isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,713 Commits 1 Branch 0 Tags
e5834bd405906ba8ebde4f9ba99db6eb8b40a44d
Commit Graph

66 Commits

Author SHA1 Message Date
Helio Machado
d60b6c618f Improve Tag_Spec EBNF documentation 2022-06-07 17:24:45 +02:00
Helio Machado
3405fac05e Add missing colon in Tag_Spec documentation 2022-06-07 16:28:14 +02:00
Todd C. Miller
fcb5867f1d Document how setting ModulePath affects the Python search path. 
Also advise the user to use a unique prefix to avoid name space
collisions with installed Python modules.  Bug #1031.
 2022-06-06 08:39:22 -06:00
Todd C. Miller
96c3c28194 Add EXAMPLES variables for use in the man pages for the examples directory. 2022-06-06 08:36:44 -06:00
Todd C. Miller
77a47affb4 Install the plugin man pages in section 5 (or 4 for System V). 
The manual had the correct section in the text but was installed
in the wrong directory.
 2022-06-01 10:02:34 -06:00
Todd C. Miller
f52342031d Add support for intercepting the system(3) function. 
This also means we can log system(3) with log_subcmds.
 2022-05-31 14:45:00 -06:00
Todd C. Miller
6eda28ef51 Fix typo 2022-05-27 13:08:01 -06:00
Todd C. Miller
789bc6ec8e Update contributors. 2022-05-27 12:42:40 -06:00
Todd C. Miller
f16754a1dd Merge branch 'main' into apparmor_support 2022-05-27 08:25:12 -06:00
Todd C. Miller
9ac42292d1 Bump plugin minor version and document new intercept-related settings. 
There should have been a minor version bump for sudo 1.9.8 when
intercept was originally implemented.
 2022-05-26 09:19:08 -06:00
Todd C. Miller
f053f174bc Add intercept_type sudoers option to set intercept/log_subcmds mechanism. 2022-05-24 13:39:28 -06:00
kernelmethod
d8184fdb6f Add documentation for AppArmor support 
- Document the AppArmor userspec option in the sudoers man pages.
- Add information about the --with-apparmor build configuration option
  to INSTALL.md.
 2022-05-23 13:41:56 -06:00
Todd C. Miller
0bcfe6184f OpenSSL 3.x requires the key usage extension be present in CA and certs. 
Certificates generated with a CA that doesn't set the key usage
extension will fail to validate if "tls_verify" is enabled.
 2022-05-17 12:22:07 -06:00
Todd C. Miller
4ab6a87b96 Initialize intercept_allow_setid to true if we use ptrace(2) and seccomp(2). 2022-05-04 13:32:28 -06:00
Todd C. Miller
77979932b1 New Georgian translation from translationproject.org 2022-04-29 13:32:29 -06:00
Todd C. Miller
052d3d1d91 Update intercept documentation. 2022-04-29 13:09:03 -06:00
Todd C. Miller
72794ecd75 Fix typo; GitHub issue #144 2022-04-23 07:21:08 -06:00
Todd C. Miller
c414a89eb3 Remove ABOUT-NLS file, it is no longer maintained as part of GNU gettext. 
Expand the Translations section in CONTRIBUTING.md.
 2022-04-20 12:58:11 -06:00
Todd C. Miller
c51b81fa53 Expand section about expired accounts to include /etc/shadow info. 
GitHub issue #143
 2022-04-20 15:47:42 -06:00
Todd C. Miller
cdee5d48da Add check-verbose Makefile target that runs tests in verbose mode. 2022-03-02 13:32:08 -07:00
Todd C. Miller
973a8f08f9 Document that negating mailto or mailerpath disables sending mail. 2022-02-21 13:50:49 -07:00
Todd C. Miller
9f5615e5b1 Avoid using "note that" and "note: " in documentation. 2022-02-16 16:38:44 -07:00
Todd C. Miller
9175954895 Remove "please" from the documentation, it is considered bad style. 2022-02-16 12:33:32 -07:00
Todd C. Miller
c4fc9b695b Mention regular expressions and "sudo -l -U user" behavior change. 2022-02-16 11:01:59 -07:00
Todd C. Miller
339ef82d62 Add security notes about regular expressions in sudoers rules. 2022-02-16 10:41:29 -07:00
Todd C. Miller
9f695f0fcc Restrict "sudo -U other -l" to users with sudo ALL for root or "other". 
Having "sudo ALL" permissions in no longer sufficient to be able to
list another user's privileges.  The invoking user must now have
"sudo ALL" for root or the target user.
GitHub issue #134
 2022-02-14 13:09:55 -07:00
Todd C. Miller
33f54c853b Limit regular expressions to 1024 characters each. 
Avoids a problem with the fuzzer creating large regular expressions
that blow up the glibc regcomp().
 2022-02-12 09:33:02 -07:00
Todd C. Miller
0bbe4b1813 Substitute paths set by configure in examples. Bug #1023 2022-02-11 19:07:08 -07:00
Todd C. Miller
7c17f84a35 Add helper function to compile a regex that supports (?i). 2022-02-11 12:01:31 -07:00
Todd C. Miller
86d2173937 Add support for matching command and args using regular expressions. 
Either the command, its arguments or both may be (separate)
regular expressions.
 2022-02-10 18:26:24 -07:00
Todd C. Miller
3b6f620e3e Update links to sudo web site and reference markdown docs. 2022-02-10 13:15:39 -07:00
Todd C. Miller
7b5f0dfaf7 Use a 4n indent for code blocks instead of the default 6n. 2022-02-10 13:05:34 -07:00
Todd C. Miller
8adad85b4b A few minor (mostly cosmetic) fixes. 
Add missing ALL to Runas_Member and Host.
Replace some tabs with spaces.
Fix the syntax of a sudoedit example.
 2022-02-08 11:26:55 -07:00
Todd C. Miller
c5133d84eb Upgrade http links to https where possible and fix some broken links. 2022-02-04 08:31:03 -07:00
Todd C. Miller
85fef8b50f Add sudoers option to perform authentication even in non-interative mode. 
If noninteractive_auth is set, authentication methods that do not
require input from the user's terminal may proceed.  It is off by
default, which restores the pre-1.9.9 behavior of "sudo -n".
 2022-02-01 20:08:26 -07:00
Todd C. Miller
9b93961b3e Add new log_passwords and passprompt_regex settings. 
When logging terminal input, if log_passwords is false and any
of the regular expressions in the passprompt_regex list are found
in the terminal output, terminal input will be replaced with '*'
characters until a newline or carriage return is found in the input
or an output character is received.
 2022-01-28 08:52:42 -07:00
Todd C. Miller
0efe280037 Add a new sudoers settings log_passwords and passprompt_regex. 
When logging terminal input, if log_passwords is disabled and any
of the regular expressions in the passprompt_regex list are found
in the terminal output, terminal input will be replaced with '*'
characters until a newline or carriage return is found in the input
or an output character is received.
 2022-01-28 08:52:41 -07:00
Todd C. Miller
be45d8fef4 "plain text" -> "plaintext" for consistency. 2022-01-27 12:43:19 -07:00
Todd C. Miller
5f45fd907b Document how commands are passed to the shell for the -i and -s options. 
The concatenation of command and arguments and escaping of special
characters was not documented.
Text adapted from GitHub issue #121 from Kris Rinzwind
 2022-01-20 14:05:00 -07:00
Todd C. Miller
805e1b9470 Also mention no_new_privs error in the troubleshooting guide. 2022-01-20 10:26:01 -07:00
Todd C. Miller
e4ee1a8502 Replace uid and gid with user-ID and group-ID in more places. 2022-01-20 10:08:34 -07:00
Todd C. Miller
9d79a0767c Use the Oxford comma consistently, it is helpful in technical documents. 2022-01-19 19:03:12 -07:00
Todd C. Miller
78e74c605e Document the error message when no_new_privs is set. 2022-01-19 18:53:03 -07:00
Todd C. Miller
17b7ac3460 Sudo now recovers from sudoers syntax errors. 2022-01-19 18:42:09 -07:00
Todd C. Miller
0d0e7de454 Use the Oxford comma consistently, it is helpful in technical documents. 2022-01-19 18:41:23 -07:00
Todd C. Miller
9a013b79b8 Mention https://www.sudo.ws/security/fuzzing/ in the fuzzing section. 2022-01-19 11:02:19 -07:00
Todd C. Miller
e88087721b Add support in the LDAP filter for negated users. 
Based on a diff from Simon Lees
 2022-01-18 11:20:22 -07:00
Todd C. Miller
48bc498a6f Add pam_askpass_service sudoers setting for "sudo -A". 
This makes it possible to use a different PAM configuration for
when "sudo -A" is used.  The main use case is to only use PAM modules
that can interact with the askpass program.  GitHub issue #112.
 2022-01-08 11:35:03 -07:00
Todd C. Miller
59d55c5308 LICENSE.md moved to the top-level src dir. 2022-01-03 10:26:15 -07:00
Todd C. Miller
e22cc72530 Back out changes to enable SELinux by default. 
This may return in a future release in a different form.
 2021-12-22 11:13:22 -07:00