We just need a way for the policy (and visudo) to override the
default sudoers path. This adds a getter to be used in file.c when
sudoers is first opened.
When adminconfdir is enabled, the destination pathh may be different
from the path we opened. We always store an edited file in the
adminconfdir (if enabled). This makes it possible to use visudo
when /etc/sudoers is located on a read-only file system.
Configuration paths in sudo are now a colon-separated list of files
with the adminconfdir instance first (if enabled), followed by a
sysconfdir instance.
This means that _PATH_SUDO_CONF, _PATH_SUDOERS, _PATH_SUDO_LOGSRVD_CONF,
and _PATH_CVTSUDOERS_CONF can now specify multiple files. The first
file that exists is used.
Implementations of _FORTIFY_SOURCE require the header file to be
included. Also remove the useless test of an empty program with
_FORTIFY_SOURCE defined. Pointed out by Florian Weimer.
The ldap_init() function is marked as deprecated and not defined
by default on some systems. This can cause an error for compilers
that do not support implicit function declarations.
From Florian Weimer.
This should avoid problems on Linux in cases where sudo does not
have CAP_SYS_RESOURCE which may be the case in an unprivileged container.
GitHub issue #42
When a command is run via "sudo -b" it has no access to terminal
input. In non-pty mode, the command runs in an orphaned process
group and reads from the controlling terminal fail with EIO. We
cannot do the same while running in a pty but if we set stdin to a
half-closed pipe, reads from it will get EOF. That is close enough.
Trying to tailor the help and usage output to the terminal width
is simply not worth it and could be abused to mark a socket as
"trusted" on Linux if there are additional kernel bugs like
CVE-2023-2002.
Starting with macOS 13, the linker warns when "-undefined dynamic_lookup"
is used. This is added by libtool by default on macOS but we can
suppress it by passing -no-undefined to libtool.
This splits the code to find the command, perform a sudoers lookup,
ask for a password as needed, and perform post-lokup checks out
into sudoers_check_common(). The old sudoers_policy_main() has
been replaced by sudoers_check_cmnd() (called by sudoers_policy_check()),
sudoers_validate_user() (called by sudoers_policy_validate()) and
sudoers_list() (called by sudoers_policy_list()). The list_user
lookup is now performed in sudoers_list().
This was always set to FLAG_NO_USER|FLAG_NO_HOST which are cleared
at the top of the fuction. Make validated a local variables,
initialized to 0, instead. No change in behavior.
The audit plugin already has the correct value for iolog_file, don't
overwrite it with basename(iolog_path). In the future we may wish
to pass in iolog_file and iolog_dir in addition to iolog_path.
Fixes Bug #1046.
