Ecosyste.ms: OpenCollective
An open API service for software projects hosted on Open Collective.
github.com/sudo-project/sudo
Utility to execute a command as another user
https://github.com/sudo-project/sudo
This lets us fix an inappropriate cast in sudo_intercept_common.c.
424fa7f2b1c3d337383f01c1944294e8c94f821d authored over 2 years ago by Todd C. Miller <[email protected]>It is not possible to end up in intercept_write when CD_USE_PTRACE
is set.
01a9e5a157156db9b8d281892bed1569aab10ee5 authored over 2 years ago by Todd C. Miller <[email protected]>
On some systems, Nagle's algorithm was delaying receipt of the data,
causing commands with interc...
Also check for EAGAIN/EINTR when reading the message size.
Fixes a problem seen on AIX where recv...
These are not actually errors but can help gain insight into what
is going on and, in the case of...
49c27f5278315491dd70fadd5f164277e4d41eff authored over 2 years ago by Todd C. Miller <[email protected]>
The getgrouplist() groups array on macOS is int * instead of gid_t *.
5787da7b21ee187dd519658932dae1d9cf98601d authored over 2 years ago by Todd C. Miller <[email protected]>04746d0e65b120beaa802fb846a19df3c054f26e authored over 2 years ago by Todd C. Miller <[email protected]>
dfee181d1579a24c679eff960c85bc659c56993f authored over 2 years ago by Todd C. Miller <[email protected]>
1c00c7c2382f30a4551429a164ab69d88c1b53c3 authored over 2 years ago by Todd C. Miller <[email protected]>
169e049821a68449b1c73918f13765ea1142b7f0 authored over 2 years ago by Todd C. Miller <[email protected]>
This was missed in the previous conversion.
6525436db74da06242db65a7dd503f0e78cd347a authored over 2 years ago by Todd C. Miller <[email protected]>That way we don't need to pass event_alloc around to the log client
functions.
b6a6451482a3ff5e30f43ef888159d4b0d39143b authored over 2 years ago by Todd C. Miller <[email protected]>
d2bf3aad0639843d971305ec1d60098534eaa2a1 authored over 2 years ago by Todd C. Miller <[email protected]>
For the read callback, disable reader when the buffer is full.
For the write callback, disable wr...
This matches the actual prctl() call we use.
7689b8718ca22f98979a493e1b0bbda6e84af04b authored over 2 years ago by Todd C. Miller <[email protected]>Improve Tag_Spec EBNF documentation
fedcb99ee8510a064108296245a2e437e6ef862e authored over 2 years ago by Todd C. Miller <[email protected]>We shouldn't get EINTR in practice since we set SA_RESTART when
registering signal handlers but i...
d60b6c618fef06412282b43dd60919aa7b829592 authored over 2 years ago by Helio Machado <[email protected]>
exec_ptrace: fix missing sudo_pt_regs on aarch64
7f98ae7d23d881017a493ef886c000de1152585a authored over 2 years ago by Todd C. Miller <[email protected]>
AArch64 already had an existing "user_pt_regs" struct and didn't need a
struct alias before the ...
Add missing colon in Tag_Spec documentation
a4b2012c177e0d0ad12406d720e8cebae55653ab authored over 2 years ago by Todd C. Miller <[email protected]>Fix typo in sudoers comment
ab00d29ecf4570540581d66a5f1844eb04962ba4 authored over 2 years ago by Todd C. Miller <[email protected]>3405fac05ef4078a4c3f584ff93c4a06253b3737 authored over 2 years ago by Helio Machado <[email protected]>
Fix a typo in the sudoers comment about `maxseq` param.
Introduced by 906eb19ece47023c659b4b3db...
a074d058ef226e1d7c1ca61a02855d32527daf53 authored over 2 years ago by Stefan Linke <[email protected]>This converts the arithmetic shifts to logical shifts.
e4ea5ad8afeec173b978446c06b0fc009fb813a1 authored over 2 years ago by Todd C. Miller <[email protected]>Signed-off-by: 10054172 <[email protected]>
263fdc6b067bd892df654377c0ea051289fce33f authored over 2 years ago by Todd C. Miller <[email protected]>We can use a void * for the fd_set arrays and just add a cast when
using the FD_SET macros.
The read and write events do not set SUDO_EV_PERSIST so we need to
explicitly re-enable the event...
This is consistent with how we handle EAGAIN for read(2).
db6fc237c469d21b7722303cd5450fdf97226bf9 authored over 2 years ago by Todd C. Miller <[email protected]>Also advise the user to use a unique prefix to avoid name space
collisions with installed Python ...
96c3c28194eb22b4beaa1cd5617c82df19f60ff3 authored over 2 years ago by Todd C. Miller <[email protected]>
24522fb4e466fe4cb08bc535aed0833b561b959d authored over 2 years ago by Todd C. Miller <[email protected]>
258b504be823ad2f4a919b1e1c34c52010917614 authored over 2 years ago by Todd C. Miller <[email protected]>
4386be3d680716d91e648cdb318fb83d3f13b7f5 authored over 2 years ago by Todd C. Miller <[email protected]>
5cb94eb2587a309ee8da07221dac54327366f79b authored over 2 years ago by Todd C. Miller <[email protected]>
Instead of a configure check, we use endian.h (or a fallback).
ac06fb7f29e6c6305cf08a5cdac8fbd73a1f607a authored over 2 years ago by Todd C. Miller <[email protected]>71c07579baa7d109e8b2e967e7911bff8d4edd70 authored over 2 years ago by Todd C. Miller <[email protected]>
aee276ea63a8ac1f023f830933ef67d03e6d69a1 authored over 2 years ago by Todd C. Miller <[email protected]>
f19a71a3db40774d76e8cc3e56a18341fc8bc22c authored over 2 years ago by Todd C. Miller <[email protected]>
This eliminates the need for a few casts and is consistent with how
create_listener() is written.
898ca50545a1c2d7b9f8c64eec8610737d5285f4 authored over 2 years ago by Todd C. Miller <[email protected]>
This is leftover from when ptrace_read_string() allocated its own memory.
63e6973ad1952de40a240c07e6e4e307a3b19586 authored over 2 years ago by Todd C. Miller <[email protected]>Traditional vfork(2) semantics make it unsafe for use for more than
just vfork(2) + execve(2).
06bf1be67c7e9ff3d9c124f94e59b473ddc754e9 authored over 2 years ago by Todd C. Miller <[email protected]>
66909a4831c4342d8c16425e30e0592ad5d3e61d authored over 2 years ago by Todd C. Miller <[email protected]>
2d6b9d22e11a17257753a7b8d4cd49fcec83db92 authored over 2 years ago by Todd C. Miller <[email protected]>
Unlike the parser fuzzer, this includes sample certs and keys.
This test would have detected the ...
A value that starts with a '/' should be treated as a path.
0ca222aa887ee35e034e782b01e3df91e4386523 authored over 2 years ago by Todd C. Miller <[email protected]>bec9603f3a83443183eaef3d619189767e57326b authored over 2 years ago by Todd C. Miller <[email protected]>
51b64780c0b7b61db6f602727f1454c1aebc2c6b authored over 2 years ago by Todd C. Miller <[email protected]>
89b80ea690fbb68e0940bf7c3517201dfb6a4a4d authored over 2 years ago by Todd C. Miller <[email protected]>
This makes the code easier to read and quiets a cppcheck false positive.
eb0135a93adf28f9362932fcf5f7b1b30a450b40 authored over 2 years ago by Todd C. Miller <[email protected]>The manual had the correct section in the text but was installed
in the wrong directory.
3074f64bd104a091a1e925a4a293e34b42d357ae authored over 2 years ago by Todd C. Miller <[email protected]>
4b5ee47e0dbebe68ee9fdf88b99132f770a07155 authored over 2 years ago by Todd C. Miller <[email protected]>
Previously, in intercept mode, if the log server is unreachable the
message would be printed for ...
This should reduce the amount of time the child has to wait for
the parent to use PTRACE_SEIZE to...
cec83a05a382d575d99392f1b27d63ba1594f031 authored over 2 years ago by Todd C. Miller <[email protected]>
This also means we can log system(3) with log_subcmds.
f52342031d031fad8faf4a39067a6cd1b25467af authored over 2 years ago by Todd C. Miller <[email protected]>Also add riscv the little endian list.
436deda08d973936fad834c7138c9bab427b5d98 authored over 2 years ago by Todd C. Miller <[email protected]>See https://www.ibm.com/support/pages/apar/IJ11845
1c8316162237a319b9ee5b2fe5081f24a0c92f2d authored over 2 years ago by Todd C. Miller <[email protected]>Converting fractional minutes to nanoseconds could overflow a 32-bit
integer, use long long instead.
93916fde4f713e6b1395bdb1d66f6577c6c80221 authored over 2 years ago by Todd C. Miller <[email protected]>
b497d7454459199913bbc64188f4b780f6b9e124 authored over 2 years ago by Todd C. Miller <[email protected]>
c1934a63661ccec930b8fcbbb895a32c5e65f715 authored over 2 years ago by Todd C. Miller <[email protected]>
6eda28ef514b07d3e5c11ddd3b048d4a249be042 authored over 2 years ago by Todd C. Miller <[email protected]>
789bc6ec8e6fef6f98796c57b3aaa53e87abe54b authored over 2 years ago by Todd C. Miller <[email protected]>
15f167c3a02932b1233aa5607da463c57c287999 authored over 2 years ago by Todd C. Miller <[email protected]>
7125a9cc237b74e73c0725913a7314e42d1cae7e authored over 2 years ago by Todd C. Miller <[email protected]>
9bb288d10e87d6d9fcafd279d9207924a35dd84c authored over 2 years ago by Todd C. Miller <[email protected]>
Add AppArmor support to sudo
402fc832fa3d77e34fdb3d9a199b67037c58476e authored over 2 years ago by Todd C. Miller <[email protected]>f16754a1ddfbc4d61e56dd63722dd917cdfe72bb authored over 2 years ago by Todd C. Miller <[email protected]>
The replacement execve() function was passing the global environ
to exec_wrapper() instead of the...
346e63cd7c40a9db368b4bf078bf727f1f0f41ec authored over 2 years ago by Todd C. Miller <[email protected]>
b6ddf3db6df314e0c415c46b32c4cb215f10760a authored over 2 years ago by Todd C. Miller <[email protected]>
38c6e1bffb009ed537637b46259fcfa0e7174370 authored over 2 years ago by Todd C. Miller <[email protected]>
There should have been a minor version bump for sudo 1.9.8 when
intercept was originally implemen...
But only reset intercept_allow_setid if the user didn't explicitly set it.
6ced49a34dda7409445810ad454b636ddaea4ec1 authored over 2 years ago by Todd C. Miller <[email protected]>This prevents the packages from being created as foo.el.arch.rpm
since we were assuming that the ...
d6be44db00c9efe9d63d00fae853036a18dd2531 authored over 2 years ago by Todd C. Miller <[email protected]>
It is not possible to change the syscall return value on MIPS
so we cannot support full intercept...
f053f174bc63c36158ce37dde505ac668cac598c authored over 2 years ago by Todd C. Miller <[email protected]>
sudoers now supports an APPARMOR_PROFILE option, which can be specified
as e.g.
alice ...
c20859d55b1edfbc64c705d34165645a7942d161 authored over 2 years ago by kernelmethod <[email protected]>
- Document the AppArmor userspec option in the sudoers man pages.
- Add information about the --...
Install libapparmor-dev on Debian- and Ubuntu-based Docker images so
that they can build sudo wi...
Define a new sudo setting, `apparmor_profile`, that can be used to pass
in an AppArmor profile t...
Add a new build flag, --with-apparmor, that builds sudo with AppArmor
support. Modify the build ...
Otherwise, we won't get the wait status of a suspended command
that is not being traced.
We now include all the dependent libraries when linking.
Fixes a linking problem on CentOS Stream 9.
Use strlen(), not sizeof(), on "problem parsing sudoers" since it
is a tranlated string and not a...
Use this in test_ptrace.c to be able to suspend just like sudo does.
0ea431e3929705ce6c17beb5c1337d2cce565bf9 authored over 2 years ago by Todd C. Miller <[email protected]>When ptracing a process, we receive the signal-delivery-stop signal
before the group-stop signal....
Certificates generated with a CA that doesn't set the key usage
extension will fail to validate i...
69fa04f069a85e3744079a37795248afc532ceb0 authored over 2 years ago by Todd C. Miller <[email protected]>
a82fe9aa06644983da8054aa111b63fffd7010d7 authored over 2 years ago by Todd C. Miller <[email protected]>
That way we get reasonable error messages for missing files, etc.
d7df7abf875b1427c77f609e4a809032324ede2a authored over 2 years ago by Todd C. Miller <[email protected]>Unlike BIO_new_fp(), BIO_new_file() takes an fopen-style mode string.
3ba807b70fdf6d2f1ae986b4b6e847287cb535d6 authored over 2 years ago by Todd C. Miller <[email protected]>