If the user is not allowed to run a command, we try to give them a
more useful message than "Sorry, user foo may not run sudo on bar."
However, this should only be done when running, not listing, a
command. Otherwise, it would be possible for a user with no sudo
privileges to use "sudo -l /path/to/some/command" to determine
whether an executable exists in a directory that they do not have
search access to.
The intent is to allow the user to run a command or edit a file as
themself without entering a password. It should not apply to listing
a command via "sudo -l command".
The sudo manuals contain conditional to avoid describing system-specific
behavior on systems that don't support it. When we convert from
mdoc to man format we lose those conditionals, these sed scripts
add them back. Changes to the mdoc files can prevent the regexps
from matching so they need to be updated periodically.
The exceptions are command-specific Defaults (which cannot be applied
until the command's path is resolved) and a small number of "early"
defaults that affect other entries.
These are standalone programs that run on the host system
(which may differ from the target system) so we should not
include config.h and sudo_compat.h.
The .Li macro is deprecated and makes no difference on terminal
devices. Also avoid using items greater than 80 characters which
will wrap incorrectly. Bug #1075.
The pty_cleanup() function, which may be called via fatal()/fatalx(),
expects that ec->details is set. If there is a fatal error after
the cleanup hook is registered but before the exec closure it filled
in, pty_cleanup() would dereference a NULL pointer.
Reported by Bjorn Baron.
The return values are used in ways that assume they are positive.
In practice, it is not possible to have a negative return value
other than -1 due to the size of the buffers being read from or
written to. Also add overflow checks when updating the buffer len.
Quiets several coverity warnings.
Previously, we compared the terminal device number returned by
get_process_ttyname() with that of stdin, stdout and stderr. This
causes problems on Linux if the user is logged in on the console,
which is a virtual device that may correspond to one of several
different terminal devices. In this specific case, there is a
mismatch between the controlling terminal listed in /proc/self/stat
(which corresponds to the underlying terminal device) and the device
number of stdin, stdout and stderr (which is that of /dev/console).
Instead of modifying the len parameter and using it for bounds
checking, compute the end of the source string and bound check on
that instead. Also simplify the code slightly and enable debugging.
