isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,536 Commits 1 Branch 0 Tags
f6291bf83e434c44b51b47322a19d5c93f4eb956
Commit Graph

12536 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
0efdd7632a The sudoers option is "use_pty", not "log_pty" 
GitHub issue #291
 2023-07-18 07:26:53 -06:00
Todd C. Miller
4b5480cf76 Quiet a warning false positive with older versions of gcc. 2023-07-17 11:23:04 -06:00
Todd C. Miller
fa66c16689 sudoers_check_common: MODE_PRESERVE_ENV is not valid with MODE_CHECK. 
We should only check for MODE_PRESERVE_ENV when running a command.
 2023-07-17 10:52:23 -06:00
Todd C. Miller
c29a27e840 Document bug fixes in 1.9.14p2. 2023-07-14 15:29:52 -06:00
Todd C. Miller
db704c22ec runas_userlist_matches: fix matching a Runas_Spec with an empty runas user. 
We should only match a rule with an empty runas user if a group was
specified on the command line (sudo -g) without a user (no -u option)
or the user specified their own name on the command line.
GitHub issue #290
 2023-07-15 08:44:57 -06:00
Todd C. Miller
78b712101e Pass SUDO_TERM_OFLAG to sudo_term_raw() when sudo output is piped. 
This fixes a problem with "stair-stepped" output when the sudo-run
command's output is piped to another program and the command reads
input from the terminal.
 2023-07-14 14:12:18 -06:00
Todd C. Miller
db4bdb7327 Simplify the exec_monitor() foreground flag. 
Add cmnd_foreground flag that is only true if sudo is the foreground
process and the CD_EXEC_BG flag is not set and pass it to exec_monitor().
This means exec_monitor() no longer needs to check for CD_EXEC_BG.
 2023-07-14 14:08:59 -06:00
Todd C. Miller
625653de08 sudo_term_raw: change the isig argument into a flags field 
There are current two flags: SUDO_TERM_ISIG (enable terminal signals)
and SUDO_TERM_OFLAG (preserve output flags).
 2023-07-14 13:12:51 -06:00
Todd C. Miller
ff6ddff39b Fix a crash in intercept mode running a command with NULL argv[0]. 
Newer Linux kernels replace a NULL argv[0] with the empty string,
we should as well.
 2023-07-12 09:29:00 -06:00
Todd C. Miller
b47f1799c5 sudo_conversation_printf: simplify \n -> \r\n handling 2023-07-12 08:39:18 -06:00
Todd C. Miller
a014b0f2aa sudo_conversation: zero out reply even if no password is requested. 
This avoids a potential invalid free in the err label and provides
more predictable behavior when mixing message types in a conversation.
 2023-07-12 08:16:35 -06:00
Todd C. Miller
9afb1851b2 Docume bug fixes in 1.9.14p1. 2023-07-11 14:24:42 -06:00
Todd C. Miller
56828f6412 fmt_info_messages: don't include ttyname if it is NULL 
The NULL check was commented out for testing but should have been
restored.  Fixes a potential protocol error message from sudo_logsrvd.
 2023-07-11 14:15:46 -06:00
Todd C. Miller
2eee45ef96 evlog_new: store a new copy of peeraddr, not a pointer to a buffer. 
Starting in sudo 1.9.14, eventlog_free() will free the peeraddr
member too so it needs to be dynamically allocated.
 2023-07-11 13:51:16 -06:00
Todd C. Miller
a432aed4f0 realpath.c: include limits.h and use sysconf(_SC_SYMLOOP_MAX) 
This is more portable and eliminates the need to check for SYMLOOP_MAX
(and provide it if missing) in configure.  Also quiet some -Wconversion
warnings.
 2023-07-10 15:52:16 -06:00
Todd C. Miller
dc1a5d7b40 sudo_krb5_ccname_path: avoid gcc false positive for ccname being NULL 
The callers all verify that they don't pass a NULL ccname so I'm
not sure how the compiler is getting confused (and why now?).
 2023-07-10 15:21:31 -06:00
Todd C. Miller
c6a11b4fed Work around unused variable warning when fuzzing in enabled. 2023-07-10 14:50:21 -06:00
Todd C. Miller
d1625f9c83 Only allow the user to specify -D or -R for the special "*" value. 
The sudoers file must now explicitly allow the user to specify a
directory (sudo -D) or chroot (sudo -R) by setting cwd or chroot
to "*".  If a specific cwd or chroot value is set in sudoers, the
user may not use the -D or -R options, even if they match the value
in sudoers.
 2023-07-10 14:30:40 -06:00
Todd C. Miller
44cfa9e132 Add restrict keyword to sudo_printf_t in plugin docs. 2023-07-10 14:30:39 -06:00
Todd C. Miller
db6baf2caf Convert sudo_debug_enter and sudo_debug_exit into macros. 
In most cases, these simply expand to a call to sudo_debug_printf2().
We need to keep the function versions around in libsudo_util for
backwards compatibility.
 2023-07-10 14:30:38 -06:00
Todd C. Miller
2d12a41940 Fix sudo_debug_exit_uint_v1 declaration for fuzzers. 2023-07-10 11:27:28 -06:00
Todd C. Miller
eff4e1c0c5 Add missing sudo_debug_exit_uint_v1 stub for fuzzers. 2023-07-10 11:23:06 -06:00
Todd C. Miller
dbb95ad214 sudo frontend: make more bit flags unsigned. 2023-07-10 11:06:34 -06:00
Todd C. Miller
cbcb1d2506 sudoers plugin: make more bit flags unsigned. 2023-07-10 11:06:23 -06:00
Todd C. Miller
4f097eebd3 libsudo_util: make more bit flags unsigned. 2023-07-10 11:06:04 -06:00
Todd C. Miller
9f7128fe83 parse_timeout: move overflow check to the correct location 
It was not covering all cases in its original location.
Fixes oss-fuzz issue 60454 with fuzz_sudoers.
 2023-07-08 10:16:35 -06:00
Todd C. Miller
fc02df111c Merge pull request #287 from AtariDreams/restrict 
Give every printf-like function restrict qualifiers
 2023-07-07 19:48:05 -06:00
Rose
5d758264ab Give every printf-like function restrict qualifiers 
The format value has to be a string literal, every time.

Otherwise, you are not using these functions correctly. To reinforce this fact, I putrestrict over every non-contrib example of this I could find.
 2023-07-07 20:23:20 -04:00
Todd C. Miller
92860c717d struct exec_closure: make rows and cols int, not short 
There's no real space saved by using short and using int avoids a
few casts.
 2023-07-07 15:42:53 -06:00
Todd C. Miller
548e3e3125 testsudoers: avoid extern definitions where possible 2023-07-07 15:23:54 -06:00
Todd C. Miller
32f4b98f6b sudo frontend: silence most -Wconversion warnings. 2023-07-07 15:07:04 -06:00
Todd C. Miller
0c85f10c80 python plugin: silence -Wconversion warnings. 2023-07-07 15:07:04 -06:00
Todd C. Miller
a38b714667 sudoers plugin: silence most -Wconversion warnings. 2023-07-07 15:07:04 -06:00
Todd C. Miller
4891f37a45 sudo_logsrvd: silence most -Wconversion warnings. 2023-07-07 15:07:04 -06:00
Todd C. Miller
6734a99f8a libiolog: silence -Wconversion warnings. 2023-07-07 15:07:04 -06:00
Todd C. Miller
e93913e2bb libfuzzstub: silence -Wconversion warnings. 2023-07-07 15:07:04 -06:00
Todd C. Miller
c95423a8f9 libevent: silence -Wconversion warnings. 2023-07-07 15:07:04 -06:00
Todd C. Miller
5768d374cc libsudo_util: silence most -Wconversion warnings. 2023-07-07 15:07:04 -06:00
Todd C. Miller
f7801f2160 Add configure check for restrict keyword. 2023-07-07 15:06:53 -06:00
Todd C. Miller
0205f6fc75 sudoers_check_common: remove extraneous return statement. 2023-07-07 14:54:10 -06:00
Todd C. Miller
bced0a7786 Make the remaining instances of digest_type unsigned. 2023-07-06 08:01:15 -06:00
Todd C. Miller
43e914a5d3 Copy, don't append group ID in fill_group() and fill_runas_group() 
This only affects the case where a group ID cannot be resolved.
 2023-07-05 11:49:07 -06:00
Todd C. Miller
17c09dfd27 Remove regress corpus directories correctly 2023-07-05 10:51:23 -06:00
Todd C. Miller
2d1b3c369f Change sudo_strtomode() to return mode_t. 2023-07-05 09:54:22 -06:00
Todd C. Miller
2848dddd87 Rename print_usage() to display_usage() 2023-07-04 19:48:41 -06:00
Todd C. Miller
f6d1542416 Move display of usage text into display_usage() so usage() always exits. 2023-07-04 19:47:28 -06:00
Todd C. Miller
1f0f6b7c78 Fix some indentation. 2023-07-04 18:03:47 -06:00
Todd C. Miller
fd061e4d69 Include testsudoers_pwutil.h for testsudoers_pwutil.c prototypes. 2023-07-04 16:24:48 -06:00
Todd C. Miller
f1d9063477 Fix wrapping of libc getpwnam/getpwuid/getgrnam/getgrgid on NetBSD. 2023-07-04 14:14:07 -06:00
Todd C. Miller
bfb6132d9c Add configure tests for __builtin_clz/__builtin_clzl 2023-07-04 12:39:31 -06:00