isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,167 Commits 1 Branch 0 Tags
ec37504dfb711a0f297ff0ac77bf24a8f58810e5
Commit Graph

8167 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
ec37504dfb Document the race with sudoedit_checkdir in 1.8.15. 2016-01-20 11:00:05 -07:00
Todd C. Miller
42671f6b95 Document sudoedit_checkdir 2016-01-20 10:56:47 -07:00
Todd C. Miller
5e300f1e4c There are no systems that support O_SEARCH/O_PATH that do not also 
support O_DIRECTORY so simplify the definition of DIR_OPEN_FLAGS a
bit.
 2016-01-19 19:50:27 -07:00
Todd C. Miller
5dae4d3f35 regen 2016-01-19 15:23:07 -07:00
Todd C. Miller
647bfa4a9d Add 1.8.16 changes 2016-01-19 15:21:15 -07:00
Todd C. Miller
de0208a01b Make sudoedit_checkdir the default and update the documentation accordingly. 2016-01-19 14:16:25 -07:00
Todd C. Miller
e719d954e7 Add a SET_FLAG macro to simplify parsing command details boolean 
flags.  Previously, flags were only set and never cleared even if
the boolean value was false.  This was not a problem as there were
no default flags for the plugin to enable.  That will change in the
future.
 2016-01-19 10:32:33 -07:00
Todd C. Miller
4b96e94f37 Need to be root when switching to a different user. 2016-01-18 13:12:50 -07:00
Todd C. Miller
9f481f128d Use O_SEARCH on systems without O_PATH if present. It can be used 
for a similar purpose.
 2016-01-18 12:38:41 -07:00
Todd C. Miller
c1b1481204 Use faccessat(2) for directory writability instead of doing the 
checks manually where possible.  This also allows us to remove the
#ifdef __linux__ bits since we no longer use fstat(2) on Linux with
an O_PATH fd.
 2016-01-18 10:45:47 -07:00
Todd C. Miller
7f8a29dfc0 Add "I/O LOG FILES" section to the manual and move many of the 
details from the log_input and log_output descriptions to it.
 2016-01-16 16:47:42 -07:00
Todd C. Miller
ad8c96403d Use "Nm sudoers" when talking about the plugin and "Em sudoers" when 
talking about the sudoers file.
 2016-01-16 16:46:17 -07:00
Todd C. Miller
12a8becd70 Remove gzopen_w which is only defined on Windows. 2016-01-13 13:40:19 -07:00
Todd C. Miller
4bcef637f8 Work around the buggy pread(2) on 32-bit HP-UX 11.00 by using 
pread64() on that platform.
 2016-01-13 11:10:33 -07:00
Todd C. Miller
5a77989a33 Add support for matching the entire netgroup tuple (user, host, domain). 2016-01-12 14:59:44 -07:00
Todd C. Miller
9d7bc0311f Use asprintf() to generate the netgroup filter instead of using 
lots of concatenation.
 2016-01-12 14:29:09 -07:00
Todd C. Miller
f97eba71f0 Add missing sudo_debug_exit_ssize_t_v1 symbol. 2016-01-12 14:28:58 -07:00
Todd C. Miller
55fdf66c1d In sudo_netgroup_lookup() only build up the search filter once 
instead of once per netgroup_base.
 2016-01-11 16:35:05 -07:00
Todd C. Miller
7c454656d5 It is safe to pass ldap_msgfree() a NULL pointer. 2016-01-11 16:24:22 -07:00
Todd C. Miller
ae5a2f4072 On overflow, warn before freeing anything. 2016-01-11 16:23:19 -07:00
Todd C. Miller
0f991ff78b Use user_runhost and user_srunhost instead of user_host and user_shost. 
Fixes "sudo -l -h other_host" for LDAP and sssd.
 2016-01-11 15:54:02 -07:00
Todd C. Miller
089b468de7 Silence warning in digest_matches() on systems with no fexecve(2). 2016-01-11 16:55:52 -07:00
Todd C. Miller
9308d05e7e Fix free() of invalid pointer introduced in the commit that stripped 
whitespace between a '!' and the name in a sudoOption.
 2016-01-11 16:52:52 -07:00
Todd C. Miller
14b454cc0d Fix free() of invalid pointer introduced in the commit that stripped 
whitespace between a '!' and the name in a sudoOption.
 2016-01-11 16:44:05 -07:00
Todd C. Miller
051fe2d4cf Add missing dfd argument to the version of sudo_edit_openat_nofollow() 
for systems without O_NOFOLLOW.
 2016-01-11 16:36:40 -07:00
Todd C. Miller
8ed9f6172a Update description of sudoedit_checkdir. Reported by Sander Bos. 2016-01-11 15:09:08 -07:00
Todd C. Miller
c7c80913ef No need to check whether the fd we opened is really a directory in 
sudo_edit_open_nonwritable() since if not, the openat() will fail
with ENOTDIR anyway.
 2016-01-11 11:15:42 -07:00
Todd C. Miller
68c1073fe5 Rewritten sudoedit_checkdir support that checks all the dirs in the 
path and refuses to follow symlinks in writable directories.
This is a better fix for CVE-2015-5602.
Adapted from a diff by Ben Hutchings.  Bug #707
 2016-01-10 18:31:29 -07:00
Todd C. Miller
39db87e62b sync with translationproject.org 2016-01-04 10:47:11 -07:00
Todd C. Miller
b20977d445 Add support for using fexecve() if supported on commands that are 
checksummed.
 2016-01-04 10:35:18 -07:00
Todd C. Miller
97e86c74ff Call openat() with the basename not the full path. From Ben Hutchings. 2015-12-29 13:38:14 -07:00
Todd C. Miller
330a209695 Fix compilation with --disable-shared 2015-12-24 08:26:26 -07:00
Todd C. Miller
88a634b7fb Check for existing dso in LD_PRELOAD and only add it if it is not 
already present.
 2015-12-20 14:08:47 -07:00
Todd C. Miller
584aebe738 Clarify when SIGINT and SIGQUIT are relayed by sudo to the command. 2015-12-18 14:41:11 -07:00
Todd C. Miller
ad1068c1ee Actually use the plugin_dir Path setting in sudo.conf. 2015-12-18 14:05:02 -07:00
Todd C. Miller
0123cf63f1 The Path setting for the plugin directory is "plugin_dir" not "plugin". 2015-12-18 14:03:59 -07:00
Todd C. Miller
55531958de Allow sudo.conf Path settings to disable path names (by setting the 
value of NULL).
 2015-12-18 12:31:28 -07:00
Todd C. Miller
7a57bae1e6 Change noexec flag in selinux_execve() from int to bool. 2015-12-16 15:16:48 -07:00
Todd C. Miller
4536480800 Refactor code to set LD_PRELOAD (or the equivalent) in the environment 
into a preload_dso() function.  Also avoid allocating a new copy
of the environment array if the size of the array does not change.
 2015-12-16 15:08:01 -07:00
Todd C. Miller
3b338830cf Add missing square brackets in configure option descriptions. 2015-12-16 14:57:37 -07:00
Todd C. Miller
a6f8994a59 Document the names of the I/O log files and mention buffering. 
Document that I/O logs are in gzip format by default.
 2015-12-11 10:04:17 -07:00
Todd C. Miller
290dafda3b Add BASHOPTS to initial_badenv_table[]; from Stephane Chazelas 2015-12-10 17:14:56 -07:00
Todd C. Miller
d46d0fbc6f When parsing sudoOptions that include an operator (!, +, +=, -=) 
strip out any whitespace on either side of the operator.
 2015-12-09 14:57:33 -07:00
Todd C. Miller
e2add4ae20 Strip whitespace around '!', '=', '+=' and '-=' in Defaults entries. 2015-12-08 15:06:00 -07:00
Todd C. Miller
96201a275e Document the race condition between the digest check and command 
execution.
 2015-12-06 15:34:53 -07:00
Todd C. Miller
29e9273a40 When checking the query results, don't set user_matches in the 
netgroup pass unless sudo_ldap_check_non_unix_group() returns true.
This was preventing the mail_no_user sudoOption from being effective.
 2015-12-02 14:06:37 -07:00
Todd C. Miller
9c9b487b0c In list mode, we always want to clear FLAG_NO_USER and FLAG_NO_HOST 
regardless of whether or not there was an actual match.  Otherwise,
warning mail may be sent which is not what we want in list mode.
This is consistent with what the sudoers file backend does.
 2015-12-02 10:43:41 -07:00
Todd C. Miller
604d350344 Use size_t for length parameters in the fill functions used by the 
lexer.
 2015-11-22 09:22:38 -07:00
Todd C. Miller
90e6bf3180 Use yy_size_t for digest_len since newer flex uses yy_size_t for 
yyleng.  Old flex uses int for yyleng so we need to use a cast to
avoid a sign compare warning.
 2015-11-22 09:19:12 -07:00
Todd C. Miller
d13bb39d1d Use https in sudo.ws urls 2015-11-20 10:51:11 -07:00