isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,487 Commits 1 Branch 0 Tags
f17c6df8e223f8d6bb4d9ad5a7ba90b10d20a781
Commit Graph

41 Commits

Author SHA1 Message Date
Todd C. Miller
4afceb8e92 Zero out sigaction_t before use in case it has non-standard entries. 2008-11-02 14:45:31 +00:00
Todd C. Miller
f9f4aca556 Add support for runas groups. This allows the user to run a command 
with a different effective group.  If the -g option is specified
without -u the command will be run as the current user (only the
group will change).  the -g and -u options may be used together.
TODO: implement runas group for ldap
      improve runas group documentation
      add testsudoers support
 2007-11-21 20:12:00 +00:00
Todd C. Miller
f3ef738254 PERM_FULL_ROOT is now no different than PERM_ROOT so remove PERM_FULL_ROOT 2007-07-06 14:04:40 +00:00
Todd C. Miller
9f49d28eaf Redo setting of user_args. We now build up a private copy of argv 
first and then replace the NULs with spaces.
 2007-06-24 13:25:01 +00:00
Todd C. Miller
a83e28b250 getcwd() returns NULL on failure, not 0 on success 2007-06-24 13:19:29 +00:00
Todd C. Miller
2d76de6cdc allow chunksiz to reach 1 before erroring out 2007-06-24 11:39:16 +00:00
Todd C. Miller
7276bf7b9b systrace_read() returns ssize_t 2006-07-30 19:56:11 +00:00
Todd C. Miller
3553eee07e Instead of calling the check function twice with a state cookie use 
separate check/log functions.

Check more ioctl() calls for failure.

systrace_{read,write} now return the number of bytes read/written
or -1 on error.
 2005-11-13 20:49:35 +00:00
Todd C. Miller
56d72a3b81 Sanity check number of syscall args with argsize. Not really needed 
but a little paranoia never hurts.
 2005-04-17 05:21:24 +00:00
Todd C. Miller
95c47e7f3b Don't do pointer arithmetic on void * 
Use int, not size_t/ssize_t for systrace lengths (since it uses int)
 2005-04-17 05:18:24 +00:00
Todd C. Miller
fe9b653085 Add some memsets for paranoia 
Fix namespace collsion w/ error
Check rval of decode_args() and update_env()
Remove improper setting of validated variable
 2005-04-16 07:14:34 +00:00
Todd C. Miller
304dc46d7f Add efree() for consistency with emalloc() et al. Allows us to rely 
on C89 behavior (free(NULL) is valid) even on K&R.
 2005-03-29 14:29:47 +00:00
Todd C. Miller
778d587063 Update copyright years. 2005-02-12 22:56:07 +00:00
Todd C. Miller
3b8b88407f Add __unused to rcsids 2005-01-27 15:42:30 +00:00
Todd C. Miller
1936aeb299 add sudo_ldap_close 2004-12-03 18:57:48 +00:00
Todd C. Miller
d88e6523a3 Use the double fork trick to avoid the monitor process being waited 
for by the main program run through sudo.
 2004-12-02 14:53:20 +00:00
Todd C. Miller
fe869025c4 Add support for command-specific Defaults entries. E.g. 
Defaults!/usr/bin/vi noexec
 2004-11-19 21:35:12 +00:00
Todd C. Miller
2c2daa8eca Use: #include <config.h> 
Not: #include "config.h"
That way we get the correct config.h when build dir != src dir
 2004-11-19 18:39:14 +00:00
Todd C. Miller
51375f969f Add local error/warning functions like err/warn but that call an additional 
cleanup routine in the error case.  This means we no longer need to compile
a special version of alloc.o for visudo.
 2004-11-15 15:53:53 +00:00
Todd C. Miller
ae2e26fd2f Cache passwd db entries in 2 reb-black trees; one indexed by uid, 
the other by user name.  The data returned from the cache should
be considered read-only and is destroyed by sudo_endpwent().
 2004-11-15 14:53:05 +00:00
Todd C. Miller
ce4b69f8b0 Working LDAP support; also remove a now-unneeded rewind(). 2004-10-26 22:21:02 +00:00
Todd C. Miller
2c91a58149 Call sudo_goodpath() *after* changing the cwd to match the traced process. 
Fixes relative paths.
 2004-10-23 17:32:20 +00:00
Todd C. Miller
163994c116 Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably means 
we are out of space in the stack gap...
 2004-10-05 21:26:38 +00:00
Todd C. Miller
a7d63df1fb Take a stab at ldap sudoers support here. 2004-10-05 20:53:29 +00:00
Todd C. Miller
385dfb2696 Detach from tracee on SIGHUP, SIGINT and SIGTERM. Now "sudo reboot" 
doesn't cause reboot to inadvertanly kill itself.
 2004-10-05 19:13:56 +00:00
Todd C. Miller
6e2fb232a4 put "monitor" in the proctitle, not "systrace" 2004-10-05 18:21:26 +00:00
Todd C. Miller
f01c983f12 When modifying the environment, don't replace envp when we can get 
away with just rewriting pointers in the traced process.
 2004-10-05 18:15:35 +00:00
Todd C. Miller
dc368b59fb Add environment updating via STRIOCINJECT (if available). 2004-10-05 17:46:22 +00:00
Todd C. Miller
d7e43093ef Include file is now mon_systrace.h 2004-10-04 16:09:45 +00:00
Todd C. Miller
5eb4895b55 Fix some XXX 2004-10-01 19:06:44 +00:00
Todd C. Miller
e173a07c85 No need to include syscall.h, use 1024 as the max # of entries (the 
max that systrace(4) allows).

Only need to use SYSTR_POLICY_ASSIGN once

Change check_syscall() -> find_handler() and have it return the
handler instead of just running it.  We need this since handler now
have two parts: one part that generates and answer and another that
gets called after the answer is accepted (to do logging).

Add some missing check_exec for emul execv
 2004-10-01 18:30:20 +00:00
Todd C. Miller
7edec19902 Move all struct defs and prototypes into trace_systrace.h and mark all 
but systace_attach() static.
 2004-09-30 22:27:33 +00:00
Todd C. Miller
33badbaeaa Add support for tracing emulations. At the moment, all emulations are 
compiled in.  It might make sense to #ifdef them in the future, though
this impeeds readability.
 2004-09-30 22:14:34 +00:00
Todd C. Miller
27e83bacb1 Rewind sudoers_fp now that sudoers_lookup() doesn't do it for us. 2004-09-28 20:50:33 +00:00
Todd C. Miller
e4d64ce1d0 o Made children global so check_exec() can lookup a child. 
o Replaced uid in struct childinfo with struct passwd * (for runas)
o new_child() now takes a parent pid so the runas info can be inherited
o Added find_child() to lookup a child by its pid
o update_child() now fills in a struct passwd
o Converted the big if/else mess in set_policy to a switch
o Syscalls that change uid are now "ask" so we get SYSTR_MSG_UGID events
 2004-09-25 21:08:48 +00:00
Todd C. Miller
28736eb556 add missing increment of addr in read_string() 2004-09-25 20:58:11 +00:00
Todd C. Miller
649e2dac12 Remove bogus call to update_child() and some cosmetic fixes 2004-09-25 20:15:44 +00:00
Todd C. Miller
4e5c53e139 Don't leak /dev/systrace fd to tracee 
Make initialized global for simplicity
If STRIOCATTACH returns EBUSY we are already being traced
Check for user_args == NULL in setproctitle() call
Add missing calls to STRIOCANSWER
 2004-09-25 20:11:39 +00:00
Todd C. Miller
1131db0699 trim includes 2004-09-25 00:07:26 +00:00
Todd C. Miller
11edf288bd pass struct str_msg_ask in to syscall checker so it can set the error code 2004-09-24 18:09:47 +00:00
Todd C. Miller
d492138ff0 systrace(4) support for sudo. On systems with the systrace(4) kernel 
facility (OpenBSD, NetBSD, Linux w/ patches) sudo can intercept exec
calls and check the exec args against the sudoers file.
In other words, sudo can now control subcommands and shell escapes.
 2004-09-24 17:30:23 +00:00