isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,536 Commits 1 Branch 0 Tags
f6291bf83e434c44b51b47322a19d5c93f4eb956
Commit Graph

12536 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
bff4e3ce16 set_cmnd_path: apply runchroot if set when finding the command path 
Previously we would prepend runchroot to the path we were checking
but that does not properly handle symbolic links.
 2023-02-21 13:24:33 -07:00
Todd C. Miller
13a311bc71 Add pivot_root() and unpivot_root() to switch the root dir and restore it. 
This will be used to more accurately handling command resolution and
path matching when a new root directory is specified.
 2023-02-21 13:24:33 -07:00
Todd C. Miller
440d9649a8 Move initial values into AC_SUBST() where possible. 2023-02-21 10:17:24 -07:00
Todd C. Miller
7c6f373587 No need to AC_SUBST() standard autoconf variables. 2023-02-21 09:34:49 -07:00
Todd C. Miller
8d95992c1a ptrace_intercept_execve: preserve old argv[0] after policy check. 
We have to replace argv[0] with the pathname for the policy check
but want to restore it afterwards if the policy has not changed the
command's path name to avoid a mismatch later on.
 2023-02-21 10:25:14 -07:00
Todd C. Miller
ceee445e8c Document --disable-largefile and --disable-year2038. 2023-02-19 09:46:12 -07:00
Todd C. Miller
b8c13bbe89 Fix indentation of intercept file in summary output. 2023-02-19 09:21:39 -07:00
Todd C. Miller
a72bc5e6bf get_starttime: add support for GNU Hurd using the mach task_info call. 
This is currently Hurd-specific but could be made Mach-generic as
long as the equivalent of pid2task() is available.
 2023-02-19 07:18:37 -07:00
Todd C. Miller
0b000aab86 Only test get_starttime() on platforms where we support it. 
Fixes a test failure on systems where we have no way to determine
a process's start time.
 2023-02-18 11:46:33 -07:00
Todd C. Miller
58382028aa Sudo 1.9.13p1 2023-02-16 10:17:32 -07:00
Todd C. Miller
42163ac0a9 Use m4_bmatch, m4_case does not support shell-style globbing. 2023-02-16 10:05:26 -07:00
Todd C. Miller
2feea9b2f6 Allow configure.ac to be processed by autoconf 2.69. 
AC_PROG_CC_STDC is deprecated in autoconf 2.70 and above but it is
necessary for autoconf 2.69.
 2023-02-16 09:46:07 -07:00
Todd C. Miller
d7080afe0e Only use AC_SYS_YEAR2038 if it is defined. 
Otherwise, use the method from 1.9.12.
GitHub issue #242
 2023-02-16 07:21:05 -07:00
Todd C. Miller
439f0734f5 Sudo-specific executables moved to /usr/libexec/sudo starting in 
Debian 12 (Bookworm) and Ubuntu 22.04 (Jammy Jellyfish).
Previously, they were stored in /usr/lib/sudo.
 2023-02-15 17:18:39 -07:00
Todd C. Miller
2845ceafb0 Handle "locale -a" returning both C.UTF-8 and C.utf8. 
It is possible to have mutiple matches from the output of "locale
-a".  Just take the first one.  Fixes GitHub issue #241.
 2023-02-15 13:49:04 -07:00
Todd C. Miller
4f50692acc Add some missing files to the clean and distclean targets. 2023-02-15 10:22:42 -07:00
Todd C. Miller
a845039de5 Merge pull request #240 from thesamesam/c23 
sudo_fatal: Fix build where compiler recognises [[noreturn]] attribut…
 2023-02-15 07:59:52 -07:00
Sam James
66359c2bc9 sudo_fatal: Fix build where compiler recognises [[noreturn]] attribute (C23) 
If the compiler supports [[noreturn]] as a attribute as in C23,
then we define sudo_noreturn to be it. When that's the case, we must place
it at the beginning of the declaration, before any other *extension*
attributes (__attribute(...)).

A bug has been filed with GCC regarding rejecting/accepting mixed
attribute styles.

sudo_dso_public is always an extension attribute, while sudo_noreturn only
might be, so put it first.

This only shows up with GCC 13 so far (see the linked GCC bug for a bit more
exploration). Clang 16 does support the attribute but doesn't let you use it
for earlier language versions (need to pass explicit -std=c2x, unlike with GCC here).

This is essentially a followup to e707ffe58b.

Tested with GCC 13.0.1 20230212 (unreleased), GCC 12.2.1 20230211,
Clang 16.0.0_rc2, and Clang 15.0.7.

Bug: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108796
Closes: https://github.com/sudo-project/sudo/issues/239
Fixes: e707ffe58b
Fixes: 16ae61dcd7
 2023-02-15 04:06:15 +00:00
Todd C. Miller
defec5d46e Add missing '[' to AS_IF() call. 
Fixes GitHub issue #238.
 2023-02-14 14:24:28 -07:00
Todd C. Miller
a80dcc6aca Add compiled version of the sudoers Georgian translation. 2023-02-14 09:52:06 -07:00
Todd C. Miller
5eed6adb6f Do not ignore .mo files. 
Otherwise we are likely to miss uncommitted changes in them.
 2023-02-14 09:51:34 -07:00
Todd C. Miller
f1b07aed47 Regenerate .mo files. 2023-02-14 09:44:59 -07:00
Todd C. Miller
bdef2ad6d2 No longer need to define sudoers_recovery here. 2023-02-09 16:39:25 -07:00
Todd C. Miller
0008d1f719 Mention that a missing include file is no longer fatal. 2023-02-09 15:37:12 -07:00
Todd C. Miller
26385b45cf Recover from missing include file unless error_recovery is disabled. 
It is still treated as an error from a logging perspective, and
mail is still sent.
 2023-02-09 15:33:58 -07:00
Todd C. Miller
8960f50961 Updated translations from translationproject.org 2023-02-03 10:26:24 -07:00
Todd C. Miller
b333d16878 Add eventlog_mail() to send a log message via mail. 
This is used by mail_parse_errors() to send multi-line messages.
Previously, the newlines would be escaped as control characters.
 2023-02-09 11:09:24 -07:00
Todd C. Miller
b6caacfe4e send_mail: pass a single string instead of using varargs 
These days we only ever pass in a const string.
 2023-02-09 11:09:03 -07:00
Todd C. Miller
2e1a73502e Use AS_IF instead of if; then where possible. 2023-02-05 08:06:02 -07:00
Todd C. Miller
cfa1fee622 Mention the fix for GitHub #237. 2023-02-03 10:35:34 -07:00
Todd C. Miller
f160e5e6c6 Display error in error message if we can't restore the terminal. 2023-02-03 07:19:19 -07:00
Todd C. Miller
15b4cde692 Display an error message if unable to restore terminal settings. 2023-02-02 20:10:03 -07:00
Todd C. Miller
1758c49d3e Get rid of sudoersdir and just use sysconfdir. 
There is no need for sudoersdir when it is always just set to sysconfdir.
 2023-02-02 19:29:26 -07:00
Todd C. Miller
678d6664a9 pty_finish: only restore the terminal if sudo is the foreground process 2023-02-02 14:02:51 -07:00
Todd C. Miller
7cb23c85a1 Better background job detection when running a command in a pty. 
If sudo is not the process group leader and stdin is not a tty, we
may be running as a background job via a shell script.  Start the
command in the background to avoid changing the terminal mode from
a background process.  GitHub issue #237
 2023-02-02 13:55:18 -07:00
Todd C. Miller
4fb9855634 suspend_sudo_pty: stop the process group even if sudo is not the leader. 
When sudo is not the process group leader, we still need to stop
sudo's process group and not just the sudo process itself.  If we
only send the signal to sudo itself, the shell will not notice if
it is not in monitor mode.  This can happen when sudo is run from
a shell script, for example.  In this case we need to signal the
shell itself.  If the process group leader is no longer present,
we must kill the command since there will be no one to resume us.
 2023-02-02 13:31:16 -07:00
Todd C. Miller
e63eeee7b4 Add debug tracing to tcsetattr_nobg(). 2023-02-02 09:31:25 -07:00
Todd C. Miller
3c9c8668c1 Avoid compilation errors if getaddrinfo() or freeaddrinfo() are macros. 
If this is the case we probably can't stub out the functions but
at least the fuzzer will compile.
 2023-01-31 13:33:59 -07:00
Todd C. Miller
7c5f0d3052 Initialize the integer result parameter passed to SIOCGIFANUM. 
It appears that passing in a non-zero value causes the ioctl() to
fail.  From Tim Rice.
 2023-01-31 12:35:49 -07:00
Todd C. Miller
0b2e662b2e Protect use of AF_INET6 with HAVE_STRUCT_IN6_ADDR guards. 
From Tim Rice.
 2023-01-31 12:22:47 -07:00
Todd C. Miller
ffb09be49d Add configure test for NSIG, _NSIG or __NSIG. 
This is better than just defining NSIG in sudo_compat.h if it is
not defined since signal.h may not have been included.
 2023-01-31 11:30:45 -07:00
Todd C. Miller
49df977c2f Avoid DNS lookups when fuzzing. 2023-01-31 08:59:50 -07:00
Todd C. Miller
23237bb006 No longer need to treat Rocky or Alma Linux specially. 
We now treat them the same as RHEL.
 2023-01-30 07:32:05 -07:00
Todd C. Miller
6d945448ef Merge pull request #230 from trackers-lover/main 
Return value does not match
 2023-01-29 07:12:25 -07:00
bianguangze@uniontech.com
8797f0ceb9 Modify return value parameter 2023-01-29 11:08:38 +08:00
Todd C. Miller
b257df55da Store conf hash in vm_servers instead of vmid. 
Add a shutdown command fallback to the conf file.
 2023-01-27 14:47:32 -07:00
Todd C. Miller
179ad08c86 Updated translations from translationproject.org 2023-01-27 14:46:52 -07:00
Todd C. Miller
ab9b20be9e New Georgian translation from translationproject.org 2023-01-26 13:29:31 -07:00
Todd C. Miller
b4325e64c8 Mention the recent intercept/log_subcmds fix. 2023-01-27 14:44:45 -07:00
Todd C. Miller
53389b5743 Recognize Alma Linux and Rocky Linux (Open Source RHEL clones) 2023-01-27 14:44:45 -07:00