isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,075 Commits 1 Branch 0 Tags
e5d98da014d502d2318bc1ac071a445a935a036c
Commit Graph

12075 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
455f250ac5 Set LDAP base for sudoers_parse_ldif(). 
Without this set the fuzzer will not exercise the dn parsing.
 2022-11-10 09:34:44 -07:00
Todd C. Miller
82150340a6 Include linux/elf.h, not elf.h to make sure we get NT_ARM_SYSTEM_CALL. 
The NT_PRSTATUS define is present in both files.
 2022-11-10 08:08:09 -07:00
Todd C. Miller
3e8497b5ce Remove CMSG_* compatibility macros, they are no longer used. 2022-11-09 15:24:28 -07:00
Todd C. Miller
ecb5526fc8 Add missing include of sys/stat.h 2022-11-09 14:48:38 -07:00
Todd C. Miller
8b06bdc121 Move forward declaration of struct stat before its first use. 2022-11-09 14:02:13 -07:00
Todd C. Miller
0b1335f54e Use a consistent base when testing cvtsudoers conversion from ldif. 2022-11-09 13:00:48 -07:00
Todd C. Miller
8b898b2ca2 Test parsing LDIF when a backslash is the last char of the file. 
If run with address sanitizer, this test will crash when the fix
in ceaf706ab74b is reverted.
 2022-11-09 12:58:41 -07:00
Todd C. Miller
685150586d Merge pull request #196 from sohomdatta1/main 
Prevent cvtsudoers from reading into undefined memory
 2022-11-09 11:51:33 -07:00
Sohom
902271f441 [cvtsudoers]: Prevent sudo from reading into undefined memory 2022-11-09 23:46:39 +05:30
Todd C. Miller
9f948224ac sudo_passwd_verify: zero out des_pass before returning. 2022-11-08 13:17:11 -07:00
Todd C. Miller
045d08bec9 Pass sudo's process ID to suspend_sudo_nopty() since we already know it. 
Saves an unnecessary getpid(2) call.
 2022-11-07 14:51:43 -07:00
Todd C. Miller
f87fac3b55 Don't kill the parent process group on suspend if it is not sudo's pid. 
If sudo is not the process group leader we must only send the suspend
signal to sudo itself.  When sudo is run via a shell script, it
usually has the same process group as the shell script interpreter.
We do not want to suspend the script itself when the command run
by sudo is suspended.
 2022-11-07 14:51:43 -07:00
Todd C. Miller
bbe4fbaaae Call terminate_command() with use_pgrp = false when not running in a pty. 
When sudo runs a command in the user's existing terminal the command
is run in the same process group as sudo itself.  The proper way
to terminate it is to use kill(2), not killpg(3)
 2022-11-07 14:51:42 -07:00
Todd C. Miller
36742deec3 Fix handling of signal forwarding when running commands in a script. 
We need to forward signals from a process in the same pgrp if the
pgrp leader is not either sudo or the command itself.
 2022-11-07 14:51:41 -07:00
Todd C. Miller
c7071f6da0 Make test_ptrace compile again after recent changes. 2022-11-07 14:51:39 -07:00
Todd C. Miller
8db1eb0c8b Update the cwd for log_subcmds too. 
Fixes a problem for intercept_method=trace when running a relative
command from a different directory than what sudo ws started from.
GitHub issue #194
 2022-11-07 12:14:15 -07:00
Todd C. Miller
3df1e9a073 sudo 1.9.12p1 2022-11-04 14:19:27 -06:00
Todd C. Miller
7ba3184708 Include time.h for struct timespec used by sudo_iolog.h. 2022-11-03 14:39:33 -06:00
Todd C. Miller
b2c8e1b1b9 Display sudo_mode in hex in debug log. 
This makes it easier to match against the MODE_ defines.
 2022-11-03 12:03:08 -06:00
Todd C. Miller
7ec1ee0e5c bsdauth_verify: do not write to prompt, it is now const 2022-11-01 09:33:19 -06:00
Todd C. Miller
d242261dd4 Store raw sudoers lines in the debug log. 
Also add a "sudoerslex" prefix to the token debug info in
sudoers_trace_print().
 2022-11-01 09:32:14 -06:00
Todd C. Miller
966731311d The line numbers in sudoers_trace_print() were off by one. 
The line counter is incremented when a newline is seen so the output
actually refers to the previous line.
 2022-10-31 10:21:39 -06:00
Todd C. Miller
4da22b101e Make the second arg to the sudo auth verify function const. 
This may be either a plaintext password or a password prompt.
Either way it should not be modified by the verify function.
 2022-10-31 09:11:32 -06:00
Todd C. Miller
bd209b9f16 Fix CVE-2022-43995, potential heap overflow for passwords < 8 characters. 
Starting with sudo 1.8.0 the plaintext password buffer is dynamically
sized so it is not safe to assume that it is at least 9 bytes in size.
Found by Hugo Lefeuvre (University of Manchester) with ConfFuzz.
 2022-10-28 07:29:55 -06:00
Todd C. Miller
c78e78dc5e Move debugging info from hostname_matches() to host_matches(). 2022-10-29 11:39:05 -06:00
Todd C. Miller
6a3fb3fd73 Add debugging to sudo_set_grlist() and sudo_set_gidlist(). 2022-10-28 16:58:16 -06:00
Todd C. Miller
366217571e configure: better test for -fstack-clash-protection 
The gcc front-end may accept -fstack-clash-protection even if the
machine-specific code does not support it.  We use a test program
with a large stack allocation to try to cause the compiler to insert
the stack clash protection code, or fail if not supported.
GitHub issue #191
 2022-10-27 20:02:37 -06:00
Todd C. Miller
6a2075b671 Check that compiler accepts -fstack-clash-protection and -fcf-protection. 
Previously, we only checked that linker accepted them.
GitHub issue #191
 2022-10-27 18:33:41 -06:00
Todd C. Miller
7944494196 Fix compilation error on Linux/mips. 2022-10-26 16:35:30 -06:00
Todd C. Miller
802e500cca Regenerate dependencies for src/sesh.c. 2022-10-21 11:30:04 -06:00
Todd C. Miller
ebd285850d Sync clean target with other Makefile.in files. 2022-10-21 11:24:38 -06:00
Todd C. Miller
8087604e5a Build the sample plugin but do not install it by default. 
We no longer install the sample approval plugin.
 2022-10-21 09:12:11 -06:00
Todd C. Miller
45ea248335 Adapt to current plugin API and fix warnings. 2022-10-21 07:51:00 -06:00
Todd C. Miller
9b9404b6fa Disable admin_flag by setting to NULL, not false. 
Found by cppcheck.
 2022-10-20 13:45:36 -06:00
Todd C. Miller
3a6083f043 Bug #1042. 2022-10-20 09:30:33 -06:00
Todd C. Miller
803998d2bd Only add trailing carriage return to messages if output is a raw tty. 
If output is being written to a terminal in "raw" mode, we need to
add a carriage return after the newline to avoid "stair-step" output.
However, we should not write the carriage return if the terminal
is in "cooked" mode, output to a pipe, or output redirected to a file.
Bug #1042.
 2022-10-20 08:55:26 -06:00
Todd C. Miller
d744271a63 Make it clear that runas_default sets the default user for Runas_Spec. 
Also use mention runas_default in other parts of the manual, use
@runas_default@ instead of root and add markup around user names.
GitHub issue #186.
 2022-10-20 08:08:48 -06:00
Todd C. Miller
3ca21f9506 Fix a typo, muti-arch -> multi-arch 
GitHub issue #185
 2022-10-20 06:57:37 -06:00
Todd C. Miller
82db62ec6b Mention log_servers eventlog fix. 2022-10-19 19:03:00 -06:00
Todd C. Miller
e7db62f645 Don't NULL out the plugin close function when logging to a log server. 
If sudo calls execve(2) directly the accept info will not be sent.
We also need the sudo front-end to wait until the command finishes
to send the exit status.
 2022-10-19 17:05:36 -06:00
Todd C. Miller
d251dfd554 Fix numbering in "Simple sudo installation" 2022-10-17 15:51:38 -06:00
Todd C. Miller
5c5ff3fdaa zlib 1.2.13 update 2022-10-14 12:38:29 -06:00
Todd C. Miller
5dbb8ac6e4 Updated translations from translationproject.org 2022-10-14 12:37:20 -06:00
Todd C. Miller
6185c4f84b Don't define _LARGEFILE64_SOURCE or _LFS64_LARGEFILE. 
We don't need them and the missing prototype for crc32_combine_gen64()
issue has been fixed upstream.
 2022-10-14 08:13:35 -06:00
Todd C. Miller
51a1a7d63f Update embedded copy of zlib to version 1.2.13. Fixes CVE-2022-37434. 2022-10-13 17:04:24 -06:00
Todd C. Miller
0be0757d64 Add fchownat() for systems without it. 2022-10-13 15:10:40 -06:00
Todd C. Miller
23e1d32934 Update NEWS for 1.9.12. 2022-10-10 09:13:36 -06:00
Todd C. Miller
3b205bc412 Update .pot files for 1.9.12 2022-10-10 09:13:22 -06:00
Todd C. Miller
3bdb585481 Use getopt() and getopt_long() for sesh command line options. 2022-10-10 09:12:48 -06:00
Todd C. Miller
8d5e59c8a8 Update the description of intercept_verify 2022-10-10 09:12:47 -06:00