We now create the LogHandler class for each interpreter in
python_plugin_init() instead of just once in sudo_module_init().
This fixes the crash seen in Py_EndInterpreter() with Python 3.12
and significantly reduces the number of leaked objects tracked by
MemorySanitizer.
--HG--
branch : 1.9
In sudo_module_set_default_loghandler() if we don't leak the reference
to py_loghandler we get a crash in Py_EndInterpreter() with Python
3.12. This probably indicates a reference counting bug elsewhere.
--HG--
branch : 1.9
We should only match a rule with an empty runas user if a group was
specified on the command line (sudo -g) without a user (no -u option)
or the user specified their own name on the command line.
GitHub issue #290
--HG--
branch : 1.9
This fixes a problem with "stair-stepped" output when the sudo-run
command's output is piped to another program and the command reads
input from the terminal.
--HG--
branch : 1.9
Add cmnd_foreground flag that is only true if sudo is the foreground
process and the CD_EXEC_BG flag is not set and pass it to exec_monitor().
This means exec_monitor() no longer needs to check for CD_EXEC_BG.
--HG--
branch : 1.9
The NULL check was commented out for testing but should have been
restored. Fixes a potential protocol error message from sudo_logsrvd.
--HG--
branch : 1.9
The lack of setting to NULL is a holdover from when command_info was a local variable and not a global one. However, we given how other global variables are set to NULL, it is best that we do the same here to avoid potential issues should sudoers_policy_store_result be called again after the first time failed, otherwise we could get a double-free.
Variable length arrays are supported by C99, but having it denoted as "1" confused the compiler and is not defined.
Note that because we don't get the inferred NULL terminator, we have to increase the malloc size by one.
This makes it possible to call the appropriate runas user or group
list match function when resolving aliases instead of calling
runaslist_matches() itself. Fixes a bug that prevented the group
specified via "sudo -g" from matching when a Runas_Alias was used
in the user or group portion of a Runas_Spec.
If a sudoers rule has no runas list, a user-specified runas group
should only be allowed if it matches a group that the default runas
user belongs to. Instead, a missing group check allowed the user
run commands as the default runas user with an arbitrary group.
This means that a rule like "somebody host = ALL", which should be
equivalent to "somebody host = (root) ALL", had the same effect as
"somebody host = (root:ALL) ALL".
Now that we are guaranteed to have a runas user list for all sudoers
rules that contain a runas list, we can remove support for the
special case where user_matched is set in the runas group matching
conditional. This fixes a bug where "sudo -u myuser -g mygroup"
was permitted by a rule like "myuser ALL = (root) ALL".
When a sudoers rule permits the user to run commands as a group,
not a user, we should set the runasusers to single member with the
special MYSELF token. This guarantees that the only time runasusers
will be NULL is when no runaslist is present.
