018-11-18 07:45:43 -07:00
Todd C. Miller
6c3d20cb41 Convert PVS-Studio comment to ANSI C. 2018-10-26 08:39:09 -06:00
Todd C. Miller
019279a4b8 Fix some mangled text in the license block. 2018-10-26 08:19:41 -06:00
Todd C. Miller
cb588f2337 Pass --sourcetree-root to pvs-studio and don't check sudo_noexec.c. 
Since we don't auto-generate dependencies for sudo_noexec.c we
can't easily check it from outside the source tree.  This
is not a problem as it just contains stub functions.
 2018-10-22 09:12:17 -06:00
Todd C. Miller
c5df091123 Add pvs-studio target and associated production rules. 2018-10-21 08:46:05 -06:00
Todd C. Miller
64e5d34c57 Add comments in .c files so PVS-Studio will check them. 2018-10-21 08:46:05 -06:00
Todd C. Miller
8c94175ba1 Avoid some PVS-Studio false positives. 2018-10-19 13:35:20 -06:00
Todd C. Miller
e9dec0f8d2 Remove some calls to sudo_fatalx(); just propagate the error return. 2018-10-19 13:35:05 -06:00
Todd C. Miller
6a85992b34 No need to check if fd_dst is -1 in sudoedit mode. 
Failure to open the destination sudoedit file is fatal so there's
no need to check that fd_dst != -1 later on.  Found by PVS-Studio.
 2018-10-19 13:33:37 -06:00
Todd C. Miller
fbf396e336 If the user's passwd entry cannot be resolved via the uid, use the 
same error message as visudo.
 2018-10-13 06:19:03 -06:00
Todd C. Miller
b89cf34b53 Replace sudo_fatal(NULL) with an "unable to allocate memory" message 
that includes the function name.
 2018-10-12 08:39:12 -06:00
Todd C. Miller
9e269e0acd Make EOF handling while reading the password prompt more like getpass(3). 
We now return the password as long as at least one character has
been read.  Previously, EOF at the password prompt was treated as
if nothing was entered.
 2018-10-09 14:20:13 -06:00
Todd C. Miller
ab2cba0f5d Print a warning for password read issues. 
Issues include: timeout at the password prompt, read error while
reading the password, and EOF reading the password.
 2018-10-09 13:25:52 -06:00
Todd C. Miller
2b56252210 Handle EOF on password input when pwfedback is enabled. 2018-10-08 06:47:53 -06:00
Todd C. Miller
cf07dc0757 Add a suspend event type to the I/O log to log suspend/resume of 
the command so we can skip that delay during replay.
 2018-10-05 14:16:08 -06:00
Todd C. Miller
e2570307e6 Initialize the pty rows/cols based on the values we stored in user_details. 
This fixes a minor issue where we would send an extra window size
change event the first time the command was suspended.
 2018-10-05 14:04:29 -06:00
Todd C. Miller
9abcd61607 Remove unused system_maxgroups argument from fill_group_list(). 2018-09-22 12:56:11 -06:00
Todd C. Miller
59e5e379be Move the loop to free the monitor_messages list into free_exec_closure_pty() 2018-08-23 11:10:57 -06:00
Todd C. Miller
fe58062547 Cast uid/gid to unsigned int before printing. 2018-08-22 12:58:24 -06:00
Todd C. Miller
aaefdd7575 Include stddef.h for offsetof() definition. 2018-08-22 10:27:33 -06:00
Todd C. Miller
5cca421867 Close the pty slave in the parent so that when the command and 
monitor exit, the pty gets recycled without our having to close
it directly.
 2018-08-20 10:04:15 -06:00
Todd C. Miller
6953e7fc79 Move updating of the window size to the monitor process. 
This will allow us to close the slave in the main sudo process in
the future so only the command and monitor have it open.
 2018-08-20 10:04:14 -06:00
Todd C. Miller
69541be94a Handle the case where O_PATH or O_SEARCH is defined but O_DIRECTORY 
is not.  In theory, O_DIRECTORY is redundant when O_SEARCH is
specified but it is legal for O_EXEC and O_SEARCH to have the same
value.  Bug #844
 2018-08-18 07:06:54 -06:00
Todd C. Miller
7d014dfacd Avoid a compilation problem on HP-UX 11.31 with gcc and machine/sys/getppdp.h 2018-08-17 13:25:46 -06:00