mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-30 05:48:18 +00:00
Code Issues Releases Wiki Activity
8,424 Commits 6 Branches 326 Tags
Commit Graph

8424 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
d4f1aeb196 Explicitly tell people not to grant sudoedit to directories the 
user can write to.  While sudoedit will no longer open symbolic
links, hard links are still an issue.
 2015-08-07 17:01:15 -06:00
Todd C. Miller
c12dd68d1e Add warning about writable directories and sudo/sudoedit. 2015-08-07 17:00:42 -06:00
Todd C. Miller
796911b3fa Emphasize that wildcards are not regexps. Bug #692 2015-08-07 12:37:15 -06:00
Todd C. Miller
329a8dee8a Emphasize that wildcards in command line arguments are dangerous. 
Document the failings of the passwd example on GNU systems.
Bug #691
 2015-08-07 12:21:37 -06:00
Todd C. Miller
dc5ccf4736 Escape the colons in [[:alpha:]] as required by sudoers. 2015-08-07 12:00:12 -06:00
Todd C. Miller
2fbce103f6 Change warning when user tries to sudoedit a symbolic link. 2015-08-07 07:09:01 -06:00
Todd C. Miller
531bcc8aa6 regen 2015-08-06 13:21:37 -06:00
Todd C. Miller
5b2ea42d47 regen 2015-08-06 13:20:36 -06:00
Todd C. Miller
3354d27a17 Do not follow symbolic links in sudoedit by default. This behavior 
can be controlled by the sudoedit_follow Defaults flag as well as
the FOLLOW/NOFOLLOW tags.
 2015-08-06 13:20:01 -06:00
Todd C. Miller
079167d2c4 Sudo 1.8.15 2015-08-06 13:15:00 -06:00
Todd C. Miller
f11e02ddd5 add .json regress files to MANIFEST 2015-08-06 13:39:59 -06:00
Todd C. Miller
4501b7416a Check JSON output of sudoers test files too. 2015-08-06 10:57:42 -06:00
Todd C. Miller
4abc13bfca Move comment to match moved code. 2015-08-04 16:15:11 -06:00
Todd C. Miller
e0969c162e maxseq is an int not a string 2015-08-04 11:28:43 -06:00
Todd C. Miller
918190fce9 Include sys/types.h for id_t. Bug #711 2015-08-02 19:59:32 -06:00
Todd C. Miller
1965da8c33 Avoid a potential out of bounds read found by enh while fuzzing 
with address sanitizer enabled.
 2015-07-31 16:10:03 -06:00
Todd C. Miller
d536626b18 Set sssd lib location to /usr/lib64 on 64-bit RHEL/Centos. 
Bug #710
 2015-07-27 07:07:38 -06:00
Todd C. Miller
01bfae5bad Add Jakub Wilk 2015-07-08 15:14:55 -06:00
Todd C. Miller
ddd35459c3 The init.d files are generated from a .in file so we need to install 
from top_builddir not top_srcdir.  From Ross Burton.  Bug #708
 2015-07-24 13:38:03 -06:00
Todd C. Miller
e941f97eb4 Replace two "return 0" with debug_return_bool(false). 2015-07-22 19:11:32 -06:00
Todd C. Miller
0765f5fe7f fix typo in previous commit 2015-07-22 06:21:21 -06:00
Todd C. Miller
620f8a33eb Sudo 1.8.14p3 2015-07-22 06:09:14 -06:00
Todd C. Miller
83d8cbf811 Fix errno value from get_process_ttyname() when no tty is present. 2015-07-21 15:20:49 -06:00
Todd C. Miller
aeaa6a6111 On AIX, only convert the tty device number from dev64_t to dev32_t 
if dev_t is 32-bits.
 2015-07-21 15:02:56 -06:00
Todd C. Miller
ef47c692c3 Sudo 1.8.14p2 2015-07-20 20:27:40 -06:00
Todd C. Miller
8f84857977 Fix creation of the timestamp file; bug #704 2015-07-20 20:16:14 -06:00
Todd C. Miller
d96f8bcabb Avoid needless memory allocation when resolving the tty name. 2015-07-19 20:19:22 -06:00
Todd C. Miller
c0b8e71488 Sudo 1.8.14p1 2015-07-17 15:28:26 -06:00
Todd C. Miller
db8607fe4e Fix typo in sudo_sss_attrcpy() that caused a memory allocation error. 2015-07-17 13:58:26 -06:00
Todd C. Miller
6eb4d142e3 rebuild 2015-07-15 12:36:02 -06:00
Todd C. Miller
d4211081c0 Add some debugging printfs when malloc fails and we don't have an 
explicit call to sudo_warnx().
 2015-07-14 15:28:01 -06:00
Todd C. Miller
108bfb7af3 Add missing warnings for memory allocation failure. 
Add function name to memory allocation warnings.
 2015-07-14 14:50:36 -06:00
Todd C. Miller
3c644f5bc0 Return -1 if realloc() fails. 2015-07-14 14:48:04 -06:00
Todd C. Miller
f2f5c2949c Add line number to debug log for memory allocation errors. 2015-07-14 14:47:12 -06:00
Todd C. Miller
7187c19c83 Add warning if calloc() fails. 
Add debugging for other unexpected errors.
 2015-07-14 14:00:18 -06:00
Todd C. Miller
ff5b6dbb60 Add missing check for calloc(3) return value. 2015-07-14 13:56:29 -06:00
Todd C. Miller
5125f82c4e Document that the values printed by "sudo -V" are affected by 
Defaults settings in sudoers.
 2015-07-13 12:58:25 -06:00
Todd C. Miller
374146f70f Avoid calling dlerror() multiple times since it clear the error 
status after printing the error.
Problem caused by sudo_warn/sudo_fatal being macros...
 2015-07-10 10:31:21 -06:00
Todd C. Miller
42666204e2 Attempt to clarify the conditions under which MAIL and HOME are 
set to the target user.
 2015-07-10 10:02:38 -06:00
Todd C. Miller
4870060e91 Better checks for the libaudit package for Debian and error out 
if we can't figure it out.
 2015-07-09 13:01:43 -06:00
Todd C. Miller
d11ffce668 Fix linux_audit setting on non-multiarch Debian. 2015-07-09 11:36:51 -06:00
Todd C. Miller
2460636095 Fix typo that broke the linux_audit dependency on Debian. 2015-07-09 11:06:03 -06:00
Todd C. Miller
2f00f170fc Mention /proc/stat btime fix. 2015-07-09 10:45:33 -06:00
Todd C. Miller
43a57126ea Solaris 2.6 has the prototypes for inet_pton() and inet_ntop() in 
resolv.h.
 2015-07-09 10:11:25 -06:00
Todd C. Miller
b73d96804b Sprinkle debugging for boottime. 2015-07-09 10:10:34 -06:00
Todd C. Miller
6c9e92aba6 The old Solaris /bin/sh doesn't support POSIX $( .. ) syntax, 
use backquotes instead.
 2015-07-09 09:34:22 -06:00
Todd C. Miller
2d0699a070 Only use --with-sssd-lib on Debian/Ubuntu w/ multipackage. 
Use dpkg-query to determine the name of the audit package
for proper dependencies.
 2015-07-08 18:13:39 -06:00
Todd C. Miller
c3b4e4ce3e Update Debian/Ubuntu packages to be more like the vendor ones. One 
notable exception is that sudo.ws packages use /var/run, not /var/lib
for timestamp files.
 2015-07-08 16:15:53 -06:00
Todd C. Miller
06ad0f6424 Strip newline from /proc/stat btime line to avoid a strtonum() failure. 
From Jakub Wilk.
 2015-07-08 15:13:14 -06:00
Todd C. Miller
61182c87ea In io_callback() service writes before reads. That way, if both 
SUDO_EV_READ and SUDO_EV_WRITE are set and read() returns 0 (EOF)
we don't close the fd before the write() is performed.

If the write() returns EPIPE, ENXIO, EIO or EBADF, clear SUDO_EV_READ
before we close the fd to avoid calling read() on a closed fd.
 2015-07-08 10:12:15 -06:00