isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,825 Commits 1 Branch 0 Tags
e3ff4e663ce34d57bac81c94f3d885c58e56b9b4
Commit Graph

89 Commits

Author SHA1 Message Date
Todd C. Miller
e3ff4e663c Set user group list when executing the askpass helper. 
Under normal circumstances the existing group list will match the
list fetched by sudo.  However, if sudo is executed by a process
that has changed the group list via setgroups(2) and "group_source"
in sudo.conf is set to "dynamic" it is possible for them to be
different.

If group_source in sudo.conf is set to "dynamic" it is possible
for the group list
 2021-04-06 14:30:16 -06:00
Todd C. Miller
ece5adc662 Add struct sudo_cred to hold the invoking or runas user credentials. 
We can use this when we need to pass around credential info instead
of the user_details and command_details structs.
 2021-01-06 13:01:09 -07:00
Todd C. Miller
e0c2635fb3 Apply Google inclusive language guidelines. 
Also replace backwards with backward.
 2020-10-30 10:15:30 -06:00
Todd C. Miller
88dcdcd11d Fix -Wshadow warnings. 2020-09-25 15:09:45 -06:00
Todd C. Miller
961a4afe67 Fix some warnings from pvs-studio 2020-08-12 13:45:09 -06:00
Todd C. Miller
03ad96e445 Use the fallthrough attribute instead of /* FALLTHROUGH */ comments. 2020-08-01 13:10:50 -06:00
Todd C. Miller
446ae3f507 Include string.h unconditionally and only use strings.h for strn?casecmp() 
In the pre-POSIX days BSD had strings.h, not string.h.
Now strings.h is only used for non-ANSI string functions.
 2020-05-18 07:59:24 -06:00
Todd C. Miller
dd88460800 We no longer need to include headers we don't use for sudo*.h files. 
Previously we needed to include headers required by the various
sudo*h files.  Now those files are more self-sufficient and we
should only include headers needed by code in the various .c files.
 2020-05-18 06:47:04 -06:00
Todd C. Miller
d219c64635 Only enable pwfeedback when reading password from /dev/tty. 
This effectively disables pwfeedback when the -S or -A options are used.
 2020-02-05 10:53:49 -07:00
Todd C. Miller
fa8ffeb175 Fix a buffer overflow when pwfeedback is enabled and input is a not a tty. 
In getln() if the user enters ^U (erase line) and the write(2) fails,
the remaining buffer size is reset but the current pointer is not.
While here, fix an incorrect break for erase when write(2) fails.
Also disable pwfeedback when input is not a tty as it cannot work.
CVE-2019-18634
Credit: Joe Vennix from Apple Information Security.
 2020-01-29 20:15:21 -07:00
Todd C. Miller
486ee2b71f debug_decl and debug_decl_vars now require a semicolon at the end. 2019-12-22 08:48:16 -07:00
Todd C. Miller
4a893912ce Restore resource limits before executing the askpass program. 
Linux with docker seems to have issues executing a program when the
stack size is unlimited.  Bug #908
 2019-11-11 16:07:43 -07:00
Todd C. Miller
356287557f Use dup3() instead of dup2(). 
This is less error prone since dup3() returns an error if old == new.
Sudo guarantees that fds 0-2 are already open.
 2019-11-02 10:55:50 -06:00
Todd C. Miller
352212c7bf Open all pipes using pipe2() with O_CLOEXEC. 
We no longer depend on calling closefrom() before exec.
 2019-11-02 10:52:34 -06:00
Todd C. Miller
7acbfc18a9 Call closefrom() before we change to a non-root UID. 
This prevents another process from changing the NOFILE resource limit
of the child process and defeating the closefrom() call.
Reported by Joe Vennix from Apple Information Security.
 2019-11-02 10:51:49 -06:00
Todd C. Miller
15db0c3f82 More verbose error message when a password is required and no terminal 
is present.  Bug #828.
 2019-07-19 11:51:20 -06:00
Todd C. Miller
82920726fa Don't refuse to use the tty unless /dev/tty is unavailable. 
We don't care whether sudo was able to get the tty name from the kernel.
All that really matters is whether we are able to disable echo as needed.
 2019-06-19 20:29:08 -06:00
Todd C. Miller
19c548fd57 Add -B option to ring the bell before the password prompt. 2019-05-27 08:49:43 -06:00
Todd C. Miller
1e1ef61902 Add SPDX-License-Identifier to files. 2019-04-29 07:21:51 -06:00
Todd C. Miller
6c3d20cb41 Convert PVS-Studio comment to ANSI C. 2018-10-26 08:39:09 -06:00
Todd C. Miller
64e5d34c57 Add comments in .c files so PVS-Studio will check them. 2018-10-21 08:46:05 -06:00
Todd C. Miller
9e269e0acd Make EOF handling while reading the password prompt more like getpass(3). 
We now return the password as long as at least one character has
been read.  Previously, EOF at the password prompt was treated as
if nothing was entered.
 2018-10-09 14:20:13 -06:00
Todd C. Miller
ab2cba0f5d Print a warning for password read issues. 
Issues include: timeout at the password prompt, read error while
reading the password, and EOF reading the password.
 2018-10-09 13:25:52 -06:00
Todd C. Miller
2b56252210 Handle EOF on password input when pwfedback is enabled. 2018-10-08 06:47:53 -06:00
Todd C. Miller
217e0a9b4b Less confusing sysctl checks for kinfo_proc. 2018-03-05 17:35:02 -07:00
Todd C. Miller
48fba3c2cc update my email to Todd.Miller@sudo.ws 2017-12-03 17:53:40 -07:00
Todd C. Miller
4b5aeefebc Set SIGCHLD handler to SIG_DFL before forking the askpass command 
and restore after.  Otherwise, SIGCHLD will end up in the list of
pending signals and sudo_execute() will not execute the command.
 2017-09-06 15:59:37 -06:00
Todd C. Miller
d979898e71 Remove use of non-standard sigaction_t 2017-05-12 10:02:18 -06:00
Todd C. Miller
b5c88e52b1 Remove use of the non-standard SA_INTERRUPT 2017-05-12 10:02:17 -06:00
Todd C. Miller
f632e0a63d Don't generate SIGTOU when restoring the terminal modes. It doen't 
make sense to suspend the process only to restore the terminal
settings since in this case the shell has already taken ownership
of the tty.
 2016-10-17 09:02:34 -06:00
Todd C. Miller
9b886f6b2c The flush parameter of sudo_term_restore() is bool, not int. 2016-10-17 08:57:17 -06:00
Todd C. Miller
3f022419ae Be consistent with the naming of the variable used to store the 
function return value.  Previously, some code used "rval", some
used "ret".  This standardizes on "ret" and uses "rc" for temporary
return codes.
 2016-09-08 16:38:08 -06:00
Todd C. Miller
a2e541aef8 O_NOCTTY has no effect when opening /dev/tty as the open can only 
succeed if there is already a controlling tty.
 2016-05-16 11:17:20 -06:00
Todd C. Miller
b4309d4aea Ignore SIGPIPE for the duration of sudo and not just in a few select 
places.  We have no control over what nss, PAM modules or sudo
plugins might do so ignoring SIGPIPE is safest.
 2016-04-22 16:36:36 -06:00
Todd C. Miller
5ad68edd65 It is possible for WIFSTOPPED to be true even if waitpid() is not 
given WUNTRACED if the child is ptraced.  Don't exit the waitpid()
loop if WIFSTOPPED is true, just in case.
 2015-10-02 11:24:01 -06:00
Todd C. Miller
38b7aea6b7 Restore old signal handlers before tty settings. That way SIGTTOU 
is at its original value if sudo_term_restore() should fail.
 2015-09-09 15:27:09 -06:00
Todd C. Miller
2f1d675055 Ignore callbacks if major version doesn't match. 2015-09-09 13:29:57 -06:00
Todd C. Miller
0c70df5de9 Implement suspend/resume callbacks for the conversation function. 
If suspended, close the timestamp file (dropping all locks).  On
resume, lock the record before reading the password.

For this to work properly we need to be able to run th callback
when tsetattr() suspends us, not just when the user does.  To
accomplish this the term_* functions now return EINTR if SIGTTOU
would be generated.  The caller now has to restart the term_*
function (and send itself SIGTTOU) instead of it being done
automatically.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
98a15d9879 Add a struct sudo_conv_callback that contains on_suspend and on_resume 
function pointer args plus a closure pointer and at it to the
conversation function.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
0b241088b3 There's no need to conditionalize the #include <unistd.h>, we require 
a POSIX system.
 2015-07-02 09:08:28 -06:00
Todd C. Miller
4a07b472f0 Only include stddef.h where it is needed. 2015-06-20 05:34:35 -06:00
Todd C. Miller
dc883f2454 We require ANSI C so stop using the obsolete STDC_HEADERS. 2015-06-19 14:29:27 -06:00
Todd C. Miller
4f9cabd005 Remove obsolete memory.h include. 2015-06-18 21:02:57 -06:00
Todd C. Miller
166ee6879b Sync tty_present() with sudoers version. 2015-05-07 11:20:49 -06:00
Todd C. Miller
d2624ffa96 Make tty_present static to tgetpass.c 2015-05-07 09:42:48 -06:00
Todd C. Miller
b78a985bf0 Fix cut & pasto that prevented the SIGPIPE handler from being 
restored before returning from tgetpass().  From mancha
 2015-03-02 08:49:04 -07:00
Todd C. Miller
59ab26dbcc Go back to a 2 args debug_decl and just use the "default" instance, 
now renamed "active".
 2015-02-01 08:24:49 -07:00
Todd C. Miller
29039859b7 Defer registration of the SIGCHLD handler until just before we exec 
the command.  Fixes a problem where pam_gnome_keyring installs its
own SIGCHLD handler and may not restore the original one.  As a
result, we now have to explicitly wait for the askpass helper to
finish.  Bug #657
 2014-11-18 14:05:51 -07:00
Todd C. Miller
866cfc4fc3 Add support for multiple Debug lines per program. Callers may 
register arbitrary debug facilities or use built-in defaults.  We
now use separate Debug statements for plugins and programs.
 2014-10-22 13:23:05 -06:00
Todd C. Miller
aecef4aa1d Rename warning/fatal -> sudo_warn/sudo_fatal to avoid namespace 
pollution in libsudo_util.so.
 2014-06-27 09:30:52 -06:00