mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-22 01:49:11 +00:00
Code Issues Releases Wiki Activity
sudo/plugins/sudoers
History
Todd C. Miller fdafc2ceb3 Revert pivot_root and go back to prepending the new root directory. 
We cannot perform passwd/group lookups _after_ changing the root
directory.  This does mean that symbolic links in a path are not
currently handled properly when matching chroot()ed commands.

Fixes a local privilege escalation vulnerability where a user could
craft their own nsswitch.conf file to load a shared library of their
choosing and run arbitrary code.  CVE-2025-32463

Reported by Rich Mirch @ Stratascale Cyber Research Unit (CRU).
2025-06-28 10:21:32 -06:00
..
auth
Use constant-time string compare for plain text password check.
2025-04-30 15:24:50 -06:00
po
Updated translations from translationproject.org
2025-06-08 16:47:28 -06:00
regress
Revert pivot_root and go back to prepending the new root directory.
2025-06-28 10:21:32 -06:00
alias.c
alias_apply: change return type to bool
2023-11-09 15:31:26 -07:00
audit.c
Rename submit_time -> event_time in struct eventlog.
2023-11-23 09:08:04 -05:00
b64_decode.c
Add restrict qualifiers to base64_decode and base64_encode
2024-08-12 10:54:45 -06:00
b64_encode.c
Add restrict qualifiers to base64_decode and base64_encode
2024-08-12 10:54:45 -06:00
boottime.c
Use #include <foo.h> instead of #include "foo.h" in most cases.
2023-09-25 10:13:28 -06:00
bsm_audit.c
Use #include <foo.h> instead of #include "foo.h" in most cases.
2023-09-25 10:13:28 -06:00
bsm_audit.h
Parse euid and egid from sudo front-end.
2023-09-13 12:43:39 -06:00
canon_path.c
Use #include <foo.h> instead of #include "foo.h" in most cases.
2023-09-25 10:13:28 -06:00
check_aliases.c
alias_apply: change return type to bool
2023-11-09 15:31:26 -07:00
check_util.c
Use #include <foo.h> instead of #include "foo.h" in most cases.
2023-09-25 10:13:28 -06:00
check.c
check_user: refactor the "running as self" check into its own function
2025-04-30 13:54:36 -06:00
cvtsudoers_csv.c
Unifdef parser support for SELinux, AppArmor and Solaris privileges.
2024-05-01 08:04:00 -06:00
cvtsudoers_json.c
Treat unresolvable User_Alias/Host_Alias as non-aliases in JSON output.
2024-06-07 10:54:35 -06:00
cvtsudoers_ldif.c
Pass NULL, not false, to sudoers_format_default_line().
2024-11-16 11:21:39 -07:00
cvtsudoers_merge.c
Unifdef parser support for SELinux, AppArmor and Solaris privileges.
2024-05-01 08:04:00 -06:00
cvtsudoers_pwutil.c
Move LOGIN_NAME_MAX compat define to login_max.c
2025-01-15 08:57:22 -07:00
cvtsudoers.c
alias_apply: change return type to bool
2023-11-09 15:31:26 -07:00
cvtsudoers.h
Use #include <foo.h> instead of #include "foo.h" in most cases.
2023-09-25 10:13:28 -06:00
def_data.c
Format T_TIMESPEC as "%d.%d" instead of "%.1f"
2025-01-11 14:38:16 -07:00
def_data.h
Add pam_silent sudoers option.
2024-04-17 19:30:11 -06:00
def_data.in
Format T_TIMESPEC as "%d.%d" instead of "%.1f"
2025-01-11 14:38:16 -07:00
defaults.c
Make ignore_dot the default
2025-03-08 17:59:32 -07:00
defaults.h
Sprinkle some more const in defaults.c.
2023-12-15 15:05:02 -07:00
digestname.c
Use #include <foo.h> instead of #include "foo.h" in most cases.
2023-09-25 10:13:28 -06:00
display.c
Unifdef parser support for SELinux, AppArmor and Solaris privileges.
2024-05-01 08:04:00 -06:00
editor.c
Revert pivot_root and go back to prepending the new root directory.
2025-06-28 10:21:32 -06:00
env_pattern.c
Use #include <foo.h> instead of #include "foo.h" in most cases.
2023-09-25 10:13:28 -06:00
env.c
Fix typo
2025-06-08 07:28:35 -06:00
exptilde.c
Use #include <foo.h> instead of #include "foo.h" in most cases.
2023-09-25 10:13:28 -06:00
file.c
sudo_file_open: initialize parser before calling open_sudoers().
2023-09-27 15:16:18 -06:00
filedigest.c
Use #include <foo.h> instead of #include "foo.h" in most cases.
2023-09-25 10:13:28 -06:00
find_path.c
Revert pivot_root and go back to prepending the new root directory.
2025-06-28 10:21:32 -06:00
fmtsudoers_cvt.c
Use #include <foo.h> instead of #include "foo.h" in most cases.
2023-09-25 10:13:28 -06:00
fmtsudoers.c
Unifdef parser support for SELinux, AppArmor and Solaris privileges.
2024-05-01 08:04:00 -06:00
gc.c
Use #include <foo.h> instead of #include "foo.h" in most cases.
2023-09-25 10:13:28 -06:00
gentime.c
Use #include <foo.h> instead of #include "foo.h" in most cases.
2023-09-25 10:13:28 -06:00
getdate.c
Prefer fputs over fprintf where possible
2023-10-15 10:28:57 -06:00
getdate.y
Prefer fputs over fprintf where possible
2023-10-15 10:28:57 -06:00
getspwuid.c
Use #include <foo.h> instead of #include "foo.h" in most cases.
2023-09-25 10:13:28 -06:00
goodpath.c
Revert pivot_root and go back to prepending the new root directory.
2025-06-28 10:21:32 -06:00
gram.c
The "ALL" command should not override a previous NOSETENV tag in a rule.
2024-12-20 18:02:43 -07:00
gram.h
The "ALL" command should not override a previous NOSETENV tag in a rule.
2024-12-20 18:02:43 -07:00
gram.y
The "ALL" command should not override a previous NOSETENV tag in a rule.
2024-12-20 18:02:43 -07:00
group_plugin.c
Use #include <foo.h> instead of #include "foo.h" in most cases.
2023-09-25 10:13:28 -06:00
ins_2001.h
Call gettext() on insults when displayed, not when declared.
2024-04-22 08:15:39 -06:00
ins_classic.h
Call gettext() on insults when displayed, not when declared.
2024-04-22 08:15:39 -06:00
ins_csops.h
Call gettext() on insults when displayed, not when declared.
2024-04-22 08:15:39 -06:00
ins_goons.h
Call gettext() on insults when displayed, not when declared.
2024-04-22 08:15:39 -06:00
ins_python.h
Call gettext() on insults when displayed, not when declared.
2024-04-22 08:15:39 -06:00
insults.h
Use #include <foo.h> instead of #include "foo.h" in most cases.
2023-09-25 10:13:28 -06:00
interfaces.c
Use #include <foo.h> instead of #include "foo.h" in most cases.
2023-09-25 10:13:28 -06:00
interfaces.h
Add SPDX-License-Identifier to files.
2019-04-29 07:21:51 -06:00
iolog_path_escapes.c
Restrict-qualify iolog_path_escapes like we do with check_iolog_path
2024-08-12 10:15:21 -06:00
iolog.c
Rename submit_time -> event_time in struct eventlog.
2023-11-23 09:08:04 -05:00
ldap_conf.c
Disable netgroup_query when netgroup_base is not set.
2023-12-19 20:16:35 -07:00
ldap_innetgr.c
Use #include <foo.h> instead of #include "foo.h" in most cases.
2023-09-25 10:13:28 -06:00
ldap_util.c
Unifdef parser support for SELinux, AppArmor and Solaris privileges.
2024-05-01 08:04:00 -06:00
ldap.c
Check for negative return value of read, write and lseek instead of -1
2025-01-16 19:46:15 -07:00
linux_audit.c
Use #include <foo.h> instead of #include "foo.h" in most cases.
2023-09-25 10:13:28 -06:00
linux_audit.h
Add missing const to linux_audit_command()'s argv function argument.
2020-06-03 20:22:25 -06:00
locale.c
Use #include <foo.h> instead of #include "foo.h" in most cases.
2023-09-25 10:13:28 -06:00
log_client.c
Check for negative return value of read, write and lseek instead of -1
2025-01-16 19:46:15 -07:00
log_client.h
log_server_open: always pass in awake time, not wallclock time.
2023-11-23 09:08:04 -05:00
logging.c
log_failure: only display "command not found" if running a command
2025-05-06 15:15:11 -06:00
logging.h
log_server_alert: struct timespec argument was not actually used
2023-11-23 09:08:04 -05:00
lookup.c
apply_cmndspec: plug potential memory leak
2024-05-06 13:04:00 -06:00
Makefile.in
Revert pivot_root and go back to prepending the new root directory.
2025-06-28 10:21:32 -06:00
match_addr.c
Use #include <foo.h> instead of #include "foo.h" in most cases.
2023-09-25 10:13:28 -06:00
match_command.c
Revert pivot_root and go back to prepending the new root directory.
2025-06-28 10:21:32 -06:00
match_digest.c
Revert pivot_root and go back to prepending the new root directory.
2025-06-28 10:21:32 -06:00
match.c
Add sudo_login_name_max() and sudo_host_name_max()
2025-01-15 08:42:30 -07:00
mkdefaults
Fix compatibility with older versions of (new) awk.
2023-10-02 10:31:55 -06:00
parse_ldif.c
Pass "make spell" with updated codespell.
2024-04-29 09:19:52 -06:00
parse.h
Revert pivot_root and go back to prepending the new root directory.
2025-06-28 10:21:32 -06:00
parser_warnx.c
Use #include <foo.h> instead of #include "foo.h" in most cases.
2023-09-25 10:13:28 -06:00
policy.c
Use NODEV macro instead of explicit (dev_t)-1.
2024-11-28 11:26:00 -07:00
prompt.c
Add restrict to strlcpy and expand_prompt
2023-10-17 10:33:15 -06:00
pwutil_impl.c
Move LOGIN_NAME_MAX compat define to login_max.c
2025-01-15 08:57:22 -07:00
pwutil.c
sudo_set_grlist and sudo_set_gidlist: set auth registry based on username
2023-11-03 10:30:56 -06:00
pwutil.h
Typographical and Grammatical fixes
2023-11-28 15:00:04 -07:00
redblack.c
Use #include <foo.h> instead of #include "foo.h" in most cases.
2023-09-25 10:13:28 -06:00
redblack.h
Add SPDX-License-Identifier to files.
2019-04-29 07:21:51 -06:00
resolve_cmnd.c
Revert pivot_root and go back to prepending the new root directory.
2025-06-28 10:21:32 -06:00
serialize_list.c
Use #include <foo.h> instead of #include "foo.h" in most cases.
2023-09-25 10:13:28 -06:00
set_perms.c
Typographical and Grammatical fixes
2023-11-28 15:00:04 -07:00
sethost.c
Fall back to "localhost" if gethostname() fails.
2023-12-04 09:21:56 -07:00
solaris_audit.c
Use #include <foo.h> instead of #include "foo.h" in most cases.
2023-09-25 10:13:28 -06:00
solaris_audit.h
Make struct sudoers_context private to sudoers.c.
2023-08-21 09:21:49 -06:00
sssd.c
Typographical and Grammatical fixes
2023-11-28 15:00:04 -07:00
starttime.c
Use #include <foo.h> instead of #include "foo.h" in most cases.
2023-09-25 10:13:28 -06:00
strlcpy_unesc.c
Add restrict to strlcpy and expand_prompt
2023-10-17 10:33:15 -06:00
strlist.c
Use #include <foo.h> instead of #include "foo.h" in most cases.
2023-09-25 10:13:28 -06:00
strlist.h
Add SPDX-License-Identifier to files.
2019-04-29 07:21:51 -06:00
strvec_join.c
Put restrict qualifers in strvec_join function pointer
2024-09-21 14:08:13 -06:00
stubs.c
Revert pivot_root and go back to prepending the new root directory.
2025-06-28 10:21:32 -06:00
sudo_ldap_conf.h
Store policy paths in struct sudoers_context.
2023-08-21 09:21:53 -06:00
sudo_ldap.h
Give every printf-like function restrict qualifiers
2023-07-07 20:23:20 -04:00
sudo_nss.c
Use #include <foo.h> instead of #include "foo.h" in most cases.
2023-09-25 10:13:28 -06:00
sudo_nss.h
Make struct sudoers_context private to sudoers.c.
2023-08-21 09:21:49 -06:00
sudo_printf.c
Properly check against errors against fwrite
2025-06-17 20:29:12 -06:00
sudoers_cb.c
Add "json_pretty" log format, currently the same as "json".
2024-03-09 10:59:54 -07:00
sudoers_ctx_free.c
Unifdef parser support for SELinux, AppArmor and Solaris privileges.
2024-05-01 08:04:00 -06:00
sudoers_debug.c
Use #include <foo.h> instead of #include "foo.h" in most cases.
2023-09-25 10:13:28 -06:00
sudoers_debug.h
Use #include <foo.h> instead of #include "foo.h" in most cases.
2023-09-25 10:13:28 -06:00
sudoers_hooks.c
Redundant cast removal in sudoers_hooks
2023-10-15 11:25:28 -06:00
sudoers_version.h
Bump SUDOERS_GRAMMAR_VERSION to 50 for the new list pseudo-command.
2022-12-26 07:41:53 -07:00
sudoers.c
Revert pivot_root and go back to prepending the new root directory.
2025-06-28 10:21:32 -06:00
sudoers.exp
Export sudoers_audit symbol for compilers without symbol visibility.
2020-07-06 13:28:21 -06:00
sudoers.h
Revert pivot_root and go back to prepending the new root directory.
2025-06-28 10:21:32 -06:00
sudoers.in
Replace tab with space
2025-01-11 14:11:56 -07:00
sudoreplay.c
Work around a bug in UBSan that is causing CI failures.
2024-11-18 11:05:48 -07:00
testsudoers_pwutil.c
Use #include <foo.h> instead of #include "foo.h" in most cases.
2023-09-25 10:13:28 -06:00
testsudoers_pwutil.h
Use #include <foo.h> instead of #include "foo.h" in most cases.
2023-09-25 10:13:28 -06:00
testsudoers.c
Revert pivot_root and go back to prepending the new root directory.
2025-06-28 10:21:32 -06:00
timeout.c
Use #include <foo.h> instead of #include "foo.h" in most cases.
2023-09-25 10:13:28 -06:00
timestamp.c
Check for negative return value of read, write and lseek instead of -1
2025-01-16 19:46:15 -07:00
timestamp.h
Use the user-ID instead of user-name for the timestamp and lecture file.
2023-09-11 10:27:35 -06:00
timestr.c
Use #include <foo.h> instead of #include "foo.h" in most cases.
2023-09-25 10:13:28 -06:00
toke_util.c
copy_string: use an end pointer to quiet a coverity warning
2025-01-15 08:45:59 -07:00
toke.c
expand_include: initialize dst_size to 1 to quiet coverity warning
2025-01-15 08:45:02 -07:00
toke.h
Honor ignore_perms plugin argument for @include and @includedir.
2023-09-09 14:06:11 -06:00
toke.l
expand_include: initialize dst_size to 1 to quiet coverity warning
2025-01-15 08:45:02 -07:00
tsdump.c
Check for negative return value of read, write and lseek instead of -1
2025-01-16 19:46:15 -07:00
tsgetgrpw.c
Use #include <foo.h> instead of #include "foo.h" in most cases.
2023-09-25 10:13:28 -06:00
tsgetgrpw.h
Add testsudoers_setshellfile() and use it in testsudoers.
2023-09-10 16:38:53 -06:00
unesc_str.c
Use #include <foo.h> instead of #include "foo.h" in most cases.
2023-09-25 10:13:28 -06:00
visudo_cb.c
Use #include <foo.h> instead of #include "foo.h" in most cases.
2023-09-25 10:13:28 -06:00
visudo.c
Check for negative return value of read, write and lseek instead of -1
2025-01-16 19:46:15 -07:00