Previously, sudo only checked that the fd was a terminal, not that
it matched sudo's idea of the user's terminal. This matters when
input or output is redirected to a different terminal. In that
case we want to interpose the fd with a pipe even if it refers to
a terminal. Bug #1056.
This makes sudoers_lookup_pseudo(), which is used for pseudo-command
like "list" and "validate" a bit more like sudoers_lookup_check().
Time of day checks are performed, and callbacks are supported. We
cannot use the same code for regular commands and pseudo-commands
due to the "pwcheck == all" case.
Reported by the sudo-rs project.
There was a missing space between "list" and the actual command.
This also changes the output to include the command as specified
by the user, not the path found in the path. Previously, if the
command did not exist it would not be included in the message.
We now create the LogHandler class for each interpreter in
python_plugin_init() instead of just once in sudo_module_init().
This fixes the crash seen in Py_EndInterpreter() with Python 3.12
and significantly reduces the number of leaked objects tracked by
MemorySanitizer.
In sudo_module_set_default_loghandler() if we don't leak the reference
to py_loghandler we get a crash in Py_EndInterpreter() with Python
3.12. This probably indicates a reference counting bug elsewhere.
We should only match a rule with an empty runas user if a group was
specified on the command line (sudo -g) without a user (no -u option)
or the user specified their own name on the command line.
GitHub issue #290
This fixes a problem with "stair-stepped" output when the sudo-run
command's output is piped to another program and the command reads
input from the terminal.
Add cmnd_foreground flag that is only true if sudo is the foreground
process and the CD_EXEC_BG flag is not set and pass it to exec_monitor().
This means exec_monitor() no longer needs to check for CD_EXEC_BG.
This is more portable and eliminates the need to check for SYMLOOP_MAX
(and provide it if missing) in configure. Also quiet some -Wconversion
warnings.
The sudoers file must now explicitly allow the user to specify a
directory (sudo -D) or chroot (sudo -R) by setting cwd or chroot
to "*". If a specific cwd or chroot value is set in sudoers, the
user may not use the -D or -R options, even if they match the value
in sudoers.
In most cases, these simply expand to a call to sudo_debug_printf2().
We need to keep the function versions around in libsudo_util for
backwards compatibility.
