isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,819 Commits 1 Branch 0 Tags
ecdf0c80f36e971f3090c495377b03a11931816c
Commit Graph

62 Commits

Author SHA1 Message Date
Todd C. Miller
ecdf0c80f3 Add pam_silent sudoers option. 
Inspired by PR #368
GitHub issue #216
 2024-04-17 19:30:11 -06:00
Todd C. Miller
46e31a74d7 Add "json_pretty" log format, currently the same as "json". 
In a future version, "json" will be an alias for "json_compact"
instead.  GitHub issue #357.
 2024-03-09 10:59:54 -07:00
Todd C. Miller
1debad3bec Add json_compact log type for compact/minified JSON. 
The "json_compact" log type logs one event per line in compact/minified
JSON format.  GitHub issue #357.
 2024-03-08 16:31:39 -07:00
Todd C. Miller
b39dc7c5f1 Document side-effects of enabling the use_pty option. 2024-01-08 14:28:58 -07:00
Todd C. Miller
6d4ffe6743 In the NOEXEC example make it clear that "shanty" is a host. 
Bug #1064
 2023-12-19 09:55:09 -07:00
Todd C. Miller
b4ae559c81 Reword the description of cmddenial_message. 2023-11-28 14:49:13 -07:00
Guillaume Destuynder
a4cbfecdae Add support for a custom message when the command execution is denied. 2023-11-28 14:19:26 -07:00
Todd C. Miller
0c958e1852 Mention the tsdump utility 2023-11-26 08:55:41 -07:00
Todd C. Miller
3686c9fdd1 Document special cases for AIX-style shared libraries. 
The shared object is a member of an archive file that is specified
in parentheses.
 2023-11-06 09:39:36 -07:00
Todd C. Miller
3141f63b25 Mention potential problems with log_subcmds and intercept. 2023-09-28 17:01:02 -06:00
Todd C. Miller
d9da92951a Replace '/' with '_' in paths using the user, group or host name. 2023-09-20 09:00:27 -06:00
Todd C. Miller
7363ad7b32 Use the user-ID instead of user-name for the timestamp and lecture file. 
This avoids problems if the user name itself contains a path separator.
 2023-09-11 10:27:35 -06:00
Todd C. Miller
3c05e748a4 Add ignore_perms plugin argument to skip the sudoers file security checks. 
This is not intended to be used in a production environment.
 2023-08-29 09:55:09 -06:00
Todd C. Miller
e0ee845dfc Reference SETENV-related settings in the command environment section. 
Based on GitHub PR #273 from Ilya Kulakov.
 2023-06-20 15:12:43 -06:00
Todd C. Miller
5d2b1761f6 Clarify that use_pty is on by default starting with 1.9.14. 2023-06-18 12:44:57 -06:00
Todd C. Miller
894daa88f6 Enable the use_pty option by default for sudo 1.9.14. 
GitHub issue #258
 2023-04-06 11:30:51 -06:00
Todd C. Miller
3b55de4e83 White space is not allowed between Defaults and '@', ':', '!', '>'. 
The EBNF made it appear that this is allowed when it really is not.
 2023-03-28 16:02:46 -06:00
Todd C. Miller
334daf92b3 Escape control characters in log messages and "sudoreplay -l" output. 
The log message contains user-controlled strings that could include
things like terminal control characters.  Space characters in the
command path are now also escaped.

Command line arguments that contain spaces are surrounded with
single quotes and any literal single quote or backslash characters
are escaped with a backslash.  This makes it possible to distinguish
multiple command line arguments from a single argument that contains
spaces.

Issue found by Matthieu Barjole and Victor Cutillas of Synacktiv
(https://synacktiv.com).
 2023-01-18 08:21:34 -07:00
Todd C. Miller
3726e38394 Stop using 8n width in tagged lists. 
Use either 4n, when the body is expected to wrap or the width of
the longest tag when no wrapping is expected.
 2023-01-16 08:53:35 -07:00
Todd C. Miller
4b0dc2eecb Substitute python plugin file name in sudo_plugin_python documentation. 
Also use prefix for group plugin fallback path section in sudoers manual.
 2022-12-30 13:38:40 -07:00
Todd C. Miller
772fc914a8 There is a @pam_login_service@ substitution but no @pam_service@. 
Just use sudo instead of @pam_service@.
 2022-12-26 15:26:13 -07:00
Todd C. Miller
eeea67e70b Use @sudoers_plugin@ instead of @sudoers_module@. 2022-12-26 13:56:43 -07:00
Todd C. Miller
206700c3f0 Use AIX-style shared libraries on AIX by default instead of SVR4-style. 
This removes the need to use the -brtl linker flag which can cause
problems when there are both a .so and .a version of the same library
but with different versions.  This was particularly problematic
when using the AIX freeware version of OpenSSL.  The --with-aix-soname=svr4
option can be used to build SVR4-style shared libs instead.
 2022-12-26 07:43:55 -07:00
Todd C. Miller
a514a6eed5 Add "list" pseudo-command to allow a user to list another user's 
privs.  Previously, only root or a user with the ability to run any
command as either root or the target user on the current host could
use the -U option.  For "sudo -l [-U otheruser] command", NewArgv[0]
is now set to "list" (just like "sudo -l") and the actual command
to be checked starts with NewArgv[1].
 2022-12-11 13:46:00 -07:00
Todd C. Miller
d744271a63 Make it clear that runas_default sets the default user for Runas_Spec. 
Also use mention runas_default in other parts of the manual, use
@runas_default@ instead of root and add markup around user names.
GitHub issue #186.
 2022-10-20 08:08:48 -06:00
Todd C. Miller
87b7209ebb Add support for logging stdin/stdout/stderr in the non-pty exec path. 
If we are logging I/O but not terminal input/output (either because
no terminal is present or because that is what the plugin requested),
the non-pty exec path is now taken.
 2022-09-27 13:46:55 -06:00
Todd C. Miller
88ac5e09b6 Use sudo_secure_open_file() instead of sudo_secure_file() where possible. 
Both sudo_secure_open_file() and sudo_secure_open_dir() are now passed
a struct stat pointer like sudo_secure_file() and sudo_secure_dir().
 2022-09-21 19:08:10 -06:00
Todd C. Miller
ce387a6849 Split log_{input,output} into log_{stdin,ttyin} and log_{ttyout,stdout,stderr} 
If log_input is set, log_{stdin,ttyin} will be set as well.
If log_output is set, log_{stdout,stderr,ttyout} will be set as well.
This provides more fine-grained control over I/O logging and makes it
possible to disable logging piped or redirected intput or output.
 2022-09-20 14:35:12 -06:00
Todd C. Miller
c341608072 Remove most uses of the deprecated Li macro which has no effect. 
Also fix some other incorrect markup.
 2022-09-13 19:56:45 -06:00
Todd C. Miller
b85f95cb30 Fix a typo 2022-09-11 19:06:22 -06:00
Todd C. Miller
caa0408a8a intercept_verify is fast, but the policy check is (relatively) slow. 2022-08-29 14:10:49 -06:00
Todd C. Miller
922772c6cb Rework the intercept section in "Preventing shell escapes". 2022-08-25 19:01:59 -06:00
Todd C. Miller
966eae6bf3 intercept_verify also compares the environment. 
Also mention the overhead involved in checking things.
 2022-08-23 11:12:51 -06:00
Todd C. Miller
158facf6d5 Use multilib rules to look for a 64-bit group plugin on failure. 
If sudo_dso_load() fails on a 64-bit system, try to load a 64-bit
native version of the file using system-dependent multilib rules.
If we don't support multilib on the platform, check for a version
of the file that ends in "64" before the .so suffix.
 2022-08-11 19:34:50 -06:00
Todd C. Miller
4de5e12ddb Document the TOCTOU issue with intercept mode. 
Describe how intercept_verify attempts to reduce the risk.
 2022-07-29 20:18:55 -06:00
Todd C. Miller
3ce19efca9 Add intercept_verify sudoers option to control execve(2) argument checking. 2022-07-29 15:22:27 -06:00
Helio Machado
d60b6c618f Improve Tag_Spec EBNF documentation 2022-06-07 17:24:45 +02:00
Helio Machado
3405fac05e Add missing colon in Tag_Spec documentation 2022-06-07 16:28:14 +02:00
Todd C. Miller
f52342031d Add support for intercepting the system(3) function. 
This also means we can log system(3) with log_subcmds.
 2022-05-31 14:45:00 -06:00
Todd C. Miller
6eda28ef51 Fix typo 2022-05-27 13:08:01 -06:00
Todd C. Miller
f16754a1dd Merge branch 'main' into apparmor_support 2022-05-27 08:25:12 -06:00
Todd C. Miller
f053f174bc Add intercept_type sudoers option to set intercept/log_subcmds mechanism. 2022-05-24 13:39:28 -06:00
kernelmethod
d8184fdb6f Add documentation for AppArmor support 
- Document the AppArmor userspec option in the sudoers man pages.
- Add information about the --with-apparmor build configuration option
  to INSTALL.md.
 2022-05-23 13:41:56 -06:00
Todd C. Miller
4ab6a87b96 Initialize intercept_allow_setid to true if we use ptrace(2) and seccomp(2). 2022-05-04 13:32:28 -06:00
Todd C. Miller
052d3d1d91 Update intercept documentation. 2022-04-29 13:09:03 -06:00
Todd C. Miller
973a8f08f9 Document that negating mailto or mailerpath disables sending mail. 2022-02-21 13:50:49 -07:00
Todd C. Miller
9f5615e5b1 Avoid using "note that" and "note: " in documentation. 2022-02-16 16:38:44 -07:00
Todd C. Miller
9175954895 Remove "please" from the documentation, it is considered bad style. 2022-02-16 12:33:32 -07:00
Todd C. Miller
339ef82d62 Add security notes about regular expressions in sudoers rules. 2022-02-16 10:41:29 -07:00
Todd C. Miller
33f54c853b Limit regular expressions to 1024 characters each. 
Avoids a problem with the fuzzer creating large regular expressions
that blow up the glibc regcomp().
 2022-02-12 09:33:02 -07:00