The noexec and intercept DSO settings may now include both a 32-bit
DSO and a 64-bit DSO specified by a colon. For example:
/usr/libexec/sudo/sudo_intercept.so:/usr/libexec/sudo/sudo_intercept_64.so.
This is more portable and eliminates the need to check for SYMLOOP_MAX
(and provide it if missing) in configure. Also quiet some -Wconversion
warnings.
macOS does not support direct access to the environ pointer from a
shared object. We need to redirect through _NSGetEnviron() instead.
Fixes GitHub issue #276.
Remove AC_SYS_POSIX_TERMIOS, AC_TYPE_MODE_T, AC_TYPE_UID_T.
Add missing checks for int16_t, uint16_t, int32_t, and int64_t.
Only check for intmax_t, uintmax_t and bit-width types if missing
both inttypes.h and stdint.h.
Remove unused clockid_t replacement.
Renamed __malloc -> sudo_malloclike, __printflike -> sudo_printflike,
__printf0like -> sudo_printf0like.
Add sudo_noreturn instead of __attribute__((__noreturn__)).
We do not use stdnoreturn.h since it has been deprecated in C23
in favor of the [[noreturn]] attribute.
Add a new build flag, --with-apparmor, that builds sudo with AppArmor
support. Modify the build script for Debian and Ubuntu to enable this
flag by default.
On Linux, prefer our own closefrom() emulation since the glibc
version may fail if /proc is not present and close_range() is not
supported. On FreeBSD, closefrom(3) will either call the closefrom
or close_range system call, depending on which is available.
The glibc getentropy() emulation will fail on older kernels that
don't support getrandom().
Also use sudo_fatal() instead of sending SIGKILL on getentropy() failure.
GitHub issue #117.
This allows intercept mode to work with shells that close all open
fds upon startup. The ctor in sudo_intercept.so requests the port
number and secret over the socket inherited from the parent then
closes it. For each policy request, a TCP connection is made to
the sudo parent process to perform the policy check. Child processes
re-use the TCP socket to request the port number and secret just like
the initial process started by sudo does.
Fixes building on Solaris and probably others. It is possible to
expose msg_control on Solaris but this requires a specific set of
feature flag defines which can cause other complications.
OpenSSL returns an error for SSL_accept() if TLS_client_method()
was used to generate the context (LibreSSL doesn't care).
Prior to sudo 1.9.7, TLS_client_method() and TLS_server_method()
were used in the TLS client and server initialization code respectively.
This was refactored in sudo 1.9.7 to allow the code to be shared.
Bug #988
