isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,309 Commits 1 Branch 0 Tags
e64a089aea42710098666e55427fce9c97a1c94d
Commit Graph

450 Commits

Author SHA1 Message Date
Todd C. Miller
289a045a4f Rename "doc" directory to "docs" for better GitHub compatibility. 2021-11-10 16:45:16 -07:00
Todd C. Miller
09b82a22ca Add configure check for sha1sum and use "openssh dgst -sha1" if missing. 
Only needed when building the seed corpus zip files.
 2021-11-10 13:31:42 -07:00
Todd C. Miller
19065cb221 Use strtoul() on systems without strtoull(). 
We can assume that systems without strtoull() have 32-bit resource limits.
 2021-11-08 18:21:15 -07:00
Todd C. Miller
4eebd53bce parse_gentime: use timegm() to generate time since the epoch 
The timegm() function is non-standard but widely available.
Provide an implementation for those systems that lack it.
Bug #1006
 2021-10-31 09:27:34 -06:00
Todd C. Miller
fc5fa1bbd4 wolfSSL not WolfSSL 2021-10-26 19:00:16 -06:00
Todd C. Miller
cc6157d7d4 Add support for WolfSSL's OpenSSL compatibility layer. 
Based on changes from Hayden Roche
 2021-10-25 13:17:57 -06:00
Todd C. Miller
a808f8e7e5 Fix setting _PATH_ASAN_LIB, need to double up the square brackets. 2021-10-23 15:27:20 -06:00
Todd C. Miller
ef3eb25a1b arc4random: need to include sys/random.h on Solaris too. 
This was removed when Linux genentropy() was disabled.
 2021-10-22 10:44:34 -06:00
Todd C. Miller
9fbbca7b7a Always link libsudo_util.so with libcrypto.so if using OpenSSL. 
We may need to use RAND_bytes() in the getentropy() emulation.
 2021-10-20 18:59:13 -06:00
Todd C. Miller
23eef895f4 Add an explicit check for sys/sysctl.h. 
This test needs to be done after AC_LANG_WERROR to avoid including
sys/sysctl.h on systems where it is marked as deprecated via a
#warning directive.
 2021-10-20 10:31:35 -06:00
Todd C. Miller
00e53b32e5 Use our own getentropy() by default on Linux. 
The glibc getentropy() emulation will fail on older kernels that
don't support getrandom().
Also use sudo_fatal() instead of sending SIGKILL on getentropy() failure.
GitHub issue #117.
 2021-10-20 09:53:01 -06:00
Todd C. Miller
64e5798318 Don't install sudoers.a when configured with --enable-static-sudoers. 
We already avoid installing it when --disable-shared-util is specified.
 2021-10-11 11:04:40 -06:00
Todd C. Miller
eaee7a0ebe Fix fuzzer build with when --enable-static-sudoers is used. 
This introduces a sudoers-specific version of LT_STATIC instead of
appending the --tag=disable-shared to SUDOERS_LDFLAGS.
I've also removed the -static flag as it should not be needed.
 2021-10-07 08:19:11 -06:00
Todd C. Miller
8350307a2f Try to handle the case where libasan.so is a linker script. 
Fixes check_noexec with ASAN on Fedora where libasan.so just includes
the actual library file.
 2021-10-05 13:08:48 -06:00
Todd C. Miller
c5f983c643 Add "-fcf-protection" to SSP_CFLAGS and SSP_LDFLAGS if supported. 
Can be disabled via --disable-hardening.
 2021-09-29 15:50:57 -06:00
Todd C. Miller
edf30c7273 Add "-z now" to hardened link options if supported. 
Can be disabled via --disable-hardening.
 2021-09-29 13:31:47 -06:00
Todd C. Miller
476f00b82f Emulate closefrom() on macOS using proc_pidinfo(). 
This avoids relying on /dev/fd which may not exist in a chroot jail.
Adapted from a change in OpenSSH by likan_999.student AT sina.com
 2021-09-27 13:44:41 -06:00
Todd C. Miller
4fef09e1c2 Sudo 1.9.8p2 2021-09-20 18:40:48 -06:00
Todd C. Miller
a036cb0252 fix typo 2021-09-20 15:59:47 -06:00
Todd C. Miller
1d2512ae10 Remove now-unused CHECK_INTERCEPT variable. 2021-09-18 13:38:55 -06:00
Todd C. Miller
fa71679b5a Add gmtime_r and localtime_r tests and compat if missing. 2021-09-17 10:55:06 -06:00
Todd C. Miller
78eb240642 When using pkg-config, don't assume the names of the ssl and crypto libs. 
On the HP-UX build machines these are named libssl_pic.a and
libcrypto_pic.a to avoid conflicting with the system libs.
 2021-09-17 10:55:06 -06:00
Todd C. Miller
4289e9609d Teach mkdep.pl about --tag=disable-static in LTFLAGS. 
If static objs are disabled we need to add explicit dependencies for
.o files.  The OpenBSD libtool doesn't use a pic object file when
linking executables so we need to build the non-pic objects too.
 2021-09-13 09:33:17 -06:00
Todd C. Miller
229dfe175d Use SUDO_APPEND_LIBPATH when appending to LIBTLS and LIBMD. 
The OpenSSL pkgconfig files only include -L paths, not -R paths.
Using SUDO_APPEND_LIBPATH ensures the rpath is set correctly so the
binaries will run (not just link).
 2021-09-13 09:33:12 -06:00
Todd C. Miller
921bc1c697 Use the EVP digest routines instead of calling SHA2 functions directly. 
Avoids compiler warnings with OpenSSL 3.0.  EVP_MD_CTX_new() is
only available for OpenSSL 1.1 and higher--we will fall back to
sudo's SHA2 code if necessary.
 2021-09-17 10:55:06 -06:00
Todd C. Miller
4e0b77be4b tls_init.c: use SSL_CTX_set0_tmp_dh_pkey if present. 
Fixes a warning on OpenSSL 3.0 and plugs a memory leak of dhparams
on config reload.
 2021-09-17 10:55:06 -06:00
Todd C. Miller
052391da9c Add --enable-openssl-pkgconfig-template option. 
This can be used to find the correct openssl pkg-config file
if it is not named "openssl" (also libcrypto).
 2021-09-13 09:33:09 -06:00
Todd C. Miller
2d632937e6 Fix the OpenSSL link order for the non-pkg-config case. 
Since -lssl depends on -lcrypto, -lcrypto must be listed after -lssl.
Fixes linking of non-dynamic OpenSSL libs.
 2021-09-16 10:04:22 -06:00
Todd C. Miller
e1653be435 Sudo 1.9.8p1 2021-09-15 11:32:52 -06:00
Todd C. Miller
4b365300a7 Fix typo introduced in 1.9.7 that set SUDO_LDFLAGS to SUDOERS_LDFLAGS. 
Copy pasta is not always the best kind of pasta.
 2021-09-08 15:31:08 -06:00
Todd C. Miller
3a4aec7a62 sudo_intercept.so: only replace execvpe() if it is present. 
execvpe() is a GNU extension also found on *BSD (but not macOS).
 2021-09-08 11:09:59 -06:00
Todd C. Miller
38d884a62d Do not compile intercept code if --disable-intercept is specified. 2021-09-01 13:35:47 -06:00
Todd C. Miller
c0630a36c8 Add checks for -fstack-clash-protection and -Wl,-z,noexecstack 
We use -Wc,-fstack-clash-protection as the linker flag to prevent
libtool from removing it from the link line.
 2021-08-31 09:57:11 -06:00
Todd C. Miller
c465d8971d Change intercept IPC to use a localhost socket instead of inherited fd. 
This allows intercept mode to work with shells that close all open
fds upon startup.  The ctor in sudo_intercept.so requests the port
number and secret over the socket inherited from the parent then
closes it.  For each policy request, a TCP connection is made to
the sudo parent process to perform the policy check.  Child processes
re-use the TCP socket to request the port number and secret just like
the initial process started by sudo does.
 2021-08-25 14:24:36 -06:00
Todd C. Miller
680fd4a629 Use AC_FUNC_FSEEKO instead of AC_CHECK_FUNCS_ONCE([fseeko]). 
This will define _LARGEFILE_SOURCE, if needed, to make the prototype
visible on older systems.
 2021-08-20 10:59:52 -06:00
Todd C. Miller
ad28b90c4d We still need the pread/pwrite hack for HP-UX 11.11 at least. 
This time around, avoid defining _LARGEFILE64_SOURCE and just declare
pread64/pwrite64 ourselves.
 2021-08-19 19:18:24 -06:00
Todd C. Miller
b40f74cb24 Cross-build support for mksigname and mksiglist 
We must build these with the host C compiler but use the target
preprocessor to generate the output.
 2021-08-19 09:50:05 -06:00
Todd C. Miller
62aca803ce Older Solaris has getusershell() et al but does not declare it. 2021-08-13 09:52:02 -06:00
Todd C. Miller
aa20eccad4 Sudo 1.9.8 2021-08-09 15:50:26 -06:00
Todd C. Miller
dfe26f8c34 If building with address sanitizer make sure its DSO is first. 
Address sanitizer requires that it be preloaded before any other
DSO in LD_PRELOAD.  This should not be required for clang, which
links in asan statically by default.
 2021-08-09 15:50:26 -06:00
Todd C. Miller
8f8a9c37b3 Require that our dso be first in the list to make sure it takes effect. 
Otherwise, another dso could take precedence and ours would not be run.
 2021-08-09 15:50:26 -06:00
Todd C. Miller
0ea5efd8b7 If msg_control is not present in struct msghdr use msg_accrights instead. 
Fixes building on Solaris and probably others.  It is possible to
expose msg_control on Solaris but this requires a specific set of
feature flag defines which can cause other complications.
 2021-08-09 15:50:26 -06:00
Todd C. Miller
5d4120fa5d Add separate convenience lib for protobuf-c 
We need to use it for sudo <-> sudo_intercept.so communication.
 2021-08-09 15:50:25 -06:00
Todd C. Miller
6287e8ca7d Add support for loading the sudo_intercept.so DSO. 2021-08-09 15:50:25 -06:00
Todd C. Miller
40496f510b Prefix sanitizer and fuzzer options with -XCClinker in ASAN_LDFLAGS. 
Otherwise libtool may ignore the options when linking.
 2021-07-29 09:29:07 -06:00
Todd C. Miller
625ab9d298 Bump version to 1.9.7p2 2021-07-26 18:03:14 -06:00
Todd C. Miller
36fbb13c4c Use TLS_method() instead of TLS_client_method() throughout. 
OpenSSL returns an error for SSL_accept() if TLS_client_method()
was used to generate the context (LibreSSL doesn't care).

Prior to sudo 1.9.7, TLS_client_method() and TLS_server_method()
were used in the TLS client and server initialization code respectively.
This was refactored in sudo 1.9.7 to allow the code to be shared.
Bug #988
 2021-07-26 13:40:25 -06:00
Todd C. Miller
f8e05dd984 Use AC_CACHE_CHECK in place of AC_MSG_CHECKING + AC_CACHE_VAL where possible. 2021-07-25 19:29:25 -06:00
Todd C. Miller
4a90deb2a0 Add configure check for va_copy instead of using #ifdef 
This prevents the va_copy compat #define from being used if
sudo_compat.h is somehow included before stdarg.h.
 2021-07-25 15:51:23 -06:00
Todd C. Miller
cc3b4ffb04 Remove vsyslog(3) emulation, it is no longer used. 2021-06-14 13:11:39 -06:00