isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,619 Commits 1 Branch 0 Tags
deef5e57fb37764b75d0a552f4903c6b51df73dc
Commit Graph

11619 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
deef5e57fb CentOS Stream only uses a major version number, no minor version. 
This prevents the packages from being created as foo.el.arch.rpm
since we were assuming that the version number was two digits.
 2022-05-24 15:58:39 -06:00
Todd C. Miller
d6be44db00 Add support for running o32 and n32 binaries on mips64. 2022-05-24 13:43:51 -06:00
Todd C. Miller
bc6a0e1a16 Enable ptrace support for MIPS but only for log_subcmds. 
It is not possible to change the syscall return value on MIPS
so we cannot support full intercept mode.
Another complication on MIPS is that if a system call is invoked
via syscall(__NR_###), v0 holds __NR_O32_Linux and the real syscall
is in the first arg (a0) and other args are shifted by one.
 2022-05-24 13:43:50 -06:00
Todd C. Miller
f053f174bc Add intercept_type sudoers option to set intercept/log_subcmds mechanism. 2022-05-24 13:39:28 -06:00
Todd C. Miller
b203753013 Pass the WUNTRACED flag to waitpid() even if __WALL is present. 
Otherwise, we won't get the wait status of a suspended command
that is not being traced.
 2022-05-19 19:48:24 -06:00
Todd C. Miller
583e8bf538 Use explicit library dependencies instead of implicit. 
We now include all the dependent libraries when linking.
Fixes a linking problem on CentOS Stream 9.
 2022-05-19 17:01:14 -06:00
Todd C. Miller
0b63af91bb mail_parse_errors: allocate the correct amount of space for mail body. 
Use strlen(), not sizeof(), on "problem parsing sudoers" since it
is a tranlated string and not a constant.
This was caught by the existing overflow checks.
 2022-05-19 09:42:57 -06:00
Todd C. Miller
0ea431e392 Move code to suspend sudo when no pty is in use to separate file. 
Use this in test_ptrace.c to be able to suspend just like sudo does.
 2022-05-18 07:29:55 -06:00
Todd C. Miller
a52e3776f0 Fix suspending a sudo-run shell in ptrace intercept mode with no pty. 
When ptracing a process, we receive the signal-delivery-stop signal
before the group-stop signal.  If sudo is running the command in
the same terminal, we need to wait until the stop signal is actually
delivered to the command before we can suspend sudo itself.  If we
suspend sudo before receiving the group-stop, the command will be
restarted with PTRACE_LISTEN too late and will miss the SIGCONT
from sudo.
 2022-05-17 14:26:03 -06:00
Todd C. Miller
0bcfe6184f OpenSSL 3.x requires the key usage extension be present in CA and certs. 
Certificates generated with a CA that doesn't set the key usage
extension will fail to validate if "tls_verify" is enabled.
 2022-05-17 12:22:07 -06:00
Todd C. Miller
69fa04f069 Include the cert or ca file in error messages where applicable. 2022-05-17 10:44:18 -06:00
Todd C. Miller
a82fe9aa06 Add missing include of string.h for strerror(3). 2022-05-17 09:31:22 -06:00
Todd C. Miller
d7df7abf87 If ERR_reason_error_string() returns NULL, fall back on strerror(errno). 
That way we get reasonable error messages for missing files, etc.
 2022-05-17 09:18:03 -06:00
Todd C. Miller
3ba807b70f set_dhparams: pass BIO_new_file() "r" for the file mode, not O_RDONLY. 
Unlike BIO_new_fp(), BIO_new_file() takes an fopen-style mode string.
 2022-05-17 08:38:49 -06:00
Todd C. Miller
161a972600 The set_sc_arg3, get_sc_arg3 and set_sc_arg4 functions are not used. 
Use ifdef notyet to disable for now since they may be used in the
future.
 2022-05-17 08:25:59 -06:00
Todd C. Miller
0bfbef0169 Use __x86_64__ preprocessor symbol, not __amd64__ 
Also clarify a comment about MIPS ptrace.
 2022-05-16 16:04:24 -06:00
Todd C. Miller
7329a4a864 ptrace support has been tested on Debian/s390x. 
It should also work on s390 but this has not been tested.
I have not added a compat mode to trace 31-bit binaries on s390x
due to the lack of a test system.
 2022-05-16 13:22:31 -06:00
Todd C. Miller
2eb8ff17be Define sudo_pt_regs instead of user_pt_regs and include the struct keyword. 
On s390, the struct is typedef'd without a name.
 2022-05-16 12:39:59 -06:00
Todd C. Miller
74c6353a84 ptrace support has been tested on Debian/riscv64. 2022-05-16 09:08:45 -06:00
Todd C. Miller
906eb19ece Add maxseq setting to log_output example. 
This should make it more obvious that you need to adjust maxseq
unless you have (virtually) unlimited disk space.
 2022-05-15 18:46:24 -06:00
Todd C. Miller
b61a55eb1b Fix dependency check for libssl on Debian/Ubuntu with OpenSSL 3. 
Also add check for python 3.10 and 3.11 and remove versions < 3.4.
Fixes building on Ubuntu 22.04.
 2022-05-15 07:45:51 -06:00
Todd C. Miller
55bd6272c0 Tracing 32-bit arm binaries from a 64-bit sudo works. 2022-05-14 14:41:18 -06:00
Todd C. Miller
3238c43f92 ptrace_write_string: the terminating NUL fix was reverted by mistake. 2022-05-14 13:05:00 -06:00
Todd C. Miller
cb95b75ffa ptrace-based intercept has now been tested on 32-bit arm 2022-05-14 13:03:19 -06:00
Todd C. Miller
bb3c4ba07c Don't use PTRACE_SET_SYSCALL for 32-bit arm binaries running on aarch64. 
Use PTRACE_SETREGSET with NT_ARM_SYSTEM_CALL instead just like we
would for a 64-bit binary.  Newer Linux headers don't define
PTRACE_SET_SYSCALL for aarch64.
 2022-05-13 18:15:28 -06:00
Todd C. Miller
6a196190cf Replace verbose flag with debug flag. 
This is more accurate since it actually uses the debug subsystem.
 2022-05-13 07:55:05 -06:00
Todd C. Miller
3226c2df40 Initial cut at MIPS support, untested. 
Mips is a bit different in that most Linux distros appear to use
the n32 ABI on 64-bit CPUs.  We don't currently support tracing a
64-bit binary from a 32-bit sudo.  We could suport tracing o32
ABI binaries in compat mode, though.
 2022-05-13 07:07:32 -06:00
Todd C. Miller
f4cc99c063 Add have_seccomp_action("trap") call to check for SECCOMP_MODE_FILTER. 2022-05-12 15:46:53 -06:00
Todd C. Miller
b99debf92f Add arm-specific code to set the system call number. 
Fixes rejection of commands due to policy on arm when in intercept mode.
 2022-05-12 10:23:27 -06:00
Todd C. Miller
4a7d26c381 Fix OS major version detection on CentOS Stream 2022-05-12 09:42:34 -06:00
Todd C. Miller
ea2bf7f1f2 ptrace_intercept_execve: read back the updated syscall args in test mode. 
This makes it easier to detect problems with the syscall rewrite code
when testing with test_ptrace.
 2022-05-12 08:32:31 -06:00
Todd C. Miller
4ecada04a4 Repair ptrace_write_vec() for compat binaries. 2022-05-12 09:21:02 -06:00
Todd C. Miller
0f104d2ff1 Fix a crash when not run in verbose mode. 2022-05-12 08:37:48 -06:00
Todd C. Miller
f94e5d40db Fix compilation error on systems with no compat arch. 
Currently only affects i386.
 2022-05-11 20:07:59 -06:00
Todd C. Miller
64aba8f88e Move code to write a string vector to ptrace_write_vec(). 2022-05-11 20:07:59 -06:00
Todd C. Miller
55f5e389ba Fix tracing compat binaries on big endian systems. 
We need to swap the order of the two 32-bit addresses for big-endian.
 2022-05-11 20:07:59 -06:00
Todd C. Miller
31e8506c82 Enable ptrace intercept on powerpc. 
Tested on ppc64 and ppc64le.
 2022-05-11 20:07:59 -06:00
Todd C. Miller
040e75a07b Add test_ptrace program to test ptrace-based intercept support. 2022-05-11 20:07:55 -06:00
Todd C. Miller
532e8218b2 Use unsigned long for addresses so we don't have to worry about sign extension. 2022-05-11 08:04:58 -06:00
Todd C. Miller
6cd461d9f8 ptrace_write_string: make sure we always write the terminating NUL. 
We can't check *str for NUL since it may not have been written yet.
 2022-05-10 11:23:44 -06:00
Todd C. Miller
8fe1238679 Fix compilation error when SECCOMP_AUDIT_ARCH_COMPAT is not defined. 2022-05-10 08:17:00 -06:00
Todd C. Miller
a40d62b3d5 It is now safe to make WORDALIGN use compat (not native) aligment. 
We allocate space for an extra pointer between argv and the string
table for compat binaries so there is no need to align address to
sizeof(long).
 2022-05-09 11:03:30 -06:00
Todd C. Miller
f82aa334cc Use the entire word in ptrace_get_vec_len() and ptrace_read_vec(). 
For compat binaries, use the upper 32-bits as the next word instead
of calling ptrace(2) to get it.  This reduces the number of ptrace(2)
calls when reading argv and envp for compat binaries.
 2022-05-09 10:09:30 -06:00
Todd C. Miller
c9a481506d We don't need to align strings in the string table. 
We align the start of the string table to a word boundary to help
prevent overlap when writing the pointers.  However, the actual
strings themselves don't need to be aligned.
 2022-05-07 18:42:32 -06:00
Todd C. Miller
206cd10ed5 Avoid potentially overwriting string table when writing argv. 
In compat mode, if argc is odd, writing the last pointer of argv will
overlap with the address of argv[0], so leave an extra word in between.
Also remove incorrect comments about PTRACE_PEEKDATA unaligned access.
 2022-05-06 19:46:22 -06:00
Todd C. Miller
0a2975367e ptrace_intercept_execve: rewrite path to exec if changed by the policy 2022-05-05 19:07:12 -06:00
Todd C. Miller
a15ca9c85b Use native word size for padding and when reading/writing strings. 
If we try to use the compat word size we can end up in a situation
where a subsequent PTRACE_POKEDATA overwrites part of what we've
already written since it always writes in sizeof(long) units.
 2022-05-06 10:46:06 -06:00
Todd C. Miller
339746730c ptrace_intercept_execve: plug memory leak of get_execve_info() buffer 2022-05-05 19:06:19 -06:00
Todd C. Miller
35ea534b3e Move register definitions to exec_ptrace.h 2022-05-05 13:37:26 -06:00
Todd C. Miller
d3a1bf4216 Add support for intercepting 32-bit binaries on 64-bit systems. 
We need to define the ptrace register struct ourselves for the
32-bit system since there is no good way to get it from the system
headers.  Currently only implemented for x86_64 and aarch64.
 2022-05-05 09:29:05 -06:00