mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-22 01:49:11 +00:00
Code Issues Releases Wiki Activity
13,044 Commits 6 Branches 326 Tags
Commit Graph

13044 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
c1a6140608 Merge sudo 1.9.16 from tip. 
--HG--
branch : 1.9
SUDO_1_9_16 v1.9.16 		2024-08-17 14:10:08 -06:00
Todd C. Miller
4751a4d2dd Make a ttydev parse error non-fatal for now 
This is new for sudo 1.9.16 so we don't want to break sudo if there
ends up being a bug in formatting dev_t from the front-end.
 2024-08-15 09:31:48 -06:00
Todd C. Miller
6a5a8f58e9 Document that ttydev is formatted as a long long. 2024-08-14 07:56:50 -06:00
Todd C. Miller
cc8c43c4d6 Format ttydev as (signed) long long, not unsigned. 
Now that we parse ttydev as a long long it makes more sense to
format it the same way.  This completely avoids the sign extension
issue on systems where dev_t is signed.
 2024-08-14 07:53:00 -06:00
Todd C. Miller
6b90acbfb7 Fix sign compare warning 
Store the result of asprintf() in an int, not size_t.
 2024-08-13 21:16:38 -06:00
Todd C. Miller
46274e725e Fix formatting of ttydev on systems with signed 32-bit dev_t 
If dev_t is 32-bit and signed, formatting as an unsigned long long
may result in a bogus value due to sign extension.
 2024-08-13 20:07:28 -06:00
Todd C. Miller
f3aa3f1f28 get_process_ttyname() now returns a dev_t, not a string. 2024-08-13 19:52:00 -06:00
Rose
e9e0096a19 Restrict-qualify glob and its functions 
glob is restrict-qualified in the standard
 2024-08-13 13:01:28 -06:00
Rose
82eac2b413 Restrict-qualify sudo_hexchar_v1 
sudo_hexchar_v1 requires an array of at least size-2, and is not aliased.
 2024-08-13 12:54:43 -06:00
Todd C. Miller
827fa8b76d Use sudo_strtonum() instead of strtoull(). 
Fixes building on systems that lack strtoull().  While dev_t is
unsigned on most systems, we can still use sudo_strtonum() here as
long as we allow the full range of values [LLONG_MIN,LLONG_MAX].
We don't use strtoul() here since some 32-bit systems have 64-bit
dev_t.
 2024-08-13 12:43:10 -06:00
Rose
cba5d2a5c9 Use static declaration for array sizes to uuid functions 2024-08-13 12:21:03 -06:00
Todd C. Miller
6f8dfd9686 Include time.h if missing utimensat() or futimens(). 
Now that we declare these as taking a timespec array we cannot get
away with a simple forward declaration.
 2024-08-13 10:19:26 -06:00
Rose
e7483ae8e9 Restrict-qualify stat_multiarch 2024-08-13 09:47:57 -06:00
Rose
7269ee2be8 Replace sudo_stat_plugin with sudo_qualify_plugin, as sudo_stat_plugin does not exist 
sudo_qualify_plugin was probably meant instead.
 2024-08-13 09:45:08 -06:00
Todd C. Miller
e3fd614e7e Sync base64_encode and base64_decode prototypes with parse.h. 2024-08-13 08:09:24 -06:00
Rose Silicon
60b6f30022 Restrict-qualify dst in base64_decode 
Definition restrict qualifies but not declaration in header.
 2024-08-13 08:07:07 -06:00
Rose
f96e6d1340 Use the full definition of the emulated function that is missing 2024-08-12 13:12:38 -06:00
Rose
787a64f514 Use restrict to optimize sudo_uuid_to_string_v1 2024-08-12 13:10:37 -06:00
Rose
818aae38ce Add restrict qualifiers to base64_decode and base64_encode 2024-08-12 10:54:45 -06:00
Rose
85d08e96bd Restrict-qualify iolog_path_escapes like we do with check_iolog_path 
Also add it to the function pointer definition to act as a hint to use restrict in the various copy functions.
 2024-08-12 10:15:21 -06:00
Rose
36cea6e5fd sudo_uuid_to_string_v1's first argument should be const 
uuid is not modified.
 2024-08-12 09:20:05 -06:00
Todd C. Miller
1381a69f59 Use FD_CLOEXEC instead of just 1 2024-08-02 19:48:41 -06:00
Todd C. Miller
f6064b04c3 Mention --with-secure-path-value configure option 2024-07-28 16:13:01 -06:00
Todd C. Miller
e24737eac9 Add --with-secure-path-value option 
This can be used by package maintainers to set the value of secure_path
that is substituted into the default sudoers file.
 2024-07-28 15:44:07 -06:00
Todd C. Miller
986fdec537 Rename secure_path_set -> secure_path_status 2024-07-28 15:11:42 -06:00
Todd C. Miller
a5f5ceecf1 regen 2024-07-28 15:13:05 -06:00
Todd C. Miller
cb2457410a Updated translations from translationproject.org 2024-07-27 10:17:59 -06:00
Todd C. Miller
200af679dc Add sudo_logsrv.proto manual cross-reference. 2024-07-14 18:55:21 -06:00
Todd C. Miller
9837fa1413 Late changes for 1.9.16 2024-07-07 14:10:08 -06:00
Todd C. Miller
920710b186 If cross-compiling with a C99 compiler, assume snprintf is compliant. 
This is a better default than assuming it is not compliant (the
previous behavior) when cross-compiling.  These days it is rare for
sudo to be built on pre-C99 systems.  GitHub issue #969
 2024-07-02 19:55:29 -06:00
Todd C. Miller
fc051ceff5 Reference schema.IBM_LDAP. 2024-06-25 20:14:21 -06:00
Todd C. Miller
b2af245b31 Updated translations from translationproject.org 2024-06-25 20:08:49 -06:00
Todd C. Miller
e97060d2f5 Add schema for IBM Directory Server in LDIF format. 
GitHub issue #384
 2024-06-25 19:54:09 -06:00
Todd C. Miller
e924677232 Remove an errant line that should have been removed. 2024-06-16 09:06:17 -06:00
Todd C. Miller
e94feadfff Mention changes to the default sudoers file. 2024-06-15 09:29:02 -06:00
Todd C. Miller
06799eddf9 Improve the description of secure_path. 2024-06-11 08:16:23 -06:00
Todd C. Miller
e0e24456bc Enable secure_path in default sudoers file. 
It is still disabled by default in the sudo binary.
 2024-06-10 20:37:05 -06:00
Todd C. Miller
1db1453556 Preserve SUDO_EDITOR, EDITOR, and VISUAL for visudo. 2024-06-10 08:17:17 -06:00
Todd C. Miller
14a8d9c09a Update .pot files for 1.9.16 2024-06-08 09:07:07 -06:00
Todd C. Miller
eec523aab2 Sudo 1.9.16 2024-06-08 09:05:53 -06:00
Todd C. Miller
50ae48a4ba Compile in support for insults by default. 
Insults are still disabled by default but can be enabled in the
sudoers file.  To completely disable insult support, use the
--without-insults configure option.
 2024-06-08 08:24:54 -06:00
Todd C. Miller
e9d65e67aa Treat unresolvable User_Alias/Host_Alias as non-aliases in JSON output. 
This matches the behavior of the sudoers parser.  There is no way
to tell for sure if an upper case word is an alias or a user or
host name.  An unresolvable command alias is never a command since
it doesn't start with a '/'.  GitHub issue #381
 2024-06-07 10:54:35 -06:00
Todd C. Miller
4e1c587535 Set need_comma when closing an array or object. 
This fixes an issue where an empty array or object would not have
a comma after it.  GitHub issue #381
 2024-06-07 10:54:32 -06:00
Todd C. Miller
648ce410f3 Add comment that the .mdoc files are generated from .mdoc.in 2024-05-28 20:32:50 -06:00
Todd C. Miller
74d64bc896 Sync BUGS section with the bugs section of README.md. 
Also mention how to report security issues based on SECURITY.md.
GitHub issue #377.
 2024-05-28 19:54:52 -06:00
Todd C. Miller
7c74a971d9 Allow the path in Chdir_Spec | Chroot_Spec to be double-quoted. 
The other values of an Option_Spec could already be quoted but path
names are treated specially.
 2024-05-26 14:37:50 -06:00
Todd C. Miller
58fec2f0c5 regen 2024-05-21 07:33:20 -06:00
Todd C. Miller
54ac175d36 Include the name of the original .mdoc.in file in the .man.in file. 
This should make it more obvious which is the authoritative file.
 2024-05-21 07:33:13 -06:00
Todd C. Miller
62e4d29f8e When revoking the pty, kill the foreground process from the parent sudo. 
There's no need to send messages back and forth to the monitor
when the main process can just do it.  GitHub issue #367.
 2024-05-18 19:15:14 -06:00
Todd C. Miller
52772ae6eb Fix a syntax error in the systemd sudo-logsrvd.postinst script: 
sudo-logsrvd.postinst: 120: [: -eq: unexpected operator
 2024-05-18 19:31:11 -06:00