isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,713 Commits 1 Branch 0 Tags
e5834bd405906ba8ebde4f9ba99db6eb8b40a44d
Commit Graph

3348 Commits

Author SHA1 Message Date
Todd C. Miller
e5834bd405 Use #include <config.h> not #include "config.h" for consistency. 
Otherwise, some compilers may do the wrong thing in a build
dir if there is a config.h file in the source dir too.
 2022-06-29 08:47:16 -06:00
Todd C. Miller
38278640ca Update group_plugin_load() stub to match its prototype. 2022-06-28 16:42:25 -06:00
Todd C. Miller
13672f28df Make sudo pass -Wwrite-strings 2022-06-28 16:33:15 -06:00
Todd C. Miller
f5ac1317c4 Make sudo pass -Wmissing-prototypes 2022-06-27 12:48:03 -06:00
Todd C. Miller
49c27f5278 log_exit_status: make local variables match struct evlog members. 2022-06-14 13:10:13 -06:00
Todd C. Miller
1c00c7c238 Fix pasto in comment after HAVE_PRIV_SET #endif 2022-06-10 09:42:22 -06:00
Todd C. Miller
6525436db7 Change black list -> blocklist 
This was missed in the previous conversion.
 2022-06-09 14:49:49 -06:00
Todd C. Miller
d04810c4f2 Save a pointer to the event_alloc parameter in the plugin open function. 
That way we don't need to pass event_alloc around to the log client
functions.
 2022-06-09 13:05:21 -06:00
Stefan Linke
a074d058ef Fix typo in sudoers comment 
Fix a typo in the sudoers comment about `maxseq` param.

Introduced by 906eb19ece in 1.9.11.
 2022-06-07 13:03:03 +02:00
Todd C. Miller
24522fb4e4 Updated translations from translationproject.org 2022-06-04 11:44:13 -06:00
Todd C. Miller
258b504be8 Rebuild Croatian message catalog. 2022-06-04 10:25:30 -06:00
Todd C. Miller
aee276ea63 Quiet two clang analyzer false positives. 2022-06-03 11:05:34 -06:00
Todd C. Miller
bec9603f3a Use abs_top_builddir instead of pwd/$(top_builddir). 2022-06-02 10:23:04 -06:00
Todd C. Miller
89b80ea690 Fix bug in last commit, need to reinitialize role to NULL. 2022-06-01 14:49:31 -06:00
Todd C. Miller
eb0135a93a Simplify the check for when we can reuse the previous user and host specs. 
This makes the code easier to read and quiets a cppcheck false positive.
 2022-06-01 14:30:47 -06:00
Todd C. Miller
3074f64bd1 Updated translations from translationproject.org 2022-06-01 09:25:06 -06:00
Todd C. Miller
c20c3b5631 Only display "unable to connect to log server" warning once. 
Previously, in intercept mode, if the log server is unreachable the
message would be printed for each sub-command.
 2022-05-31 20:03:17 -06:00
Todd C. Miller
dc8311dae9 Fix potential signed integer overflow on 32-bit CPUs. 
Converting fractional minutes to nanoseconds could overflow a 32-bit
integer, use long long instead.
 2022-05-27 15:47:32 -06:00
Todd C. Miller
93916fde4f Fix path to example sudoers file, it is now in the build dir. 2022-05-27 15:33:58 -06:00
Todd C. Miller
b497d74544 init_options: initialize apparmor_profile to NULL 2022-05-27 13:57:22 -06:00
Todd C. Miller
346e63cd7c Update .pot files for 1.9.11 2022-05-26 09:41:54 -06:00
Todd C. Miller
9bb288d10e Regenerate files after merging AppArmor integration. 2022-05-27 08:30:34 -06:00
Todd C. Miller
f16754a1dd Merge branch 'main' into apparmor_support 2022-05-27 08:25:12 -06:00
Todd C. Miller
38c6e1bffb Standardize protobuf "unable to unpack" warning messages. 2022-05-26 09:35:18 -06:00
Todd C. Miller
9ac42292d1 Bump plugin minor version and document new intercept-related settings. 
There should have been a minor version bump for sudo 1.9.8 when
intercept was originally implemented.
 2022-05-26 09:19:08 -06:00
Todd C. Miller
6ced49a34d Reset intercept_allow_setid if intercept_type changes from trace to dso. 
But only reset intercept_allow_setid if the user didn't explicitly set it.
 2022-05-25 10:09:08 -06:00
Todd C. Miller
f053f174bc Add intercept_type sudoers option to set intercept/log_subcmds mechanism. 2022-05-24 13:39:28 -06:00
kernelmethod
c20859d55b Add an APPARMOR_PROFILE user spec option to sudoers 
sudoers now supports an APPARMOR_PROFILE option, which can be specified
as e.g.

    alice       ALL=(ALL:ALL)   APPARMOR_PROFILE=foo    ALL

The line above says "user alice can run any command as any user/group,
under confinement by the AppArmor profile 'foo'." Profiles can be
specified in any way that complies with the rules of
aa_change_profile(2). For instance, the sudoers configuration

    alice       ALL=(ALL:ALL)   APPARMOR_PROFILE=unconfined     ALL

allows alice to run any command unconfined (i.e., without an AppArmor
profile), while

    alice       ALL=(ALL:ALL)   APPARMOR_PROFILE=foo//&bar      ALL

tells sudoers that alice can run any command under the stacked AppArmor
profiles 'foo' and 'bar'.

The intention of this option is to give sysadmins on Linux distros
supporting AppArmor better options for fine-grained access control.
Among other things, this option can enforce mandatory access control
(MAC) over the operations that a privileged user is able to perform to
ensure that they cannot privesc past the boundaries of a specified
profile. It can also be used to limit which users are able to get
unconfined system access, by enforcing a default AppArmor profile on all
users and then specifying 'APPARMOR_PROFILE=unconfined' for a privileged
subset of users.
 2022-05-23 13:41:56 -06:00
Todd C. Miller
583e8bf538 Use explicit library dependencies instead of implicit. 
We now include all the dependent libraries when linking.
Fixes a linking problem on CentOS Stream 9.
 2022-05-19 17:01:14 -06:00
Todd C. Miller
0b63af91bb mail_parse_errors: allocate the correct amount of space for mail body. 
Use strlen(), not sizeof(), on "problem parsing sudoers" since it
is a tranlated string and not a constant.
This was caught by the existing overflow checks.
 2022-05-19 09:42:57 -06:00
Todd C. Miller
d7df7abf87 If ERR_reason_error_string() returns NULL, fall back on strerror(errno). 
That way we get reasonable error messages for missing files, etc.
 2022-05-17 09:18:03 -06:00
Todd C. Miller
906eb19ece Add maxseq setting to log_output example. 
This should make it more obvious that you need to adjust maxseq
unless you have (virtually) unlimited disk space.
 2022-05-15 18:46:24 -06:00
Todd C. Miller
4ab6a87b96 Initialize intercept_allow_setid to true if we use ptrace(2) and seccomp(2). 2022-05-04 13:32:28 -06:00
Todd C. Miller
4d75b32799 sudoers_lookup_check: preserve intercepted flag when reinitializing cmnd_info 
Otherwise we may not reject an attempt to run a set-user-ID command.
 2022-05-03 09:30:09 -06:00
Todd C. Miller
42117a1ce2 Move intercept setid check out of do_stat() and into its own function. 
For command_matches_all() we should only perform the setid check
if the file exists and intercept is enabled.  Otherwise, we can end
up returning an error if the fully-qualified command does not exist.
Fixes a regression introduced in sudo 1.9.0 with the support for
digests in conjunction with "sudo ALL".
 2022-05-02 18:14:30 -06:00
Todd C. Miller
307b4f69b8 Fix typos 2022-04-29 19:03:20 -06:00
Todd C. Miller
5d385b3c58 Enable intercept and log_subcmds for SELinux using ptrace and seccomp. 2022-04-29 13:09:03 -06:00
Todd C. Miller
c7ed03c986 sudo_logsrvd: update elapsed time for winsize and suspend in journal mode 
Fixes a bug in store-first relay mode where the commit point messages
sent by the server were incorrect.
 2022-04-24 17:26:05 -06:00
Todd C. Miller
930271847a clean_output: prune lines that consisting of '^' characters and whitespace. 
Starting with Python 3.11, backtraces may contain a line with '^'
characters to bring attention to the important part of the line.
Also replace "REJECT" with "0" in backtrace output for Python 3.11.
 2022-04-11 19:05:06 -06:00
Todd C. Miller
dcb2fb26a5 Rename SSP_(C|LD)FLAGS -> HARDENING_(C|LD)FLAGS 2022-04-01 11:14:59 -06:00
Todd C. Miller
6af2b4188a Minor style nit. 2022-03-16 15:53:17 -06:00
Dianne Skoll
11c6cdc02b If we're using Kerberos, don't overwrite a custom prompt if one was given with -p 
Thanks to @thend20 for testing this patch.
 2022-03-16 16:46:18 -04:00
Todd C. Miller
7537713904 Adjust starttime test when run under Debian faketime. 
Bug #1026
 2022-03-15 08:38:27 -06:00
Todd C. Miller
ff17317988 Do not warn, log or send mail for errors when reinitializing defaults. 
If there is a problem, we would have already warned, logged or mailed it.
The one exception is the initial defaults, which should never fail.
 2022-03-14 13:54:12 -06:00
Todd C. Miller
e5a50ae429 If there are multiple parse errors, send them in a single mail message. 2022-03-14 13:54:11 -06:00
Todd C. Miller
1f64aca229 Unset LANGUAGE when running tests, otherwise it may override LC_ALL. 
Bug #1025.
 2022-03-14 13:51:03 -06:00
Todd C. Miller
ef4ce5c08a Looser owner/permission checks for an uninstalled sudoers file. 
We don't check the owner or permissions on a sudoers file that is
specified as an argument to visudo by default.  However, the owner
and mode of files included via @includedir were still checked.  This
commit makes the owner and permissions checks for filed included
via @includedir follow the same as for the original sudoers file.
 2022-03-11 10:44:17 -07:00
Todd C. Miller
8e7c004c7f Add missing va_start/va_end around call to sudoers_error_hook(). 
Coverity CID 250885
 2022-03-11 08:37:06 -07:00
Todd C. Miller
8dae0ba06c Fix off-by-one when storing line number in userspec. 
We store the line number *after* parsing the newline so we need to
subtract one.
 2022-03-10 20:05:40 -07:00
Todd C. Miller
65e5b89f1d Pass file, line and column to sudoers defaults callbacks. 2022-03-10 13:35:58 -07:00