isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9,930 Commits 1 Branch 0 Tags
db17cadaf65c7fc85d54c9f1a126136f6a9297b0
Commit Graph

1172 Commits

Author SHA1 Message Date
Todd C. Miller
1aea3f6e3e Just use malloc_options "S" on OpenBSD instead of "AFGJPR". 2016-11-25 09:04:00 -07:00
Todd C. Miller
6c5936296f Add SUDO_DEBUG_INSTANCE_ERROR return value for sudo_debug_register() 
and check for it in places where we check the return value of
sudo_debug_register().
 2016-11-21 06:37:23 -10:00
Todd C. Miller
f70f595b5b Add umask to user_info passed in from the front end to the plugin. 2016-11-17 16:00:06 -07:00
Todd C. Miller
6dff4ac7fd Always define _PATH_SUDO_NOEXEC, _PATH_SUDO_SESH, _PATH_SUDO_PLUGIN_DIR, 
even if only defined to NULL.  This means the accessors can always be
present.

Use RTLD_PRELOAD_VAR instead of _PATH_SUDO_NOEXEC to tell when
noexec is available.

Add ENABLE_SUDO_PLUGIN_API and use it instead of _PATH_SUDO_PLUGIN_DIR
to tell when the plugin API is available.

Add sudo_conf_clear_paths() to clear the path values so the
regress tests are not affected by compile-time settings.
 2016-11-16 10:13:26 -07:00
Todd C. Miller
bdbb3e9855 Add ASAN_CFLAGS and ASAN_LDFLAGS and use -Wc prefix in ASAN_LDFLAGS 
to prevent libtool from strippign them out.
Avoid using ASAN flags when building sudo_noexec.so.
 2016-11-15 10:15:36 -07:00
Todd C. Miller
66af45eb24 Add regress for noexec functionality 2016-11-14 14:21:08 -07:00
Todd C. Miller
068f96a213 Unbreak sudo_noexec on macOS where shared libraries and dynamic 
modules are different.  We still want to install sudo_noexec.so
without the "lib" prefix so some hackery is required.
 2016-11-14 11:04:29 -07:00
Todd C. Miller
07cc9d8153 Need to link sudo_noexec.so with -ldl for dlsym() on some platforms. 
Otherwise, the wordexp(3) wrapper will fail due to an undefined
symbol.  Bug #761
 2016-11-13 16:00:31 -07:00
Todd C. Miller
efe957544f Add the argument vector allocated for -s and -i mode to the garbage 
collector list.  Avoids an ASAN warning on exit when the -s or -i
flags are used.
 2016-11-10 10:11:18 -07:00
Todd C. Miller
8133cdfdf6 Use sys/stat.h defines instead of bare octal values. 2016-11-07 13:36:05 -07:00
Todd C. Miller
7c56179c7d Use "double quotes" in messages instead of a combination of the 
accent (grave) mark and apostrophe.
 2016-11-02 17:10:17 -06:00
Todd C. Miller
e8af335eb8 Fix pasto when setting I/O plugin debug files 2016-10-31 13:12:35 -06:00
Todd C. Miller
5a7936209e Quiet a PVS-Studio warning about the spin loop when waiting for the 
parent to assign us the terminal pgrp.
 2016-10-26 13:49:04 -06:00
Todd C. Miller
fc1b4155d7 Replace bare ";" in the body of for() loops with "continue;" for 
improved readability.
 2016-10-26 10:42:28 -06:00
Todd C. Miller
f632e0a63d Don't generate SIGTOU when restoring the terminal modes. It doen't 
make sense to suspend the process only to restore the terminal
settings since in this case the shell has already taken ownership
of the tty.
 2016-10-17 09:02:34 -06:00
Todd C. Miller
9b886f6b2c The flush parameter of sudo_term_restore() is bool, not int. 2016-10-17 08:57:17 -06:00
Todd C. Miller
ddbbcb9441 Need RTLD_NEXT for wordexp() on dlopen() systems. It is missing on AIX 5.1 at least. 2016-10-10 08:38:50 -06:00
Todd C. Miller
9dbd45ff66 add missing guard around wordexp() 2016-10-10 08:33:57 -06:00
Todd C. Miller
8e49ce07f6 Fix configure check for seccomp filter on Linux 2016-10-09 11:24:29 -06:00
Todd C. Miller
237e2f964d Use a seccomp filter on Linux to disable execve(2) and execveat(2). 
This still relies on LD_PRELOAD to work so it has the same issues
as the existing mether with respect to running 32-bit binaries on
a 64-bit kernel.
 2016-10-08 19:09:17 -06:00
Todd C. Miller
d24b9246a9 regen 2016-10-08 19:02:15 -06:00
Todd C. Miller
d0ccd947d0 Wrap wordexp(3) in sudo_noexec. 2016-10-05 20:21:18 -06:00
Todd C. Miller
533c9ce108 Add back line mistakenly removed in 0cf2a9351740 2016-09-11 14:37:42 -06:00
Todd C. Miller
3f022419ae Be consistent with the naming of the variable used to store the 
function return value.  Previously, some code used "rval", some
used "ret".  This standardizes on "ret" and uses "rc" for temporary
return codes.
 2016-09-08 16:38:08 -06:00
Todd C. Miller
40d0ecc7d6 Don't disable large file support for Linux, just SVR4-style /proc. 
Otherwise, stat(2) may fail on Linux when running a 32-bit sudo
on a 64-bit machine.  Bug #755
 2016-09-02 08:05:07 -06:00
Todd C. Miller
04340eea60 If get_process_ttyname() fails for errno != ENOENT, just warn 
instead of making it a fatal error.  Bug #755
 2016-09-01 08:23:19 -06:00
Todd C. Miller
e147ba1fec Use W_EXITCODE to construct the wait status if sudo could not execute 
the command.  Fixes the sudo exit value for exec(3) failure.
 2016-08-31 08:39:26 -06:00
Todd C. Miller
a9570e64ff fix brace style 2016-08-31 08:34:07 -06:00
Todd C. Miller
ef4e808103 It is possible for get_user_info() to fail for reasons other than 
ENOMEM so print the warning message there rather than in main().
 2016-08-31 05:47:36 -06:00
Todd C. Miller
7625f06841 Now that we ignore SIGPIPE in sudo we need to restore it at exec 
time.  Problem reported by Radovan Sroka of RedHat.
 2016-08-24 08:59:37 -06:00
Todd C. Miller
3e4c7eed31 Move the ignoring of I/O log plugin errors into the I/O log plugin 
itself.
 2016-08-17 14:38:00 -06:00
Todd C. Miller
ed18d0d5f8 Make the behavior when we cannot write to a log or audit file 
configurable.  File log failures are ignored by default for consistency
with syslog.  Audit errors are ignored by default to allow the admin
to fix the issue.  I/O log file errors are still fatal by default
since if I/O logging is activated it is usually to have an audit trail.
Bug #751
 2016-08-17 07:22:51 -06:00
Todd C. Miller
25f39ff31d suppress a cppcheck false positive 2016-08-12 11:11:49 -06:00
Todd C. Miller
4352bb9ca9 Add function name in "command resumed" debug message 2016-07-28 06:23:39 -06:00
Todd C. Miller
383debee9f If waitpid() returns 0 or -1, display a warning, this should never happen. 
Add a check for unhandled wait status (also should never happen).
 2016-07-28 06:16:43 -06:00
Todd C. Miller
4f47a2ad7d Explicitly check for a continued process with waitpid(2). Otherwise, 
waitpid() will return 0 when the command is resumed after being
suspended, which we were treating the same as -1.  Fixes suspend
and resume on Linux and probably others.
 2016-07-27 16:17:41 -06:00
Todd C. Miller
cc31c2b241 Repair symlink check in sudo_edit_openat_nofollow() on systems 
without O_NOFOLLOW, it must be done relative to dfd.  Previously
the lstat() would always fail, possibly leading to a false positive.
Also add an early symlink check like in sudo_edit() while here.
 2016-07-25 10:41:33 -06:00
Todd C. Miller
bf82b3f2ba On systems that lack the O_NOFOLLOW open(2) flag, check in 
sudo_edit_open() whether the path to be opened is symlink before
opening it.  This is racey but we detect losing the last post-open
and it is better to fail early if possible.  When editing a link
to a non-existent file, a zero-length file will be left behind but
it is too dangerous to try and remove it after the fact.
Bug #753
 2016-07-25 10:26:54 -06:00
Todd C. Miller
2663575118 Update debug_decl for sudo_edit_openat_nofollow() 
Remove unused variables when O_NOFOLLOW is not present.
 2016-07-25 10:22:29 -06:00
Todd C. Miller
6f5b8cf757 Only remove backup files as part of "make uninstall" when INSTALL_BACKUP 
is set.
 2016-07-08 12:56:47 -06:00
Todd C. Miller
144e3bb53f Only keep backups of installed files on HP-UX where you cannot 
unlink a shared library that is in use.
 2016-07-08 12:37:41 -06:00
Todd C. Miller
66ab525f1e Don't skip debug printfs in handle_sigchld() just because execve() 
returned an error.
 2016-06-23 11:27:59 -06:00
Todd C. Miller
ed9b457eb2 Set user groups in exec_setup() if they were not already set by 
policy_init_session().  Bug #749
 2016-06-22 10:21:29 -06:00
Todd C. Miller
72f18cff9a Fold lines at 80 characters for the clean: target 2016-06-13 15:12:44 -06:00
Todd C. Miller
8a86233c16 In handle_sigchld() fix the return value when we've already received 
an exec error.  We don't want to overwrite the error status but we
do need to indicate that the command is no longer running.
Fixes as hang on execve(2) error when running in a pty.
 2016-06-09 10:50:58 -06:00
Todd C. Miller
1ec4d9918d Move sudo_debug_execve() call into sudo_execve(). 2016-06-09 10:48:59 -06:00
Todd C. Miller
53ebf69af3 fputs() is now specified as returning non-negative on success, not 
explicitly zero.  Fixes a failure on glibc.
 2016-05-25 14:50:05 -06:00
Todd C. Miller
e93b4aa681 Don't try to dereference replies[] if it is a NULL pointer. 2016-05-25 14:48:52 -06:00
Todd C. Miller
356e74e1db Don't read from stdin when flushing final buffers in blocking mode. 
Reading from the pipe can block too if the other end is not closed.
 2016-05-24 11:16:44 -06:00
Todd C. Miller
8f694cc228 In del_io_events(), avoid reading from the pty master in blocking 
mode.  We now do two passes, one with SUDO_EVLOOP_NONBLOCK and
another that could block if stdin is a pipe.  This ensures we consume
the pipe until EOF.
 2016-05-20 10:17:23 -06:00