isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,086 Commits 1 Branch 0 Tags
f98b2b260be34b4507029f5b0651b13e305fdad5
Commit Graph

8086 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
f98b2b260b sync with translationproject.org 2015-09-30 14:04:17 -06:00
Todd C. Miller
37abc1b7e4 There's no point in trying to interpose protected versions of the 
exec family of functions.  Many modern C libraries use hidden symbols
for the functions and syscalls defined in libc such that they cannot
be overridden inside libc itself.  We have to just wrap all the exec
variants plus system and popen.
 2015-09-28 21:20:37 -06:00
Todd C. Miller
d5086dfde4 List all the functions wrapped by sudo_noexec.so. 2015-09-28 16:48:46 -06:00
Todd C. Miller
6b81f0b88c The section is now called "EXEC and NOEXEC" and it is above, not 
below.
 2015-09-28 16:48:20 -06:00
Todd C. Miller
282b921333 Also wrap popen(3). 2015-09-28 15:34:16 -06:00
Todd C. Miller
8695ae1049 Also interpose system(3). On glibc systems you cannot interpose 
the syscalls used internally by libc.
 2015-09-28 15:10:00 -06:00
Todd C. Miller
04457ecee9 Set active debug instance to sudo_debug_instance() during the 
conversation function.
 2015-09-28 12:28:18 -06:00
Todd C. Miller
52ec12f52f LOGNAME and USERNAME are set the same way as USER 2015-09-27 15:40:05 -06:00
Todd C. Miller
4be48e7845 Document behavior when the command dies from a signal in EXIT STATUS. 2015-09-27 08:59:46 -06:00
Todd C. Miller
99322bcf31 Bug #722 2015-09-26 11:02:24 -06:00
Todd C. Miller
9486afb4e5 When the command sudo is running is killed by a signal, sudo will 
now send itself the same signal with the default signal handler
instead of exiting.  The bash shell appears to ignore some signals,
e.g.  SIGINT, unless the command is killed by that signal.  This
makes the behavior of commands run under sudo the same as without
sudo when bash is the shell.  Bug #722
 2015-09-26 10:53:16 -06:00
Todd C. Miller
7b7db55db9 Adjust set_logname description to new behavior when any of LOGNAME, 
USER or USERNAME are preserved.
 2015-09-25 11:19:28 -06:00
Todd C. Miller
29a3fcd06c If some, but not all, of the LOGNAME, USER or USERNAME environment 
variables have been preserved from the invoking user's environment,
sudo will now use the preserved value to set the remaining variables
instead of using the runas user.  This ensures that if, for example,
only LOGNAME is present in the env_keep list, that sudo will not
set USER and USERNAME to the runas user.
 2015-09-25 11:15:22 -06:00
Todd C. Miller
0649a261e7 Fix passing of the callback pointer to the conversation function. 
This was preventing the on_suspend and on_resume functions from
being called on PAM systems.
 2015-09-24 13:43:17 -06:00
Todd C. Miller
2c7ff33ea8 Explicitly mark large hex constants unsigned. 2015-09-24 11:23:02 -06:00
Todd C. Miller
118680eabf Cast sizeof(entry) to off_t before making it a negative offset for 
lseek().  Fixes "sudo -k" on Solaris and probably others.
 2015-09-24 10:52:44 -06:00
Todd C. Miller
824021b51b Add explicit mention of sudo's netgroup semantics since they differ 
from most other netgroup consumers.
 2015-09-21 16:04:59 -06:00
Todd C. Miller
80673750cf sync with translationproject.org 2015-09-21 15:18:04 -06:00
Todd C. Miller
0cfce655bd Fix potential double free of the cookie when sudo is suspended at 
the password prompt.
 2015-09-21 15:07:00 -06:00
Todd C. Miller
71d0246322 sync with translationproject.org 2015-09-16 09:53:43 -06:00
Todd C. Miller
51c2ef7ae6 sync with translationproject.org 2015-09-15 14:04:43 -06:00
Todd C. Miller
43fd191cfc Bug #719 2015-09-15 13:36:34 -06:00
Todd C. Miller
3ac17b302b SIGHUP is now relayed to the command. Bug #719 2015-09-15 12:24:19 -06:00
Todd C. Miller
3f6f1cd15c When a terminal device is closed, SIGHUP is sent to the controlling 
process associated with that terminal.  It is not sent to the entire
process group so sudo needs to relay SIGHUP to the command when it
is not being run in a new pty.  Bug #719
 2015-09-15 10:30:36 -06:00
Todd C. Miller
b12500993d Mention visudo bug in 1.8.14 2015-09-15 09:50:35 -06:00
Todd C. Miller
b6cb1b65c9 We reserved two slots at the end of the editor argv for the line 
number and the file name.  However, resolve_editor() adds "--"
before the file names so the +line_number is interpreted as a file
name, not a line number so we need to overwrite the "--" as well.
 2015-09-15 09:29:40 -06:00
Todd C. Miller
a2979ed809 Remove checks for __sys_siglist and __sys_signame. They are internal 
to libc and there are no known systems that export those symbols
that do not already export the single underbar or no-underbar versions.
 2015-09-10 16:44:57 -06:00
Todd C. Miller
9ff93c307b Sync with translationproject.org 2015-09-10 14:30:57 -06:00
Todd C. Miller
4132f184ef regen 2015-09-10 14:30:02 -06:00
Todd C. Miller
38b7aea6b7 Restore old signal handlers before tty settings. That way SIGTTOU 
is at its original value if sudo_term_restore() should fail.
 2015-09-09 15:27:09 -06:00
Todd C. Miller
241174ea2d Document what happens when the on_suspend/on_resume callbacks 
return an error.
 2015-09-09 15:14:06 -06:00
Todd C. Miller
edfeee6a7a No need to have version macros for hooks, callbacks and the sudoers 
group plugin.  We can just use the main sudo API macros.  The sudoers
group plugin macros are preserved for source compatibility but are
not documented.
 2015-09-09 14:56:52 -06:00
Todd C. Miller
c45559e6c8 Properly escape the backslash before a comma in an example so the 
example rule is parsable by visudo.
 2015-09-09 14:33:01 -06:00
Todd C. Miller
2f1d675055 Ignore callbacks if major version doesn't match. 2015-09-09 13:29:57 -06:00
Todd C. Miller
67183d74f4 Remove include/compat/timespec.h. Systems old enough to lack struct 
timespec are too old to build a modern sudo.
 2015-09-09 11:13:22 -06:00
Todd C. Miller
69d51b7590 Bug #713 2015-09-09 10:52:23 -06:00
Todd C. Miller
d08faa73a7 Fill in cstat if exec_setup() fails. Previously it was only filled 
in for an execve() failure.  Fixes an unkillable sudo process when
exec_setup() fails and I/O logging is enabled.
 2015-09-09 10:50:21 -06:00
Todd C. Miller
27c2a3d158 Fix running commands as non-root when neither setresuid() not 
setreuid() are available.  At this point we are already root so
setuid() must succeed.  Bug #713
 2015-09-09 10:45:56 -06:00
Todd C. Miller
0dbfbee035 Cast uid_t to unsigned int when printing as %u 2015-09-09 10:14:03 -06:00
Todd C. Miller
2042aa2b75 Mention time stamp file locking changes, fix some spelling. 2015-09-09 09:57:10 -06:00
Todd C. Miller
3fd97f6bad Update with latest changes. 2015-09-09 06:23:29 -06:00
Todd C. Miller
9dedc65a7f Avoid touching the time stamp directory for "sudo -k command" 2015-09-07 06:06:08 -06:00
Todd C. Miller
69050f9345 Bring back the check for time stamp files that predate the boot 
time.  Instead of truncating we now unlink the file since another
process may be sleeping on the lock.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
7d0a623fdd Use pread(2) and pwrite(2) where possible. 2015-09-07 06:06:08 -06:00
Todd C. Miller
70914b3328 sudo_term_* already restart themselve for all but SIGTTOU so we 
don't need to use our own restart loops.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
448b18de2b Set errno to EINVAL if sudo_lock_* is called with a bad type. 2015-09-07 06:06:08 -06:00
Todd C. Miller
0487b6da9d Adjust new locking to work when tty_tickets is disabled. We need 
to use per-tty/ppid locking to gain exclusive access to the tty
for the password prompt but use a separate (short term) lock
that is shared among all sudo processes for the user.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
f9b8a43816 Allow the time stamp lock to be interrupted by signals. 2015-09-07 06:06:08 -06:00
Todd C. Miller
0c70df5de9 Implement suspend/resume callbacks for the conversation function. 
If suspended, close the timestamp file (dropping all locks).  On
resume, lock the record before reading the password.

For this to work properly we need to be able to run th callback
when tsetattr() suspends us, not just when the user does.  To
accomplish this the term_* functions now return EINTR if SIGTTOU
would be generated.  The caller now has to restart the term_*
function (and send itself SIGTTOU) instead of it being done
automatically.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
00142c91fa Lock individual records in the timestamp file instead of the entire 
file.  This will make it possible for multiple sudo processes using
the same tty to serialize their timestamp lookups.
 2015-09-07 06:06:08 -06:00