This is faster than reading/writing from/to the remote process one
word at a time using PTRACE_PE...

Previously we were calling the PAM approval modules even in intercept
mode which can take a lot o...

This fixes a bug where MODE_POLICY_INTERCEPTED was set too early
if the intercept option was set ...

Also mention the overhead involved in checking things.

No need to use different checks for mips and non-mips, the compiler
will optimize away the superf...

GitHub issue #61

In ptrace_verify_post_exec(), we don't know whether the executable
that is now running is a nativ...

If the execve(2) args are bogus pointers, we should just return an
error instead of killing the p...

If argv and closure->run_argv match up to the point where we hit a
NULL but one of them has addit...

We need to pass the pathname to the policy plugin in argv[0] so we
must be sure to allocate space...

Linux execve(2) allows argv to be NULL so we must allocate an empty
vector in this case and not r...

We need to pass the pathname to the policy plugin in argv[0] so we
must be sure to allocate space...

The cast should not be required.

If sudo_dso_load() fails on a 64-bit system, try to load a 64-bit
native version of the file usin...

The glibc arc4random() may fail in chroot on older kernels and exit.

For AIX, if dlopen() fails we try again with RTLD_MEMBER set
and a default member (shr.o or shr_6...

Add XDG_CURRENT_DESKTOP to initial_keepenv_table

The "update_ticket" entry was added to the settings list and the
"intercept_verify" entry was add...

This can also be used to test for whether or not the user's
credentials are currently cached.

Remove unnecessary initialization and casts.

Signed-off-by: Li zeming <[email protected]>

Signed-off-by: Li zeming <[email protected]>

Fix incorrect SHA384/512 digest calculation.

Resolves an issue where certain message sizes result in an incorrect
checksum. Specifically, whe...

We need to be running with the correct security context or the
chdir(2) may fail. GitHub issue #...

visudo.c: add nvim (Neovim) to lineno_editor list

Neovim supports it: https://neovim.io/doc/user/starting.html#-+

Describe how intercept_verify attempts to reduce the risk.

We can now verify that the arguments match what we accepted before
the command actually runs. If...

Fixes an error with "sudo -l" when intercept is enabled globally.

Qt needs `XDG_CURRENT_DESKTOP` to be set to determine the correct theme.

Since `DISPLAY` and `X...

We were wasting a extra byte in the string table for each entry.

Coverity CID 275335

This is now treated as a policy rejection.

Otherwise, attempts to run "./command" from a shell with intercept
set will fail if the current w...

We no longer need to keep track of the allocation size.

These allocate memory via mmap anonymous regions and store the mapped
size immediately before the...

Update sudoUser to be utf8 in ldap schemas

In most unix-style LDAP servers, uid is a utf8 string defined by
OID 1.3.6.1.4.1.1466.115.121.1....

Add checks to make sure we don't deference a NULL pointer.

If the approval plugin fails we need to set the state to POLICY_REJECT
just like we do if the pol...

The contents of the env_add array should not include the leading
"env=" prefix.

In command_matches_all(), if the command is fully-qualified and
open_cmnd() return false, only tr...

sudoers/cvtsudoers: Remove the repeated ';' from code

Signed-off-by: Li kunyu <[email protected]>

Signed-off-by: Li kunyu <[email protected]>

There's no real reason for the command to wait for sudo send back a
response that will always be ...

Otherwise, we could return success when there was an error from a
system call or memory allocatio...

Otherwise, if we are in intercept mode or logging sub-commands the
exit status will be logged wit...

Fixes a -Wwrite-strings warning on 32-bit systems.

This is consistent with the rest of the sudo source code.

Also avoid checking protobuf-c source and protobuf-c generated files.

Otherwise, some compilers may do the wrong thing in a build
dir if there is a config.h file in th...

autoconf does not define _LARGEFILE64_SOURCE by default but zlib
expects it (its own configure sc...

Bug #1035

Fixes a bug where the current working directory could include garbage
in intercept mode using ptr...