isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,619 Commits 1 Branch 0 Tags
deef5e57fb37764b75d0a552f4903c6b51df73dc
Commit Graph

72 Commits

Author SHA1 Message Date
Todd C. Miller
e5a50ae429 If there are multiple parse errors, send them in a single mail message. 2022-03-14 13:54:11 -06:00
Todd C. Miller
65e5b89f1d Pass file, line and column to sudoers defaults callbacks. 2022-03-10 13:35:58 -07:00
Todd C. Miller
d7ddff2a31 Add a hook for sudoers parse errors (including defaults and aliases). 
The hook can be used to log parser errors (sudoers module) or keep
track of which files have an error (visudo).
Previously, we only kept track of a single parse error.
 2022-03-10 13:30:56 -07:00
Todd C. Miller
6ec279532e Add a source to struct sudo_nss and use it if getdefs() fails. 
Also remove useless "Problem with defaults entries" warning in testsudoers.
 2022-03-09 12:38:25 -07:00
Todd C. Miller
41bc52302b Do not disable fuzzer output if SUDO_FUZZ_VERBOSE env variable is set. 2022-02-22 12:04:10 -07:00
Todd C. Miller
9303aec0de Sync fuzzing dictionary with current configuration keyword list. 2022-01-29 10:30:37 -07:00
Todd C. Miller
86f123cd9d Pass the operator to the Defaults callback too. 
That way we can tell what to do in callbacks for lists.
 2022-01-28 08:52:41 -07:00
Todd C. Miller
730ebabdba init_parse_tree() now takes ownership of lhost and shost, if any. 
This means that lhost and shost in struct sudoers_parse_tree
are no longer const and that free_parse_tree() will free lhost/shost.
The only consumer that passed in lho.st/shost was the SSSD back-end
which has been updated to avoid a double-free.
 2021-11-19 12:29:21 -07:00
Todd C. Miller
2aa6cb13a5 Stub out sudo_printf() and avoid other use of stderr in fuzzers. 
This makes it possible to parse sudoers without using quiet mode,
resulting in better coverage.
 2021-09-29 09:03:24 -06:00
Todd C. Miller
eefb7b0d54 Use a consistent version of fuzz_conversation() with all fuzzers. 
Also undo a change to fuzz_sudoers.c that snuck in to the last commit.
 2021-09-28 20:20:28 -06:00
Todd C. Miller
7d964875df Fuzzers should not produce output. 
Excessive output makes the fuzzer runs much less efficient.
 2021-09-28 18:53:49 -06:00
Todd C. Miller
b6561831b4 Re-enable error output for the sudoers parser. 
It is only the alias and defaults warnings we need to suppress.
 2021-09-20 12:46:37 -06:00
Todd C. Miller
77ef8baa97 fuzz_sudoers: don't warn about unknown defaults entries 
Some fuzzing inputs cause a huge number of warnings and displaying
them all can result in the fuzz run timing out.  If we disable the
warnings we can avoid the timeout.
 2021-09-19 19:36:25 -06:00
Todd C. Miller
bb5843055e Replace messages like "unknown foo: %s" with "unknown foo %s". 
The colon really doesn't belong there; we generally use a colon to
separate a message from the warning detail.
 2021-08-19 09:44:11 -06:00
Todd C. Miller
f9d3f46fa7 Add intercept_allow_setid sudoers option, disabled by default. 
With this change, a shell in intercept mode cannot run a setuid or
setgid binary by default.  On most systems, the dynamic loader will
ignore LD_PRELOAD for setuid/setgid binaries such as sudo which
would effectively disable intercept mode.
 2021-08-18 15:43:26 -06:00
Todd C. Miller
132936f8f0 Make it possible to call the sudoers policy check function multiple times. 
We need to reset the Defaults values to their original state.
 2021-08-09 15:50:25 -06:00
Todd C. Miller
532e00aa2b Only replace getaddrinfo for FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION. 
This works around an issue on SCO which uses inline functions in
the header files which call the actual, versioned, library function.
 2021-07-26 11:39:41 -06:00
Todd C. Miller
17a415ae77 Add log_exit_status sudoers option to log when a command exits. 
This option defaults to off.
 2021-07-09 11:08:44 -06:00
Todd C. Miller
a2e4f53642 Cast NULL terminator argument to char * when calling sudo_mkgrent(). 
Avoids a portability issue on systems where NULL is not a pointer.
 2021-04-06 18:57:33 -06:00
Todd C. Miller
95bfd65fec Flush stdout before successful return from LLVMFuzzerTestOneInput(). 
Fixes a problem with diag lines from libFuzzer being interspersed
with test output.
 2021-03-18 13:08:30 -06:00
Todd C. Miller
4a28b5d587 In find_path() stub only make a copy in outfile if returning FOUND. 
Fixed a recently-introduced memory leak in the fuzzer.
 2021-03-01 07:22:57 -07:00
Todd C. Miller
0c944576e9 Expand stub getaddrinfo() to resolve "localhost". 2021-02-28 19:52:02 -07:00
Todd C. Miller
cfcbc42ec7 Improve fuzz_policy coverage and set defaults in setdefs not parse. 
Now exercises session open/close and set additional defaults to
exercise more code paths.
 2021-02-28 19:52:01 -07:00
Todd C. Miller
ddb1350b79 Sync with fuzz_sudoers changes. 2021-02-26 12:52:49 -07:00
Todd C. Miller
963475a9bc Fuzz with runuser and rungroup specified too. 2021-02-26 12:49:13 -07:00
Todd C. Miller
3fc5932be0 Add a stub getaddrinfo(3) to avoid a DNS timeout in CIfuzz. 2021-02-25 21:12:03 -07:00
Todd C. Miller
8b545e561c Fix runchroot, runcwd, tty_tickets. Add timestampowner. 2021-02-25 20:06:35 -07:00
Todd C. Miller
3595fd5504 Add user millert to group sudo, which is often the exempt group. 2021-02-25 19:41:31 -07:00
Todd C. Miller
d75db837bd Add some defaults settings in sudo_file_parse(). 
We don't have a real policy file but we still want to exercise callbacks
in sudoers.c.
 2021-02-25 19:40:46 -07:00
Todd C. Miller
65df01dd71 Add more passes to policy fuzzer 
Now execises list, list other user and show_version.
 2021-02-25 15:27:46 -07:00
Todd C. Miller
b3b80fe6df Implement sudoers_policy_deregister_hooks() 
Register/deregister hooks in fuzz_policy and also call show_version().
 2021-02-25 15:02:09 -07:00
Todd C. Miller
e6dc13229f Add sudoers debug register/deregister. 2021-02-25 13:35:29 -07:00
Todd C. Miller
0d04bbdbe2 Include a sha384 digest in the test corpus. 2021-02-25 13:13:32 -07:00
Todd C. Miller
ea341e2d34 Parse sudoers file in the C locale. 2021-02-25 13:08:12 -07:00
Todd C. Miller
f82890e5d7 No need to call check_defaults() and check_aliases() in quiet mode. 2021-02-24 19:09:16 -07:00
Todd C. Miller
39e80e47ba Check defaults settings too. 2021-02-24 16:44:15 -07:00
Todd C. Miller
05767145b3 Add fuzzer-specific stubs source file. 2021-02-24 16:43:59 -07:00
Todd C. Miller
a3f38fac0c Set program name in fuzzers so we get consisten warnings. 2021-02-24 15:14:58 -07:00
Todd C. Miller
9d27880af8 Use real eventlog config fuctions instead of stubs. 2021-02-24 15:08:53 -07:00
Todd C. Miller
cbd11c44d2 Update Defaults settings after parsing sudoers. 
Also stub out dump_defaults when fuzzing as it is not used.
 2021-02-24 12:29:34 -07:00
Todd C. Miller
f35d9c8be1 fuzz_printf and fuzz_conversation can be stubs. 2021-02-24 11:31:43 -07:00
Todd C. Miller
9f5aed70a1 Exercise tilde expansion if used in runcwd or runchroot. 2021-02-23 19:37:19 -07:00
Todd C. Miller
2a0ba4008c Check aliases in fuzz_sudoers if the policy parsed correctly. 2021-02-23 18:48:47 -07:00
Todd C. Miller
c71a397368 We don't need to link fuzz_sudoers with file.c. 2021-02-23 16:39:32 -07:00
Todd C. Miller
03e610dab5 Strings in dictionary files need to be quoted. 2021-02-23 12:38:02 -07:00
Todd C. Miller
081e219e23 Add dictionary files for fuzzers where possible. 2021-02-23 11:28:47 -07:00
Todd C. Miller
e0761b9e3b Also free safe_cmnd so it doesn't leak. 2021-02-22 20:18:49 -07:00
Todd C. Miller
5fc6b8c177 Fix fuzz_sudoers output matching. 2021-02-22 16:43:34 -07:00
Todd C. Miller
f92080be62 Prime user/group cached and set the interface list. 
Also match parsed policy against multiple users.
 2021-02-22 10:59:58 -07:00
Todd C. Miller
df42c0c1d2 Perform matching in fuzz_sudoers for inputs that parse correctly. 
The fuzzer now exercised the normal match code as well as the
pseudo-command (list, validate, etc) match code.
Privileges are also listed for well-formed sudoers file.
 2021-02-21 14:59:29 -07:00