Problem deteced by oss-fuzz using the fuzz_sudoers fuzzer.

sudo_qualify_plugin() should not try to fully-qualify the path to
a statically-compiled plugin. ...

Previously there would be one email for the open failure and a
separate one describing the parse ...

Also explicitly close /dev/tty fd instead of relying on closefrom()
in case the fd ends up being ...

configure.ac: fix openssl static build

We can only have one of either -lmd, -lgcrypt or -lcrypto so there
is no need to have more than o...

Do not use AX_APPEND_FLAG as it will break static builds by removing
duplicates such as -lz or -...

If a rule with a CHROOT= option matches the user, host and runas,
the user_cmnd variable could be...

This fixes suspending the editor on GNU Hurd which doesn't seem to
have proper process group sign...

This also adds a new user_cmnd_dir variable that stores the
canonicalized parent directory of the...

Previously we would prepend runchroot to the path we were checking
but that does not properly han...

This will be used to more accurately handling command resolution and
path matching when a new roo...

Previously we would prepend runchroot to the path we were checking
but that does not properly han...

We have to replace argv[0] with the pathname for the policy check
but want to restore it afterwar...

This is currently Hurd-specific but could be made Mach-generic as
long as the equivalent of pid2t...

Fixes a test failure on systems where we have no way to determine
a process's start time.

AC_PROG_CC_STDC is deprecated in autoconf 2.70 and above but it is
necessary for autoconf 2.69.

Otherwise, use the method from 1.9.12.
GitHub issue #242

Debian 12 (Bookworm) and Ubuntu 22.04 (Jammy Jellyfish).
Previously, they were stored in /usr/lib...

It is possible to have mutiple matches from the output of "locale
-a". Just take the first one. ...

sudo_fatal: Fix build where compiler recognises [[noreturn]] attribut…

If the compiler supports [[noreturn]] as a attribute as in C23,
then we define sudo_noreturn to ...

Fixes GitHub issue #238.

Otherwise we are likely to miss uncommitted changes in them.

It is still treated as an error from a logging perspective, and
mail is still sent.

This is used by mail_parse_errors() to send multi-line messages.
Previously, the newlines would b...

These days we only ever pass in a const string.

Previously these were hard-coded with Makefile overrides.

There is no need for sudoersdir when it is always just set to sysconfdir.

If sudo is not the process group leader and stdin is not a tty, we
may be running as a background...

When sudo is not the process group leader, we still need to stop
sudo's process group and not jus...

If this is the case we probably can't stub out the functions but
at least the fuzzer will compile.

It appears that passing in a non-zero value causes the ioctl() to
fail. From Tim Rice.

From Tim Rice.

This is better than just defining NSIG in sudo_compat.h if it is
not defined since signal.h may n...

We now treat them the same as RHEL.

Return value does not match

Add a shutdown command fallback to the conf file.

Replace the Debian libselinux1 dependency with libapparmor1

Debian >= 10 uses AppArmor by default instead of SELinux, so
SELinux-related sudo features are t...

If we reallocate the buffer (via growbuf()) in ptrace_read_vec(),
the address of argbuf may chang...

Previously, we would always use EACCES, even when ENOENT was
appropriate. This also affected log...

Older kernel headers are missing the definition of EM_ARM in linux/elf.h.
GitHub issue #232

This replaces the custom log formatting used by "sudoreplay -l".

This only works for gcc-style compilers, which should not be a
problem. The source uses environ ...

If --cache-file is not specified, no config.cache file will be used.
Add an "omit_artifacts" sett...

This helps avoid out-of-memory conditions when fuzzing on Linux.

It breaks linking when using -fsanitize with clang at least.

It is safer to just search for setusercontext() in libc and libutil
instead of matching on the op...

This was inadvertently removed when the "goto bad" was added.

This will find missing symbols at build-time instead of run-time.
Don't use it on FreeBSD where e...

GitHub issue #234.

Fixes GitHub issue #234.

Move them back to PIE_LDFLAGS, which is only used when linking a binary.

These flags are specific to the Solaris linker.