mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-30 22:05:46 +00:00
Code Issues Releases Wiki Activity
12,906 Commits 6 Branches 326 Tags
a68e821ef931cf02c2e81c22bc974a55beeb0ca7
Commit Graph

3906 Commits

Author SHA1 Message Date
Marco Trevisan (Treviño)
a68e821ef9 plugins/pam: Check the user didn't change during PAM transaction 
PAM modules can change the user during their execution, in such case,
sudo would still use the user that has been provided giving potentially
access to another user with the credentials of another one.

So prevent this to happen, by ensuring that the final PAM user is
matching the one which started the transaction
 2024-10-05 11:09:36 -06:00
Célestin Matte
05b5de538b Fix typo in sudoer file comment 2024-09-28 16:52:20 -06:00
Rose
77672d83c4 Put restrict qualifers in strvec_join function pointer 2024-09-21 14:08:13 -06:00
Andy Fiddaman
131e7e2de0 Allow --secure-path-value=no 
This adds support for --with-secure-path-value=no to allow packagers
to ship the sudoers configuration file with the secure path
line commented out if required.
 2024-09-21 14:03:24 -06:00
Todd C. Miller
0cbddb6939 alias_error: display the file and line info for the duplicate alias 
Having the file and line of the previous alias definition should
make it easier to fix duplicate alias errors.
 2024-09-13 11:56:09 -06:00
Ferdinand Bachmann
ce36f01def Add pam_silent setting to sudoers example config 2024-09-09 19:54:46 -06:00
Todd C. Miller
22b320645c Fix the date written used by the exit record in sudo-format log files 
The change to always get the current time when building a struct
evlog in sudoers broke the data and time written for exit records.
This only affected file-based logs, not syslog.  GitHub issue #405.
 2024-09-06 13:05:47 -06:00
Todd C. Miller
4751a4d2dd Make a ttydev parse error non-fatal for now 
This is new for sudo 1.9.16 so we don't want to break sudo if there
ends up being a bug in formatting dev_t from the front-end.
 2024-08-15 09:31:48 -06:00
Todd C. Miller
827fa8b76d Use sudo_strtonum() instead of strtoull(). 
Fixes building on systems that lack strtoull().  While dev_t is
unsigned on most systems, we can still use sudo_strtonum() here as
long as we allow the full range of values [LLONG_MIN,LLONG_MAX].
We don't use strtoul() here since some 32-bit systems have 64-bit
dev_t.
 2024-08-13 12:43:10 -06:00
Todd C. Miller
e3fd614e7e Sync base64_encode and base64_decode prototypes with parse.h. 2024-08-13 08:09:24 -06:00
Rose Silicon
60b6f30022 Restrict-qualify dst in base64_decode 
Definition restrict qualifies but not declaration in header.
 2024-08-13 08:07:07 -06:00
Rose
818aae38ce Add restrict qualifiers to base64_decode and base64_encode 2024-08-12 10:54:45 -06:00
Rose
85d08e96bd Restrict-qualify iolog_path_escapes like we do with check_iolog_path 
Also add it to the function pointer definition to act as a hint to use restrict in the various copy functions.
 2024-08-12 10:15:21 -06:00
Todd C. Miller
1381a69f59 Use FD_CLOEXEC instead of just 1 2024-08-02 19:48:41 -06:00
Todd C. Miller
cb2457410a Updated translations from translationproject.org 2024-07-27 10:17:59 -06:00
Todd C. Miller
b2af245b31 Updated translations from translationproject.org 2024-06-25 20:08:49 -06:00
Todd C. Miller
e0e24456bc Enable secure_path in default sudoers file. 
It is still disabled by default in the sudo binary.
 2024-06-10 20:37:05 -06:00
Todd C. Miller
1db1453556 Preserve SUDO_EDITOR, EDITOR, and VISUAL for visudo. 2024-06-10 08:17:17 -06:00
Todd C. Miller
14a8d9c09a Update .pot files for 1.9.16 2024-06-08 09:07:07 -06:00
Todd C. Miller
e9d65e67aa Treat unresolvable User_Alias/Host_Alias as non-aliases in JSON output. 
This matches the behavior of the sudoers parser.  There is no way
to tell for sure if an upper case word is an alias or a user or
host name.  An unresolvable command alias is never a command since
it doesn't start with a '/'.  GitHub issue #381
 2024-06-07 10:54:35 -06:00
Todd C. Miller
7c74a971d9 Allow the path in Chdir_Spec | Chroot_Spec to be double-quoted. 
The other values of an Option_Spec could already be quoted but path
names are treated specially.
 2024-05-26 14:37:50 -06:00
Robert Manner
ba29f54d97 logsrvd,plugins/sudoers: add debug log on TLS verification error 2024-05-17 17:18:32 -06:00
Todd C. Miller
f2a979f408 apply_cmndspec: plug potential memory leak 
If apply_cmndspec() is called where the cmndspec defines an apparmor
profile or Solaris privileges, and then is called again with a
cmndspec that does not have those set we would leak the original
value.
 2024-05-06 13:04:00 -06:00
Todd C. Miller
43ffe34ab4 We do not pass apparmor_profile from the front-end to the policy. 
There is no command line option to specify a profile, it is only
passed from the policy to the front-end.
 2024-05-06 11:45:12 -06:00
Todd C. Miller
720a1450e7 Sync fuzz_sudoers dictionary with def_data.in. 2024-05-03 08:31:10 -06:00
Todd C. Miller
718df95e11 apply_cmndspec: plug apparmor_profile leak 
Also override existing Solaris privs if specified.
 2024-05-03 08:15:19 -06:00
Todd C. Miller
07d6aa247c free_cmndspec: plug apparmor_profile leak 2024-05-03 07:34:55 -06:00
Todd C. Miller
89918caf5a Python 3.12 backtraces use '~' in addition to '^' when underlining. 
GitHub issue #374
 2024-05-02 20:02:43 -06:00
Todd C. Miller
2e6c90cdef Add test for parsing SELinux, AppArmor and Solaris privileges. 2024-05-01 19:12:44 -06:00
Todd C. Miller
389c8550c9 Unifdef parser support for SELinux, AppArmor and Solaris privileges. 2024-05-01 08:04:00 -06:00
Todd C. Miller
38b98b4174 Add some missing AppArmor bits. 
o Display ApparmorProfile in "long list" format.
 o Propagate apparmor_profile setting to commands in a list.
 o Support apparmor_profile in an LDAP sudoOption.
 2024-04-30 19:18:00 -06:00
Todd C. Miller
4d47acf69b Check JSON output with jq if present. 2024-04-30 09:34:10 -06:00
Todd C. Miller
7c2204d34d Format SELinux, AppArmor and Solaris privileges as Options. 
Previously these were output as separate arrays without an enclosing
object.  GitHub issue #373
 2024-04-30 08:15:19 -06:00
Todd C. Miller
27963e39f3 Pass "make spell" with updated codespell. 2024-04-29 09:19:52 -06:00
Todd C. Miller
e770c857f4 Fix copy and paste error in the fix for GitHub issue #369 
Fixes GitHub issue #371
 2024-04-28 08:13:52 -06:00
Todd C. Miller
c429220693 Store mulitple command digests of the same type as an array. 
Otherwise, we end up with duplicated keys in the object.
GitHub issue #370
 2024-04-25 09:27:04 -06:00
Todd C. Miller
78699a8f7a Call gettext() on insults when displayed, not when declared. 2024-04-22 08:15:39 -06:00
alberic89
8666c66ff1 Make insults translatable 2024-04-22 07:46:33 -06:00
Todd C. Miller
26ce75110f When converting CWD and CHROOT tags, store them as objects. 
Fixes GitHub issue #369
 2024-04-19 08:18:59 -06:00
Todd C. Miller
ecdf0c80f3 Add pam_silent sudoers option. 
Inspired by PR #368
GitHub issue #216
 2024-04-17 19:30:11 -06:00
Todd C. Miller
f0823c70c6 Remove offensive insults that were disabled by default anyway. 
Bug #1058
 2024-03-18 09:14:15 -06:00
Todd C. Miller
b6175b78ad Remove EVLOG_JSON, callers must use EVLOG_JSON_COMPACT or EVLOG_JSON_PRETTY 2024-03-09 11:42:07 -07:00
Todd C. Miller
46e31a74d7 Add "json_pretty" log format, currently the same as "json". 
In a future version, "json" will be an alias for "json_compact"
instead.  GitHub issue #357.
 2024-03-09 10:59:54 -07:00
Todd C. Miller
1debad3bec Add json_compact log type for compact/minified JSON. 
The "json_compact" log type logs one event per line in compact/minified
JSON format.  GitHub issue #357.
 2024-03-08 16:31:39 -07:00
Todd C. Miller
b3ade1c5f9 Fix typo 2024-03-08 13:58:36 -07:00
Todd C. Miller
602a58e86a Set SUDO_HOME to the invoking user's home directory. 
GitHub issue #358
 2024-03-08 09:15:36 -07:00
Todd C. Miller
72cee2fa25 Explicitly link check_symbols with zlib. 
Fixes a test failure on some systems when using sudo's built-in zlib.
 2024-02-29 12:41:36 -07:00
Todd C. Miller
81acb2bd7b Regenerate dependencies 2024-02-21 13:17:54 -07:00
Todd C. Miller
3944ab1fbe Use $(CPP) instead if $(CC) -E when buiding .i files from .c. 2024-02-21 12:31:50 -07:00
Rose
725d3fdc20 Prefer putchar over fputc where possible 
putchar is easier to understand than fputc and printf and does less work than those two do.
 2024-01-13 15:24:43 -07:00