From 51c3488100a2773a6147b043e1f9fb2490cfc005 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Sat, 21 Jun 2025 08:45:17 -0600 Subject: [PATCH 01/18] Add missing tests --- MANIFEST | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/MANIFEST b/MANIFEST index bdb5d485a..2a9f8353a 100644 --- a/MANIFEST +++ b/MANIFEST @@ -861,6 +861,8 @@ plugins/sudoers/regress/cvtsudoers/test4.out.ok plugins/sudoers/regress/cvtsudoers/test4.sh plugins/sudoers/regress/cvtsudoers/test40.out.ok plugins/sudoers/regress/cvtsudoers/test40.sh +plugins/sudoers/regress/cvtsudoers/test41.out.ok +plugins/sudoers/regress/cvtsudoers/test41.sh plugins/sudoers/regress/cvtsudoers/test5.out.ok plugins/sudoers/regress/cvtsudoers/test5.sh plugins/sudoers/regress/cvtsudoers/test6.out.ok @@ -1032,6 +1034,12 @@ plugins/sudoers/regress/sudoers/test30.ldif2sudo.ok plugins/sudoers/regress/sudoers/test30.out.ok plugins/sudoers/regress/sudoers/test30.sudo.ok plugins/sudoers/regress/sudoers/test30.toke.ok +plugins/sudoers/regress/sudoers/test31.in +plugins/sudoers/regress/sudoers/test31.json.ok +plugins/sudoers/regress/sudoers/test31.ldif.ok +plugins/sudoers/regress/sudoers/test31.ldif2sudo.ok +plugins/sudoers/regress/sudoers/test31.out.ok +plugins/sudoers/regress/sudoers/test31.toke.ok plugins/sudoers/regress/sudoers/test4.in plugins/sudoers/regress/sudoers/test4.json.ok plugins/sudoers/regress/sudoers/test4.ldif.ok From d530367828e3713d09489872743eb92d31fb11ff Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Tue, 1 Apr 2025 09:24:51 -0600 Subject: [PATCH 02/18] Only allow a remote host to be specified when listing privileges. This fixes a bug where a user with sudoers privileges on a different host could execute a command on the local host, even if the sudoers file would not otherwise allow this. CVE-2025-32462 Reported by Rich Mirch @ Stratascale Cyber Research Unit (CRU). --- plugins/sudoers/sudoers.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c index 70a0c1a52..ad2fa2f61 100644 --- a/plugins/sudoers/sudoers.c +++ b/plugins/sudoers/sudoers.c @@ -350,6 +350,18 @@ sudoers_check_common(struct sudoers_context *ctx, int pwflag) time_t now; debug_decl(sudoers_check_common, SUDOERS_DEBUG_PLUGIN); + /* The user may only specify a host for "sudo -l". */ + if (!ISSET(ctx->mode, MODE_LIST|MODE_CHECK)) { + if (strcmp(ctx->runas.host, ctx->user.host) != 0) { + log_warningx(ctx, SLOG_NO_STDERR|SLOG_AUDIT, + N_("user not allowed to set remote host for command")); + sudo_warnx("%s", + U_("a remote host may only be specified when listing privileges.")); + ret = false; + goto done; + } + } + /* If given the -P option, set the "preserve_groups" flag. */ if (ISSET(ctx->mode, MODE_PRESERVE_GROUPS)) def_preserve_groups = true; From fdafc2ceb36382b07e604c0f39903d56bef54016 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Sun, 6 Apr 2025 08:28:46 -0600 Subject: [PATCH 03/18] Revert pivot_root and go back to prepending the new root directory. We cannot perform passwd/group lookups _after_ changing the root directory. This does mean that symbolic links in a path are not currently handled properly when matching chroot()ed commands. Fixes a local privilege escalation vulnerability where a user could craft their own nsswitch.conf file to load a shared library of their choosing and run arbitrary code. CVE-2025-32463 Reported by Rich Mirch @ Stratascale Cyber Research Unit (CRU). --- MANIFEST | 2 - plugins/sudoers/Makefile.in | 998 ++++++++---------- plugins/sudoers/editor.c | 2 +- plugins/sudoers/find_path.c | 20 +- plugins/sudoers/goodpath.c | 17 +- plugins/sudoers/match_command.c | 212 ++-- plugins/sudoers/match_digest.c | 14 +- plugins/sudoers/parse.h | 2 +- plugins/sudoers/pivot.c | 87 -- plugins/sudoers/pivot.h | 32 - plugins/sudoers/regress/editor/check_editor.c | 3 +- plugins/sudoers/regress/fuzz/fuzz_policy.c | 7 +- plugins/sudoers/regress/fuzz/fuzz_stubs.c | 12 - plugins/sudoers/resolve_cmnd.c | 6 +- plugins/sudoers/stubs.c | 14 - plugins/sudoers/sudoers.c | 15 +- plugins/sudoers/sudoers.h | 8 +- plugins/sudoers/testsudoers.c | 12 - 18 files changed, 641 insertions(+), 822 deletions(-) delete mode 100644 plugins/sudoers/pivot.c delete mode 100644 plugins/sudoers/pivot.h diff --git a/MANIFEST b/MANIFEST index 2a9f8353a..c1869afa8 100644 --- a/MANIFEST +++ b/MANIFEST @@ -687,8 +687,6 @@ plugins/sudoers/mkdefaults plugins/sudoers/parse.h plugins/sudoers/parse_ldif.c plugins/sudoers/parser_warnx.c -plugins/sudoers/pivot.c -plugins/sudoers/pivot.h plugins/sudoers/po/README plugins/sudoers/po/ast.mo plugins/sudoers/po/ast.po diff --git a/plugins/sudoers/Makefile.in b/plugins/sudoers/Makefile.in index 40fe0870f..2ae2fb12e 100644 --- a/plugins/sudoers/Makefile.in +++ b/plugins/sudoers/Makefile.in @@ -189,11 +189,11 @@ SUDOERS_OBJS = $(AUTH_OBJS) audit.lo boottime.lo check.lo check_util.lo \ display.lo editor.lo env.lo sudoers_hooks.lo env_pattern.lo \ file.lo find_path.lo fmtsudoers.lo gc.lo goodpath.lo \ group_plugin.lo interfaces.lo iolog.lo iolog_path_escapes.lo \ - locale.lo log_client.lo logging.lo lookup.lo pivot.lo \ - policy.lo prompt.lo serialize_list.lo set_perms.lo \ - sethost.lo starttime.lo strlcpy_unesc.lo strvec_join.lo \ - sudo_nss.lo sudoers.lo sudoers_cb.lo sudoers_ctx_free.lo \ - timestamp.lo unesc_str.lo @SUDOERS_OBJS@ + locale.lo log_client.lo logging.lo lookup.lo policy.lo \ + prompt.lo serialize_list.lo set_perms.lo sethost.lo \ + starttime.lo strlcpy_unesc.lo strvec_join.lo sudo_nss.lo \ + sudoers.lo sudoers_cb.lo sudoers_ctx_free.lo timestamp.lo \ + unesc_str.lo @SUDOERS_OBJS@ SUDOERS_IOBJS = $(SUDOERS_OBJS:.lo=.i) @@ -727,9 +727,9 @@ afs.lo: $(authdir)/afs.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/timestamp.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(authdir)/afs.c afs.i: $(authdir)/afs.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -737,9 +737,9 @@ afs.i: $(authdir)/afs.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/timestamp.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(authdir)/afs.c > $@ afs.plog: afs.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(authdir)/afs.c --i-file afs.i --output-file $@ @@ -749,10 +749,9 @@ aix_auth.lo: $(authdir)/aix_auth.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(authdir)/aix_auth.c aix_auth.i: $(authdir)/aix_auth.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -760,10 +759,9 @@ aix_auth.i: $(authdir)/aix_auth.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(authdir)/aix_auth.c > $@ aix_auth.plog: aix_auth.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(authdir)/aix_auth.c --i-file aix_auth.i --output-file $@ @@ -773,10 +771,9 @@ alias.lo: $(srcdir)/alias.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/redblack.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/redblack.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/alias.c alias.i: $(srcdir)/alias.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -784,10 +781,9 @@ alias.i: $(srcdir)/alias.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/redblack.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/redblack.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/alias.c > $@ alias.plog: alias.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/alias.c --i-file alias.i --output-file $@ @@ -799,8 +795,8 @@ audit.lo: $(srcdir)/audit.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_ssl_compat.h \ $(incdir)/sudo_util.h $(srcdir)/bsm_audit.h $(srcdir)/defaults.h \ $(srcdir)/linux_audit.h $(srcdir)/log_client.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/solaris_audit.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/parse.h $(srcdir)/solaris_audit.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/audit.c audit.i: $(srcdir)/audit.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ @@ -811,8 +807,8 @@ audit.i: $(srcdir)/audit.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_ssl_compat.h \ $(incdir)/sudo_util.h $(srcdir)/bsm_audit.h $(srcdir)/defaults.h \ $(srcdir)/linux_audit.h $(srcdir)/log_client.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/solaris_audit.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/parse.h $(srcdir)/solaris_audit.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/audit.c > $@ audit.plog: audit.i @@ -824,7 +820,7 @@ b64_decode.lo: $(srcdir)/b64_decode.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/b64_decode.c @@ -835,7 +831,7 @@ b64_decode.i: $(srcdir)/b64_decode.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/b64_decode.c > $@ @@ -848,7 +844,7 @@ b64_encode.o: $(srcdir)/b64_encode.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/b64_encode.c @@ -859,7 +855,7 @@ b64_encode.i: $(srcdir)/b64_encode.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/b64_encode.c > $@ @@ -871,10 +867,9 @@ boottime.lo: $(srcdir)/boottime.c $(devdir)/def_data.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/boottime.c boottime.i: $(srcdir)/boottime.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -882,10 +877,9 @@ boottime.i: $(srcdir)/boottime.c $(devdir)/def_data.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/boottime.c > $@ boottime.plog: boottime.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/boottime.c --i-file boottime.i --output-file $@ @@ -895,8 +889,8 @@ bsdauth.lo: $(authdir)/bsdauth.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(authdir)/bsdauth.c bsdauth.i: $(authdir)/bsdauth.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ @@ -905,8 +899,8 @@ bsdauth.i: $(authdir)/bsdauth.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(authdir)/bsdauth.c > $@ bsdauth.plog: bsdauth.i @@ -918,9 +912,9 @@ bsm_audit.lo: $(srcdir)/bsm_audit.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/bsm_audit.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/bsm_audit.c bsm_audit.i: $(srcdir)/bsm_audit.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -929,9 +923,9 @@ bsm_audit.i: $(srcdir)/bsm_audit.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/bsm_audit.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/bsm_audit.c > $@ bsm_audit.plog: bsm_audit.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/bsm_audit.c --i-file bsm_audit.i --output-file $@ @@ -942,9 +936,9 @@ canon_path.lo: $(srcdir)/canon_path.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/redblack.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/redblack.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/canon_path.c canon_path.i: $(srcdir)/canon_path.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -953,9 +947,9 @@ canon_path.i: $(srcdir)/canon_path.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/redblack.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/redblack.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/canon_path.c > $@ canon_path.plog: canon_path.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/canon_path.c --i-file canon_path.i --output-file $@ @@ -964,20 +958,18 @@ check.lo: $(srcdir)/check.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(srcdir)/timestamp.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/check.c check.i: $(srcdir)/check.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(srcdir)/timestamp.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/check.c > $@ check.plog: check.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/check.c --i-file check.i --output-file $@ @@ -988,9 +980,9 @@ check_addr.o: $(srcdir)/regress/parser/check_addr.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/interfaces.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/regress/parser/check_addr.c check_addr.i: $(srcdir)/regress/parser/check_addr.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -999,9 +991,9 @@ check_addr.i: $(srcdir)/regress/parser/check_addr.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/interfaces.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/regress/parser/check_addr.c > $@ check_addr.plog: check_addr.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/parser/check_addr.c --i-file check_addr.i --output-file $@ @@ -1012,10 +1004,9 @@ check_aliases.o: $(srcdir)/check_aliases.c $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/check_aliases.c check_aliases.i: $(srcdir)/check_aliases.c $(devdir)/def_data.h \ $(devdir)/gram.h $(incdir)/compat/stdbool.h \ @@ -1024,10 +1015,9 @@ check_aliases.i: $(srcdir)/check_aliases.c $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/check_aliases.c > $@ check_aliases.plog: check_aliases.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/check_aliases.c --i-file check_aliases.i --output-file $@ @@ -1062,9 +1052,9 @@ check_editor.o: $(srcdir)/regress/editor/check_editor.c $(devdir)/def_data.c \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/regress/editor/check_editor.c check_editor.i: $(srcdir)/regress/editor/check_editor.c $(devdir)/def_data.c \ $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ @@ -1073,9 +1063,9 @@ check_editor.i: $(srcdir)/regress/editor/check_editor.c $(devdir)/def_data.c \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/regress/editor/check_editor.c > $@ check_editor.plog: check_editor.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/editor/check_editor.c --i-file check_editor.i --output-file $@ @@ -1086,7 +1076,7 @@ check_env_pattern.o: $(srcdir)/regress/env_match/check_env_pattern.c \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ + $(srcdir)/logging.h $(srcdir)/parse.h \ $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h @@ -1098,7 +1088,7 @@ check_env_pattern.i: $(srcdir)/regress/env_match/check_env_pattern.c \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ + $(srcdir)/logging.h $(srcdir)/parse.h \ $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h @@ -1113,7 +1103,7 @@ check_exptilde.o: $(srcdir)/regress/exptilde/check_exptilde.c \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/regress/exptilde/check_exptilde.c @@ -1125,7 +1115,7 @@ check_exptilde.i: $(srcdir)/regress/exptilde/check_exptilde.c \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/regress/exptilde/check_exptilde.c > $@ @@ -1167,7 +1157,7 @@ check_iolog_plugin.o: $(srcdir)/regress/iolog_plugin/check_iolog_plugin.c \ $(incdir)/sudo_gettext.h $(incdir)/sudo_iolog.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ + $(srcdir)/logging.h $(srcdir)/parse.h \ $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h @@ -1180,7 +1170,7 @@ check_iolog_plugin.i: $(srcdir)/regress/iolog_plugin/check_iolog_plugin.c \ $(incdir)/sudo_gettext.h $(incdir)/sudo_iolog.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ + $(srcdir)/logging.h $(srcdir)/parse.h \ $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h @@ -1196,9 +1186,9 @@ check_serialize_list.lo: \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/regress/serialize_list/check_serialize_list.c check_serialize_list.i: \ $(srcdir)/regress/serialize_list/check_serialize_list.c \ @@ -1209,9 +1199,9 @@ check_serialize_list.i: \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/regress/serialize_list/check_serialize_list.c > $@ check_serialize_list.plog: check_serialize_list.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/serialize_list/check_serialize_list.c --i-file check_serialize_list.i --output-file $@ @@ -1250,7 +1240,7 @@ check_unesc.o: $(srcdir)/regress/unescape/check_unesc.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/regress/unescape/check_unesc.c @@ -1261,7 +1251,7 @@ check_unesc.i: $(srcdir)/regress/unescape/check_unesc.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/regress/unescape/check_unesc.c > $@ @@ -1274,7 +1264,7 @@ check_util.lo: $(srcdir)/check_util.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/check_util.c @@ -1285,7 +1275,7 @@ check_util.i: $(srcdir)/check_util.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/check_util.c > $@ @@ -1299,8 +1289,8 @@ cvtsudoers.o: $(srcdir)/cvtsudoers.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/sudo_lbuf.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/cvtsudoers.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/redblack.h \ - $(srcdir)/strlist.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/parse.h $(srcdir)/redblack.h $(srcdir)/strlist.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(srcdir)/sudoers_version.h \ $(srcdir)/testsudoers_pwutil.h $(srcdir)/tsgetgrpw.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h @@ -1313,8 +1303,8 @@ cvtsudoers.i: $(srcdir)/cvtsudoers.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/sudo_lbuf.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/cvtsudoers.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/redblack.h \ - $(srcdir)/strlist.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/parse.h $(srcdir)/redblack.h $(srcdir)/strlist.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(srcdir)/sudoers_version.h \ $(srcdir)/testsudoers_pwutil.h $(srcdir)/tsgetgrpw.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h @@ -1329,9 +1319,9 @@ cvtsudoers_csv.o: $(srcdir)/cvtsudoers_csv.c $(devdir)/def_data.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/cvtsudoers.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/strlist.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/strlist.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/cvtsudoers_csv.c cvtsudoers_csv.i: $(srcdir)/cvtsudoers_csv.c $(devdir)/def_data.h \ $(devdir)/gram.h $(incdir)/compat/stdbool.h \ @@ -1341,9 +1331,9 @@ cvtsudoers_csv.i: $(srcdir)/cvtsudoers_csv.c $(devdir)/def_data.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/cvtsudoers.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/strlist.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/strlist.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/cvtsudoers_csv.c > $@ cvtsudoers_csv.plog: cvtsudoers_csv.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/cvtsudoers_csv.c --i-file cvtsudoers_csv.i --output-file $@ @@ -1356,7 +1346,7 @@ cvtsudoers_json.o: $(srcdir)/cvtsudoers_json.c $(devdir)/def_data.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/cvtsudoers.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/strlist.h $(srcdir)/sudo_nss.h \ + $(srcdir)/strlist.h $(srcdir)/sudo_nss.h \ $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/cvtsudoers_json.c @@ -1369,7 +1359,7 @@ cvtsudoers_json.i: $(srcdir)/cvtsudoers_json.c $(devdir)/def_data.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/cvtsudoers.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/strlist.h $(srcdir)/sudo_nss.h \ + $(srcdir)/strlist.h $(srcdir)/sudo_nss.h \ $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/cvtsudoers_json.c > $@ @@ -1383,11 +1373,11 @@ cvtsudoers_ldif.o: $(srcdir)/cvtsudoers_ldif.c $(devdir)/def_data.h \ $(incdir)/sudo_lbuf.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/cvtsudoers.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/redblack.h $(srcdir)/strlist.h \ - $(srcdir)/sudo_ldap.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/redblack.h \ + $(srcdir)/strlist.h $(srcdir)/sudo_ldap.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/cvtsudoers_ldif.c cvtsudoers_ldif.i: $(srcdir)/cvtsudoers_ldif.c $(devdir)/def_data.h \ $(devdir)/gram.h $(incdir)/compat/stdbool.h \ @@ -1397,11 +1387,11 @@ cvtsudoers_ldif.i: $(srcdir)/cvtsudoers_ldif.c $(devdir)/def_data.h \ $(incdir)/sudo_lbuf.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/cvtsudoers.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/redblack.h $(srcdir)/strlist.h \ - $(srcdir)/sudo_ldap.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/redblack.h \ + $(srcdir)/strlist.h $(srcdir)/sudo_ldap.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/cvtsudoers_ldif.c > $@ cvtsudoers_ldif.plog: cvtsudoers_ldif.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/cvtsudoers_ldif.c --i-file cvtsudoers_ldif.i --output-file $@ @@ -1413,7 +1403,7 @@ cvtsudoers_merge.o: $(srcdir)/cvtsudoers_merge.c $(devdir)/def_data.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/cvtsudoers.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/redblack.h $(srcdir)/strlist.h \ + $(srcdir)/redblack.h $(srcdir)/strlist.h \ $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h @@ -1426,7 +1416,7 @@ cvtsudoers_merge.i: $(srcdir)/cvtsudoers_merge.c $(devdir)/def_data.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/cvtsudoers.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/redblack.h $(srcdir)/strlist.h \ + $(srcdir)/redblack.h $(srcdir)/strlist.h \ $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h @@ -1440,11 +1430,10 @@ cvtsudoers_pwutil.o: $(srcdir)/cvtsudoers_pwutil.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/cvtsudoers.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/pwutil.h $(srcdir)/strlist.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pwutil.h \ + $(srcdir)/strlist.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/cvtsudoers_pwutil.c cvtsudoers_pwutil.i: $(srcdir)/cvtsudoers_pwutil.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -1453,11 +1442,10 @@ cvtsudoers_pwutil.i: $(srcdir)/cvtsudoers_pwutil.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/cvtsudoers.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/pwutil.h $(srcdir)/strlist.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pwutil.h \ + $(srcdir)/strlist.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/cvtsudoers_pwutil.c > $@ cvtsudoers_pwutil.plog: cvtsudoers_pwutil.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/cvtsudoers_pwutil.c --i-file cvtsudoers_pwutil.i --output-file $@ @@ -1467,9 +1455,9 @@ dce.lo: $(authdir)/dce.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/timestamp.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(authdir)/dce.c dce.i: $(authdir)/dce.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -1477,9 +1465,9 @@ dce.i: $(authdir)/dce.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/timestamp.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(authdir)/dce.c > $@ dce.plog: dce.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(authdir)/dce.c --i-file dce.i --output-file $@ @@ -1490,10 +1478,9 @@ defaults.lo: $(srcdir)/defaults.c $(devdir)/def_data.c $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/defaults.c defaults.i: $(srcdir)/defaults.c $(devdir)/def_data.c $(devdir)/def_data.h \ $(devdir)/gram.h $(incdir)/compat/stdbool.h \ @@ -1502,10 +1489,9 @@ defaults.i: $(srcdir)/defaults.c $(devdir)/def_data.c $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/defaults.c > $@ defaults.plog: defaults.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/defaults.c --i-file defaults.i --output-file $@ @@ -1530,9 +1516,9 @@ display.lo: $(srcdir)/display.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_lbuf.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/display.c display.i: $(srcdir)/display.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -1541,9 +1527,9 @@ display.i: $(srcdir)/display.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_lbuf.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/display.c > $@ display.plog: display.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/display.c --i-file display.i --output-file $@ @@ -1553,9 +1539,9 @@ editor.lo: $(srcdir)/editor.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/editor.c editor.i: $(srcdir)/editor.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ @@ -1563,9 +1549,9 @@ editor.i: $(srcdir)/editor.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/editor.c > $@ editor.plog: editor.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/editor.c --i-file editor.i --output-file $@ @@ -1574,18 +1560,18 @@ env.lo: $(srcdir)/env.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/env.c env.i: $(srcdir)/env.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/env.c > $@ env.plog: env.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/env.c --i-file env.i --output-file $@ @@ -1596,7 +1582,7 @@ env_pattern.lo: $(srcdir)/env_pattern.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/env_pattern.c @@ -1607,7 +1593,7 @@ env_pattern.i: $(srcdir)/env_pattern.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/env_pattern.c > $@ @@ -1619,8 +1605,8 @@ exptilde.lo: $(srcdir)/exptilde.c $(devdir)/def_data.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/pwutil.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pwutil.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/exptilde.c @@ -1630,8 +1616,8 @@ exptilde.i: $(srcdir)/exptilde.c $(devdir)/def_data.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/pwutil.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pwutil.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/exptilde.c > $@ @@ -1644,9 +1630,8 @@ file.lo: $(srcdir)/file.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_lbuf.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/file.c file.i: $(srcdir)/file.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -1655,9 +1640,8 @@ file.i: $(srcdir)/file.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_lbuf.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/file.c > $@ file.plog: file.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/file.c --i-file file.i --output-file $@ @@ -1668,9 +1652,9 @@ filedigest.lo: $(srcdir)/filedigest.c $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/filedigest.c filedigest.i: $(srcdir)/filedigest.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -1679,9 +1663,9 @@ filedigest.i: $(srcdir)/filedigest.c $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/filedigest.c > $@ filedigest.plog: filedigest.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/filedigest.c --i-file filedigest.i --output-file $@ @@ -1692,7 +1676,7 @@ find_path.lo: $(srcdir)/find_path.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/find_path.c @@ -1703,7 +1687,7 @@ find_path.i: $(srcdir)/find_path.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/find_path.c > $@ @@ -1716,9 +1700,9 @@ fmtsudoers.lo: $(srcdir)/fmtsudoers.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_lbuf.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/fmtsudoers.c fmtsudoers.i: $(srcdir)/fmtsudoers.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -1727,9 +1711,9 @@ fmtsudoers.i: $(srcdir)/fmtsudoers.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_lbuf.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/fmtsudoers.c > $@ fmtsudoers.plog: fmtsudoers.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/fmtsudoers.c --i-file fmtsudoers.i --output-file $@ @@ -1741,7 +1725,7 @@ fmtsudoers_cvt.lo: $(srcdir)/fmtsudoers_cvt.c $(devdir)/def_data.h \ $(incdir)/sudo_lbuf.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/fmtsudoers_cvt.c @@ -1753,7 +1737,7 @@ fmtsudoers_cvt.i: $(srcdir)/fmtsudoers_cvt.c $(devdir)/def_data.h \ $(incdir)/sudo_lbuf.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/fmtsudoers_cvt.c > $@ @@ -1768,7 +1752,7 @@ fuzz_policy.o: $(srcdir)/regress/fuzz/fuzz_policy.c $(devdir)/def_data.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/auth/sudo_auth.h $(srcdir)/defaults.h \ $(srcdir)/interfaces.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/regress/fuzz/fuzz_policy.c @@ -1781,7 +1765,7 @@ fuzz_policy.i: $(srcdir)/regress/fuzz/fuzz_policy.c $(devdir)/def_data.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/auth/sudo_auth.h $(srcdir)/defaults.h \ $(srcdir)/interfaces.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/regress/fuzz/fuzz_policy.c > $@ @@ -1794,10 +1778,9 @@ fuzz_stubs.o: $(srcdir)/regress/fuzz/fuzz_stubs.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/interfaces.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(srcdir)/timestamp.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/regress/fuzz/fuzz_stubs.c fuzz_stubs.i: $(srcdir)/regress/fuzz/fuzz_stubs.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -1806,10 +1789,9 @@ fuzz_stubs.i: $(srcdir)/regress/fuzz/fuzz_stubs.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/interfaces.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(srcdir)/timestamp.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/regress/fuzz/fuzz_stubs.c > $@ fuzz_stubs.plog: fuzz_stubs.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/fuzz/fuzz_stubs.c --i-file fuzz_stubs.i --output-file $@ @@ -1820,10 +1802,9 @@ fuzz_sudoers.o: $(srcdir)/regress/fuzz/fuzz_sudoers.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/interfaces.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/regress/fuzz/fuzz_sudoers.c fuzz_sudoers.i: $(srcdir)/regress/fuzz/fuzz_sudoers.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -1832,10 +1813,9 @@ fuzz_sudoers.i: $(srcdir)/regress/fuzz/fuzz_sudoers.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/interfaces.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/regress/fuzz/fuzz_sudoers.c > $@ fuzz_sudoers.plog: fuzz_sudoers.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/fuzz/fuzz_sudoers.c --i-file fuzz_sudoers.i --output-file $@ @@ -1846,7 +1826,7 @@ fuzz_sudoers_ldif.o: $(srcdir)/regress/fuzz/fuzz_sudoers_ldif.c \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ + $(srcdir)/logging.h $(srcdir)/parse.h \ $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h @@ -1858,7 +1838,7 @@ fuzz_sudoers_ldif.i: $(srcdir)/regress/fuzz/fuzz_sudoers_ldif.c \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ + $(srcdir)/logging.h $(srcdir)/parse.h \ $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h @@ -1871,8 +1851,8 @@ fwtk.lo: $(authdir)/fwtk.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(authdir)/fwtk.c fwtk.i: $(authdir)/fwtk.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ @@ -1881,8 +1861,8 @@ fwtk.i: $(authdir)/fwtk.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(authdir)/fwtk.c > $@ fwtk.plog: fwtk.i @@ -1892,8 +1872,8 @@ gc.lo: $(srcdir)/gc.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/gc.c gc.i: $(srcdir)/gc.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ @@ -1901,8 +1881,8 @@ gc.i: $(srcdir)/gc.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/gc.c > $@ gc.plog: gc.i @@ -1932,7 +1912,7 @@ getspwuid.lo: $(srcdir)/getspwuid.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/getspwuid.c @@ -1943,7 +1923,7 @@ getspwuid.i: $(srcdir)/getspwuid.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/getspwuid.c > $@ @@ -1955,10 +1935,9 @@ goodpath.lo: $(srcdir)/goodpath.c $(devdir)/def_data.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/goodpath.c goodpath.i: $(srcdir)/goodpath.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -1966,10 +1945,9 @@ goodpath.i: $(srcdir)/goodpath.c $(devdir)/def_data.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/goodpath.c > $@ goodpath.plog: goodpath.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/goodpath.c --i-file goodpath.i --output-file $@ @@ -1979,9 +1957,8 @@ gram.lo: $(devdir)/gram.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(srcdir)/toke.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/toke.h $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(devdir)/gram.c gram.i: $(devdir)/gram.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ @@ -1989,9 +1966,8 @@ gram.i: $(devdir)/gram.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(srcdir)/toke.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/toke.h $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(devdir)/gram.c > $@ gram.plog: gram.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(devdir)/gram.c --i-file gram.i --output-file $@ @@ -2002,10 +1978,9 @@ group_plugin.lo: $(srcdir)/group_plugin.c $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/group_plugin.c group_plugin.i: $(srcdir)/group_plugin.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -2014,10 +1989,9 @@ group_plugin.i: $(srcdir)/group_plugin.c $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/group_plugin.c > $@ group_plugin.plog: group_plugin.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/group_plugin.c --i-file group_plugin.i --output-file $@ @@ -2028,9 +2002,9 @@ interfaces.lo: $(srcdir)/interfaces.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/interfaces.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/interfaces.c interfaces.i: $(srcdir)/interfaces.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -2039,9 +2013,9 @@ interfaces.i: $(srcdir)/interfaces.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/interfaces.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/interfaces.c > $@ interfaces.plog: interfaces.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/interfaces.c --i-file interfaces.i --output-file $@ @@ -2053,8 +2027,8 @@ iolog.lo: $(srcdir)/iolog.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_ssl_compat.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/log_client.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/strlist.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/parse.h $(srcdir)/strlist.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/iolog.c iolog.i: $(srcdir)/iolog.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ @@ -2065,8 +2039,8 @@ iolog.i: $(srcdir)/iolog.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_ssl_compat.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/log_client.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/strlist.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/parse.h $(srcdir)/strlist.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/iolog.c > $@ iolog.plog: iolog.i @@ -2078,7 +2052,7 @@ iolog_path_escapes.lo: $(srcdir)/iolog_path_escapes.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_iolog.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ + $(srcdir)/logging.h $(srcdir)/parse.h \ $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h @@ -2090,7 +2064,7 @@ iolog_path_escapes.i: $(srcdir)/iolog_path_escapes.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_iolog.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ + $(srcdir)/logging.h $(srcdir)/parse.h \ $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h @@ -2103,8 +2077,8 @@ kerb5.lo: $(authdir)/kerb5.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(authdir)/kerb5.c kerb5.i: $(authdir)/kerb5.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ @@ -2113,8 +2087,8 @@ kerb5.i: $(authdir)/kerb5.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(authdir)/kerb5.c > $@ kerb5.plog: kerb5.i @@ -2125,8 +2099,8 @@ ldap.lo: $(srcdir)/ldap.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_lbuf.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_ldap.h $(srcdir)/sudo_ldap_conf.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/sudo_ldap.h $(srcdir)/sudo_ldap_conf.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/ldap.c ldap.i: $(srcdir)/ldap.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ @@ -2135,8 +2109,8 @@ ldap.i: $(srcdir)/ldap.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_lbuf.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_ldap.h $(srcdir)/sudo_ldap_conf.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/sudo_ldap.h $(srcdir)/sudo_ldap_conf.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/ldap.c > $@ ldap.plog: ldap.i @@ -2148,7 +2122,7 @@ ldap_conf.lo: $(srcdir)/ldap_conf.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_lbuf.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/sudo_ldap.h \ + $(srcdir)/parse.h $(srcdir)/sudo_ldap.h \ $(srcdir)/sudo_ldap_conf.h $(srcdir)/sudo_nss.h \ $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h @@ -2160,7 +2134,7 @@ ldap_conf.i: $(srcdir)/ldap_conf.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_lbuf.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/sudo_ldap.h \ + $(srcdir)/parse.h $(srcdir)/sudo_ldap.h \ $(srcdir)/sudo_ldap_conf.h $(srcdir)/sudo_nss.h \ $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h @@ -2174,10 +2148,10 @@ ldap_innetgr.lo: $(srcdir)/ldap_innetgr.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_ldap.h \ - $(srcdir)/sudo_ldap_conf.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/sudo_ldap.h $(srcdir)/sudo_ldap_conf.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/ldap_innetgr.c ldap_innetgr.i: $(srcdir)/ldap_innetgr.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -2186,10 +2160,10 @@ ldap_innetgr.i: $(srcdir)/ldap_innetgr.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_ldap.h \ - $(srcdir)/sudo_ldap_conf.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/sudo_ldap.h $(srcdir)/sudo_ldap_conf.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/ldap_innetgr.c > $@ ldap_innetgr.plog: ldap_innetgr.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/ldap_innetgr.c --i-file ldap_innetgr.i --output-file $@ @@ -2201,10 +2175,9 @@ ldap_util.lo: $(srcdir)/ldap_util.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/sudo_lbuf.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/interfaces.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/sudo_ldap.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_ldap.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/ldap_util.c ldap_util.i: $(srcdir)/ldap_util.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -2214,10 +2187,9 @@ ldap_util.i: $(srcdir)/ldap_util.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/sudo_lbuf.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/interfaces.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/sudo_ldap.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_ldap.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/ldap_util.c > $@ ldap_util.plog: ldap_util.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/ldap_util.c --i-file ldap_util.i --output-file $@ @@ -2228,10 +2200,9 @@ linux_audit.lo: $(srcdir)/linux_audit.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/linux_audit.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/linux_audit.c linux_audit.i: $(srcdir)/linux_audit.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -2240,10 +2211,9 @@ linux_audit.i: $(srcdir)/linux_audit.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/linux_audit.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/linux_audit.c > $@ linux_audit.plog: linux_audit.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/linux_audit.c --i-file linux_audit.i --output-file $@ @@ -2274,9 +2244,9 @@ log_client.lo: $(srcdir)/log_client.c $(devdir)/def_data.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_ssl_compat.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(srcdir)/log_client.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/strlist.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/strlist.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/log_client.c log_client.i: $(srcdir)/log_client.c $(devdir)/def_data.h \ $(incdir)/compat/getaddrinfo.h $(incdir)/compat/stdbool.h \ @@ -2289,9 +2259,9 @@ log_client.i: $(srcdir)/log_client.c $(devdir)/def_data.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_ssl_compat.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(srcdir)/log_client.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/strlist.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/strlist.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/log_client.c > $@ log_client.plog: log_client.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/log_client.c --i-file log_client.i --output-file $@ @@ -2304,8 +2274,8 @@ logging.lo: $(srcdir)/logging.c $(devdir)/def_data.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_ssl_compat.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/log_client.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/strlist.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/parse.h $(srcdir)/strlist.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/logging.c logging.i: $(srcdir)/logging.c $(devdir)/def_data.h \ @@ -2317,8 +2287,8 @@ logging.i: $(srcdir)/logging.c $(devdir)/def_data.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_ssl_compat.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/log_client.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/strlist.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/parse.h $(srcdir)/strlist.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/logging.c > $@ logging.plog: logging.i @@ -2329,8 +2299,8 @@ lookup.lo: $(srcdir)/lookup.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/lookup.c lookup.i: $(srcdir)/lookup.c $(devdir)/def_data.h $(devdir)/gram.h \ @@ -2339,8 +2309,8 @@ lookup.i: $(srcdir)/lookup.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/lookup.c > $@ lookup.plog: lookup.i @@ -2351,8 +2321,8 @@ match.lo: $(srcdir)/match.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/match.c match.i: $(srcdir)/match.c $(devdir)/def_data.h $(devdir)/gram.h \ @@ -2361,8 +2331,8 @@ match.i: $(srcdir)/match.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/match.c > $@ match.plog: match.i @@ -2374,9 +2344,9 @@ match_addr.lo: $(srcdir)/match_addr.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/interfaces.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/match_addr.c match_addr.i: $(srcdir)/match_addr.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -2385,9 +2355,9 @@ match_addr.i: $(srcdir)/match_addr.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/interfaces.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/match_addr.c > $@ match_addr.plog: match_addr.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/match_addr.c --i-file match_addr.i --output-file $@ @@ -2399,10 +2369,9 @@ match_command.lo: $(srcdir)/match_command.c $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/match_command.c match_command.i: $(srcdir)/match_command.c $(devdir)/def_data.h \ $(devdir)/gram.h $(incdir)/compat/fnmatch.h \ @@ -2412,10 +2381,9 @@ match_command.i: $(srcdir)/match_command.c $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/match_command.c > $@ match_command.plog: match_command.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/match_command.c --i-file match_command.i --output-file $@ @@ -2427,7 +2395,7 @@ match_digest.lo: $(srcdir)/match_digest.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/match_digest.c @@ -2439,7 +2407,7 @@ match_digest.i: $(srcdir)/match_digest.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/match_digest.c > $@ @@ -2469,9 +2437,8 @@ pam.lo: $(authdir)/pam.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(authdir)/pam.c pam.i: $(authdir)/pam.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -2479,9 +2446,8 @@ pam.i: $(authdir)/pam.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(authdir)/pam.c > $@ pam.plog: pam.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(authdir)/pam.c --i-file pam.i --output-file $@ @@ -2492,8 +2458,8 @@ parse_ldif.o: $(srcdir)/parse_ldif.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/redblack.h $(srcdir)/strlist.h \ - $(srcdir)/sudo_ldap.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/redblack.h $(srcdir)/strlist.h $(srcdir)/sudo_ldap.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/parse_ldif.c @@ -2504,8 +2470,8 @@ parse_ldif.i: $(srcdir)/parse_ldif.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/redblack.h $(srcdir)/strlist.h \ - $(srcdir)/sudo_ldap.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/redblack.h $(srcdir)/strlist.h $(srcdir)/sudo_ldap.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/parse_ldif.c > $@ @@ -2518,7 +2484,7 @@ parser_warnx.lo: $(srcdir)/parser_warnx.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/parser_warnx.c @@ -2529,7 +2495,7 @@ parser_warnx.i: $(srcdir)/parser_warnx.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/parser_warnx.c > $@ @@ -2541,8 +2507,8 @@ passwd.lo: $(authdir)/passwd.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(authdir)/passwd.c passwd.i: $(authdir)/passwd.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ @@ -2551,32 +2517,12 @@ passwd.i: $(authdir)/passwd.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(authdir)/passwd.c > $@ passwd.plog: passwd.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(authdir)/passwd.c --i-file passwd.i --output-file $@ -pivot.lo: $(srcdir)/pivot.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ - $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ - $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h - $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/pivot.c -pivot.i: $(srcdir)/pivot.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ - $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ - $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h - $(CPP) $(CPPFLAGS) $(srcdir)/pivot.c > $@ -pivot.plog: pivot.i - rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/pivot.c --i-file pivot.i --output-file $@ policy.lo: $(srcdir)/policy.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \ @@ -2584,10 +2530,10 @@ policy.lo: $(srcdir)/policy.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/auth/sudo_auth.h \ $(srcdir)/defaults.h $(srcdir)/interfaces.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(srcdir)/sudoers_version.h $(srcdir)/timestamp.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(srcdir)/sudoers_version.h \ + $(srcdir)/timestamp.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/policy.c policy.i: $(srcdir)/policy.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ @@ -2596,10 +2542,10 @@ policy.i: $(srcdir)/policy.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/auth/sudo_auth.h \ $(srcdir)/defaults.h $(srcdir)/interfaces.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(srcdir)/sudoers_version.h $(srcdir)/timestamp.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(srcdir)/sudoers_version.h \ + $(srcdir)/timestamp.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/policy.c > $@ policy.plog: policy.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/policy.c --i-file policy.i --output-file $@ @@ -2609,9 +2555,9 @@ prompt.lo: $(srcdir)/prompt.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/prompt.c prompt.i: $(srcdir)/prompt.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ @@ -2619,9 +2565,9 @@ prompt.i: $(srcdir)/prompt.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/prompt.c > $@ prompt.plog: prompt.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/prompt.c --i-file prompt.i --output-file $@ @@ -2631,10 +2577,9 @@ pwutil.lo: $(srcdir)/pwutil.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/pwutil.h \ - $(srcdir)/redblack.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/pwutil.h $(srcdir)/redblack.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/pwutil.c pwutil.i: $(srcdir)/pwutil.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ @@ -2642,10 +2587,9 @@ pwutil.i: $(srcdir)/pwutil.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/pwutil.h \ - $(srcdir)/redblack.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/pwutil.h $(srcdir)/redblack.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/pwutil.c > $@ pwutil.plog: pwutil.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/pwutil.c --i-file pwutil.i --output-file $@ @@ -2656,9 +2600,9 @@ pwutil_impl.lo: $(srcdir)/pwutil_impl.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/pwutil.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/pwutil.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/pwutil_impl.c pwutil_impl.i: $(srcdir)/pwutil_impl.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -2667,9 +2611,9 @@ pwutil_impl.i: $(srcdir)/pwutil_impl.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/pwutil.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/pwutil.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/pwutil_impl.c > $@ pwutil_impl.plog: pwutil_impl.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/pwutil_impl.c --i-file pwutil_impl.i --output-file $@ @@ -2679,8 +2623,8 @@ redblack.lo: $(srcdir)/redblack.c $(devdir)/def_data.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/redblack.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/redblack.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/redblack.c @@ -2690,8 +2634,8 @@ redblack.i: $(srcdir)/redblack.c $(devdir)/def_data.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/redblack.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/redblack.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/redblack.c > $@ @@ -2704,7 +2648,7 @@ resolve_cmnd.lo: $(srcdir)/resolve_cmnd.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/resolve_cmnd.c @@ -2715,7 +2659,7 @@ resolve_cmnd.i: $(srcdir)/resolve_cmnd.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/resolve_cmnd.c > $@ @@ -2727,8 +2671,8 @@ rfc1938.lo: $(authdir)/rfc1938.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(authdir)/rfc1938.c rfc1938.i: $(authdir)/rfc1938.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ @@ -2737,8 +2681,8 @@ rfc1938.i: $(authdir)/rfc1938.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(authdir)/rfc1938.c > $@ rfc1938.plog: rfc1938.i @@ -2750,9 +2694,9 @@ secureware.lo: $(authdir)/secureware.c $(authdir)/sudo_auth.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(authdir)/secureware.c secureware.i: $(authdir)/secureware.c $(authdir)/sudo_auth.h \ $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ @@ -2761,9 +2705,9 @@ secureware.i: $(authdir)/secureware.c $(authdir)/sudo_auth.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(authdir)/secureware.c > $@ secureware.plog: secureware.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(authdir)/secureware.c --i-file secureware.i --output-file $@ @@ -2773,10 +2717,9 @@ securid5.lo: $(authdir)/securid5.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(authdir)/securid5.c securid5.i: $(authdir)/securid5.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -2784,10 +2727,9 @@ securid5.i: $(authdir)/securid5.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(authdir)/securid5.c > $@ securid5.plog: securid5.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(authdir)/securid5.c --i-file securid5.i --output-file $@ @@ -2798,7 +2740,7 @@ serialize_list.lo: $(srcdir)/serialize_list.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/serialize_list.c @@ -2809,7 +2751,7 @@ serialize_list.i: $(srcdir)/serialize_list.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/serialize_list.c > $@ @@ -2822,7 +2764,7 @@ set_perms.lo: $(srcdir)/set_perms.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/set_perms.c @@ -2833,7 +2775,7 @@ set_perms.i: $(srcdir)/set_perms.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/set_perms.c > $@ @@ -2845,8 +2787,8 @@ sethost.lo: $(srcdir)/sethost.c $(devdir)/def_data.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/sethost.c sethost.i: $(srcdir)/sethost.c $(devdir)/def_data.h \ @@ -2855,8 +2797,8 @@ sethost.i: $(srcdir)/sethost.c $(devdir)/def_data.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/sethost.c > $@ sethost.plog: sethost.i @@ -2867,9 +2809,8 @@ sia.lo: $(authdir)/sia.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(authdir)/sia.c sia.i: $(authdir)/sia.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -2877,9 +2818,8 @@ sia.i: $(authdir)/sia.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(authdir)/sia.c > $@ sia.plog: sia.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(authdir)/sia.c --i-file sia.i --output-file $@ @@ -2890,10 +2830,9 @@ solaris_audit.lo: $(srcdir)/solaris_audit.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/solaris_audit.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/solaris_audit.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/solaris_audit.c solaris_audit.i: $(srcdir)/solaris_audit.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -2902,10 +2841,9 @@ solaris_audit.i: $(srcdir)/solaris_audit.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/solaris_audit.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/solaris_audit.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/solaris_audit.c > $@ solaris_audit.plog: solaris_audit.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/solaris_audit.c --i-file solaris_audit.i --output-file $@ @@ -2915,9 +2853,9 @@ sssd.lo: $(srcdir)/sssd.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_lbuf.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_ldap.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/sudo_ldap.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/sssd.c sssd.i: $(srcdir)/sssd.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ @@ -2925,9 +2863,9 @@ sssd.i: $(srcdir)/sssd.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_lbuf.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_ldap.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/sudo_ldap.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/sssd.c > $@ sssd.plog: sssd.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/sssd.c --i-file sssd.i --output-file $@ @@ -2938,7 +2876,7 @@ starttime.lo: $(srcdir)/starttime.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/starttime.c @@ -2949,7 +2887,7 @@ starttime.i: $(srcdir)/starttime.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/starttime.c > $@ @@ -2962,7 +2900,7 @@ strlcpy_unesc.lo: $(srcdir)/strlcpy_unesc.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/strlcpy_unesc.c @@ -2973,7 +2911,7 @@ strlcpy_unesc.i: $(srcdir)/strlcpy_unesc.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/strlcpy_unesc.c > $@ @@ -2998,7 +2936,7 @@ strvec_join.lo: $(srcdir)/strvec_join.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/strvec_join.c @@ -3009,7 +2947,7 @@ strvec_join.i: $(srcdir)/strvec_join.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/strvec_join.c > $@ @@ -3021,9 +2959,8 @@ stubs.o: $(srcdir)/stubs.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(srcdir)/interfaces.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/stubs.c stubs.i: $(srcdir)/stubs.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ @@ -3031,9 +2968,8 @@ stubs.i: $(srcdir)/stubs.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(srcdir)/interfaces.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/stubs.c > $@ stubs.plog: stubs.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/stubs.c --i-file stubs.i --output-file $@ @@ -3047,10 +2983,9 @@ sudo_auth.lo: $(authdir)/sudo_auth.c $(authdir)/sudo_auth.h \ $(srcdir)/ins_2001.h $(srcdir)/ins_classic.h \ $(srcdir)/ins_csops.h $(srcdir)/ins_goons.h \ $(srcdir)/ins_python.h $(srcdir)/insults.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(srcdir)/timestamp.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(authdir)/sudo_auth.c sudo_auth.i: $(authdir)/sudo_auth.c $(authdir)/sudo_auth.h \ $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ @@ -3062,10 +2997,9 @@ sudo_auth.i: $(authdir)/sudo_auth.c $(authdir)/sudo_auth.h \ $(srcdir)/ins_2001.h $(srcdir)/ins_classic.h \ $(srcdir)/ins_csops.h $(srcdir)/ins_goons.h \ $(srcdir)/ins_python.h $(srcdir)/insults.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(srcdir)/timestamp.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(authdir)/sudo_auth.c > $@ sudo_auth.plog: sudo_auth.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(authdir)/sudo_auth.c --i-file sudo_auth.i --output-file $@ @@ -3075,10 +3009,9 @@ sudo_nss.lo: $(srcdir)/sudo_nss.c $(devdir)/def_data.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/sudo_nss.c sudo_nss.i: $(srcdir)/sudo_nss.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -3086,10 +3019,9 @@ sudo_nss.i: $(srcdir)/sudo_nss.c $(devdir)/def_data.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/sudo_nss.c > $@ sudo_nss.plog: sudo_nss.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/sudo_nss.c --i-file sudo_nss.i --output-file $@ @@ -3114,8 +3046,8 @@ sudoers.lo: $(srcdir)/sudoers.c $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(srcdir)/timestamp.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/sudoers.c @@ -3126,8 +3058,8 @@ sudoers.i: $(srcdir)/sudoers.c $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(srcdir)/timestamp.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/sudoers.c > $@ @@ -3141,7 +3073,7 @@ sudoers_cb.lo: $(srcdir)/sudoers_cb.c $(devdir)/def_data.h \ $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/sudoers_cb.c @@ -3153,7 +3085,7 @@ sudoers_cb.i: $(srcdir)/sudoers_cb.c $(devdir)/def_data.h \ $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/sudoers_cb.c > $@ @@ -3166,7 +3098,7 @@ sudoers_ctx_free.lo: $(srcdir)/sudoers_ctx_free.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/sudo_nss.h \ + $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/sudoers_ctx_free.c @@ -3177,7 +3109,7 @@ sudoers_ctx_free.i: $(srcdir)/sudoers_ctx_free.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/sudo_nss.h \ + $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/sudoers_ctx_free.c > $@ @@ -3190,7 +3122,7 @@ sudoers_debug.lo: $(srcdir)/sudoers_debug.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/sudoers_debug.c @@ -3201,7 +3133,7 @@ sudoers_debug.i: $(srcdir)/sudoers_debug.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/sudoers_debug.c > $@ @@ -3214,7 +3146,7 @@ sudoers_hooks.lo: $(srcdir)/sudoers_hooks.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/sudoers_hooks.c @@ -3225,7 +3157,7 @@ sudoers_hooks.i: $(srcdir)/sudoers_hooks.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/sudoers_hooks.c > $@ @@ -3261,7 +3193,7 @@ testsudoers.o: $(srcdir)/testsudoers.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(srcdir)/interfaces.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(srcdir)/testsudoers_pwutil.h \ $(srcdir)/toke.h $(srcdir)/tsgetgrpw.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h @@ -3274,7 +3206,7 @@ testsudoers.i: $(srcdir)/testsudoers.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(srcdir)/interfaces.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(srcdir)/testsudoers_pwutil.h \ $(srcdir)/toke.h $(srcdir)/tsgetgrpw.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h @@ -3288,7 +3220,7 @@ testsudoers_pwutil.o: $(srcdir)/testsudoers_pwutil.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/pwutil.h \ + $(srcdir)/parse.h $(srcdir)/pwutil.h \ $(srcdir)/pwutil_impl.c $(srcdir)/sudo_nss.h \ $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(srcdir)/testsudoers_pwutil.h $(srcdir)/tsgetgrpw.h \ @@ -3301,7 +3233,7 @@ testsudoers_pwutil.i: $(srcdir)/testsudoers_pwutil.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/pivot.h $(srcdir)/pwutil.h \ + $(srcdir)/parse.h $(srcdir)/pwutil.h \ $(srcdir)/pwutil_impl.c $(srcdir)/sudo_nss.h \ $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(srcdir)/testsudoers_pwutil.h $(srcdir)/tsgetgrpw.h \ @@ -3328,7 +3260,7 @@ timestamp.lo: $(srcdir)/timestamp.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/timestamp.c @@ -3339,7 +3271,7 @@ timestamp.i: $(srcdir)/timestamp.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/timestamp.c > $@ @@ -3351,8 +3283,8 @@ timestr.lo: $(srcdir)/timestr.c $(devdir)/def_data.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/timestr.c timestr.i: $(srcdir)/timestr.c $(devdir)/def_data.h \ @@ -3361,8 +3293,8 @@ timestr.i: $(srcdir)/timestr.c $(devdir)/def_data.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/timestr.c > $@ timestr.plog: timestr.i @@ -3374,9 +3306,8 @@ toke.lo: $(devdir)/toke.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_lbuf.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(srcdir)/toke.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/toke.h $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(devdir)/toke.c toke.i: $(devdir)/toke.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -3385,9 +3316,8 @@ toke.i: $(devdir)/toke.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_lbuf.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(srcdir)/toke.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/toke.h $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(devdir)/toke.c > $@ toke.plog: toke.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(devdir)/toke.c --i-file toke.i --output-file $@ @@ -3398,7 +3328,7 @@ toke_util.lo: $(srcdir)/toke_util.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(srcdir)/toke.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/toke_util.c @@ -3409,7 +3339,7 @@ toke_util.i: $(srcdir)/toke_util.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(srcdir)/toke.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/toke_util.c > $@ @@ -3420,20 +3350,18 @@ tsdump.o: $(srcdir)/tsdump.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(srcdir)/timestamp.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/tsdump.c tsdump.i: $(srcdir)/tsdump.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(srcdir)/timestamp.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h $(srcdir)/timestamp.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/tsdump.c > $@ tsdump.plog: tsdump.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/tsdump.c --i-file tsdump.i --output-file $@ @@ -3443,10 +3371,10 @@ tsgetgrpw.o: $(srcdir)/tsgetgrpw.c $(devdir)/def_data.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(srcdir)/tsgetgrpw.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/tsgetgrpw.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/tsgetgrpw.c tsgetgrpw.i: $(srcdir)/tsgetgrpw.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -3454,10 +3382,10 @@ tsgetgrpw.i: $(srcdir)/tsgetgrpw.c $(devdir)/def_data.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(srcdir)/tsgetgrpw.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/tsgetgrpw.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/tsgetgrpw.c > $@ tsgetgrpw.plog: tsgetgrpw.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/tsgetgrpw.c --i-file tsgetgrpw.i --output-file $@ @@ -3480,7 +3408,7 @@ unesc_str.lo: $(srcdir)/unesc_str.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/unesc_str.c @@ -3491,7 +3419,7 @@ unesc_str.i: $(srcdir)/unesc_str.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/unesc_str.c > $@ @@ -3504,10 +3432,9 @@ visudo.o: $(srcdir)/visudo.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(srcdir)/interfaces.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/redblack.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(srcdir)/sudoers_version.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/redblack.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(srcdir)/sudoers_version.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/visudo.c visudo.i: $(srcdir)/visudo.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/compat/getopt.h $(incdir)/compat/stdbool.h \ @@ -3516,10 +3443,9 @@ visudo.i: $(srcdir)/visudo.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ $(srcdir)/interfaces.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/pivot.h $(srcdir)/redblack.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(srcdir)/sudoers_version.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/redblack.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(srcdir)/sudoers_version.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/visudo.c > $@ visudo.plog: visudo.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/visudo.c --i-file visudo.i --output-file $@ @@ -3529,10 +3455,9 @@ visudo_cb.o: $(srcdir)/visudo_cb.c $(devdir)/def_data.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/visudo_cb.c visudo_cb.i: $(srcdir)/visudo_cb.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -3540,10 +3465,9 @@ visudo_cb.i: $(srcdir)/visudo_cb.c $(devdir)/def_data.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pivot.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CPP) $(CPPFLAGS) $(srcdir)/visudo_cb.c > $@ visudo_cb.plog: visudo_cb.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/visudo_cb.c --i-file visudo_cb.i --output-file $@ diff --git a/plugins/sudoers/editor.c b/plugins/sudoers/editor.c index db1e3e0a9..0c4221bc4 100644 --- a/plugins/sudoers/editor.c +++ b/plugins/sudoers/editor.c @@ -147,7 +147,7 @@ resolve_editor(const char *ed, size_t edlen, int nfiles, char * const *files, goto oom; /* If we can't find the editor in the user's PATH, give up. */ - if (find_path(editor, &editor_path, &user_editor_sb, getenv("PATH"), + if (find_path(editor, &editor_path, &user_editor_sb, getenv("PATH"), NULL, false, allowlist) != FOUND) { errno = ENOENT; goto bad; diff --git a/plugins/sudoers/find_path.c b/plugins/sudoers/find_path.c index 9b9661538..0cc931f38 100644 --- a/plugins/sudoers/find_path.c +++ b/plugins/sudoers/find_path.c @@ -43,14 +43,14 @@ * On failure, returns false. */ static bool -cmnd_allowed(char *cmnd, size_t cmnd_size, struct stat *cmnd_sbp, - char * const *allowlist) +cmnd_allowed(char *cmnd, size_t cmnd_size, const char *runchroot, + struct stat *cmnd_sbp, char * const *allowlist) { const char *cmnd_base; char * const *al; debug_decl(cmnd_allowed, SUDOERS_DEBUG_UTIL); - if (!sudo_goodpath(cmnd, cmnd_sbp)) + if (!sudo_goodpath(cmnd, runchroot, cmnd_sbp)) debug_return_bool(false); if (allowlist == NULL) @@ -67,7 +67,7 @@ cmnd_allowed(char *cmnd, size_t cmnd_size, struct stat *cmnd_sbp, if (strcmp(cmnd_base, base) != 0) continue; - if (sudo_goodpath(path, &sb) && + if (sudo_goodpath(path, runchroot, &sb) && sb.st_dev == cmnd_sbp->st_dev && sb.st_ino == cmnd_sbp->st_ino) { /* Overwrite cmnd with safe version from allowlist. */ if (strlcpy(cmnd, path, cmnd_size) < cmnd_size) @@ -87,7 +87,8 @@ cmnd_allowed(char *cmnd, size_t cmnd_size, struct stat *cmnd_sbp, */ int find_path(const char *infile, char **outfile, struct stat *sbp, - const char *path, bool ignore_dot, char * const *allowlist) + const char *path, const char *runchroot, bool ignore_dot, + char * const *allowlist) { char command[PATH_MAX]; const char *cp, *ep, *pathend; @@ -108,7 +109,8 @@ find_path(const char *infile, char **outfile, struct stat *sbp, errno = ENAMETOOLONG; debug_return_int(NOT_FOUND_ERROR); } - found = cmnd_allowed(command, sizeof(command), sbp, allowlist); + found = cmnd_allowed(command, sizeof(command), runchroot, sbp, + allowlist); goto done; } @@ -137,7 +139,8 @@ find_path(const char *infile, char **outfile, struct stat *sbp, errno = ENAMETOOLONG; debug_return_int(NOT_FOUND_ERROR); } - found = cmnd_allowed(command, sizeof(command), sbp, allowlist); + found = cmnd_allowed(command, sizeof(command), runchroot, + sbp, allowlist); if (found) break; } @@ -151,7 +154,8 @@ find_path(const char *infile, char **outfile, struct stat *sbp, errno = ENAMETOOLONG; debug_return_int(NOT_FOUND_ERROR); } - found = cmnd_allowed(command, sizeof(command), sbp, allowlist); + found = cmnd_allowed(command, sizeof(command), runchroot, + sbp, allowlist); if (found && ignore_dot) debug_return_int(NOT_FOUND_DOT); } diff --git a/plugins/sudoers/goodpath.c b/plugins/sudoers/goodpath.c index b2d412ded..1515e1c29 100644 --- a/plugins/sudoers/goodpath.c +++ b/plugins/sudoers/goodpath.c @@ -39,13 +39,25 @@ * Verify that path is a normal file and executable by root. */ bool -sudo_goodpath(const char *path, struct stat *sbp) +sudo_goodpath(const char *path, const char *runchroot, struct stat *sbp) { bool ret = false; - struct stat sb; debug_decl(sudo_goodpath, SUDOERS_DEBUG_UTIL); if (path != NULL) { + char pathbuf[PATH_MAX]; + struct stat sb; + + if (runchroot != NULL) { + /* XXX - handle symlinks and '..' in path outside chroot */ + const int len = + snprintf(pathbuf, sizeof(pathbuf), "%s%s", runchroot, path); + if (len >= ssizeof(pathbuf)) { + errno = ENAMETOOLONG; + goto done; + } + path = pathbuf; // -V507 + } if (sbp == NULL) sbp = &sb; @@ -57,5 +69,6 @@ sudo_goodpath(const char *path, struct stat *sbp) errno = EACCES; } } +done: debug_return_bool(ret); } diff --git a/plugins/sudoers/match_command.c b/plugins/sudoers/match_command.c index bd3660332..a479ceec3 100644 --- a/plugins/sudoers/match_command.c +++ b/plugins/sudoers/match_command.c @@ -122,14 +122,26 @@ command_args_match(struct sudoers_context *ctx, const char *sudoers_cmnd, * Returns true on success, else false. */ static bool -do_stat(int fd, const char *path, struct stat *sb) +do_stat(int fd, const char *path, const char *runchroot, struct stat *sb) { + char pathbuf[PATH_MAX]; bool ret; debug_decl(do_stat, SUDOERS_DEBUG_MATCH); if (fd != -1) { ret = fstat(fd, sb) == 0; } else { + /* Make path relative to the new root, if any. */ + if (runchroot != NULL) { + /* XXX - handle symlinks and '..' in path outside chroot */ + const int len = + snprintf(pathbuf, sizeof(pathbuf), "%s%s", runchroot, path); + if (len >= ssizeof(pathbuf)) { + errno = ENAMETOOLONG; + debug_return_bool(false); + } + path = pathbuf; + } ret = stat(path, sb) == 0; } debug_return_bool(ret); @@ -158,15 +170,29 @@ is_script(int fd) * Returns false on error, else true. */ static bool -open_cmnd(const char *path, const struct command_digest_list *digests, int *fdp) +open_cmnd(const char *path, const char *runchroot, + const struct command_digest_list *digests, int *fdp) { int fd; + char pathbuf[PATH_MAX]; debug_decl(open_cmnd, SUDOERS_DEBUG_MATCH); /* Only open the file for fdexec or for digest matching. */ if (def_fdexec != always && TAILQ_EMPTY(digests)) debug_return_bool(true); + /* Make path relative to the new root, if any. */ + if (runchroot != NULL) { + /* XXX - handle symlinks and '..' in path outside chroot */ + const int len = + snprintf(pathbuf, sizeof(pathbuf), "%s%s", runchroot, path); + if (len >= ssizeof(pathbuf)) { + errno = ENAMETOOLONG; + debug_return_bool(false); + } + path = pathbuf; + } + fd = open(path, O_RDONLY|O_NONBLOCK); # ifdef O_EXEC if (fd == -1 && errno == EACCES && TAILQ_EMPTY(digests)) { @@ -185,7 +211,7 @@ open_cmnd(const char *path, const struct command_digest_list *digests, int *fdp) } static void -set_cmnd_fd(struct sudoers_context *ctx, int fd, int real_root) +set_cmnd_fd(struct sudoers_context *ctx, int fd) { debug_decl(set_cmnd_fd, SUDOERS_DEBUG_MATCH); @@ -200,19 +226,11 @@ set_cmnd_fd(struct sudoers_context *ctx, int fd, int real_root) } else if (is_script(fd)) { char fdpath[PATH_MAX]; struct stat sb; - int error, flags; + int flags; /* We can only use fexecve() on a script if /dev/fd/N exists. */ - if (real_root != -1) { - /* Path relative to old root directory. */ - (void)snprintf(fdpath, sizeof(fdpath), "dev/fd/%d", fd); - error = fstatat(real_root, fdpath, &sb, 0); - } else { - /* Absolute path. */ - (void)snprintf(fdpath, sizeof(fdpath), "/dev/fd/%d", fd); - error = stat(fdpath, &sb); - } - if (error != 0) { + (void)snprintf(fdpath, sizeof(fdpath), "/dev/fd/%d", fd); + if (stat(fdpath, &sb) != 0) { /* Missing /dev/fd file, can't use fexecve(). */ close(fd); fd = -1; @@ -238,14 +256,28 @@ set_cmnd_fd(struct sudoers_context *ctx, int fd, int real_root) */ static int command_matches_dir(struct sudoers_context *ctx, const char *sudoers_dir, - size_t dlen, int real_root, const struct command_digest_list *digests) + size_t dlen, const char *runchroot, + const struct command_digest_list *digests) { struct stat sudoers_stat; - char path[PATH_MAX]; + char path[PATH_MAX], sdbuf[PATH_MAX]; + size_t chrootlen = 0; int len, fd = -1; int ret = DENY; debug_decl(command_matches_dir, SUDOERS_DEBUG_MATCH); + /* Make sudoers_dir relative to the new root, if any. */ + if (runchroot != NULL) { + /* XXX - handle symlinks and '..' in path outside chroot */ + len = snprintf(sdbuf, sizeof(sdbuf), "%s%s", runchroot, sudoers_dir); + if (len >= ssizeof(sdbuf)) { + errno = ENAMETOOLONG; + debug_return_bool(false); + } + sudoers_dir = sdbuf; + chrootlen = strlen(runchroot); + } + /* Compare the canonicalized directories, if possible. */ if (ctx->user.cmnd_dir != NULL) { char *resolved = canon_path(sudoers_dir); @@ -264,18 +296,19 @@ command_matches_dir(struct sudoers_context *ctx, const char *sudoers_dir, goto done; /* Open the file for fdexec or for digest matching. */ - if (!open_cmnd(path, digests, &fd)) + if (!open_cmnd(path, NULL, digests, &fd)) goto done; - if (!do_stat(fd, path, &sudoers_stat)) + if (!do_stat(fd, path, NULL, &sudoers_stat)) goto done; if (ctx->user.cmnd_stat == NULL || (ctx->user.cmnd_stat->st_dev == sudoers_stat.st_dev && ctx->user.cmnd_stat->st_ino == sudoers_stat.st_ino)) { - if (digest_matches(fd, path, digests) != ALLOW) + /* path is already relative to runchroot */ + if (digest_matches(fd, path, NULL, digests) != ALLOW) goto done; free(ctx->runas.cmnd); - if ((ctx->runas.cmnd = strdup(path)) == NULL) { + if ((ctx->runas.cmnd = strdup(path + chrootlen)) == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); } @@ -295,7 +328,8 @@ done: */ static int command_matches_dir(struct sudoers_context *ctx, const char *sudoers_dir, - size_t dlen, int real_root, const struct command_digest_list *digests) + size_t dlen, const char *runchroot, + const struct command_digest_list *digests) { int fd = -1; debug_decl(command_matches_dir, SUDOERS_DEBUG_MATCH); @@ -309,11 +343,11 @@ command_matches_dir(struct sudoers_context *ctx, const char *sudoers_dir, goto bad; /* Open the file for fdexec or for digest matching. */ - if (!open_cmnd(ctx->user.cmnd, digests, &fd)) + if (!open_cmnd(ctx->user.cmnd, runchroot, digests, &fd)) goto bad; - if (digest_matches(fd, ctx->user.cmnd, digests) != ALLOW) + if (digest_matches(fd, ctx->user.cmnd, runchroot, digests) != ALLOW) goto bad; - set_cmnd_fd(ctx, fd, real_root); + set_cmnd_fd(ctx, fd); debug_return_int(ALLOW); bad: @@ -324,7 +358,7 @@ bad: #endif /* SUDOERS_NAME_MATCH */ static int -command_matches_all(struct sudoers_context *ctx, int real_root, +command_matches_all(struct sudoers_context *ctx, const char *runchroot, const struct command_digest_list *digests) { #ifndef SUDOERS_NAME_MATCH @@ -336,10 +370,10 @@ command_matches_all(struct sudoers_context *ctx, int real_root, if (strchr(ctx->user.cmnd, '/') != NULL) { #ifndef SUDOERS_NAME_MATCH /* Open the file for fdexec or for digest matching. */ - bool open_error = !open_cmnd(ctx->user.cmnd, digests, &fd); + bool open_error = !open_cmnd(ctx->user.cmnd, runchroot, digests, &fd); /* A non-existent file is not an error for "sudo ALL". */ - if (do_stat(fd, ctx->user.cmnd, &sb)) { + if (do_stat(fd, ctx->user.cmnd, runchroot, &sb)) { if (open_error) { /* File exists but we couldn't open it above? */ goto bad; @@ -347,14 +381,14 @@ command_matches_all(struct sudoers_context *ctx, int real_root, } #else /* Open the file for fdexec or for digest matching. */ - (void)open_cmnd(ctx->user.cmnd, digests, &fd); + (void)open_cmnd(ctx->user.cmnd, runchroot, digests, &fd); #endif } /* Check digest of ctx->user.cmnd since we have no sudoers_cmnd for ALL. */ - if (digest_matches(fd, ctx->user.cmnd, digests) != ALLOW) + if (digest_matches(fd, ctx->user.cmnd, runchroot, digests) != ALLOW) goto bad; - set_cmnd_fd(ctx, fd, real_root); + set_cmnd_fd(ctx, fd); /* No need to set ctx->runas.cmnd for ALL. */ debug_return_int(ALLOW); @@ -366,7 +400,7 @@ bad: static int command_matches_fnmatch(struct sudoers_context *ctx, const char *sudoers_cmnd, - const char *sudoers_args, int real_root, + const char *sudoers_args, const char *runchroot, const struct command_digest_list *digests) { const char *cmnd = ctx->user.cmnd; @@ -384,6 +418,7 @@ command_matches_fnmatch(struct sudoers_context *ctx, const char *sudoers_cmnd, * c) there are args in sudoers and on command line and they match * else return DENY. * + * Neither sudoers_cmnd nor user_cmnd are relative to runchroot. * We do not attempt to match a relative path unless there is a * canonicalized version. */ @@ -402,16 +437,16 @@ command_matches_fnmatch(struct sudoers_context *ctx, const char *sudoers_cmnd, if (command_args_match(ctx, sudoers_cmnd, sudoers_args) == ALLOW) { /* Open the file for fdexec or for digest matching. */ - if (!open_cmnd(cmnd, digests, &fd)) + if (!open_cmnd(cmnd, runchroot, digests, &fd)) goto bad; #ifndef SUDOERS_NAME_MATCH - if (!do_stat(fd, cmnd, &sb)) + if (!do_stat(fd, cmnd, runchroot, &sb)) goto bad; #endif /* Check digest of cmnd since sudoers_cmnd is a pattern. */ - if (digest_matches(fd, cmnd, digests) != ALLOW) + if (digest_matches(fd, cmnd, runchroot, digests) != ALLOW) goto bad; - set_cmnd_fd(ctx, fd, real_root); + set_cmnd_fd(ctx, fd); /* No need to set ctx->runas.cmnd since cmnd matches sudoers_cmnd */ debug_return_int(ALLOW); @@ -424,7 +459,7 @@ bad: static int command_matches_regex(struct sudoers_context *ctx, const char *sudoers_cmnd, - const char *sudoers_args, int real_root, + const char *sudoers_args, const char *runchroot, const struct command_digest_list *digests) { const char *cmnd = ctx->user.cmnd; @@ -441,6 +476,8 @@ command_matches_regex(struct sudoers_context *ctx, const char *sudoers_cmnd, * b) there are no args on command line and none required by sudoers OR * c) there are args in sudoers and on command line and they match * else return DENY. + * + * Neither sudoers_cmnd nor user_cmnd are relative to runchroot. */ if (cmnd[0] != '/' || regex_matches(sudoers_cmnd, cmnd) != ALLOW) { /* No match, retry using the canonicalized path (if possible). */ @@ -457,16 +494,16 @@ command_matches_regex(struct sudoers_context *ctx, const char *sudoers_cmnd, if (command_args_match(ctx, sudoers_cmnd, sudoers_args) == ALLOW) { /* Open the file for fdexec or for digest matching. */ - if (!open_cmnd(cmnd, digests, &fd)) + if (!open_cmnd(cmnd, runchroot, digests, &fd)) goto bad; #ifndef SUDOERS_NAME_MATCH - if (!do_stat(fd, cmnd, &sb)) + if (!do_stat(fd, cmnd, runchroot, &sb)) goto bad; #endif /* Check digest of cmnd since sudoers_cmnd is a pattern. */ - if (digest_matches(fd, cmnd, digests) != ALLOW) + if (digest_matches(fd, cmnd, runchroot, digests) != ALLOW) goto bad; - set_cmnd_fd(ctx, fd, real_root); + set_cmnd_fd(ctx, fd); /* No need to set ctx->runas.cmnd since cmnd matches sudoers_cmnd */ debug_return_int(ALLOW); @@ -480,17 +517,31 @@ bad: #ifndef SUDOERS_NAME_MATCH static int command_matches_glob(struct sudoers_context *ctx, const char *sudoers_cmnd, - const char *sudoers_args, int real_root, + const char *sudoers_args, const char *runchroot, const struct command_digest_list *digests) { struct stat sudoers_stat; bool bad_digest = false; char **ap, *base, *cp; + char pathbuf[PATH_MAX]; int fd = -1; - size_t dlen; + size_t dlen, chrootlen = 0; glob_t gl; debug_decl(command_matches_glob, SUDOERS_DEBUG_MATCH); + /* Make sudoers_cmnd relative to the new root, if any. */ + if (runchroot != NULL) { + /* XXX - handle symlinks and '..' in path outside chroot */ + const int len = + snprintf(pathbuf, sizeof(pathbuf), "%s%s", runchroot, sudoers_cmnd); + if (len >= ssizeof(pathbuf)) { + errno = ENAMETOOLONG; + debug_return_bool(false); + } + sudoers_cmnd = pathbuf; + chrootlen = strlen(runchroot); + } + /* * First check to see if we can avoid the call to glob(3). * Short circuit if there are no meta chars in the command itself @@ -522,19 +573,21 @@ command_matches_glob(struct sudoers_context *ctx, const char *sudoers_cmnd, close(fd); fd = -1; } + /* Remove the runchroot, if any. */ + cp += chrootlen; if (strcmp(cp, ctx->user.cmnd) != 0) continue; /* Open the file for fdexec or for digest matching. */ - if (!open_cmnd(cp, digests, &fd)) + if (!open_cmnd(cp, runchroot, digests, &fd)) continue; - if (!do_stat(fd, cp, &sudoers_stat)) + if (!do_stat(fd, cp, runchroot, &sudoers_stat)) continue; if (ctx->user.cmnd_stat == NULL || (ctx->user.cmnd_stat->st_dev == sudoers_stat.st_dev && ctx->user.cmnd_stat->st_ino == sudoers_stat.st_ino)) { /* There could be multiple matches, check digest early. */ - if (digest_matches(fd, cp, digests) != ALLOW) { + if (digest_matches(fd, cp, runchroot, digests) != ALLOW) { bad_digest = true; continue; } @@ -558,11 +611,13 @@ command_matches_glob(struct sudoers_context *ctx, const char *sudoers_cmnd, close(fd); fd = -1; } + /* Remove the runchroot, if any. */ + cp += chrootlen; /* If it ends in '/' it is a directory spec. */ dlen = strlen(cp); if (cp[dlen - 1] == '/') { - if (command_matches_dir(ctx, cp, dlen, real_root, digests) == ALLOW) { + if (command_matches_dir(ctx, cp, dlen, runchroot, digests) == ALLOW) { globfree(&gl); debug_return_int(ALLOW); } @@ -593,14 +648,14 @@ command_matches_glob(struct sudoers_context *ctx, const char *sudoers_cmnd, } /* Open the file for fdexec or for digest matching. */ - if (!open_cmnd(cp, digests, &fd)) + if (!open_cmnd(cp, runchroot, digests, &fd)) continue; - if (!do_stat(fd, cp, &sudoers_stat)) + if (!do_stat(fd, cp, runchroot, &sudoers_stat)) continue; if (ctx->user.cmnd_stat == NULL || (ctx->user.cmnd_stat->st_dev == sudoers_stat.st_dev && ctx->user.cmnd_stat->st_ino == sudoers_stat.st_ino)) { - if (digest_matches(fd, cp, digests) != ALLOW) + if (digest_matches(fd, cp, runchroot, digests) != ALLOW) continue; free(ctx->runas.cmnd); if ((ctx->runas.cmnd = strdup(cp)) == NULL) { @@ -617,7 +672,7 @@ done: if (cp != NULL) { if (command_args_match(ctx, sudoers_cmnd, sudoers_args) == ALLOW) { /* ctx->runas.cmnd was set above. */ - set_cmnd_fd(ctx, fd, real_root); + set_cmnd_fd(ctx, fd); debug_return_int(ALLOW); } } @@ -628,7 +683,7 @@ done: static int command_matches_normal(struct sudoers_context *ctx, const char *sudoers_cmnd, - const char *sudoers_args, int real_root, + const char *sudoers_args, const char *runchroot, const struct command_digest_list *digests) { struct stat sudoers_stat; @@ -641,7 +696,7 @@ command_matches_normal(struct sudoers_context *ctx, const char *sudoers_cmnd, dlen = strlen(sudoers_cmnd); if (sudoers_cmnd[dlen - 1] == '/') { debug_return_int(command_matches_dir(ctx, sudoers_cmnd, dlen, - real_root, digests)); + runchroot, digests)); } /* Only proceed if ctx->user.cmnd_base and basename(sudoers_cmnd) match */ @@ -672,7 +727,7 @@ command_matches_normal(struct sudoers_context *ctx, const char *sudoers_cmnd, } /* Open the file for fdexec or for digest matching. */ - if (!open_cmnd(sudoers_cmnd, digests, &fd)) + if (!open_cmnd(sudoers_cmnd, runchroot, digests, &fd)) goto bad; /* @@ -682,7 +737,7 @@ command_matches_normal(struct sudoers_context *ctx, const char *sudoers_cmnd, * c) there are args in sudoers and on command line and they match * d) there is a digest and it matches */ - if (ctx->user.cmnd_stat != NULL && do_stat(fd, sudoers_cmnd, &sudoers_stat)) { + if (ctx->user.cmnd_stat != NULL && do_stat(fd, sudoers_cmnd, runchroot, &sudoers_stat)) { if (ctx->user.cmnd_stat->st_dev != sudoers_stat.st_dev || ctx->user.cmnd_stat->st_ino != sudoers_stat.st_ino) goto bad; @@ -693,7 +748,7 @@ command_matches_normal(struct sudoers_context *ctx, const char *sudoers_cmnd, } if (command_args_match(ctx, sudoers_cmnd, sudoers_args) != ALLOW) goto bad; - if (digest_matches(fd, sudoers_cmnd, digests) != ALLOW) { + if (digest_matches(fd, sudoers_cmnd, runchroot, digests) != ALLOW) { /* XXX - log functions not available but we should log very loudly */ goto bad; } @@ -702,7 +757,7 @@ command_matches_normal(struct sudoers_context *ctx, const char *sudoers_cmnd, sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); goto bad; } - set_cmnd_fd(ctx, fd, real_root); + set_cmnd_fd(ctx, fd); debug_return_int(ALLOW); bad: if (fd != -1) @@ -712,16 +767,16 @@ bad: #else /* SUDOERS_NAME_MATCH */ static int command_matches_glob(struct sudoers_context *ctx, const char *sudoers_cmnd, - const char *sudoers_args, int real_root, + const char *sudoers_args, const char *runchroot, const struct command_digest_list *digests) { - return command_matches_fnmatch(ctx, sudoers_cmnd, sudoers_args, real_root, + return command_matches_fnmatch(ctx, sudoers_cmnd, sudoers_args, runchroot, digests); } static int command_matches_normal(struct sudoers_context *ctx, const char *sudoers_cmnd, - const char *sudoers_args, int real_root, + const char *sudoers_args, const char *runchroot, const struct command_digest_list *digests) { size_t dlen; @@ -731,16 +786,16 @@ command_matches_normal(struct sudoers_context *ctx, const char *sudoers_cmnd, /* If it ends in '/' it is a directory spec. */ dlen = strlen(sudoers_cmnd); if (sudoers_cmnd[dlen - 1] == '/') { - debug_return_int(command_matches_dir(ctx, sudoers_cmnd, dlen, real_root, + debug_return_int(command_matches_dir(ctx, sudoers_cmnd, dlen, runchroot, digests)); } if (strcmp(ctx->user.cmnd, sudoers_cmnd) == 0) { if (command_args_match(ctx, sudoers_cmnd, sudoers_args) == ALLOW) { /* Open the file for fdexec or for digest matching. */ - if (!open_cmnd(ctx->user.cmnd, digests, &fd)) + if (!open_cmnd(ctx->user.cmnd, runchroot, digests, &fd)) goto bad; - if (digest_matches(fd, ctx->user.cmnd, digests) != ALLOW) + if (digest_matches(fd, ctx->user.cmnd, runchroot, digests) != ALLOW) goto bad; /* Successful match. */ @@ -750,7 +805,7 @@ command_matches_normal(struct sudoers_context *ctx, const char *sudoers_cmnd, U_("unable to allocate memory")); goto bad; } - set_cmnd_fd(ctx, fd, real_root); + set_cmnd_fd(ctx, fd); debug_return_int(ALLOW); } } @@ -771,11 +826,8 @@ command_matches(struct sudoers_context *ctx, const char *sudoers_cmnd, const char *sudoers_args, const char *runchroot, struct cmnd_info *info, const struct command_digest_list *digests) { - struct sudoers_pivot pivot_state = SUDOERS_PIVOT_INITIALIZER; char *saved_user_cmnd = NULL; struct stat saved_user_stat; - bool reset_cmnd = false; - int real_root = -1; int ret = DENY; debug_decl(command_matches, SUDOERS_DEBUG_MATCH); @@ -793,18 +845,6 @@ command_matches(struct sudoers_context *ctx, const char *sudoers_cmnd, runchroot = def_runchroot; } else { /* Rule-specific runchroot, must reset cmnd and cmnd_stat. */ - reset_cmnd = true; - } - - /* Pivot root. */ - if (runchroot != NULL) { - if (!pivot_root(runchroot, &pivot_state)) - goto done; - real_root = pivot_state.saved_root; - } - - if (reset_cmnd) { - /* Rule-specific runchroot, set cmnd and cmnd_stat after pivot. */ int status; /* Save old ctx->user.cmnd first, set_cmnd_path() will free it. */ @@ -812,7 +852,7 @@ command_matches(struct sudoers_context *ctx, const char *sudoers_cmnd, ctx->user.cmnd = NULL; if (ctx->user.cmnd_stat != NULL) saved_user_stat = *ctx->user.cmnd_stat; - status = set_cmnd_path(ctx, NULL); + status = set_cmnd_path(ctx, runchroot); if (status != FOUND) { ctx->user.cmnd = saved_user_cmnd; saved_user_cmnd = NULL; @@ -823,13 +863,13 @@ command_matches(struct sudoers_context *ctx, const char *sudoers_cmnd, if (sudoers_cmnd == NULL) { sudoers_cmnd = "ALL"; - ret = command_matches_all(ctx, real_root, digests); + ret = command_matches_all(ctx, runchroot, digests); goto done; } /* Check for regular expressions first. */ if (sudoers_cmnd[0] == '^') { - ret = command_matches_regex(ctx, sudoers_cmnd, sudoers_args, real_root, + ret = command_matches_regex(ctx, sudoers_cmnd, sudoers_args, runchroot, digests); goto done; } @@ -860,20 +900,16 @@ command_matches(struct sudoers_context *ctx, const char *sudoers_cmnd, */ if (def_fast_glob) { ret = command_matches_fnmatch(ctx, sudoers_cmnd, sudoers_args, - real_root, digests); + runchroot, digests); } else { ret = command_matches_glob(ctx, sudoers_cmnd, sudoers_args, - real_root, digests); + runchroot, digests); } } else { ret = command_matches_normal(ctx, sudoers_cmnd, sudoers_args, - real_root, digests); + runchroot, digests); } done: - /* Restore root. */ - if (runchroot != NULL) - (void)unpivot_root(&pivot_state); - /* Restore ctx->user.cmnd and ctx->user.cmnd_stat. */ if (saved_user_cmnd != NULL) { if (info != NULL) { diff --git a/plugins/sudoers/match_digest.c b/plugins/sudoers/match_digest.c index c988837c6..476fdd866 100644 --- a/plugins/sudoers/match_digest.c +++ b/plugins/sudoers/match_digest.c @@ -40,13 +40,14 @@ #include int -digest_matches(int fd, const char *path, +digest_matches(int fd, const char *path, const char *runchroot, const struct command_digest_list *digests) { unsigned int digest_type = SUDO_DIGEST_INVALID; unsigned char *file_digest = NULL; unsigned char *sudoers_digest = NULL; struct command_digest *digest; + char pathbuf[PATH_MAX]; size_t digest_len; int matched = DENY; int fd2 = -1; @@ -66,6 +67,17 @@ digest_matches(int fd, const char *path, fd = fd2; } + if (runchroot != NULL) { + /* XXX - handle symlinks and '..' in path outside chroot */ + const int len = + snprintf(pathbuf, sizeof(pathbuf), "%s%s", runchroot, path); + if (len >= ssizeof(pathbuf)) { + errno = ENAMETOOLONG; + debug_return_bool(false); + } + path = pathbuf; + } + TAILQ_FOREACH(digest, digests, entries) { /* Compute file digest if needed. */ if (digest->digest_type != digest_type) { diff --git a/plugins/sudoers/parse.h b/plugins/sudoers/parse.h index 0e89fa105..33654c075 100644 --- a/plugins/sudoers/parse.h +++ b/plugins/sudoers/parse.h @@ -418,7 +418,7 @@ int addr_matches(char *n); int command_matches(struct sudoers_context *ctx, const char *sudoers_cmnd, const char *sudoers_args, const char *runchroot, struct cmnd_info *info, const struct command_digest_list *digests); /* match_digest.c */ -int digest_matches(int fd, const char *path, const struct command_digest_list *digests); +int digest_matches(int fd, const char *path, const char *runchroot, const struct command_digest_list *digests); /* match.c */ struct group; diff --git a/plugins/sudoers/pivot.c b/plugins/sudoers/pivot.c deleted file mode 100644 index 59423f917..000000000 --- a/plugins/sudoers/pivot.c +++ /dev/null @@ -1,87 +0,0 @@ -/* - * SPDX-License-Identifier: ISC - * - * Copyright (c) 2023 Todd C. Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * This is an open source non-commercial project. Dear PVS-Studio, please check it. - * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com - */ - -#include - -#include -#include -#include - -#include - -/* - * Pivot to a new root directory, storing the old root and old cwd - * in state. Changes current working directory to the new root. - * Returns true on success, else false. - */ -bool -pivot_root(const char *new_root, struct sudoers_pivot *state) -{ - debug_decl(pivot_root, SUDOERS_DEBUG_UTIL); - - state->saved_root = open("/", O_RDONLY); - state->saved_cwd = open(".", O_RDONLY); - if (state->saved_root == -1 || state->saved_cwd == -1 || chroot(new_root) == -1) { - if (state->saved_root != -1) { - close(state->saved_root); - state->saved_root = -1; - } - if (state->saved_cwd != -1) { - close(state->saved_cwd); - state->saved_cwd = -1; - } - debug_return_bool(false); - } - debug_return_bool(chdir("/") == 0); -} - -/* - * Pivot back to the stored root directory and restore the old cwd. - * Returns true on success, else false. - */ -bool -unpivot_root(struct sudoers_pivot *state) -{ - bool ret = true; - debug_decl(unpivot_root, SUDOERS_DEBUG_UTIL); - - /* Order is important: restore old root, *then* change cwd. */ - if (state->saved_root != -1) { - if (fchdir(state->saved_root) == -1 || chroot(".") == -1) { - sudo_warn("%s", U_("unable to restore root directory")); - ret = false; - } - close(state->saved_root); - state->saved_root = -1; - } - if (state->saved_cwd != -1) { - if (fchdir(state->saved_cwd) == -1) { - sudo_warn("%s", U_("unable to restore current working directory")); - ret = false; - } - close(state->saved_cwd); - state->saved_cwd = -1; - } - - debug_return_bool(ret); -} diff --git a/plugins/sudoers/pivot.h b/plugins/sudoers/pivot.h deleted file mode 100644 index b03993ea1..000000000 --- a/plugins/sudoers/pivot.h +++ /dev/null @@ -1,32 +0,0 @@ -/* - * SPDX-License-Identifier: ISC - * - * Copyright (c) 2023 Todd C. Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef SUDOERS_PIVOT_H -#define SUDOERS_PIVOT_H - -#define SUDOERS_PIVOT_INITIALIZER { -1, -1 } - -struct sudoers_pivot { - int saved_root; - int saved_cwd; -}; - -bool pivot_root(const char *new_root, struct sudoers_pivot *state); -bool unpivot_root(struct sudoers_pivot *state); - -#endif /* SUDOERS_PIVOT_H */ diff --git a/plugins/sudoers/regress/editor/check_editor.c b/plugins/sudoers/regress/editor/check_editor.c index 65e00c077..d28bb111e 100644 --- a/plugins/sudoers/regress/editor/check_editor.c +++ b/plugins/sudoers/regress/editor/check_editor.c @@ -80,7 +80,8 @@ sudo_dso_public int main(int argc, char *argv[]); /* STUB */ int find_path(const char *infile, char **outfile, struct stat *sbp, - const char *path, bool ignore_dot, char * const *allowlist) + const char *path, const char *runchroot, bool ignore_dot, + char * const *allowlist) { if (infile[0] == '/') { *outfile = strdup(infile); diff --git a/plugins/sudoers/regress/fuzz/fuzz_policy.c b/plugins/sudoers/regress/fuzz/fuzz_policy.c index 0b01e4e20..1321c42bd 100644 --- a/plugins/sudoers/regress/fuzz/fuzz_policy.c +++ b/plugins/sudoers/regress/fuzz/fuzz_policy.c @@ -832,7 +832,8 @@ display_privs(struct sudoers_context *ctx, const struct sudo_nss_list *snl, /* STUB */ int find_path(const char *infile, char **outfile, struct stat *sbp, - const char *path, bool ignore_dot, char * const *allowlist) + const char *path, const char *runchroot, bool ignore_dot, + char * const *allowlist) { switch (pass) { case PASS_CHECK_NOT_FOUND: @@ -855,9 +856,9 @@ find_path(const char *infile, char **outfile, struct stat *sbp, /* STUB */ int resolve_cmnd(struct sudoers_context *ctx, const char *infile, char **outfile, - const char *path) + const char *path, const char *runchroot) { - return find_path(infile, outfile, NULL, path, false, NULL); + return find_path(infile, outfile, NULL, path, NULL, false, NULL); } /* STUB */ diff --git a/plugins/sudoers/regress/fuzz/fuzz_stubs.c b/plugins/sudoers/regress/fuzz/fuzz_stubs.c index ce47bf562..c86ca330e 100644 --- a/plugins/sudoers/regress/fuzz/fuzz_stubs.c +++ b/plugins/sudoers/regress/fuzz/fuzz_stubs.c @@ -57,18 +57,6 @@ init_eventlog_config(void) return; } -bool -pivot_root(const char *new_root, struct sudoers_pivot *state) -{ - return true; -} - -bool -unpivot_root(struct sudoers_pivot *state) -{ - return true; -} - int group_plugin_query(const char *user, const char *group, const struct passwd *pw) { diff --git a/plugins/sudoers/resolve_cmnd.c b/plugins/sudoers/resolve_cmnd.c index 24e34de0a..3a84ff884 100644 --- a/plugins/sudoers/resolve_cmnd.c +++ b/plugins/sudoers/resolve_cmnd.c @@ -34,7 +34,7 @@ */ int resolve_cmnd(struct sudoers_context *ctx, const char *infile, - char **outfile, const char *path) + char **outfile, const char *path, const char *runchroot) { int ret = NOT_FOUND_ERROR; debug_decl(resolve_cmnd, SUDOERS_DEBUG_UTIL); @@ -42,7 +42,7 @@ resolve_cmnd(struct sudoers_context *ctx, const char *infile, if (!set_perms(ctx, PERM_RUNAS)) goto done; ret = find_path(infile, outfile, ctx->user.cmnd_stat, path, - def_ignore_dot, NULL); + runchroot, def_ignore_dot, NULL); if (!restore_perms()) goto done; if (ret == NOT_FOUND) { @@ -50,7 +50,7 @@ resolve_cmnd(struct sudoers_context *ctx, const char *infile, if (!set_perms(ctx, PERM_USER)) goto done; ret = find_path(infile, outfile, ctx->user.cmnd_stat, path, - def_ignore_dot, NULL); + runchroot, def_ignore_dot, NULL); if (!restore_perms()) goto done; } diff --git a/plugins/sudoers/stubs.c b/plugins/sudoers/stubs.c index b8bc10435..e7a1c2977 100644 --- a/plugins/sudoers/stubs.c +++ b/plugins/sudoers/stubs.c @@ -94,17 +94,3 @@ init_eventlog_config(void) { return; } - -/* STUB */ -bool -pivot_root(const char *new_root, struct sudoers_pivot *state) -{ - return true; -} - -/* STUB */ -bool -unpivot_root(struct sudoers_pivot *state) -{ - return true; -} diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c index ad2fa2f61..1a8031740 100644 --- a/plugins/sudoers/sudoers.c +++ b/plugins/sudoers/sudoers.c @@ -1092,7 +1092,6 @@ init_vars(struct sudoers_context *ctx, char * const envp[]) int set_cmnd_path(struct sudoers_context *ctx, const char *runchroot) { - struct sudoers_pivot pivot_state = SUDOERS_PIVOT_INITIALIZER; const char *cmnd_in; char *cmnd_out = NULL; char *path = ctx->user.path; @@ -1111,13 +1110,7 @@ set_cmnd_path(struct sudoers_context *ctx, const char *runchroot) if (def_secure_path && !user_is_exempt(ctx)) path = def_secure_path; - /* Pivot root. */ - if (runchroot != NULL) { - if (!pivot_root(runchroot, &pivot_state)) - goto error; - } - - ret = resolve_cmnd(ctx, cmnd_in, &cmnd_out, path); + ret = resolve_cmnd(ctx, cmnd_in, &cmnd_out, path, runchroot); if (ret == FOUND) { char *slash = strrchr(cmnd_out, '/'); if (slash != NULL) { @@ -1134,14 +1127,8 @@ set_cmnd_path(struct sudoers_context *ctx, const char *runchroot) else ctx->user.cmnd = cmnd_out; - /* Restore root. */ - if (runchroot != NULL) - (void)unpivot_root(&pivot_state); - debug_return_int(ret); error: - if (runchroot != NULL) - (void)unpivot_root(&pivot_state); free(cmnd_out); debug_return_int(NOT_FOUND_ERROR); } diff --git a/plugins/sudoers/sudoers.h b/plugins/sudoers/sudoers.h index 106a1e8c2..414293eda 100644 --- a/plugins/sudoers/sudoers.h +++ b/plugins/sudoers/sudoers.h @@ -49,7 +49,6 @@ #include #include #include -#include /* * Info passed in from the sudo front-end. @@ -314,15 +313,16 @@ struct stat; * Function prototypes */ /* goodpath.c */ -bool sudo_goodpath(const char *path, struct stat *sbp); +bool sudo_goodpath(const char *path, const char *runchroot, struct stat *sbp); /* findpath.c */ int find_path(const char *infile, char **outfile, struct stat *sbp, - const char *path, bool ignore_dot, char * const *allowlist); + const char *path, const char *runchroot, bool ignore_dot, + char * const *allowlist); /* resolve_cmnd.c */ int resolve_cmnd(struct sudoers_context *ctx, const char *infile, - char **outfile, const char *path); + char **outfile, const char *path, const char *runchroot); /* check.c */ int check_user(struct sudoers_context *ctx, unsigned int validated, unsigned int mode); diff --git a/plugins/sudoers/testsudoers.c b/plugins/sudoers/testsudoers.c index f79a0bfa5..006ab36ad 100644 --- a/plugins/sudoers/testsudoers.c +++ b/plugins/sudoers/testsudoers.c @@ -604,18 +604,6 @@ init_eventlog_config(void) return; } -bool -pivot_root(const char *new_root, struct sudoers_pivot *state) -{ - return true; -} - -bool -unpivot_root(struct sudoers_pivot *state) -{ - return true; -} - int set_cmnd_path(struct sudoers_context *ctx, const char *runchroot) { From bc88e5cbd3b41196cac727855e2446a02dfba51e Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Sat, 7 Jun 2025 18:33:51 -0600 Subject: [PATCH 04/18] Deprecate chroot support --- docs/sudo.man.in | 3 + docs/sudo.mdoc.in | 3 + docs/sudoers.man.in | 19 +- docs/sudoers.mdoc.in | 19 +- plugins/sudoers/gram.c | 392 +++++++++--------- plugins/sudoers/gram.y | 6 + .../sudoers/regress/sudoers/test24.toke.ok | 6 +- .../sudoers/regress/testsudoers/test20.out.ok | 1 + .../sudoers/regress/testsudoers/test26.out.ok | 2 + plugins/sudoers/visudo_cb.c | 13 + src/parse_args.c | 2 + 11 files changed, 255 insertions(+), 211 deletions(-) diff --git a/docs/sudo.man.in b/docs/sudo.man.in index e42ea425b..19bd6f091 100644 --- a/docs/sudo.man.in +++ b/docs/sudo.man.in @@ -712,6 +712,9 @@ before running the \fIcommand\fR. The security policy may return an error if the user does not have permission to specify the root directory. +.sp +This option is deprecated and will be removed in a future version of +\fBsudo\fR. .if \n(SL \{\ .TP 8n \fB\-r\fR \fIrole\fR, \fB\--role\fR=\fIrole\fR diff --git a/docs/sudo.mdoc.in b/docs/sudo.mdoc.in index 3c0fe735e..ae76e882a 100644 --- a/docs/sudo.mdoc.in +++ b/docs/sudo.mdoc.in @@ -667,6 +667,9 @@ before running the .Ar command . The security policy may return an error if the user does not have permission to specify the root directory. +.Pp +This option is deprecated and will be removed in a future version of +.Nm . .if \n(SL \{\ .It Fl r Ar role , Fl -role Ns = Ns Ar role Run the diff --git a/docs/sudoers.man.in b/docs/sudoers.man.in index bfcc4572c..0605f27ed 100644 --- a/docs/sudoers.man.in +++ b/docs/sudoers.man.in @@ -26,7 +26,7 @@ .nr BA @BAMAN@ .nr LC @LCMAN@ .nr PS @PSMAN@ -.TH "SUDOERS" "@mansectform@" "February 22, 2025" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.TH "SUDOERS" "@mansectform@" "June 7, 2025" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .nh .if n .ad l .SH "NAME" @@ -1868,6 +1868,10 @@ user's home directory. .PP This setting is only supported by version 1.9.3 or higher. .SS "Chroot_Spec" +Support for setting the root directory is deprecated and will be removed +in a future version of +\fBsudo\fR. +.PP The root directory that the command will be run in can be specified using the \fRCHROOT\fR @@ -5647,6 +5651,10 @@ that includes a \fIChroot_Spec\fR. .sp This setting is only supported by version 1.9.3 or higher. +.sp +Support for setting the root directory is deprecated and will be removed +in a future version of +\fBsudo\fR. .TP 14n runcwd If set, @@ -6967,12 +6975,7 @@ facility in all cases and for commands to be run with the target user's home directory as the working directory. We don't want to subject the full time staff to the \fBsudo\fR -lecture and we want to allow them to run commands in a -chroot(2) -\(lqsandbox\(rq -via the -\fB\-R\fR -option. +lecture. User \fBmillert\fR need not provide a password and we don't want to reset the @@ -7003,7 +7006,7 @@ privileges. # Override built-in defaults Defaults syslog=auth,runcwd=~ Defaults>root !set_logname -Defaults:FULLTIMERS !lecture,runchroot=* +Defaults:FULLTIMERS !lecture Defaults:millert !authenticate Defaults@SERVERS log_year, logfile=@log_dir@/sudo.log Defaults!PAGERS noexec diff --git a/docs/sudoers.mdoc.in b/docs/sudoers.mdoc.in index 5d054a1de..6599cdc76 100644 --- a/docs/sudoers.mdoc.in +++ b/docs/sudoers.mdoc.in @@ -25,7 +25,7 @@ .nr BA @BAMAN@ .nr LC @LCMAN@ .nr PS @PSMAN@ -.Dd February 22, 2025 +.Dd June 7, 2025 .Dt SUDOERS @mansectform@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -1772,6 +1772,10 @@ user's home directory. .Pp This setting is only supported by version 1.9.3 or higher. .Ss Chroot_Spec +Support for setting the root directory is deprecated and will be removed +in a future version of +.Nm sudo . +.Pp The root directory that the command will be run in can be specified using the .Dv CHROOT @@ -5281,6 +5285,10 @@ that includes a .Em Chroot_Spec . .Pp This setting is only supported by version 1.9.3 or higher. +.Pp +Support for setting the root directory is deprecated and will be removed +in a future version of +.Nm sudo . .It runcwd If set, .Nm sudo @@ -6462,12 +6470,7 @@ facility in all cases and for commands to be run with the target user's home directory as the working directory. We don't want to subject the full time staff to the .Nm sudo -lecture and we want to allow them to run commands in a -.Xr chroot 2 -.Dq sandbox -via the -.Fl R -option. +lecture. User .Sy millert need not provide a password and we don't want to reset the @@ -6497,7 +6500,7 @@ privileges. # Override built-in defaults Defaults syslog=auth,runcwd=~ Defaults>root !set_logname -Defaults:FULLTIMERS !lecture,runchroot=* +Defaults:FULLTIMERS !lecture Defaults:millert !authenticate Defaults@SERVERS log_year, logfile=@log_dir@/sudo.log Defaults!PAGERS noexec diff --git a/plugins/sudoers/gram.c b/plugins/sudoers/gram.c index 9686d9d88..d1d4b360d 100644 --- a/plugins/sudoers/gram.c +++ b/plugins/sudoers/gram.c @@ -884,17 +884,17 @@ static const yytype_int16 yyrline[] = 277, 280, 286, 289, 295, 296, 303, 312, 321, 331, 341, 353, 354, 359, 365, 382, 386, 392, 401, 409, 418, 427, 438, 439, 449, 513, 522, 531, 540, 551, - 552, 559, 562, 576, 580, 586, 602, 618, 623, 627, - 632, 637, 642, 647, 651, 656, 659, 664, 681, 693, - 709, 727, 746, 747, 748, 749, 750, 751, 752, 753, - 754, 755, 756, 759, 765, 768, 773, 778, 787, 796, - 808, 813, 818, 823, 828, 835, 838, 841, 844, 847, - 850, 853, 856, 859, 862, 865, 868, 871, 874, 877, - 880, 883, 888, 902, 911, 932, 955, 956, 959, 959, - 971, 974, 975, 982, 983, 986, 986, 998, 1001, 1002, - 1009, 1010, 1013, 1013, 1025, 1028, 1029, 1032, 1032, 1044, - 1047, 1048, 1055, 1059, 1065, 1074, 1082, 1091, 1100, 1111, - 1112, 1119, 1123, 1129, 1138, 1146 + 552, 559, 562, 576, 580, 586, 602, 624, 629, 633, + 638, 643, 648, 653, 657, 662, 665, 670, 687, 699, + 715, 733, 752, 753, 754, 755, 756, 757, 758, 759, + 760, 761, 762, 765, 771, 774, 779, 784, 793, 802, + 814, 819, 824, 829, 834, 841, 844, 847, 850, 853, + 856, 859, 862, 865, 868, 871, 874, 877, 880, 883, + 886, 889, 894, 908, 917, 938, 961, 962, 965, 965, + 977, 980, 981, 988, 989, 992, 992, 1004, 1007, 1008, + 1015, 1016, 1019, 1019, 1031, 1034, 1035, 1038, 1038, 1050, + 1053, 1054, 1061, 1065, 1071, 1080, 1088, 1097, 1106, 1117, + 1118, 1125, 1129, 1135, 1144, 1152 }; #endif @@ -2254,93 +2254,99 @@ yyreduce: sudoerserror(N_("\"CHROOT\" path too long")); YYERROR; } + if (parser_conf.strict > 2) { + sudoerserror(N_("\"CHROOT\" is deprecated")); + YYERROR; + } else if (parser_conf.verbose > 0) { + parser_warnx(parsed_policy.ctx, sudoers, this_lineno, sudolinebuf.toke_start + 1, false, false, N_("\"CHROOT\" is deprecated")); + } (yyval.string) = (yyvsp[0].string); } -#line 2254 "gram.c" +#line 2260 "gram.c" break; case 57: /* timeoutspec: CMND_TIMEOUT '=' WORD */ -#line 618 "gram.y" +#line 624 "gram.y" { (yyval.string) = (yyvsp[0].string); } -#line 2262 "gram.c" +#line 2268 "gram.c" break; case 58: /* notbeforespec: NOTBEFORE '=' WORD */ -#line 623 "gram.y" +#line 629 "gram.y" { (yyval.string) = (yyvsp[0].string); } -#line 2270 "gram.c" +#line 2276 "gram.c" break; case 59: /* notafterspec: NOTAFTER '=' WORD */ -#line 627 "gram.y" +#line 633 "gram.y" { (yyval.string) = (yyvsp[0].string); } -#line 2278 "gram.c" +#line 2284 "gram.c" break; case 60: /* rolespec: ROLE '=' WORD */ -#line 632 "gram.y" +#line 638 "gram.y" { (yyval.string) = (yyvsp[0].string); } -#line 2286 "gram.c" +#line 2292 "gram.c" break; case 61: /* typespec: TYPE '=' WORD */ -#line 637 "gram.y" +#line 643 "gram.y" { (yyval.string) = (yyvsp[0].string); } -#line 2294 "gram.c" +#line 2300 "gram.c" break; case 62: /* apparmor_profilespec: APPARMOR_PROFILE '=' WORD */ -#line 642 "gram.y" +#line 648 "gram.y" { (yyval.string) = (yyvsp[0].string); } -#line 2302 "gram.c" +#line 2308 "gram.c" break; case 63: /* privsspec: PRIVS '=' WORD */ -#line 647 "gram.y" +#line 653 "gram.y" { (yyval.string) = (yyvsp[0].string); } -#line 2310 "gram.c" +#line 2316 "gram.c" break; case 64: /* limitprivsspec: LIMITPRIVS '=' WORD */ -#line 651 "gram.y" +#line 657 "gram.y" { (yyval.string) = (yyvsp[0].string); } -#line 2318 "gram.c" +#line 2324 "gram.c" break; case 65: /* runasspec: %empty */ -#line 656 "gram.y" +#line 662 "gram.y" { (yyval.runas) = NULL; } -#line 2326 "gram.c" +#line 2332 "gram.c" break; case 66: /* runasspec: '(' runaslist ')' */ -#line 659 "gram.y" +#line 665 "gram.y" { (yyval.runas) = (yyvsp[-1].runas); } -#line 2334 "gram.c" +#line 2340 "gram.c" break; case 67: /* runaslist: %empty */ -#line 664 "gram.y" +#line 670 "gram.y" { /* User may run command as themselves. */ (yyval.runas) = calloc(1, sizeof(struct runascontainer)); @@ -2358,11 +2364,11 @@ yyreduce: } parser_leak_add(LEAK_RUNAS, (yyval.runas)); } -#line 2356 "gram.c" +#line 2362 "gram.c" break; case 68: /* runaslist: userlist */ -#line 681 "gram.y" +#line 687 "gram.y" { /* User may run command as a user in userlist. */ (yyval.runas) = calloc(1, sizeof(struct runascontainer)); @@ -2375,11 +2381,11 @@ yyreduce: (yyval.runas)->runasusers = (yyvsp[0].member); /* $$->runasgroups = NULL; */ } -#line 2373 "gram.c" +#line 2379 "gram.c" break; case 69: /* runaslist: userlist ':' grouplist */ -#line 693 "gram.y" +#line 699 "gram.y" { /* * User may run command as a user in userlist @@ -2396,11 +2402,11 @@ yyreduce: (yyval.runas)->runasusers = (yyvsp[-2].member); (yyval.runas)->runasgroups = (yyvsp[0].member); } -#line 2394 "gram.c" +#line 2400 "gram.c" break; case 70: /* runaslist: ':' grouplist */ -#line 709 "gram.y" +#line 715 "gram.y" { /* User may run command as a group in grouplist. */ (yyval.runas) = calloc(1, sizeof(struct runascontainer)); @@ -2419,11 +2425,11 @@ yyreduce: parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); (yyval.runas)->runasgroups = (yyvsp[0].member); } -#line 2417 "gram.c" +#line 2423 "gram.c" break; case 71: /* runaslist: ':' */ -#line 727 "gram.y" +#line 733 "gram.y" { /* User may run command as themselves. */ (yyval.runas) = calloc(1, sizeof(struct runascontainer)); @@ -2441,114 +2447,114 @@ yyreduce: } parser_leak_add(LEAK_RUNAS, (yyval.runas)); } -#line 2439 "gram.c" - break; - - case 72: /* reserved_word: ALL */ -#line 746 "gram.y" - { (yyval.cstring) = "ALL"; } #line 2445 "gram.c" break; - case 73: /* reserved_word: CHROOT */ -#line 747 "gram.y" - { (yyval.cstring) = "CHROOT"; } + case 72: /* reserved_word: ALL */ +#line 752 "gram.y" + { (yyval.cstring) = "ALL"; } #line 2451 "gram.c" break; - case 74: /* reserved_word: CWD */ -#line 748 "gram.y" - { (yyval.cstring) = "CWD"; } + case 73: /* reserved_word: CHROOT */ +#line 753 "gram.y" + { (yyval.cstring) = "CHROOT"; } #line 2457 "gram.c" break; - case 75: /* reserved_word: CMND_TIMEOUT */ -#line 749 "gram.y" - { (yyval.cstring) = "CMND_TIMEOUT"; } + case 74: /* reserved_word: CWD */ +#line 754 "gram.y" + { (yyval.cstring) = "CWD"; } #line 2463 "gram.c" break; - case 76: /* reserved_word: NOTBEFORE */ -#line 750 "gram.y" - { (yyval.cstring) = "NOTBEFORE"; } + case 75: /* reserved_word: CMND_TIMEOUT */ +#line 755 "gram.y" + { (yyval.cstring) = "CMND_TIMEOUT"; } #line 2469 "gram.c" break; - case 77: /* reserved_word: NOTAFTER */ -#line 751 "gram.y" - { (yyval.cstring) = "NOTAFTER"; } + case 76: /* reserved_word: NOTBEFORE */ +#line 756 "gram.y" + { (yyval.cstring) = "NOTBEFORE"; } #line 2475 "gram.c" break; - case 78: /* reserved_word: ROLE */ -#line 752 "gram.y" - { (yyval.cstring) = "ROLE"; } + case 77: /* reserved_word: NOTAFTER */ +#line 757 "gram.y" + { (yyval.cstring) = "NOTAFTER"; } #line 2481 "gram.c" break; - case 79: /* reserved_word: TYPE */ -#line 753 "gram.y" - { (yyval.cstring) = "TYPE"; } + case 78: /* reserved_word: ROLE */ +#line 758 "gram.y" + { (yyval.cstring) = "ROLE"; } #line 2487 "gram.c" break; - case 80: /* reserved_word: PRIVS */ -#line 754 "gram.y" - { (yyval.cstring) = "PRIVS"; } + case 79: /* reserved_word: TYPE */ +#line 759 "gram.y" + { (yyval.cstring) = "TYPE"; } #line 2493 "gram.c" break; - case 81: /* reserved_word: LIMITPRIVS */ -#line 755 "gram.y" - { (yyval.cstring) = "LIMITPRIVS"; } + case 80: /* reserved_word: PRIVS */ +#line 760 "gram.y" + { (yyval.cstring) = "PRIVS"; } #line 2499 "gram.c" break; - case 82: /* reserved_word: APPARMOR_PROFILE */ -#line 756 "gram.y" - { (yyval.cstring) = "APPARMOR_PROFILE"; } + case 81: /* reserved_word: LIMITPRIVS */ +#line 761 "gram.y" + { (yyval.cstring) = "LIMITPRIVS"; } #line 2505 "gram.c" break; + case 82: /* reserved_word: APPARMOR_PROFILE */ +#line 762 "gram.y" + { (yyval.cstring) = "APPARMOR_PROFILE"; } +#line 2511 "gram.c" + break; + case 83: /* reserved_alias: reserved_word */ -#line 759 "gram.y" +#line 765 "gram.y" { sudoerserrorf(U_("syntax error, reserved word %s used as an alias name"), (yyvsp[0].cstring)); YYERROR; } -#line 2514 "gram.c" +#line 2520 "gram.c" break; case 84: /* options: %empty */ -#line 765 "gram.y" +#line 771 "gram.y" { init_options(&(yyval.options)); } -#line 2522 "gram.c" +#line 2528 "gram.c" break; case 85: /* options: options chdirspec */ -#line 768 "gram.y" +#line 774 "gram.y" { parser_leak_remove(LEAK_PTR, (yyval.options).runcwd); free((yyval.options).runcwd); (yyval.options).runcwd = (yyvsp[0].string); } -#line 2532 "gram.c" +#line 2538 "gram.c" break; case 86: /* options: options chrootspec */ -#line 773 "gram.y" +#line 779 "gram.y" { parser_leak_remove(LEAK_PTR, (yyval.options).runchroot); free((yyval.options).runchroot); (yyval.options).runchroot = (yyvsp[0].string); } -#line 2542 "gram.c" +#line 2548 "gram.c" break; case 87: /* options: options notbeforespec */ -#line 778 "gram.y" +#line 784 "gram.y" { (yyval.options).notbefore = parse_gentime((yyvsp[0].string)); parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); @@ -2558,11 +2564,11 @@ yyreduce: YYERROR; } } -#line 2556 "gram.c" +#line 2562 "gram.c" break; case 88: /* options: options notafterspec */ -#line 787 "gram.y" +#line 793 "gram.y" { (yyval.options).notafter = parse_gentime((yyvsp[0].string)); parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); @@ -2572,11 +2578,11 @@ yyreduce: YYERROR; } } -#line 2570 "gram.c" +#line 2576 "gram.c" break; case 89: /* options: options timeoutspec */ -#line 796 "gram.y" +#line 802 "gram.y" { (yyval.options).timeout = parse_timeout((yyvsp[0].string)); parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); @@ -2589,197 +2595,197 @@ yyreduce: YYERROR; } } -#line 2587 "gram.c" +#line 2593 "gram.c" break; case 90: /* options: options rolespec */ -#line 808 "gram.y" +#line 814 "gram.y" { parser_leak_remove(LEAK_PTR, (yyval.options).role); free((yyval.options).role); (yyval.options).role = (yyvsp[0].string); } -#line 2597 "gram.c" +#line 2603 "gram.c" break; case 91: /* options: options typespec */ -#line 813 "gram.y" +#line 819 "gram.y" { parser_leak_remove(LEAK_PTR, (yyval.options).type); free((yyval.options).type); (yyval.options).type = (yyvsp[0].string); } -#line 2607 "gram.c" +#line 2613 "gram.c" break; case 92: /* options: options apparmor_profilespec */ -#line 818 "gram.y" +#line 824 "gram.y" { parser_leak_remove(LEAK_PTR, (yyval.options).apparmor_profile); free((yyval.options).apparmor_profile); (yyval.options).apparmor_profile = (yyvsp[0].string); } -#line 2617 "gram.c" +#line 2623 "gram.c" break; case 93: /* options: options privsspec */ -#line 823 "gram.y" +#line 829 "gram.y" { parser_leak_remove(LEAK_PTR, (yyval.options).privs); free((yyval.options).privs); (yyval.options).privs = (yyvsp[0].string); } -#line 2627 "gram.c" +#line 2633 "gram.c" break; case 94: /* options: options limitprivsspec */ -#line 828 "gram.y" +#line 834 "gram.y" { parser_leak_remove(LEAK_PTR, (yyval.options).limitprivs); free((yyval.options).limitprivs); (yyval.options).limitprivs = (yyvsp[0].string); } -#line 2637 "gram.c" +#line 2643 "gram.c" break; case 95: /* cmndtag: %empty */ -#line 835 "gram.y" +#line 841 "gram.y" { TAGS_INIT(&(yyval.tag)); } -#line 2645 "gram.c" +#line 2651 "gram.c" break; case 96: /* cmndtag: cmndtag NOPASSWD */ -#line 838 "gram.y" +#line 844 "gram.y" { (yyval.tag).nopasswd = true; } -#line 2653 "gram.c" +#line 2659 "gram.c" break; case 97: /* cmndtag: cmndtag PASSWD */ -#line 841 "gram.y" +#line 847 "gram.y" { (yyval.tag).nopasswd = false; } -#line 2661 "gram.c" +#line 2667 "gram.c" break; case 98: /* cmndtag: cmndtag NOEXEC */ -#line 844 "gram.y" +#line 850 "gram.y" { (yyval.tag).noexec = true; } -#line 2669 "gram.c" +#line 2675 "gram.c" break; case 99: /* cmndtag: cmndtag EXEC */ -#line 847 "gram.y" +#line 853 "gram.y" { (yyval.tag).noexec = false; } -#line 2677 "gram.c" +#line 2683 "gram.c" break; case 100: /* cmndtag: cmndtag INTERCEPT */ -#line 850 "gram.y" +#line 856 "gram.y" { (yyval.tag).intercept = true; } -#line 2685 "gram.c" +#line 2691 "gram.c" break; case 101: /* cmndtag: cmndtag NOINTERCEPT */ -#line 853 "gram.y" +#line 859 "gram.y" { (yyval.tag).intercept = false; } -#line 2693 "gram.c" +#line 2699 "gram.c" break; case 102: /* cmndtag: cmndtag SETENV */ -#line 856 "gram.y" +#line 862 "gram.y" { (yyval.tag).setenv = true; } -#line 2701 "gram.c" +#line 2707 "gram.c" break; case 103: /* cmndtag: cmndtag NOSETENV */ -#line 859 "gram.y" +#line 865 "gram.y" { (yyval.tag).setenv = false; } -#line 2709 "gram.c" +#line 2715 "gram.c" break; case 104: /* cmndtag: cmndtag LOG_INPUT */ -#line 862 "gram.y" +#line 868 "gram.y" { (yyval.tag).log_input = true; } -#line 2717 "gram.c" +#line 2723 "gram.c" break; case 105: /* cmndtag: cmndtag NOLOG_INPUT */ -#line 865 "gram.y" +#line 871 "gram.y" { (yyval.tag).log_input = false; } -#line 2725 "gram.c" +#line 2731 "gram.c" break; case 106: /* cmndtag: cmndtag LOG_OUTPUT */ -#line 868 "gram.y" +#line 874 "gram.y" { (yyval.tag).log_output = true; } -#line 2733 "gram.c" +#line 2739 "gram.c" break; case 107: /* cmndtag: cmndtag NOLOG_OUTPUT */ -#line 871 "gram.y" +#line 877 "gram.y" { (yyval.tag).log_output = false; } -#line 2741 "gram.c" +#line 2747 "gram.c" break; case 108: /* cmndtag: cmndtag FOLLOWLNK */ -#line 874 "gram.y" +#line 880 "gram.y" { (yyval.tag).follow = true; } -#line 2749 "gram.c" +#line 2755 "gram.c" break; case 109: /* cmndtag: cmndtag NOFOLLOWLNK */ -#line 877 "gram.y" +#line 883 "gram.y" { (yyval.tag).follow = false; } -#line 2757 "gram.c" +#line 2763 "gram.c" break; case 110: /* cmndtag: cmndtag MAIL */ -#line 880 "gram.y" +#line 886 "gram.y" { (yyval.tag).send_mail = true; } -#line 2765 "gram.c" +#line 2771 "gram.c" break; case 111: /* cmndtag: cmndtag NOMAIL */ -#line 883 "gram.y" +#line 889 "gram.y" { (yyval.tag).send_mail = false; } -#line 2773 "gram.c" +#line 2779 "gram.c" break; case 112: /* cmnd: ALL */ -#line 888 "gram.y" +#line 894 "gram.y" { struct sudo_command *c; @@ -2794,11 +2800,11 @@ yyreduce: } parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 2792 "gram.c" +#line 2798 "gram.c" break; case 113: /* cmnd: ALIAS */ -#line 902 "gram.y" +#line 908 "gram.y" { (yyval.member) = new_member((yyvsp[0].string), ALIAS); if ((yyval.member) == NULL) { @@ -2808,11 +2814,11 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 2806 "gram.c" +#line 2812 "gram.c" break; case 114: /* cmnd: COMMAND */ -#line 911 "gram.y" +#line 917 "gram.y" { struct sudo_command *c; @@ -2834,11 +2840,11 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[0].command).args); parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 2832 "gram.c" +#line 2838 "gram.c" break; case 115: /* cmnd: WORD */ -#line 932 "gram.y" +#line 938 "gram.y" { if (strcmp((yyvsp[0].string), "list") == 0) { struct sudo_command *c; @@ -2860,20 +2866,20 @@ yyreduce: YYERROR; } } -#line 2858 "gram.c" +#line 2864 "gram.c" break; case 118: /* $@1: %empty */ -#line 959 "gram.y" +#line 965 "gram.y" { alias_line = this_lineno; alias_column = (int)sudolinebuf.toke_start + 1; } -#line 2867 "gram.c" +#line 2873 "gram.c" break; case 119: /* hostalias: ALIAS $@1 '=' hostlist */ -#line 962 "gram.y" +#line 968 "gram.y" { if (!alias_add(&parsed_policy, (yyvsp[-3].string), HOSTALIAS, sudoers, alias_line, alias_column, (yyvsp[0].member))) { @@ -2883,30 +2889,30 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[-3].string)); parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); } -#line 2881 "gram.c" +#line 2887 "gram.c" break; case 122: /* hostlist: hostlist ',' ophost */ -#line 975 "gram.y" +#line 981 "gram.y" { parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); HLTQ_CONCAT((yyvsp[-2].member), (yyvsp[0].member), entries); (yyval.member) = (yyvsp[-2].member); } -#line 2891 "gram.c" +#line 2897 "gram.c" break; case 125: /* $@2: %empty */ -#line 986 "gram.y" +#line 992 "gram.y" { alias_line = this_lineno; alias_column = (int)sudolinebuf.toke_start + 1; } -#line 2900 "gram.c" +#line 2906 "gram.c" break; case 126: /* cmndalias: ALIAS $@2 '=' cmndlist */ -#line 989 "gram.y" +#line 995 "gram.y" { if (!alias_add(&parsed_policy, (yyvsp[-3].string), CMNDALIAS, sudoers, alias_line, alias_column, (yyvsp[0].member))) { @@ -2916,30 +2922,30 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[-3].string)); parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); } -#line 2914 "gram.c" +#line 2920 "gram.c" break; case 129: /* cmndlist: cmndlist ',' digcmnd */ -#line 1002 "gram.y" +#line 1008 "gram.y" { parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); HLTQ_CONCAT((yyvsp[-2].member), (yyvsp[0].member), entries); (yyval.member) = (yyvsp[-2].member); } -#line 2924 "gram.c" +#line 2930 "gram.c" break; case 132: /* $@3: %empty */ -#line 1013 "gram.y" +#line 1019 "gram.y" { alias_line = this_lineno; alias_column = (int)sudolinebuf.toke_start + 1; } -#line 2933 "gram.c" +#line 2939 "gram.c" break; case 133: /* runasalias: ALIAS $@3 '=' userlist */ -#line 1016 "gram.y" +#line 1022 "gram.y" { if (!alias_add(&parsed_policy, (yyvsp[-3].string), RUNASALIAS, sudoers, alias_line, alias_column, (yyvsp[0].member))) { @@ -2949,20 +2955,20 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[-3].string)); parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); } -#line 2947 "gram.c" +#line 2953 "gram.c" break; case 137: /* $@4: %empty */ -#line 1032 "gram.y" +#line 1038 "gram.y" { alias_line = this_lineno; alias_column = (int)sudolinebuf.toke_start + 1; } -#line 2956 "gram.c" +#line 2962 "gram.c" break; case 138: /* useralias: ALIAS $@4 '=' userlist */ -#line 1035 "gram.y" +#line 1041 "gram.y" { if (!alias_add(&parsed_policy, (yyvsp[-3].string), USERALIAS, sudoers, alias_line, alias_column, (yyvsp[0].member))) { @@ -2972,39 +2978,39 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[-3].string)); parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); } -#line 2970 "gram.c" +#line 2976 "gram.c" break; case 141: /* userlist: userlist ',' opuser */ -#line 1048 "gram.y" +#line 1054 "gram.y" { parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); HLTQ_CONCAT((yyvsp[-2].member), (yyvsp[0].member), entries); (yyval.member) = (yyvsp[-2].member); } -#line 2980 "gram.c" +#line 2986 "gram.c" break; case 142: /* opuser: user */ -#line 1055 "gram.y" +#line 1061 "gram.y" { (yyval.member) = (yyvsp[0].member); (yyval.member)->negated = false; } -#line 2989 "gram.c" +#line 2995 "gram.c" break; case 143: /* opuser: '!' user */ -#line 1059 "gram.y" +#line 1065 "gram.y" { (yyval.member) = (yyvsp[0].member); (yyval.member)->negated = true; } -#line 2998 "gram.c" +#line 3004 "gram.c" break; case 144: /* user: ALIAS */ -#line 1065 "gram.y" +#line 1071 "gram.y" { (yyval.member) = new_member((yyvsp[0].string), ALIAS); if ((yyval.member) == NULL) { @@ -3014,11 +3020,11 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 3012 "gram.c" +#line 3018 "gram.c" break; case 145: /* user: ALL */ -#line 1074 "gram.y" +#line 1080 "gram.y" { (yyval.member) = new_member(NULL, ALL); if ((yyval.member) == NULL) { @@ -3027,11 +3033,11 @@ yyreduce: } parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 3025 "gram.c" +#line 3031 "gram.c" break; case 146: /* user: NETGROUP */ -#line 1082 "gram.y" +#line 1088 "gram.y" { (yyval.member) = new_member((yyvsp[0].string), NETGROUP); if ((yyval.member) == NULL) { @@ -3041,11 +3047,11 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 3039 "gram.c" +#line 3045 "gram.c" break; case 147: /* user: USERGROUP */ -#line 1091 "gram.y" +#line 1097 "gram.y" { (yyval.member) = new_member((yyvsp[0].string), USERGROUP); if ((yyval.member) == NULL) { @@ -3055,11 +3061,11 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 3053 "gram.c" +#line 3059 "gram.c" break; case 148: /* user: WORD */ -#line 1100 "gram.y" +#line 1106 "gram.y" { (yyval.member) = new_member((yyvsp[0].string), WORD); if ((yyval.member) == NULL) { @@ -3069,39 +3075,39 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 3067 "gram.c" +#line 3073 "gram.c" break; case 150: /* grouplist: grouplist ',' opgroup */ -#line 1112 "gram.y" +#line 1118 "gram.y" { parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); HLTQ_CONCAT((yyvsp[-2].member), (yyvsp[0].member), entries); (yyval.member) = (yyvsp[-2].member); } -#line 3077 "gram.c" +#line 3083 "gram.c" break; case 151: /* opgroup: group */ -#line 1119 "gram.y" +#line 1125 "gram.y" { (yyval.member) = (yyvsp[0].member); (yyval.member)->negated = false; } -#line 3086 "gram.c" +#line 3092 "gram.c" break; case 152: /* opgroup: '!' group */ -#line 1123 "gram.y" +#line 1129 "gram.y" { (yyval.member) = (yyvsp[0].member); (yyval.member)->negated = true; } -#line 3095 "gram.c" +#line 3101 "gram.c" break; case 153: /* group: ALIAS */ -#line 1129 "gram.y" +#line 1135 "gram.y" { (yyval.member) = new_member((yyvsp[0].string), ALIAS); if ((yyval.member) == NULL) { @@ -3111,11 +3117,11 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 3109 "gram.c" +#line 3115 "gram.c" break; case 154: /* group: ALL */ -#line 1138 "gram.y" +#line 1144 "gram.y" { (yyval.member) = new_member(NULL, ALL); if ((yyval.member) == NULL) { @@ -3124,11 +3130,11 @@ yyreduce: } parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 3122 "gram.c" +#line 3128 "gram.c" break; case 155: /* group: WORD */ -#line 1146 "gram.y" +#line 1152 "gram.y" { (yyval.member) = new_member((yyvsp[0].string), WORD); if ((yyval.member) == NULL) { @@ -3138,11 +3144,11 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 3136 "gram.c" +#line 3142 "gram.c" break; -#line 3140 "gram.c" +#line 3146 "gram.c" default: break; } @@ -3335,7 +3341,7 @@ yyreturnlab: return yyresult; } -#line 1156 "gram.y" +#line 1162 "gram.y" /* Like yyerror() but takes a printf-style format string. */ void diff --git a/plugins/sudoers/gram.y b/plugins/sudoers/gram.y index 24c8ecaf0..dc05b3483 100644 --- a/plugins/sudoers/gram.y +++ b/plugins/sudoers/gram.y @@ -611,6 +611,12 @@ chrootspec : CHROOT '=' WORD { sudoerserror(N_("\"CHROOT\" path too long")); YYERROR; } + if (parser_conf.strict > 2) { + sudoerserror(N_("\"CHROOT\" is deprecated")); + YYERROR; + } else if (parser_conf.verbose > 0) { + parser_warnx(parsed_policy.ctx, sudoers, this_lineno, sudolinebuf.toke_start + 1, false, false, N_("\"CHROOT\" is deprecated")); + } $$ = $3; } ; diff --git a/plugins/sudoers/regress/sudoers/test24.toke.ok b/plugins/sudoers/regress/sudoers/test24.toke.ok index 06b98ed66..4fb4e231b 100644 --- a/plugins/sudoers/regress/sudoers/test24.toke.ok +++ b/plugins/sudoers/regress/sudoers/test24.toke.ok @@ -4,7 +4,9 @@ DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) DEFAULTS DEFVAR = WORD(2) DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) # -WORD(6) ALL = CHROOT = WORD(5) CWD = WORD(5) COMMAND -WORD(6) ALL = CHROOT = BEGINSTR STRBODY ENDSTR WORD(4) CWD = BEGINSTR STRBODY ENDSTR WORD(4) COMMAND +WORD(6) ALL = CHROOT = WORD(5) sudoers:7:20: "CHROOT" is deprecated +CWD = WORD(5) COMMAND +WORD(6) ALL = CHROOT = BEGINSTR STRBODY ENDSTR WORD(4) sudoers:8:29: "CHROOT" is deprecated +CWD = BEGINSTR STRBODY ENDSTR WORD(4) COMMAND WORD(6) ALL = CWD = WORD(5) COMMAND , CWD = WORD(5) COMMAND WORD(6) ALL = CWD = BEGINSTR STRBODY ENDSTR WORD(4) COMMAND , CWD = BEGINSTR STRBODY ENDSTR WORD(4) COMMAND diff --git a/plugins/sudoers/regress/testsudoers/test20.out.ok b/plugins/sudoers/regress/testsudoers/test20.out.ok index 6a8e451d7..eb4718c1f 100644 --- a/plugins/sudoers/regress/testsudoers/test20.out.ok +++ b/plugins/sudoers/regress/testsudoers/test20.out.ok @@ -1,3 +1,4 @@ +sudoers:2:19: "CHROOT" is deprecated Parses OK Entries for user root: diff --git a/plugins/sudoers/regress/testsudoers/test26.out.ok b/plugins/sudoers/regress/testsudoers/test26.out.ok index 281817cce..b46f77f0e 100644 --- a/plugins/sudoers/regress/testsudoers/test26.out.ok +++ b/plugins/sudoers/regress/testsudoers/test26.out.ok @@ -15,6 +15,7 @@ Password required Command denied User cannot override the sudoers chroot: +sudoers:1:19: "CHROOT" is deprecated Parses OK Entries for user root: @@ -29,6 +30,7 @@ Password required Command unmatched User can chroot if sudoers rule sets chroot to '*': +sudoers:1:19: "CHROOT" is deprecated Parses OK Entries for user root: diff --git a/plugins/sudoers/visudo_cb.c b/plugins/sudoers/visudo_cb.c index 8b6309ce8..318235f7b 100644 --- a/plugins/sudoers/visudo_cb.c +++ b/plugins/sudoers/visudo_cb.c @@ -25,6 +25,16 @@ #include +static bool +cb_runchroot(struct sudoers_context *ctx, const char *file, int line, int column, const union sudo_defs_val *sd_un, int op) +{ + parser_warnx(ctx, file, line, column, ctx->parser_conf.strict > 1, + !ctx->parser_conf.verbose, + N_("\"runchroot\" is deprecated and will be removed in a future sudo release")); + + return true; +} + /* * Set visudo Defaults callbacks. */ @@ -36,5 +46,8 @@ set_callbacks(void) /* Set locale callback. */ sudo_defs_table[I_SUDOERS_LOCALE].callback = sudoers_locale_callback; + /* The "runchroot" setting is deprecated. */ + sudo_defs_table[I_RUNCHROOT].callback = cb_runchroot; + debug_return; } diff --git a/src/parse_args.c b/src/parse_args.c index 2a84fd176..379f86008 100644 --- a/src/parse_args.c +++ b/src/parse_args.c @@ -454,6 +454,8 @@ parse_args(int argc, char **argv, const char *shell, int *old_optind, usage(); if (sudo_settings[ARG_CHROOT].value != NULL) usage(); + sudo_warnx("%s", + U_("the -R option will be removed in a future version of sudo")); sudo_settings[ARG_CHROOT].value = optarg; break; #ifdef HAVE_SELINUX From 23aff2b372a458ed8f5e2e508aee5bab24de2687 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Sat, 28 Jun 2025 10:30:36 -0600 Subject: [PATCH 05/18] Sudo 1.9.17p1 --- NEWS | 12 ++++++++++++ configure | 18 +++++++++--------- configure.ac | 2 +- 3 files changed, 22 insertions(+), 10 deletions(-) diff --git a/NEWS b/NEWS index 273c693cc..f4f737d0b 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,15 @@ +What's new in Sudo 1.9.17p1 + + * Fixed CVE-2025-32462. Sudo's -h (--host) option could be specified + when running a command or editing a file. This could enable a + local privilege escalation attack if the sudoers file allows the + user to run commands on a different host. + + * Fixed CVE-2025-32463. An attacker can leverage sudo's -R + (--chroot) option to run arbitrary commands as root, even if + they are not listed in the sudoers file. The chroot support has + been deprecated an will be removed entirely in a future release. + What's new in Sudo 1.9.17 * Sudo now uses the NODEV macro consistently. Bug #1074. diff --git a/configure b/configure index d0b680fdb..ad340055f 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.72 for sudo 1.9.17. +# Generated by GNU Autoconf 2.72 for sudo 1.9.17p1. # # Report bugs to . # @@ -614,8 +614,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='sudo' PACKAGE_TARNAME='sudo' -PACKAGE_VERSION='1.9.17' -PACKAGE_STRING='sudo 1.9.17' +PACKAGE_VERSION='1.9.17p1' +PACKAGE_STRING='sudo 1.9.17p1' PACKAGE_BUGREPORT='https://bugzilla.sudo.ws/' PACKAGE_URL='' @@ -1651,7 +1651,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -'configure' configures sudo 1.9.17 to adapt to many kinds of systems. +'configure' configures sudo 1.9.17p1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1717,7 +1717,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of sudo 1.9.17:";; + short | recursive ) echo "Configuration of sudo 1.9.17p1:";; esac cat <<\_ACEOF @@ -2013,7 +2013,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -sudo configure 1.9.17 +sudo configure 1.9.17p1 generated by GNU Autoconf 2.72 Copyright (C) 2023 Free Software Foundation, Inc. @@ -2833,7 +2833,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by sudo $as_me 1.9.17, which was +It was created by sudo $as_me 1.9.17p1, which was generated by GNU Autoconf 2.72. Invocation command line was $ $0$ac_configure_args_raw @@ -37071,7 +37071,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by sudo $as_me 1.9.17, which was +This file was extended by sudo $as_me 1.9.17p1, which was generated by GNU Autoconf 2.72. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -37139,7 +37139,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -sudo config.status 1.9.17 +sudo config.status 1.9.17p1 configured by $0, generated by GNU Autoconf 2.72, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 7180a175f..84c11523c 100644 --- a/configure.ac +++ b/configure.ac @@ -18,7 +18,7 @@ dnl ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF dnl OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. dnl AC_PREREQ([2.69]) -AC_INIT([sudo], [1.9.17], [https://bugzilla.sudo.ws/], [sudo]) +AC_INIT([sudo], [1.9.17p1], [https://bugzilla.sudo.ws/], [sudo]) AC_CONFIG_HEADERS([config.h pathnames.h]) AC_CONFIG_SRCDIR([src/sudo.c]) AC_CONFIG_AUX_DIR([scripts]) From cb4e267341332fb4957d68d98fd8e51c12d14aef Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Mon, 30 Jun 2025 08:57:06 -0600 Subject: [PATCH 06/18] We now build sudo releases from git, not mercurial --- Makefile.in | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/Makefile.in b/Makefile.in index 9251385d2..ecff43bda 100644 --- a/Makefile.in +++ b/Makefile.in @@ -248,14 +248,7 @@ depend: siglist.c signame.c tsgetusershell.c # The CODEOWNERS file is not present in the release tarball. ChangeLog: if test -f $(srcdir)/docs/CODEOWNERS; then \ - if test -d $(srcdir)/.hg && hg -R $(srcdir) identify -ibt >stamp-$@.tmp 2>&1; then \ - cmp stamp-$@.tmp stamp-$@ >/dev/null 2>&1 || { \ - mv -f stamp-$@.tmp stamp-$@; \ - if hg log -R $(srcdir) --template=changelog -r "sort(branch(.) or follow(), -date)" > $@.tmp; then \ - mv -f $@.tmp $(srcdir)/$@; \ - fi; \ - }; \ - elif test -d $(srcdir)/.git && git --git-dir $(srcdir)/.git describe --tags >stamp-$@.tmp 2>&1; then \ + if test -d $(srcdir)/.git && git --git-dir $(srcdir)/.git describe --tags >stamp-$@.tmp 2>&1; then \ cmp stamp-$@.tmp stamp-$@ >/dev/null 2>&1 || { \ mv -f stamp-$@.tmp stamp-$@; \ if $(scriptdir)/log2cl.pl -R $(srcdir)/.git > $@.tmp; then \ @@ -385,10 +378,10 @@ mkdefaults: cd plugins/sudoers && exec $(MAKE) DEVEL=1 ./def_data.c ./def_data.h check-dist: update-pot compile-po mkdefaults - @if test -d $(srcdir)/.hg && cd $(srcdir); then \ - if test `hg stat -am | wc -l` -ne 0; then \ + @if test -d $(srcdir)/.git && cd $(srcdir); then \ + if git status -s | grep -q '^ *M'; then \ echo "Uncommitted changes" 1>&2; \ - hg stat -am 1>&2; \ + git status -s | grep '^ *M'; \ exit 1; \ fi; \ fi From 1c254b330490216857b5b79a071ca4a8ca6bb522 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Tue, 8 Jul 2025 07:49:07 -0600 Subject: [PATCH 07/18] visudo: create temporary file as mod 0600 not 0700 This was due to a typo in the mode field when the temporary file was created. Noticed by Bjorn Baron of the sudo-rs project. --- plugins/sudoers/visudo.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/sudoers/visudo.c b/plugins/sudoers/visudo.c index 18fb24157..8958d52dd 100644 --- a/plugins/sudoers/visudo.c +++ b/plugins/sudoers/visudo.c @@ -499,7 +499,7 @@ edit_sudoers(struct sudoersfile *sp, char *editor, int editor_argc, if (sp->tpath == NULL) { if (asprintf(&sp->tpath, "%s.tmp", sp->dpath) == -1) sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); - tfd = open(sp->tpath, O_WRONLY|O_CREAT|O_TRUNC, S_IRWXU|S_IRUSR); + tfd = open(sp->tpath, O_WRONLY|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR); if (tfd < 0) sudo_fatal("%s", sp->tpath); From e5d953f33925bfa183e32fdd1e41ac7f9da5f470 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Tue, 8 Jul 2025 19:17:57 -0600 Subject: [PATCH 08/18] Don't assume RHEL major version is only a single digit Fixes handling of RHEL 10 and higher. --- etc/sudo-logsrvd.pp | 4 ++-- etc/sudo-python.pp | 4 ++-- etc/sudo.pp | 4 ++-- scripts/pp | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/etc/sudo-logsrvd.pp b/etc/sudo-logsrvd.pp index a51fc03ab..a904c720e 100644 --- a/etc/sudo-logsrvd.pp +++ b/etc/sudo-logsrvd.pp @@ -129,14 +129,14 @@ This makes it possible to have all sudo I/O logs on a central server." %if [rpm] # Add distro info to release - osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*\([0-9]\{1,2\}\).*/\1/'` + osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*\([0-9]\{1,3\}\).*/\1/'` case "$pp_rpm_distro" in centos*|rhel*|f[0-9]*) # CentOS Stream has a single-digit version if test $osrelease -lt 10; then osrelease="${osrelease}0" fi - pp_rpm_release="$pp_rpm_release.el${osrelease%%[0-9]}" + pp_rpm_release="$pp_rpm_release.el${osrelease%[0-9]}" ;; sles*) pp_rpm_release="$pp_rpm_release.sles$osrelease" diff --git a/etc/sudo-python.pp b/etc/sudo-python.pp index 646c4312b..97d88d795 100644 --- a/etc/sudo-python.pp +++ b/etc/sudo-python.pp @@ -85,14 +85,14 @@ %if [rpm] # Add distro info to release - osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*\([0-9]\{1,2\}\).*/\1/'` + osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*\([0-9]\{1,3\}\).*/\1/'` case "$pp_rpm_distro" in centos*|rhel*|f[0-9]*) # CentOS Stream has a single-digit version if test $osrelease -lt 10; then osrelease="${osrelease}0" fi - pp_rpm_release="$pp_rpm_release.el${osrelease%%[0-9]}" + pp_rpm_release="$pp_rpm_release.el${osrelease%[0-9]}" ;; sles*) pp_rpm_release="$pp_rpm_release.sles$osrelease" diff --git a/etc/sudo.pp b/etc/sudo.pp index 2dfbeabd0..541a56111 100644 --- a/etc/sudo.pp +++ b/etc/sudo.pp @@ -150,14 +150,14 @@ still allow people to get their work done." %if [rpm] # Add distro info to release - osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*\([0-9]\{1,2\}\).*/\1/'` + osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*\([0-9]\{1,3\}\).*/\1/'` case "$pp_rpm_distro" in centos*|rhel*|f[0-9]*) # CentOS Stream has a single-digit version if test $osrelease -lt 10; then osrelease="${osrelease}0" fi - pp_rpm_release="$pp_rpm_release.el${osrelease%%[0-9]}" + pp_rpm_release="$pp_rpm_release.el${osrelease%[0-9]}" ;; sles*) pp_rpm_release="$pp_rpm_release.sles$osrelease" diff --git a/scripts/pp b/scripts/pp index a1c5638a8..1489ef4ec 100755 --- a/scripts/pp +++ b/scripts/pp @@ -5581,7 +5581,7 @@ pp_rpm_detect_distro () { -e 's/^Red Hat Enterprise Linux.*release \([0-9][0-9\.]*\).*/rhel\1/p' \ -e 's/^Rocky Linux.*release \([0-9][0-9\.]*\).*/rhel\1/p' \ -e 's/^AlmaLinux.*release \([0-9][0-9\.]*\).*/rhel\1/p' \ - -e 's/^CentOS.*release \([0-9][0-9\.]*\).*/centos\1/p' \ + -e 's/^CentOS.*release \([0-9]\{1,\}\)\(\.[0-9]*\)\{0,1\}.*/centos\1\2/p' \ /etc/redhat-release` elif test -f /etc/SuSE-release; then pp_rpm_distro=`awk ' From fb208d383af27a07abe9cb277a620ea34c73f5d7 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Mon, 14 Jul 2025 16:55:34 -0600 Subject: [PATCH 09/18] revoke_pty: use killpg() not kill() to send HUP to the process group Also make sure we never call killpg(-1, SIGHUP), which would send SIGHUP to process 1 (init). It is possible for cmnd_pid to be -1 in certain error conditions where sudo killed the command itself. This may explain GitHub issue #458. --- src/exec_pty.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/exec_pty.c b/src/exec_pty.c index fb384d13c..0789305ec 100644 --- a/src/exec_pty.c +++ b/src/exec_pty.c @@ -358,9 +358,11 @@ revoke_pty(struct exec_closure *ec) pgrp = tcpgrp; close(io_fds[SFD_LEADER]); } - sudo_debug_printf(SUDO_DEBUG_NOTICE, "%s: killpg(%d, SIGHUP)", - __func__, (int)pgrp); - kill(pgrp, SIGHUP); + if (pgrp != -1) { + sudo_debug_printf(SUDO_DEBUG_NOTICE, "%s: killpg(%d, SIGHUP)", + __func__, (int)pgrp); + killpg(pgrp, SIGHUP); + } } /* From 2e93eabedfe70aee8419dc9ffc95d592afaa3107 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Sun, 20 Jul 2025 09:36:39 -0600 Subject: [PATCH 10/18] ptrace_readv_string: properly handle reads of more than one page When the "intercept" and "intercept_verify" options are enabled and either argv[] or envp[] contains a string larger than the page size (usually 4096), ptrace_readv_string() would fill the buffer with mutiple copies of the same string. Fixes GitHub issue #453. --- src/exec_ptrace.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/src/exec_ptrace.c b/src/exec_ptrace.c index f970c4f7e..679313f0c 100644 --- a/src/exec_ptrace.c +++ b/src/exec_ptrace.c @@ -387,8 +387,7 @@ ptrace_readv_string(pid_t pid, unsigned long addr, char *buf, size_t bufsize) (unsigned long)remote.iov_base, remote.iov_len); debug_return_ssize_t(-1); case 0: - sudo_debug_printf( - SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "process_vm_readv(%d, [0x%lx, %zu], 1, [0x%lx, %zu], 1, 0): %s", (int)pid, (unsigned long)local.iov_base, local.iov_len, (unsigned long)remote.iov_base, remote.iov_len, "premature EOF"); @@ -398,9 +397,17 @@ ptrace_readv_string(pid_t pid, unsigned long addr, char *buf, size_t bufsize) cp = memchr(buf, '\0', (size_t)nread); if (cp != NULL) debug_return_ssize_t((cp - buf0) + 1); /* includes NUL */ + /* No NUL terminator, we should have a full page. */ + if (nread != page_size) { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "process_vm_readv(%d, [0x%lx, %zu], 1, [0x%lx, %zu], 1, 0)" + " -> %zd", + (int)pid, (unsigned long)local.iov_base, local.iov_len, + (unsigned long)remote.iov_base, remote.iov_len, nread); + } buf += nread; bufsize -= (size_t)nread; - addr += sizeof(unsigned long); + addr += (size_t)nread; break; } } From fac2a49e75c2141e340c43bc0e024e6dc02e6493 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Sun, 20 Jul 2025 09:45:26 -0600 Subject: [PATCH 11/18] ptrace_readv_string: quiet sign-compare warning --- src/exec_ptrace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/exec_ptrace.c b/src/exec_ptrace.c index 679313f0c..c3411ba27 100644 --- a/src/exec_ptrace.c +++ b/src/exec_ptrace.c @@ -398,7 +398,7 @@ ptrace_readv_string(pid_t pid, unsigned long addr, char *buf, size_t bufsize) if (cp != NULL) debug_return_ssize_t((cp - buf0) + 1); /* includes NUL */ /* No NUL terminator, we should have a full page. */ - if (nread != page_size) { + if ((size_t)nread != page_size) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "process_vm_readv(%d, [0x%lx, %zu], 1, [0x%lx, %zu], 1, 0)" " -> %zd", From 8e7e0e23fae242cc0503b7dea8296b41df09a8f2 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Mon, 21 Jul 2025 07:41:11 -0600 Subject: [PATCH 12/18] ts_write: call lseek after fruncate on short write We need to make sure the file position is reset to the old EOF on error. --- plugins/sudoers/timestamp.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/plugins/sudoers/timestamp.c b/plugins/sudoers/timestamp.c index 43955420f..297482b32 100644 --- a/plugins/sudoers/timestamp.c +++ b/plugins/sudoers/timestamp.c @@ -358,12 +358,17 @@ ts_write(const struct sudoers_context *ctx, int fd, const char *fname, /* Truncate on partial write to be safe (assumes end of file). */ if (nwritten > 0) { - sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "short write, truncating partial time stamp record"); if (ftruncate(fd, old_eof) != 0) { sudo_warn(U_("unable to truncate time stamp file to %lld bytes"), (long long)old_eof); } + if (lseek(fd, old_eof, SEEK_SET) == -1) { + sudo_debug_printf( + SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO|SUDO_DEBUG_LINENO, + "unable to seek to %lld", (long long)old_eof); + } } debug_return_ssize_t(-1); } From 2dc10cfbd3e4536639df29777c533718604e3cbf Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Mon, 21 Jul 2025 09:04:59 -0600 Subject: [PATCH 13/18] Fix check for which man page type to use with nroff Fixes a bug where configure would use *.man instead of *.mdoc on systems without mandoc. --- configure | 2 +- configure.ac | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/configure b/configure index ad340055f..0fcf8359a 100755 --- a/configure +++ b/configure @@ -17775,7 +17775,7 @@ then : else case e in #( e) case "$ac_cv_path_NROFFPROG" in - *mandoc|nroff) + *mandoc|*nroff) # Prefer mdoc format for mandoc (or when no formatter is present). sudo_cv_var_mantype="mdoc" ;; diff --git a/configure.ac b/configure.ac index 84c11523c..43e61a894 100644 --- a/configure.ac +++ b/configure.ac @@ -1742,7 +1742,7 @@ AC_CACHE_CHECK([which macro set to use for manual pages], [sudo_cv_var_mantype], [ case "$ac_cv_path_NROFFPROG" in - *mandoc|nroff) + *mandoc|*nroff) # Prefer mdoc format for mandoc (or when no formatter is present). sudo_cv_var_mantype="mdoc" ;; From 55d3c99c4ef9d75e80c0a69817fd07ca6fa3e41a Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Mon, 21 Jul 2025 20:24:42 -0600 Subject: [PATCH 14/18] Add a way to override pp_rpm_arch when building rpms This will be used to build x86_64_v2 packages for Alma Linux. --- etc/sudo-logsrvd.pp | 5 +++++ etc/sudo-python.pp | 5 +++++ etc/sudo.pp | 5 +++++ scripts/mkpkg | 22 +++++++++++++++++++--- 4 files changed, 34 insertions(+), 3 deletions(-) diff --git a/etc/sudo-logsrvd.pp b/etc/sudo-logsrvd.pp index a904c720e..502dc3459 100644 --- a/etc/sudo-logsrvd.pp +++ b/etc/sudo-logsrvd.pp @@ -128,6 +128,11 @@ This makes it possible to have all sudo I/O logs on a central server." %endif %if [rpm] + # Used to set rpm_arch to x86_64_v2 on Alma Linux + if test -n "$pp_rpm_arch_override"; then + pp_rpm_arch="$pp_rpm_arch_override" + fi + # Add distro info to release osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*\([0-9]\{1,3\}\).*/\1/'` case "$pp_rpm_distro" in diff --git a/etc/sudo-python.pp b/etc/sudo-python.pp index 97d88d795..7738fcdda 100644 --- a/etc/sudo-python.pp +++ b/etc/sudo-python.pp @@ -84,6 +84,11 @@ %endif %if [rpm] + # Used to set rpm_arch to x86_64_v2 on Alma Linux + if test -n "$pp_rpm_arch_override"; then + pp_rpm_arch="$pp_rpm_arch_override" + fi + # Add distro info to release osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*\([0-9]\{1,3\}\).*/\1/'` case "$pp_rpm_distro" in diff --git a/etc/sudo.pp b/etc/sudo.pp index 541a56111..499c3c758 100644 --- a/etc/sudo.pp +++ b/etc/sudo.pp @@ -149,6 +149,11 @@ still allow people to get their work done." %endif %if [rpm] + # Used to set rpm_arch to x86_64_v2 on Alma Linux + if test -n "$pp_rpm_arch_override"; then + pp_rpm_arch="$pp_rpm_arch_override" + fi + # Add distro info to release osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*\([0-9]\{1,3\}\).*/\1/'` case "$pp_rpm_distro" in diff --git a/scripts/mkpkg b/scripts/mkpkg index b6dcec7f9..68b141916 100755 --- a/scripts/mkpkg +++ b/scripts/mkpkg @@ -17,8 +17,8 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # # Build a binary package using polypkg -# Usage: mkpkg [--build-only] [--configure-only] [--debug] [--flavor flavor] -# [--platform platform] [--osversion ver] +# Usage: mkpkg [--arch arch] [--build-only] [--configure-only] [--debug] +# [--flavor flavor] [--osversion ver] [--platform platform] # # Make sure IFS is set to space, tab, newline in that order. @@ -29,7 +29,7 @@ nl=' IFS=" $nl" # Parse arguments -usage="usage: mkpkg [--build-only] [--configure-only] [--debug] [--flavor flavor] [--platform platform] [--osversion ver]" +usage="usage: mkpkg [--arch arch] [--build-only] [--configure-only] [--debug] [--flavor flavor] [--osversion ver] [--platform platform]" debug=0 flavor=vanilla crossbuild=false @@ -37,6 +37,18 @@ build_packages=true; build_sudo=true; while test $# -gt 0; do case "$1" in + --arch=?*) + arch=`echo "$1" | sed -n 's/^--arch=\(.*\)/\1/p'` + ;; + --arch) + arch=`echo "$1" | sed -n 's/^--arch=\(.*\)/\1/p'` + if [ $# -lt 2 ]; then + echo "$usage" 1>&2 + exit 1 + fi + arch="$2" + shift + ;; --debug) set -x debug=1 @@ -208,6 +220,10 @@ case "$osversion" in ;; esac + if [ -n "$arch" ]; then + # Override the default rpm arch for, e.g. x86_64_v2 + PPVARS="${PPVARS}${PPVARS+$space}pp_rpm_arch_override=$arch" + fi if [ X"$with_selinux" = X"true" ]; then configure_opts="${configure_opts}${configure_opts+$tab}--with-selinux" fi From 26a1a7529a1974e28b179e18925a92d6dadf5660 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Wed, 23 Jul 2025 20:00:42 -0600 Subject: [PATCH 15/18] digest_matches: plug fd leak on snprinf() failure --- plugins/sudoers/match_command.c | 6 ++++-- plugins/sudoers/match_digest.c | 3 ++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/plugins/sudoers/match_command.c b/plugins/sudoers/match_command.c index a479ceec3..dc4d24472 100644 --- a/plugins/sudoers/match_command.c +++ b/plugins/sudoers/match_command.c @@ -272,7 +272,8 @@ command_matches_dir(struct sudoers_context *ctx, const char *sudoers_dir, len = snprintf(sdbuf, sizeof(sdbuf), "%s%s", runchroot, sudoers_dir); if (len >= ssizeof(sdbuf)) { errno = ENAMETOOLONG; - debug_return_bool(false); + sudo_warn("%s%s", runchroot, sudoers_dir); + goto done; } sudoers_dir = sdbuf; chrootlen = strlen(runchroot); @@ -536,7 +537,8 @@ command_matches_glob(struct sudoers_context *ctx, const char *sudoers_cmnd, snprintf(pathbuf, sizeof(pathbuf), "%s%s", runchroot, sudoers_cmnd); if (len >= ssizeof(pathbuf)) { errno = ENAMETOOLONG; - debug_return_bool(false); + sudo_warn("%s%s", runchroot, sudoers_cmnd); + debug_return_int(DENY); } sudoers_cmnd = pathbuf; chrootlen = strlen(runchroot); diff --git a/plugins/sudoers/match_digest.c b/plugins/sudoers/match_digest.c index 476fdd866..bb5258ef3 100644 --- a/plugins/sudoers/match_digest.c +++ b/plugins/sudoers/match_digest.c @@ -73,7 +73,8 @@ digest_matches(int fd, const char *path, const char *runchroot, snprintf(pathbuf, sizeof(pathbuf), "%s%s", runchroot, path); if (len >= ssizeof(pathbuf)) { errno = ENAMETOOLONG; - debug_return_bool(false); + sudo_warn("%s%s", runchroot, path); + goto done; } path = pathbuf; } From f0e1a5ca3818a3924b0763ea4d29661edeaaec66 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Wed, 23 Jul 2025 20:02:05 -0600 Subject: [PATCH 16/18] Sudo 1.9.17p2 --- NEWS | 19 +++++++++++++++++++ configure | 18 +++++++++--------- configure.ac | 2 +- 3 files changed, 29 insertions(+), 10 deletions(-) diff --git a/NEWS b/NEWS index f4f737d0b..fd0b9ad96 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,22 @@ +What's new in Sudo 1.9.17p2 + + * Fixed a bug introduced in sudo 1.9.16 that could result in sudo + sending SIGHUP to all processes on the system in certain rare + cases. The bug could manifest if sudo is running a command in + a pseudo-terminal, sudo terminates the command due to an internal + error, and the user's terminal is revoked. GitHub issue #458. + + * Fixed a bug introduced in sudo 1.9.12 that caused sudo to abort + when the "intercept" and "intercept_verify" options are enabled + in sudoers and either the command line arguments or the environment + contains a string larger than the page size (usually 4096). This + only Linux affects systems that support the ptrace_readv_string() + function. GitHub issue #453. + + * Fixed a bug in sudo's configure script introduced in sudo 1.9.17 + that prevented mdoc-format man pages from being used on systems + without the mandoc utility. Bug #1077. + What's new in Sudo 1.9.17p1 * Fixed CVE-2025-32462. Sudo's -h (--host) option could be specified diff --git a/configure b/configure index 0fcf8359a..3e33087e6 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.72 for sudo 1.9.17p1. +# Generated by GNU Autoconf 2.72 for sudo 1.9.17p2. # # Report bugs to . # @@ -614,8 +614,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='sudo' PACKAGE_TARNAME='sudo' -PACKAGE_VERSION='1.9.17p1' -PACKAGE_STRING='sudo 1.9.17p1' +PACKAGE_VERSION='1.9.17p2' +PACKAGE_STRING='sudo 1.9.17p2' PACKAGE_BUGREPORT='https://bugzilla.sudo.ws/' PACKAGE_URL='' @@ -1651,7 +1651,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -'configure' configures sudo 1.9.17p1 to adapt to many kinds of systems. +'configure' configures sudo 1.9.17p2 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1717,7 +1717,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of sudo 1.9.17p1:";; + short | recursive ) echo "Configuration of sudo 1.9.17p2:";; esac cat <<\_ACEOF @@ -2013,7 +2013,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -sudo configure 1.9.17p1 +sudo configure 1.9.17p2 generated by GNU Autoconf 2.72 Copyright (C) 2023 Free Software Foundation, Inc. @@ -2833,7 +2833,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by sudo $as_me 1.9.17p1, which was +It was created by sudo $as_me 1.9.17p2, which was generated by GNU Autoconf 2.72. Invocation command line was $ $0$ac_configure_args_raw @@ -37071,7 +37071,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by sudo $as_me 1.9.17p1, which was +This file was extended by sudo $as_me 1.9.17p2, which was generated by GNU Autoconf 2.72. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -37139,7 +37139,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -sudo config.status 1.9.17p1 +sudo config.status 1.9.17p2 configured by $0, generated by GNU Autoconf 2.72, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 43e61a894..bc4298148 100644 --- a/configure.ac +++ b/configure.ac @@ -18,7 +18,7 @@ dnl ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF dnl OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. dnl AC_PREREQ([2.69]) -AC_INIT([sudo], [1.9.17p1], [https://bugzilla.sudo.ws/], [sudo]) +AC_INIT([sudo], [1.9.17p2], [https://bugzilla.sudo.ws/], [sudo]) AC_CONFIG_HEADERS([config.h pathnames.h]) AC_CONFIG_SRCDIR([src/sudo.c]) AC_CONFIG_AUX_DIR([scripts]) From f73162df35cdf9d31a12758fd1681e608718ca5f Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Thu, 24 Jul 2025 07:37:29 -0600 Subject: [PATCH 17/18] client_msg_cb: make warning match the function that failed --- plugins/sudoers/log_client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/sudoers/log_client.c b/plugins/sudoers/log_client.c index 23d4f527a..ed31af11d 100644 --- a/plugins/sudoers/log_client.c +++ b/plugins/sudoers/log_client.c @@ -1933,7 +1933,7 @@ client_msg_cb(int fd, int what, void *v) { const ssize_t n = write(fd, buf->data + buf->off, buf->len - buf->off); if (n < 0) { - sudo_warn("send"); + sudo_warn("write"); goto bad; } nwritten = (size_t)n; From aa2498e46f1b4d6b1e13bde4e56b1aaa8d0d848e Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Thu, 24 Jul 2025 10:37:01 -0600 Subject: [PATCH 18/18] Fix check for which man page type to use with nroff Fixes a bug where configure would use *.man instead of *.mdoc on systems without mandoc. Bug #1077. --- configure | 4 ++-- configure.ac | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/configure b/configure index 3e33087e6..7762ab88d 100755 --- a/configure +++ b/configure @@ -17775,7 +17775,7 @@ then : else case e in #( e) case "$ac_cv_path_NROFFPROG" in - *mandoc|*nroff) + *mandoc|nroff) # Prefer mdoc format for mandoc (or when no formatter is present). sudo_cv_var_mantype="mdoc" ;; @@ -17786,7 +17786,7 @@ else case e in #( echo ".Nd sudo" >> conftest echo ".Sh DESCRIPTION" >> conftest echo "sudo" >> conftest - if $ac_cv_path_NROFF -mdoc conftest >/dev/null 2>&1; then + if $ac_cv_path_NROFFPROG -mdoc conftest >/dev/null 2>&1; then sudo_cv_var_mantype="mdoc" fi rm -f conftest diff --git a/configure.ac b/configure.ac index bc4298148..db72498cc 100644 --- a/configure.ac +++ b/configure.ac @@ -1742,7 +1742,7 @@ AC_CACHE_CHECK([which macro set to use for manual pages], [sudo_cv_var_mantype], [ case "$ac_cv_path_NROFFPROG" in - *mandoc|*nroff) + *mandoc|nroff) # Prefer mdoc format for mandoc (or when no formatter is present). sudo_cv_var_mantype="mdoc" ;; @@ -1753,7 +1753,7 @@ AC_CACHE_CHECK([which macro set to use for manual pages], echo ".Nd sudo" >> conftest echo ".Sh DESCRIPTION" >> conftest echo "sudo" >> conftest - if $ac_cv_path_NROFF -mdoc conftest >/dev/null 2>&1; then + if $ac_cv_path_NROFFPROG -mdoc conftest >/dev/null 2>&1; then sudo_cv_var_mantype="mdoc" fi rm -f conftest