isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,713 Commits 1 Branch 0 Tags
e5834bd405906ba8ebde4f9ba99db6eb8b40a44d
Commit Graph

1119 Commits

Author SHA1 Message Date
Todd C. Miller
13672f28df Make sudo pass -Wwrite-strings 2022-06-28 16:33:15 -06:00
Todd C. Miller
b3a8cad346 A typo prevented -Wno-deprecated-declarations from being used on macOS. 2022-06-28 15:43:27 -06:00
Todd C. Miller
f5ac1317c4 Make sudo pass -Wmissing-prototypes 2022-06-27 12:48:03 -06:00
Todd C. Miller
01a9e5a157 Sudo 1.9.11p3 2022-06-20 16:58:03 -06:00
Todd C. Miller
04746d0e65 Sudo 1.9.11p2 2022-06-12 08:05:00 -06:00
Todd C. Miller
d2bf3aad06 Sudo 1.9.11p1 2022-06-08 08:31:27 -06:00
Todd C. Miller
7689b8718c Check for SECCOMP_MODE_FILTER not SECCOMP_SET_MODE_FILTER. 
This matches the actual prctl() call we use.
 2022-06-07 10:50:59 -06:00
Todd C. Miller
96c3c28194 Add EXAMPLES variables for use in the man pages for the examples directory. 2022-06-06 08:36:44 -06:00
Todd C. Miller
25a26f5042 Avoid using vfork(2) in the DSO system(3) wrapper. 
Traditional vfork(2) semantics make it unsafe for use for more than
just vfork(2) + execve(2).
 2022-06-03 09:43:34 -06:00
Todd C. Miller
cec83a05a3 Add configure check for vfork(2) and fall back to fork(2) if missing. 2022-05-31 14:47:39 -06:00
Todd C. Miller
1c83161622 On AIX, fmemopen(3) has a bug where feof() returns false at EOF. 
See https://www.ibm.com/support/pages/apar/IJ11845
 2022-05-29 15:52:48 -06:00
Todd C. Miller
9bb288d10e Regenerate files after merging AppArmor integration. 2022-05-27 08:30:34 -06:00
Todd C. Miller
583e8bf538 Use explicit library dependencies instead of implicit. 
We now include all the dependent libraries when linking.
Fixes a linking problem on CentOS Stream 9.
 2022-05-19 17:01:14 -06:00
Todd C. Miller
4ac1237bd3 Sudo 1.9.11 2022-04-29 19:03:24 -06:00
Todd C. Miller
ec5164ced2 Define _TIME_BITS=64 on systems that define __TIMESIZE, like GNU libc. 
This should be replaced by a specialized autoconf macro when one
becomes available.
 2022-04-19 13:28:39 -06:00
Todd C. Miller
a1e20ddd95 Fix check for EVP_MD_CTX_new() when -pthread is in Libs.private. 2022-04-04 10:13:28 -06:00
Todd C. Miller
dcb2fb26a5 Rename SSP_(C|LD)FLAGS -> HARDENING_(C|LD)FLAGS 2022-04-01 11:14:59 -06:00
Todd C. Miller
cc4d7196ff Update to libtool 2.4.7. 2022-03-31 16:14:10 -06:00
Todd C. Miller
90501b7000 Fix check for EVP_MD_CTX_new using static libcrypto with dependencies. 2022-03-31 16:14:10 -06:00
Todd C. Miller
c77cba373a --enable-openssl: don't add non-existent directories to PKG_CONFIG_LIBDIR 2022-03-30 11:21:44 -06:00
Todd C. Miller
75a0e51590 Add sudo_closefrom() regression test. 2022-03-01 11:31:19 -07:00
Todd C. Miller
f1a697a8ff Use close_range(2) in closefrom() emulation if available. 
On Linux, prefer our own closefrom() emulation since the glibc
version may fail if /proc is not present and close_range() is not
supported.  On FreeBSD, closefrom(3) will either call the closefrom
or close_range system call, depending on which is available.
 2022-03-01 09:54:23 -07:00
Todd C. Miller
c3177ce831 Repair --enable-pvs-studio on Linux. 2022-03-01 09:42:07 -07:00
Todd C. Miller
10ca59097e Mention apple radar 3710161 in the comment about broken macOS poll(2). 2022-03-01 09:25:14 -07:00
Todd C. Miller
a57e979962 Adapt test harness for lib/util and move to regress directory. 2022-02-28 14:15:43 -07:00
Todd C. Miller
f35bbd5a3f Move the cvtsudoers/sudoers/testsudoers/visudo tests into a script. 
It is easier to maintain these tests in script form.  The output
now more closely matches that of the other tests.  The harness
script can be invoked directly and supports running specific tests.
 2022-02-28 11:29:38 -07:00
Todd C. Miller
42f735c8dd Add configure check for gzclearerr() when using system zlib. 2022-02-24 19:13:53 -07:00
Todd C. Miller
68bc030c0c Fix PVS-Studio platform check for macOS. 2022-02-24 08:15:01 -07:00
Todd C. Miller
63b2a62f8a Substitute values in the example syslog.conf too. 
Also update ignore files for example changes
 2022-02-11 19:19:09 -07:00
Todd C. Miller
0bbe4b1813 Substitute paths set by configure in examples. Bug #1023 2022-02-11 19:07:08 -07:00
Todd C. Miller
85f9f2beb6 Sudo 1.9.10 2022-02-11 14:14:32 -07:00
Todd C. Miller
86d2173937 Add support for matching command and args using regular expressions. 
Either the command, its arguments or both may be (separate)
regular expressions.
 2022-02-10 18:26:24 -07:00
Todd C. Miller
c13b21c199 Avoid TOCTOU in sudo_mkdir_parents() using openat(2) and mkdirat(2). 
This also allows us to make path const as it should be.
 2021-12-11 08:35:18 -07:00
Todd C. Miller
ce9c6d17c5 Sudo 1.9.9 2021-11-24 06:52:50 -07:00
Todd C. Miller
289a045a4f Rename "doc" directory to "docs" for better GitHub compatibility. 2021-11-10 16:45:16 -07:00
Todd C. Miller
09b82a22ca Add configure check for sha1sum and use "openssh dgst -sha1" if missing. 
Only needed when building the seed corpus zip files.
 2021-11-10 13:31:42 -07:00
Todd C. Miller
19065cb221 Use strtoul() on systems without strtoull(). 
We can assume that systems without strtoull() have 32-bit resource limits.
 2021-11-08 18:21:15 -07:00
Todd C. Miller
4eebd53bce parse_gentime: use timegm() to generate time since the epoch 
The timegm() function is non-standard but widely available.
Provide an implementation for those systems that lack it.
Bug #1006
 2021-10-31 09:27:34 -06:00
Todd C. Miller
fc5fa1bbd4 wolfSSL not WolfSSL 2021-10-26 19:00:16 -06:00
Todd C. Miller
cc6157d7d4 Add support for WolfSSL's OpenSSL compatibility layer. 
Based on changes from Hayden Roche
 2021-10-25 13:17:57 -06:00
Todd C. Miller
a808f8e7e5 Fix setting _PATH_ASAN_LIB, need to double up the square brackets. 2021-10-23 15:27:20 -06:00
Todd C. Miller
ef3eb25a1b arc4random: need to include sys/random.h on Solaris too. 
This was removed when Linux genentropy() was disabled.
 2021-10-22 10:44:34 -06:00
Todd C. Miller
cccefb962b Improve macOS version detection to support macOS 11 and simplify legacy logic 
From Jeremy Huddleston Sequoia
 2021-10-20 19:31:57 -06:00
Todd C. Miller
9fbbca7b7a Always link libsudo_util.so with libcrypto.so if using OpenSSL. 
We may need to use RAND_bytes() in the getentropy() emulation.
 2021-10-20 18:59:13 -06:00
Todd C. Miller
23eef895f4 Add an explicit check for sys/sysctl.h. 
This test needs to be done after AC_LANG_WERROR to avoid including
sys/sysctl.h on systems where it is marked as deprecated via a
#warning directive.
 2021-10-20 10:31:35 -06:00
Todd C. Miller
00e53b32e5 Use our own getentropy() by default on Linux. 
The glibc getentropy() emulation will fail on older kernels that
don't support getrandom().
Also use sudo_fatal() instead of sending SIGKILL on getentropy() failure.
GitHub issue #117.
 2021-10-20 09:53:01 -06:00
Todd C. Miller
64e5798318 Don't install sudoers.a when configured with --enable-static-sudoers. 
We already avoid installing it when --disable-shared-util is specified.
 2021-10-11 11:04:40 -06:00
Todd C. Miller
eaee7a0ebe Fix fuzzer build with when --enable-static-sudoers is used. 
This introduces a sudoers-specific version of LT_STATIC instead of
appending the --tag=disable-shared to SUDOERS_LDFLAGS.
I've also removed the -static flag as it should not be needed.
 2021-10-07 08:19:11 -06:00
Todd C. Miller
8350307a2f Try to handle the case where libasan.so is a linker script. 
Fixes check_noexec with ASAN on Fedora where libasan.so just includes
the actual library file.
 2021-10-05 13:08:48 -06:00
Todd C. Miller
c5f983c643 Add "-fcf-protection" to SSP_CFLAGS and SSP_LDFLAGS if supported. 
Can be disabled via --disable-hardening.
 2021-09-29 15:50:57 -06:00