isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,198 Commits 1 Branch 0 Tags
edf30c727398f8de75f5b366c47cc4ebe7ee25d0
Commit Graph

973 Commits

Author SHA1 Message Date
Todd C. Miller
d15e117c2e find_editor: remove the env_error argument 
There is no case where we should fail to find an editor just because
the values of EDITOR, VISUAL and SUDO_EDITOR are unavailable.  Both
sudoedit and the "env_editor" sudoers setting are documented as
falling back on the hard-coded list of editors in the "editors"
sudoers setting.  Bug #1000
 2021-09-29 10:25:19 -06:00
Todd C. Miller
1831176a1a Add the ability to filter/match by command via the -m option. 
For example "cvtsudoers -m cmd=/bin/ls" would only display entries
that would allow /bin/ls to be allowed or denied.
 2021-09-24 10:44:13 -06:00
Todd C. Miller
41f116050f Add --group-file and --passwd-file options to cvtsudoers. 
These are based on the code in testsudoers.
 2021-09-23 19:18:25 -06:00
Todd C. Miller
698481492c Standardize on "front-end" not "front end" in the man pages. 2021-09-17 10:55:06 -06:00
Todd C. Miller
7c550c5d10 Plugin lines are for approval and audit plugins too. 2021-09-17 10:55:06 -06:00
Todd C. Miller
7ae62866e4 Add support for execl, execle, execlp, execvp, and execvpe. 
Currently, PATH traversal is handled by sudoers which uses
the original PATH, not the one updated by the shell.
 2021-09-07 19:55:45 -06:00
Todd C. Miller
aac09cf7be Define RBAC and mention incompatibility with intercept/log_subcmds. 2021-09-03 14:19:32 -06:00
Todd C. Miller
5c2f1ebbcf We now intercept execv() too. 2021-09-01 13:11:42 -06:00
Todd C. Miller
f40afd73fe Can't use intercept or log_subcmds with SELinux RBAC. 
SELinux policy will prevent the inherited socket from sudo from
being used and may also restrict the ability to connect back to the
sudo process.
 2021-09-01 11:09:17 -06:00
Todd C. Miller
ba171724f7 Rename log_children -> log_subcmds 2021-08-26 16:36:41 -06:00
Todd C. Miller
98401c0588 Add execv(3) support to sudo_intercept.so. 
This allows intercept to work with csh which uses execv(3) not execve(2).
 2021-08-21 08:44:16 -06:00
Todd C. Miller
02b78c38ed Sync the list of functions trapped by sudo_noexec.so. 2021-08-20 18:41:32 -06:00
Todd C. Miller
1e795b5487 Add a Debug example for sudo_intercept.so 
Don't try to enumerate all the sudo programs that support debugging
since all of them do.
 2021-08-20 16:07:02 -06:00
Todd C. Miller
bb40491c99 Update sudoers Debug example to match the debug changes from sudo 1.8.12. 2021-08-20 15:50:02 -06:00
Todd C. Miller
8ccb7f0096 sudo_intercept.so only intercepts execve(2) for now. 2021-08-20 14:25:49 -06:00
Todd C. Miller
52e7594ae5 set-user-ID and set-group-ID not set user-ID and set group-ID. 2021-08-19 09:59:32 -06:00
a1346054
bf7d20b482 Minor cleanup (#110) 
* fix trivial shell script issues
* remove trailing whitespace
 2021-08-19 09:48:01 -06:00
Todd C. Miller
1c52c24a93 log_server_peer_cert and log_server_peer_key are not required by default. 
They are only required if sudo_logsrvd has tls_checkpeer enabled.
 2021-08-19 09:15:12 -06:00
Todd C. Miller
f9d3f46fa7 Add intercept_allow_setid sudoers option, disabled by default. 
With this change, a shell in intercept mode cannot run a setuid or
setgid binary by default.  On most systems, the dynamic loader will
ignore LD_PRELOAD for setuid/setgid binaries such as sudo which
would effectively disable intercept mode.
 2021-08-18 15:43:26 -06:00
Todd C. Miller
fc9a01936c Better document the limitations of intercept mode. 
Also mention log_children under "Preventing shell escapes"
 2021-08-16 12:44:49 -06:00
Todd C. Miller
a85cf1f3fd Try to clarify log_server_peer_key and log_server_peer_cert. 
These are client-side not server-side.
 2021-08-16 10:45:51 -06:00
Todd C. Miller
695f4bea05 Add support for an optional offset when parsing the ID to replay. 
The offset is a suffix in the form of @sec[.nanosec]
 2021-08-13 16:00:00 -06:00
Todd C. Miller
788708c9ff Add intercept_authenticate sudoers option, defaults to false. 
By default, sudoers will not require authentication of commands run
via an intercepted session.  To require authenticaton of subsequent
commands, enable intercept_authenticate in sudoers.
 2021-08-09 15:50:26 -06:00
Todd C. Miller
9d776b4e7b Allow multiple accept/reject messages during a logsrv conversation. 
The log server now advertises a subcommands flag if it supports
logging subcommands (e.g. commands run from a sudo-spawned program
like a shell).  The client should only log additional commands
during a session if this flag is set in the ServerHello message.
 2021-08-09 15:50:25 -06:00
Todd C. Miller
6287e8ca7d Add support for loading the sudo_intercept.so DSO. 2021-08-09 15:50:25 -06:00
Todd C. Miller
786e5865cb Add "intercept" Defaults setting to allow interception of sub-commands. 
This causes "intercept" to be set to true in command_info[] which
the sudo front-end will use to determine whether or not to intercept
attempts to run further commands, such as from a shell.  Also add
"log_children" which will use the same mechanism but only log (audit)
further commands.
 2021-08-09 15:50:25 -06:00
Todd C. Miller
14ffa00c06 The tls_verify setting only affects server behavior, not the client. 
Originally, there was a flag in the ServerHello message to indicate
that the client should verify the server cert, but this was removed
TLS was moved to a separate port.  Client validation of the server
certificate is now configured in the sudoers file instead.
 2021-08-03 09:50:07 -06:00
Todd C. Miller
0dd2b6442a Add log_exit setting in the sudo_logsrvd.conf eventlog stanza 
This causes sudo_logsrvd to log a record with the exit status or
terminating signal in response to an ExitMessage.
 2021-07-09 11:08:44 -06:00
Todd C. Miller
17a415ae77 Add log_exit_status sudoers option to log when a command exits. 
This option defaults to off.
 2021-07-09 11:08:44 -06:00
Todd C. Miller
16f78f59ba Mention that xkcd inspired the sandwich logo. 2021-07-02 14:19:59 -06:00
Todd C. Miller
86680255ba Mention log server and fuzzers under Quest contributions. 2021-07-02 14:19:37 -06:00
Todd C. Miller
555596e57a Use "mandoc -Tlint -Wwarning" instead of -Wstyle. 
The style checks now include "referenced manual not found" warnings
which is not helpful.
 2021-06-26 18:20:25 -06:00
Todd C. Miller
2c1988410e Add support for logging server warning/error messages. 
We can use sudo_warn_set_conversation() to set a conversation
function that either writes to a log file or calls syslog().
 2021-06-13 18:27:36 -06:00
Todd C. Miller
5087f68853 sudoreplay does not parse sudoers to find the value of iolog_dir. 
The default value for the I/O log directory is set at build time.
 2021-05-26 08:10:22 -06:00
Todd C. Miller
7033f1c1d8 The -g option may also be used with any group the target user belongs to. 
The description in the Runas_Spec section incorrectly stated that
the -g option could not be used if no runas group was set.  Bug #975.
 2021-05-07 13:42:40 -06:00
Todd C. Miller
9d734d57e7 sudo_sendlog: rename -m (max-time) to -s (stop-after). 2021-05-04 12:14:02 -06:00
Todd C. Miller
7376fa632f Add "-m elapsed" option to specify the max elapsed time of records to send. 
Useful for testing the ability of the server to handle restarted log
transfers.
 2021-05-04 08:22:34 -06:00
Todd C. Miller
fda17ecfda Rename logsrvd log dir to /var/log/sudo_logsrvd. 2021-05-02 08:28:19 -06:00
Todd C. Miller
f49930c62e Make the failed relay retry interval configurable. 
This is the amount of time to wait before trying to resend a
journal to the relay server after a connection error.
 2021-05-02 06:19:32 -06:00
Todd C. Miller
01bdfd3be2 Write client and server information to debug file on SIGUSR1 
This can be used to debug client problems such as a connection
not being closed as expected.
 2021-04-29 16:20:02 -06:00
Todd C. Miller
cefa72c6a6 Document journal file directories in store_first mode. 2021-04-29 14:34:54 -06:00
Todd C. Miller
d6d2e3488b Fix typo. 2021-04-24 13:23:25 -06:00
Todd C. Miller
6f5b353e87 Add configuration for sudo_logsrvd store-and-forward mode. 
Adds "relay_dir" and "store_first" settings to sudo_logsrvd.conf
in the [relay] section.  Also adds a --with-relaydir configure
argument to change the default value (usually /var/log/logsrvd-relay.
 2021-04-23 16:54:15 -06:00
Todd C. Miller
a1323ba43b Fix lint warning. 2021-04-13 14:29:59 -06:00
Todd C. Miller
556b8f62cb Mention relay mode and update TLS example. 2021-04-13 14:24:50 -06:00
Todd C. Miller
28d41cecad Enable the use of OpenSSL if log client/server not disabled. 
This adds a dependency on OpenSSL unless it is explicitly disabled
(--disable-openssl) or the sudo log client and server are disabled
(--disable-log-client and --disable-log-server).
 2021-04-12 14:10:49 -06:00
Todd C. Miller
ae77355eda Document relay configuration changes. 2021-04-09 12:58:57 -06:00
Todd C. Miller
3aec794b75 Document relay and connect_timeout server settings. 2021-04-06 16:30:41 -06:00
Todd C. Miller
d4517e0a1c Move autoconf auxiliary files to the scripts directory. 2021-04-06 14:23:38 -06:00
Todd C. Miller
28d65159ed Document SUCCESS=return support in sudoers nsswitch.conf entries. 
Based on a patch from Dennis Filder.  Bug #971.
 2021-04-05 20:13:50 -06:00