Ecosyste.ms: OpenCollective
An open API service for software projects hosted on Open Collective.
Sudo Project
Provide privileged access management for the masses.
Collective -
Host: opensource -
https://opencollective.com/sudo-project
- Website: https://www.sudo.ws
- Code: https://github.com/sudo-project
Use ifdef notyet to disable for now since they may be used in the
future.
Also clarify a comment about MIPS ptrace.
github.com/sudo-project/sudo - 0bfbef0169a6f1bfef7c1808ca2248e520f3c6c4 authored over 2 years ago by Todd C. Miller <[email protected]>It should also work on s390 but this has not been tested.
I have not added a compat mode to trace...
On s390, the struct is typedef'd without a name.
github.com/sudo-project/sudo - 2eb8ff17be0d028cc44aaaca0a74eb75a6151305 authored over 2 years ago by Todd C. Miller <[email protected]>github.com/sudo-project/sudo - 74c6353a84bd9995e529621726e3abfd1db68e63 authored over 2 years ago by Todd C. Miller <[email protected]>
This should make it more obvious that you need to adjust maxseq
unless you have (virtually) unlim...
Also add check for python 3.10 and 3.11 and remove versions < 3.4.
Fixes building on Ubuntu 22.04.
github.com/sudo-project/sudo - 55bd6272c0bbd4d09ef0804b8713ed7522e7cefa authored over 2 years ago by Todd C. Miller <[email protected]>
github.com/sudo-project/sudo - 3238c43f92e84f8dbde52099920238306646c5db authored over 2 years ago by Todd C. Miller <[email protected]>
github.com/sudo-project/sudo - cb95b75ffac5a8427c4d2d74742b47ba1a57a40f authored over 2 years ago by Todd C. Miller <[email protected]>
Use PTRACE_SETREGSET with NT_ARM_SYSTEM_CALL instead just like we
would for a 64-bit binary. New...
This is more accurate since it actually uses the debug subsystem.
github.com/sudo-project/sudo - 6a196190cf96f79c09b4bed5d5972bd58ceb4bd3 authored over 2 years ago by Todd C. Miller <[email protected]>Mips is a bit different in that most Linux distros appear to use
the n32 ABI on 64-bit CPUs. We ...
github.com/sudo-project/sudo - f4cc99c0633d3e64361e47478dce3cd650302c79 authored over 2 years ago by Todd C. Miller <[email protected]>
Fixes rejection of commands due to policy on arm when in intercept mode.
github.com/sudo-project/sudo - b99debf92f590200a441b215fb8546c6ae6fdaab authored over 2 years ago by Todd C. Miller <[email protected]>github.com/sudo-project/sudo - 4a7d26c38114db5b6dd8321f38d6564b7a94cc30 authored over 2 years ago by Todd C. Miller <[email protected]>
github.com/sudo-project/sudo - 4ecada04a496effbd8b4ce173cbf72405d5c8ff0 authored over 2 years ago by Todd C. Miller <[email protected]>
github.com/sudo-project/sudo - 0f104d2ff126ef83044be5a237c409d8163e042c authored over 2 years ago by Todd C. Miller <[email protected]>
This makes it easier to detect problems with the syscall rewrite code
when testing with test_ptrace.
github.com/sudo-project/sudo - 64aba8f88eab9131f6e16365727fcdef316d3c2d authored over 2 years ago by Todd C. Miller <[email protected]>
Tested on ppc64 and ppc64le.
github.com/sudo-project/sudo - 31e8506c822bd8ae90aa983d2d247f3b266d0f90 authored over 2 years ago by Todd C. Miller <[email protected]>We need to swap the order of the two 32-bit addresses for big-endian.
github.com/sudo-project/sudo - 55f5e389ba21710bc6b36e58b534ae198864cedb authored over 2 years ago by Todd C. Miller <[email protected]>Currently only affects i386.
github.com/sudo-project/sudo - f94e5d40db1cf9c8d67d839d26199291a5169379 authored over 2 years ago by Todd C. Miller <[email protected]>github.com/sudo-project/sudo - 040e75a07b49acf8b37cb5cc3d49ce14690ae796 authored over 2 years ago by Todd C. Miller <[email protected]>
github.com/sudo-project/sudo - 532e8218b29efad9bf5a05b017563647445a3a5c authored over 2 years ago by Todd C. Miller <[email protected]>
We can't check *str for NUL since it may not have been written yet.
github.com/sudo-project/sudo - 6cd461d9f89cca12df5f7311afc182bc432b036c authored over 2 years ago by Todd C. Miller <[email protected]>github.com/sudo-project/sudo - 8fe1238679faf7ceba205323a4cce687c88d2165 authored over 2 years ago by Todd C. Miller <[email protected]>
We allocate space for an extra pointer between argv and the string
table for compat binaries so t...
For compat binaries, use the upper 32-bits as the next word instead
of calling ptrace(2) to get i...
We align the start of the string table to a word boundary to help
prevent overlap when writing th...
In compat mode, if argc is odd, writing the last pointer of argv will
overlap with the address of...
If we try to use the compat word size we can end up in a situation
where a subsequent PTRACE_POKE...
github.com/sudo-project/sudo - 0a2975367ec35255dbfff39dfc59de3e9211d078 authored over 2 years ago by Todd C. Miller <[email protected]>
github.com/sudo-project/sudo - 339746730c535a0f52d0ad460d46472355b851fc authored over 2 years ago by Todd C. Miller <[email protected]>
github.com/sudo-project/sudo - 35ea534b3eecf608150f51450fc9a66bcd7b36b6 authored over 2 years ago by Todd C. Miller <[email protected]>
We need to define the ptrace register struct ourselves for the
32-bit system since there is no go...
This will be used when running 32-bit binaries from a 64-bit sudo.
github.com/sudo-project/sudo - de678ba775fe9e5079a45d240551c35d9e93f8a6 authored over 2 years ago by Todd C. Miller <[email protected]>We need to continue the traced process even if there is a fatal
error. Otherwise, sudo will appe...
Unlike PTRACE_GETREGSET, PTRACE_GETREGS requires that we manually
map registers from 64-bit to 32...
github.com/sudo-project/sudo - 4ab6a87b96a5ae7677e33893e1c71f73c1b0feb0 authored over 2 years ago by Todd C. Miller <[email protected]>
This makes it possible to run sudo in ptrace intercept mode from within
a shell (or other process...
We need to deliver signals to the tracee as long as it is not
a group stop. Fixes a hang while t...
No real change other than a few debug statements.
github.com/sudo-project/sudo - 4cac34b86d8e99d44456088b2d9a1913bb059ef4 authored over 2 years ago by Todd C. Miller <[email protected]>Otherwise we may not reject an attempt to run a set-user-ID command.
github.com/sudo-project/sudo - 4d75b32799ef1d137b33fd703a7f1a258298573d authored over 2 years ago by Todd C. Miller <[email protected]>github.com/sudo-project/sudo - 3ee8bcefb084c06abb968db3fdb32d95eeb2aad9 authored over 2 years ago by Todd C. Miller <[email protected]>
For command_matches_all() we should only perform the setid check
if the file exists and intercept...
github.com/sudo-project/sudo - 1d17415b69f9ad96cc20f27f5bd1206463bc44ed authored over 2 years ago by Todd C. Miller <[email protected]>
github.com/sudo-project/sudo - 4ac1237bd38a9722dd1913b8a93d3c1008bc997b authored over 2 years ago by Todd C. Miller <[email protected]>
github.com/sudo-project/sudo - 307b4f69b88d63879c37bc75215f5834238740cd authored over 2 years ago by Todd C. Miller <[email protected]>
github.com/sudo-project/sudo - 77979932b151d68ccf199b564a6a782a90e90b37 authored over 2 years ago by Todd C. Miller <[email protected]>
Otherwise, both sudo and the shell will report the error.
github.com/sudo-project/sudo - cdc35afff302494e953356fc415ba3ea460d51c2 authored over 2 years ago by Todd C. Miller <[email protected]>We can skip the policy check for the execve(2) of the initial command
since it has already been c...
This allows us to avoid logging the initial command twice regardless
of whether the kernel suppor...
This fixes a race condition in ptrace-based intercept mode when
running the command in a pty. It...
github.com/sudo-project/sudo - 5d385b3c580d34555880e72afb92895c578d972f authored over 2 years ago by Todd C. Miller <[email protected]>
github.com/sudo-project/sudo - 052d3d1d9155b6557239b2006a3d4fdf7957bf8f authored over 2 years ago by Todd C. Miller <[email protected]>
Currently only supports the native architecture.
github.com/sudo-project/sudo - fe80dc0bc23a32257522d66ab6513200be8cfbf2 authored over 2 years ago by Todd C. Miller <[email protected]>The new argv is written below the tracee's stack and the system
call argument is replaced with th...
This has a better chance of working on things like user-mode Linux.
github.com/sudo-project/sudo - b75a8be34db509f9de8cee194a2b61eaf7a2320f authored over 2 years ago by Todd C. Miller <[email protected]>github.com/sudo-project/sudo - 8e375445fb8165a7526f043b30073ffbb8b4f1b5 authored over 2 years ago by Todd C. Miller <[email protected]>
This will be used to perform a policy check in intercept mode.
github.com/sudo-project/sudo - 3e73644cde7295fd704acc02d08ab1c7dd7d8e39 authored over 2 years ago by Todd C. Miller <[email protected]>github.com/sudo-project/sudo - 01733a52140de846b95f494e80918ffd213052bd authored over 2 years ago by Todd C. Miller <[email protected]>
We don't use it for anything other than a debug message and it will
cause problems when intercept...
This is required by the uncoming ptrace intercept code.
github.com/sudo-project/sudo - 22866f24233e0f118ae2a870cec9487a21558ea7 authored over 2 years ago by Todd C. Miller <[email protected]>Fixes a bug in store-first relay mode where the commit point messages
sent by the server were inc...
github.com/sudo-project/sudo - 72794ecd7595d8d1548f2c357007a69e1e8d5314 authored over 2 years ago by Todd C. Miller <[email protected]>
GitHub issue #143
github.com/sudo-project/sudo - c51b81fa53dd6d34e1300d2ead3f0ff479bf308d authored over 2 years ago by Todd C. Miller <[email protected]>This will be used in the future by the ptrace intercept code.
github.com/sudo-project/sudo - d2da56dacc68a2c572c8ad1665dabf1a97d102df authored over 2 years ago by Todd C. Miller <[email protected]>github.com/sudo-project/sudo - 839c189373903e070a9cd45684b143daa24f2379 authored over 2 years ago by Todd C. Miller <[email protected]>
Expand the Translations section in CONTRIBUTING.md.
github.com/sudo-project/sudo - c414a89eb35f8e4376384b0119e47dd0d497c8c7 authored over 2 years ago by Todd C. Miller <[email protected]>The code to take back control of the tty before a policy check
doesn't appear to be needed. If t...
This should be replaced by a specialized autoconf macro when one
becomes available.
Starting with Python 3.11, backtraces may contain a line with '^'
characters to bring attention t...
github.com/sudo-project/sudo - a1e20ddd955736f9dc09149b5494c540183e5bfa authored over 2 years ago by Todd C. Miller <[email protected]>
github.com/sudo-project/sudo - dcb2fb26a5ca0bfac57e37aa57132b3720de745f authored over 2 years ago by Todd C. Miller <[email protected]>
github.com/sudo-project/sudo - 4a8877bebece7d590e8d59c51fd4d78da400081a authored over 2 years ago by Todd C. Miller <[email protected]>
github.com/sudo-project/sudo - 90501b7000e3ba293c41dd707fa8aa5d504d9b30 authored over 2 years ago by Todd C. Miller <[email protected]>
github.com/sudo-project/sudo - cc4d7196ff5f697610707ce6d40cbd75377c2621 authored over 2 years ago by Todd C. Miller <[email protected]>
github.com/sudo-project/sudo - c77cba373a7c23a4398980c229da1c42197b9385 authored over 2 years ago by Todd C. Miller <[email protected]>
github.com/sudo-project/sudo - dfd8ef293156010df03ee79d9e29869c416867f0 authored over 2 years ago by Todd C. Miller <[email protected]>
Fixes CVE-2018-25032
github.com/sudo-project/sudo - 5c0436f0b3f33296161b4465ef4492710e48c77d authored over 2 years ago by Todd C. Miller <[email protected]>github.com/sudo-project/sudo - 6af2b4188a4c053553b0d5bb762d009e72b1a15c authored over 2 years ago by Todd C. Miller <[email protected]>
If we're using Kerberos, don't overwrite a custom prompt
github.com/sudo-project/sudo - 6143dcae97472bbda50925f8089cd63585edb593 authored over 2 years ago by Todd C. Miller <[email protected]>Thanks to @thend20 for testing this patch.
github.com/sudo-project/sudo - 11c6cdc02b8b889fe800d410f1e3e9a5d78ed815 authored over 2 years ago by Dianne Skoll <[email protected]>This is consistent with the vfprintf() call and fixes a problem
introduced by the last commit whe...
Bug #1026
github.com/sudo-project/sudo - 75377139045da05b427b2797720c5d6f9335608b authored over 2 years ago by Todd C. Miller <[email protected]>This fixes output when the terminal is in raw mode and is consistent
with how sudo_conversation()...
Otherwise, it may be picked up by the signal handler instead of our
waitpid(2) call.
Don't warn i...
If there is a problem, we would have already warned, logged or mailed it.
The one exception is th...
github.com/sudo-project/sudo - e5a50ae42975e17046e4f96adc538ed99cae20b0 authored over 2 years ago by Todd C. Miller <[email protected]>
Bug #1025.
github.com/sudo-project/sudo - 1f64aca229e052d44a12cadd2ad265d01234ae12 authored over 2 years ago by Todd C. Miller <[email protected]>We don't check the owner or permissions on a sudoers file that is
specified as an argument to vis...
This would have caught the recent bug in our getdelim replacement
when run under address-sanitize...
Coverity CID 250885
github.com/sudo-project/sudo - 8e7c004c7ffd78ccde68abdb7e4071ab403bd169 authored over 2 years ago by Todd C. Miller <[email protected]>From Robert Manner.
github.com/sudo-project/sudo - c48c511e9113d47bd5c7b4f48a217545ffd33b66 authored over 2 years ago by Todd C. Miller <[email protected]>Set the pointer to a struct stat on the stack if st is NULL.
Avoids a needless memcpy() at the end.
We store the line number *after* parsing the newline so we need to
subtract one.
This fixes the logging of parse errors when JSON logging is enabled.
github.com/sudo-project/sudo - eb2803c3e936fc5c9114657019f2d87148ecd101 authored over 2 years ago by Todd C. Miller <[email protected]>github.com/sudo-project/sudo - 65e5b89f1d1f450dfadd1aecf12e441b20e7ecb1 authored over 2 years ago by Todd C. Miller <[email protected]>
The hook can be used to log parser errors (sudoers module) or keep
track of which files have an e...