isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,767 Commits 1 Branch 0 Tags
e4f08157b6693b956fe9c7c987bc3eeac1abb2cc
Commit Graph

11767 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
ac06fb7f29 Define WORDS_BIGENDIAN on big endian systems. 
Instead of a configure check, we use endian.h (or a fallback).
 2022-06-03 12:51:21 -06:00
Todd C. Miller
71c07579ba Update to protobuf-c 1.4.0 2022-06-03 12:50:31 -06:00
Todd C. Miller
aee276ea63 Quiet two clang analyzer false positives. 2022-06-03 11:05:34 -06:00
Todd C. Miller
f19a71a3db Move a comment to the correct location. 2022-06-03 10:32:47 -06:00
Todd C. Miller
5012c7f978 union sockaddr_union: pass in sockaddr_union * instead of sockaddr *. 
This eliminates the need for a few casts and is consistent with how
create_listener() is written.
 2022-06-03 10:11:37 -06:00
Todd C. Miller
898ca50545 Eliminate some dead stores that clang-analyzer complains about. 2022-06-03 10:01:11 -06:00
Todd C. Miller
63e6973ad1 ptrace_read_vec: don't try to free memory on the error path 
This is leftover from when ptrace_read_string() allocated its own memory.
 2022-06-03 10:00:08 -06:00
Todd C. Miller
25a26f5042 Avoid using vfork(2) in the DSO system(3) wrapper. 
Traditional vfork(2) semantics make it unsafe for use for more than
just vfork(2) + execve(2).
 2022-06-03 09:43:34 -06:00
Todd C. Miller
06bf1be67c Updated translations from translationproject.org 2022-06-02 14:10:15 -06:00
Todd C. Miller
66909a4831 Mention sudo_logsrvd.conf "log_server" parsing fix. 2022-06-02 14:09:46 -06:00
Todd C. Miller
2d6b9d22e1 For logsrvd_conf_test include both tls and non-tls configs. 2022-06-02 11:38:43 -06:00
Todd C. Miller
d7b2ff3214 Add a simple regression test for logsrvd.conf parser. 
Unlike the parser fuzzer, this includes sample certs and keys.
This test would have detected the BIO_new_file() bug in set_dhparams().
 2022-06-02 11:13:18 -06:00
Todd C. Miller
0ca222aa88 Fix inverted logic when setting server_log. 
A value that starts with a '/' should be treated as a path.
 2022-06-02 10:59:30 -06:00
Todd C. Miller
bec9603f3a Use abs_top_builddir instead of pwd/$(top_builddir). 2022-06-02 10:23:04 -06:00
Todd C. Miller
51b64780c0 Plug a memory leak. 2022-06-01 15:24:28 -06:00
Todd C. Miller
89b80ea690 Fix bug in last commit, need to reinitialize role to NULL. 2022-06-01 14:49:31 -06:00
Todd C. Miller
eb0135a93a Simplify the check for when we can reuse the previous user and host specs. 
This makes the code easier to read and quiets a cppcheck false positive.
 2022-06-01 14:30:47 -06:00
Todd C. Miller
77a47affb4 Install the plugin man pages in section 5 (or 4 for System V). 
The manual had the correct section in the text but was installed
in the wrong directory.
 2022-06-01 10:02:34 -06:00
Todd C. Miller
3074f64bd1 Updated translations from translationproject.org 2022-06-01 09:25:06 -06:00
Todd C. Miller
4b5ee47e0d Sudo now supports intercepting system(3). 2022-06-01 09:25:03 -06:00
Todd C. Miller
c20c3b5631 Only display "unable to connect to log server" warning once. 
Previously, in intercept mode, if the log server is unreachable the
message would be printed for each sub-command.
 2022-05-31 20:03:17 -06:00
Todd C. Miller
de4d53e488 When using ptrace(2), push the point where we suspend into exec_cmnd(). 
This should reduce the amount of time the child has to wait for
the parent to use PTRACE_SEIZE to seize control and then PTRACE_CONT
to continue the child.
 2022-05-31 19:51:26 -06:00
Todd C. Miller
cec83a05a3 Add configure check for vfork(2) and fall back to fork(2) if missing. 2022-05-31 14:47:39 -06:00
Todd C. Miller
f52342031d Add support for intercepting the system(3) function. 
This also means we can log system(3) with log_subcmds.
 2022-05-31 14:45:00 -06:00
Todd C. Miller
436deda08d Newer compilers define __BYTE_ORDER__ and __ORDER_{BIG,LITTLE}_ENDIAN__ 
Also add riscv the little endian list.
 2022-05-31 10:18:39 -06:00
Todd C. Miller
1c83161622 On AIX, fmemopen(3) has a bug where feof() returns false at EOF. 
See https://www.ibm.com/support/pages/apar/IJ11845
 2022-05-29 15:52:48 -06:00
Todd C. Miller
dc8311dae9 Fix potential signed integer overflow on 32-bit CPUs. 
Converting fractional minutes to nanoseconds could overflow a 32-bit
integer, use long long instead.
 2022-05-27 15:47:32 -06:00
Todd C. Miller
93916fde4f Fix path to example sudoers file, it is now in the build dir. 2022-05-27 15:33:58 -06:00
Todd C. Miller
b497d74544 init_options: initialize apparmor_profile to NULL 2022-05-27 13:57:22 -06:00
Todd C. Miller
c1934a6366 Update with latest 1.9.11 changes. 2022-05-27 13:09:08 -06:00
Todd C. Miller
6eda28ef51 Fix typo 2022-05-27 13:08:01 -06:00
Todd C. Miller
789bc6ec8e Update contributors. 2022-05-27 12:42:40 -06:00
Todd C. Miller
15f167c3a0 Fix uninitialized use of ca_store when building with wolfSSL. 2022-05-27 11:23:45 -06:00
Todd C. Miller
7125a9cc23 Newer Debian/Ubuntu uses libsepol-dev not libsepol1-dev. 2022-05-27 09:34:04 -06:00
Todd C. Miller
346e63cd7c Update .pot files for 1.9.11 2022-05-26 09:41:54 -06:00
Todd C. Miller
9bb288d10e Regenerate files after merging AppArmor integration. 2022-05-27 08:30:34 -06:00
Todd C. Miller
402fc832fa Merge pull request #148 from kernelmethod/apparmor_support 
Add AppArmor support to sudo
 2022-05-27 08:26:24 -06:00
Todd C. Miller
f16754a1dd Merge branch 'main' into apparmor_support 2022-05-27 08:25:12 -06:00
Todd C. Miller
dc2b28d3e0 Pass envp, not environ, to real execve() from exec_wrapper() if possible. 
The replacement execve() function was passing the global environ
to exec_wrapper() instead of the envp parameter.  This caused the
command to be run with the wrong environment on AIX systems, and
possibly others, when intercept or log_subcmds was enabled.
Bug #1030.
 2022-05-26 16:33:46 -06:00
Todd C. Miller
b6ddf3db6d Consolidate some translatable strings. 2022-05-26 09:37:58 -06:00
Todd C. Miller
38c6e1bffb Standardize protobuf "unable to unpack" warning messages. 2022-05-26 09:35:18 -06:00
Todd C. Miller
9ac42292d1 Bump plugin minor version and document new intercept-related settings. 
There should have been a minor version bump for sudo 1.9.8 when
intercept was originally implemented.
 2022-05-26 09:19:08 -06:00
Todd C. Miller
6ced49a34d Reset intercept_allow_setid if intercept_type changes from trace to dso. 
But only reset intercept_allow_setid if the user didn't explicitly set it.
 2022-05-25 10:09:08 -06:00
Todd C. Miller
deef5e57fb CentOS Stream only uses a major version number, no minor version. 
This prevents the packages from being created as foo.el.arch.rpm
since we were assuming that the version number was two digits.
 2022-05-24 15:58:39 -06:00
Todd C. Miller
d6be44db00 Add support for running o32 and n32 binaries on mips64. 2022-05-24 13:43:51 -06:00
Todd C. Miller
bc6a0e1a16 Enable ptrace support for MIPS but only for log_subcmds. 
It is not possible to change the syscall return value on MIPS
so we cannot support full intercept mode.
Another complication on MIPS is that if a system call is invoked
via syscall(__NR_###), v0 holds __NR_O32_Linux and the real syscall
is in the first arg (a0) and other args are shifted by one.
 2022-05-24 13:43:50 -06:00
Todd C. Miller
f053f174bc Add intercept_type sudoers option to set intercept/log_subcmds mechanism. 2022-05-24 13:39:28 -06:00
kernelmethod
d8184fdb6f Add documentation for AppArmor support 
- Document the AppArmor userspec option in the sudoers man pages.
- Add information about the --with-apparmor build configuration option
  to INSTALL.md.
 2022-05-23 13:41:56 -06:00
kernelmethod
58ce33abab Add libapparmor-dev to the Debian and Ubuntu Dockerfiles 
Install libapparmor-dev on Debian- and Ubuntu-based Docker images so
that they can build sudo with AppArmor support.
 2022-05-23 13:41:56 -06:00
kernelmethod
c20859d55b Add an APPARMOR_PROFILE user spec option to sudoers 
sudoers now supports an APPARMOR_PROFILE option, which can be specified
as e.g.

    alice       ALL=(ALL:ALL)   APPARMOR_PROFILE=foo    ALL

The line above says "user alice can run any command as any user/group,
under confinement by the AppArmor profile 'foo'." Profiles can be
specified in any way that complies with the rules of
aa_change_profile(2). For instance, the sudoers configuration

    alice       ALL=(ALL:ALL)   APPARMOR_PROFILE=unconfined     ALL

allows alice to run any command unconfined (i.e., without an AppArmor
profile), while

    alice       ALL=(ALL:ALL)   APPARMOR_PROFILE=foo//&bar      ALL

tells sudoers that alice can run any command under the stacked AppArmor
profiles 'foo' and 'bar'.

The intention of this option is to give sysadmins on Linux distros
supporting AppArmor better options for fine-grained access control.
Among other things, this option can enforce mandatory access control
(MAC) over the operations that a privileged user is able to perform to
ensure that they cannot privesc past the boundaries of a specified
profile. It can also be used to limit which users are able to get
unconfined system access, by enforcing a default AppArmor profile on all
users and then specifying 'APPARMOR_PROFILE=unconfined' for a privileged
subset of users.
 2022-05-23 13:41:56 -06:00