mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-22 01:49:11 +00:00
Code Issues Releases Wiki Activity
13,159 Commits 6 Branches 326 Tags
Commit Graph

13159 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
84e7ca6752 Merge sudo 1.9.17 from branch 'main' into sudo-1.9 v1.9.17 2025-06-17 20:31:12 -06:00
Rose
5fad16bda2 Properly check against errors against fwrite 
fwrite is not the same as write; you have to explicitly compare against the length to detect errors, and sometimes number of items is mistaken for length.
 2025-06-17 20:29:12 -06:00
Todd C. Miller
e6cf241b03 No more mercurial repo, point to git.sudo.ws instead. 2025-06-12 11:16:10 -06:00
Todd C. Miller
fd6aa49321 fix typo 2025-06-09 07:45:59 -06:00
Todd C. Miller
04a8117500 Updated translations from translationproject.org 2025-06-08 16:47:28 -06:00
Todd C. Miller
d861a00a67 Update .pot files for 1.9.17 2025-06-08 16:47:28 -06:00
Todd C. Miller
cb3355e9d4 Sudo 1.9.17 2025-06-08 16:47:28 -06:00
Todd C. Miller
60fff3a3da Add Cantonese translation from GitHub 2025-06-08 16:47:28 -06:00
Todd C. Miller
57f67f67ff Fix typo 2025-06-08 16:44:34 -06:00
cantonese-sra
666d8c1757 yue translation 2025-06-08 16:43:18 -06:00
Todd C. Miller
ee1383e311 Fix typo 2025-06-08 07:28:35 -06:00
Todd C. Miller
afd01d856b Add SUDO_TTY environment variable if the user has a tty 
This can be used to find the user's original tty device when sudo
runs the command in its own pty.  GitHub issue #447.
 2025-06-07 16:21:36 -06:00
Rose
a925829e60 Restrict-qualify a few methods that are listed as such 2025-06-04 11:12:18 -06:00
Todd C. Miller
77fe6ae51e Use TCSAFLUSH not TCSADRAIN when disabling echo 
A long time ago this was changed from TCSAFLUSH to TCSADRAIN due
to some systems having problems with TCSAFLUSH.  That should no
longer be a concern.  Using TCSAFLUSH ensures that password input
that has been received by the kernel, but not yet read by sudo,
will be discarded and not echoed.
 2025-05-22 08:44:04 -06:00
Todd C. Miller
82ebb1eaa9 log_failure: only display "command not found" if running a command 
If the user is not allowed to run a command, we try to give them a
more useful message than "Sorry, user foo may not run sudo on bar."
However, this should only be done when running, not listing, a
command.  Otherwise, it would be possible for a user with no sudo
privileges to use "sudo -l /path/to/some/command" to determine
whether an executable exists in a directory that they do not have
search access to.
 2025-05-06 15:15:11 -06:00
Todd C. Miller
111fd83fb8 Use constant-time string compare for plain text password check. 
Avoid potential password guessing based on timing attacks on
the strcmp() function.  Reported by Quarkslab.
 2025-04-30 15:24:50 -06:00
Todd C. Miller
a294a8be00 check_user: refactor the "running as self" check into its own function 2025-04-30 13:54:36 -06:00
Todd C. Miller
28837b2af1 check_user: restrict the special case for running as the invoking user 
The intent is to allow the user to run a command or edit a file as
themself without entering a password.  It should not apply to listing
a command via "sudo -l command".
 2025-04-30 11:07:37 -06:00
Todd C. Miller
9c98d0f4a5 Regenerate man format manuals 2025-04-28 12:26:52 -06:00
Todd C. Miller
b876e3bbf3 Sync "Path intercept" comment with default sudo.conf and man page 2025-04-28 12:25:43 -06:00
peppapig450
d173674c2f Fix typo and update Protocol Buffers URL in sudo_logsrv.proto man page 
- Remove duplicate "The" in description of log_id field.
- Update outdated Protocol Buffers link from https://developers.google.com/protocol-buffers/ to https://protobuf.dev, the new canonical URL.

Signed-off-by: peppapig450 <peppapig450@pm.me>
 2025-04-28 12:12:06 -06:00
peppapig450
334e23183d Fix minor grammar errors in sudoers.ldap man page 
Signed-off-by: peppapig450 <peppapig450@pm.me>
 2025-04-28 12:12:06 -06:00
peppapig450
aa5d4b2b40 Fix typo: 'Please not report' → 'Please do not report' in documentation 
Signed-off-by: peppapig450 <peppapig450@pm.me>
 2025-04-28 12:12:06 -06:00
peppapig450
2f4d6bfe25 Fix minor grammar and spelling issues in sudo.conf man page 
Signed-off-by: peppapig450 <peppapig450@pm.me>
 2025-04-28 12:12:06 -06:00
Todd C. Miller
ce0ec8ddca Free existing contents of struct eventlog before overwriting. 
In the unlikely event that there are duplicate keys in info_msgs,
free the old string before overwriting with the new one.
 2025-03-31 20:11:34 -06:00
Todd C. Miller
e8695d536c Use a pointer to end of buffer instead of tracking space left. 
Fixes a problem in feedback mode where an initial backspace would
reduce the effective buffer size.  GitHub issue #439
 2025-03-31 09:09:57 -06:00
Todd C. Miller
627ae4b09c Ignore scripts/check_man 2025-03-09 10:42:17 -06:00
Todd C. Miller
fce45b2767 Make ignore_dot the default 
Add --disable-ignore-dot to disable it and deprecate --with-ignore-dot.
 2025-03-08 17:59:32 -07:00
Todd C. Miller
ff3c2185f1 Dash/hyphen related style fixes from check_man. 2025-02-27 19:37:48 -07:00
Todd C. Miller
eae70b05cf Add hyphen/dash checks 2025-02-27 19:33:18 -07:00
Todd C. Miller
c2e77b7133 Add check_man script to check for man page warnings. 2025-02-27 08:21:22 -07:00
Todd C. Miller
38c0bdd7ad Sync sudo.DEBUG descriptions with comments in sudo_debug.h. 2025-02-26 19:12:23 -07:00
Todd C. Miller
cf1b87c71d Sync sed scripts that add back troff conditionals. 
The sudo manuals contain conditional to avoid describing system-specific
behavior on systems that don't support it.  When we convert from
mdoc to man format we lose those conditionals, these sed scripts
add them back.  Changes to the mdoc files can prevent the regexps
from matching so they need to be updated periodically.
 2025-02-23 09:33:06 -07:00
Todd C. Miller
4d331e6026 Fix some style warnings from "mandoc -Tlint" 2025-02-22 15:41:22 -07:00
Todd C. Miller
3ba525a348 Style fixes from Bjarni Ingi Gislason. 2025-02-22 15:31:21 -07:00
Todd C. Miller
b04386f631 Most Defaults entries are applied in order. 
The exceptions are command-specific Defaults (which cannot be applied
until the command's path is resolved) and a small number of "early"
defaults that affect other entries.
 2025-02-14 09:29:37 -07:00
Todd C. Miller
1bdead1bb4 Only use system includes for mksiglist and mksigname. 
These are standalone programs that run on the host system
(which may differ from the target system) so we should not
include config.h and sudo_compat.h.
 2025-02-11 09:08:04 -07:00
Todd C. Miller
b0d94331c0 No longer need to define NSIG for cppcheck. 
There is now a configure check that defines it as needed.
 2025-02-11 08:42:57 -07:00
Todd C. Miller
1032030f85 Split the code to fill an exec closure into two functions. 
This lets us initialize the exec closure early and fill in the
events later.  It also makes things consistent with the exec_pty
version.
 2025-02-10 19:40:26 -07:00
Todd C. Miller
a4a999b5eb Run groff with warnings enabled for "make lint". 2025-02-10 19:40:26 -07:00
Todd C. Miller
257a078a85 Prefer POSIX getpgrp() to getpgid(0). 
We use getpgrp() in most place so prefer it for consistency
with the rest of the code base.
 2025-02-10 08:42:09 -07:00
Todd C. Miller
8feff96d37 regen 2025-02-10 08:42:09 -07:00
Todd C. Miller
d3293c528a Make DIAGNOSTICS descriptions indent consistent with sudo.mdoc.in. 2025-02-10 08:42:09 -07:00
Todd C. Miller
dc0f16dbc4 Avoid using ".It Li foo ..." in sudo manuals. 
The .Li macro is deprecated and makes no difference on terminal
devices.  Also avoid using items greater than 80 characters which
will wrap incorrectly.  Bug #1075.
 2025-02-09 14:36:10 -07:00
Todd C. Miller
aad69105d8 Fix warnings from groff -mandoc -t -K utf8 -rF0 -rHY=0 -ww -b -z 
Specify list offset and width in ens where applicable.
Shorten the ttyname description in sudo_logsrv.proto.mdoc.in.
Bug #1075.
 2025-02-09 14:36:09 -07:00
Todd C. Miller
a9e1120791 Only package parent directories that match a non-default prefix 
For example, if sudo is installed into /opt/sudo we only want to
package directories under /opt and not /var.
 2025-02-08 10:24:11 -07:00
Todd C. Miller
43f16c1d24 regen 2025-02-08 09:12:34 -07:00
Todd C. Miller
4bb4c6a154 Add lib/util/login_max.c 2025-02-08 09:12:16 -07:00
Todd C. Miller
0be9f0f947 Initialize exec closure before calling sudo_fatal_callback_register() 
The pty_cleanup() function, which may be called via fatal()/fatalx(),
expects that ec->details is set.  If there is a fatal error after
the cleanup hook is registered but before the exec closure it filled
in, pty_cleanup() would dereference a NULL pointer.
Reported by Bjorn Baron.
 2025-01-21 19:35:43 -07:00
Mateusz Piotrowski
6fc816d90b Fix a typo in the description of exec_pty() 2025-01-17 12:03:49 -07:00