Todd C. Miller
|
f9f39cde20
|
dir_is_writable: don't treat EPERM from faccessat() as a fatal error.
We can get EPERM on Linux with SELinux. GitHub issue #122.
|
2021-11-27 12:34:16 -07:00 |
|
Todd C. Miller
|
7085a64475
|
Avoid symbol name clash with is_writable() function variable.
Rename "is_writable" variable to "writable".
|
2021-11-09 13:39:30 -07:00 |
|
Todd C. Miller
|
9c465f84ad
|
switch_user_nonfatal: only define if using faccessat()
|
2021-11-08 17:45:26 -07:00 |
|
Todd C. Miller
|
a527d6dfdd
|
dir_is_writable: add fallback if changing UIDs fails
The SELinux policy may not allow uid/gid changes which will break
the writability checks and cause sudoedit to fail.
|
2021-11-05 12:24:51 -06:00 |
|
Todd C. Miller
|
73e9256f9d
|
Handle EMLINK and EFTYPE errno values for O_NOFOLLOW failure.
FreeBSD returns EMLINK and NetBSD returns EFTYPE instead of ELOOP.
This is only used to present the user with a more appropriate error
message.
|
2021-09-26 08:05:08 -06:00 |
|
Todd C. Miller
|
01d0bbfb85
|
Add casts to quiet two warnings on Solaris.
|
2021-01-11 07:35:33 -07:00 |
|
Todd C. Miller
|
7788581473
|
Rename run_cred -> cur_cred and stash existing creds in set_tmpdir().
For sudo_edit_open() et al what we need is a copy of the current
cred to restore after dir_is_writable() changes to the user cred.
|
2021-01-06 13:01:09 -07:00 |
|
Todd C. Miller
|
ece5adc662
|
Add struct sudo_cred to hold the invoking or runas user credentials.
We can use this when we need to pass around credential info instead
of the user_details and command_details structs.
|
2021-01-06 13:01:09 -07:00 |
|
Todd C. Miller
|
46e2d7290a
|
Add directory writability checks for SELinux RBAC sudoedit.
These were never added to the SELinux RBAC path.
|
2021-01-06 13:01:09 -07:00 |
|
Todd C. Miller
|
a5be62c68f
|
Move safe open code out of sudo_edit.c and into edit_open.c.
|
2021-01-06 13:01:09 -07:00 |
|