Ecosyste.ms: OpenCollective
An open API service for software projects hosted on Open Collective.
github.com/sudo-project/sudo
Utility to execute a command as another user
https://github.com/sudo-project/sudo
cc79038730793ab5c4c4dacd9d1bd7f59c088e00 authored almost 3 years ago by Todd C. Miller <[email protected]>
This means that lhost and shost in struct sudoers_parse_tree
are no longer const and that free_pa...
7baee707b003d943b13dcbc34f0937f2f740fea3 authored almost 3 years ago by Todd C. Miller <[email protected]>
7b0b186994a343cdc281a93292b3a5986f6ebc5d authored almost 3 years ago by Todd C. Miller <[email protected]>
For example, MacOSX11.sdk instead of MacOSX11.3.sdk.
0a89b87a3ff329c7cd9e3b6c605cef0312c9ed61 authored almost 3 years ago by Todd C. Miller <[email protected]>70c0d35faaf6bf4c56b0346e1575c03a93d8607e authored almost 3 years ago by Todd C. Miller <[email protected]>
If present, the host name is copied into the struct sudoers_parse_tree.
33fbf59467464e356aad54de73ed5be3d84df8ee authored almost 3 years ago by Todd C. Miller <[email protected]>In the future the parsed files will be merged before they are output.
4cb34a2015165afe8da1d74123bdf14161172ea6 authored almost 3 years ago by Todd C. Miller <[email protected]>This will be used to store multiple parse trees and merge them
into a single sudoers_parse_tree.
3ab280fc616e4f91da7f80c18ad12926a8acbddb authored almost 3 years ago by Todd C. Miller <[email protected]>
781a4fb691c65065d83c35ed7399b5f5c0147a23 authored almost 3 years ago by Todd C. Miller <[email protected]>
658eba7ee49697eed0f8045769d4dcd75fb9b04f authored almost 3 years ago by Todd C. Miller <[email protected]>
85325a7d2f7cc2cc656464423f3f96fe931cd93b authored almost 3 years ago by Todd C. Miller <[email protected]>
289a045a4fb35a128b0c58eb37b5de73be0e49ee authored almost 3 years ago by Todd C. Miller <[email protected]>
5faf46de6fd8cd42a3eede885973cbddbad6a4f0 authored almost 3 years ago by Todd C. Miller <[email protected]>
Only needed when building the seed corpus zip files.
09b82a22ca483d9722594b59f05438258aa77a91 authored almost 3 years ago by Todd C. Miller <[email protected]>This helps to avoid issues with mismatched headers and libraries.
c2d03f7cca1009b7fde3fa1bedb342dad6de5469 authored almost 3 years ago by Todd C. Miller <[email protected]>This can happen when no changes were made. Also preserve the edited
temp file on error if we are...
def7a51f4d743033cb37efcb23cf8f08a4785286 authored almost 3 years ago by Todd C. Miller <[email protected]>
8e656b63c8cfb1620e986f78ea3c9a45d3f2f0eb authored almost 3 years ago by Todd C. Miller <[email protected]>
Avoids a name clash with the set_perms() function.
288bb82543e2812c680bf2520fa5f3c87e797f2f authored almost 3 years ago by Todd C. Miller <[email protected]>Rename "is_writable" variable to "writable".
7085a6447550777c6296f9eacecc1c126febdc0b authored almost 3 years ago by Todd C. Miller <[email protected]>03927f998fcde5163c9f7063940ca2f0ba185e62 authored almost 3 years ago by Todd C. Miller <[email protected]>
6f7f8601e456c1add262b35ebaf9e93af8613b7d authored almost 3 years ago by Todd C. Miller <[email protected]>
This is supported beginning with sudo 1.9.9 and plugin API 1.17.
7c8746bc7019cb146c24e89764c9b2e1b2a2d386 authored almost 3 years ago by Todd C. Miller <[email protected]>We can assume that systems without strtoull() have 32-bit resource limits.
19065cb221225a2377ed509d660bf63e81399e8c authored almost 3 years ago by Todd C. Miller <[email protected]>The special value "user" means preserve the invoking user's limit.
The value "default" means don'...
The default for rlimit_core is "0,0"
Resource limits are passed back to the front-end in command_...
9c465f84adcc274f6ca8969298f8f9aaf3a09602 authored almost 3 years ago by Todd C. Miller <[email protected]>
This can be used in conjunction with the -c option to check that
the sudoers file ownership and p...
78709eaeec73c88cb24e5b7ebafb14ace63ece48 authored almost 3 years ago by Todd C. Miller <[email protected]>
22d624c0289defd9267632dbd03a007536493215 authored almost 3 years ago by Todd C. Miller <[email protected]>
We only want to apply SELinux to confined users. This is a bit of
a hack as unconfined_r is spec...
This makes it possible to determine whether we really need to execute
the command via the sesh he...
The front-end uses this to decide whether or not to enable SELinux.
If selinux-rbac is true _or_ ...
The SELinux policy may not allow uid/gid changes which will break
the writability checks and caus...
733fe4bd1ab0a0b988fbef597aa2c5424c35e555 authored almost 3 years ago by Todd C. Miller <[email protected]>
6804632591bfaf1649999b564f2a6a51fc0e5fc2 authored almost 3 years ago by Todd C. Miller <[email protected]>
ff888e70094269ea08a54e34370ff03d2d81e5f7 authored almost 3 years ago by Todd C. Miller <[email protected]>
4e1e07b8832fc97c40fd5e17c367d0225e629e91 authored almost 3 years ago by Todd C. Miller <[email protected]>
The timegm() function is non-standard but widely available.
Provide an implementation for those s...
Also add missing Makefile targets for them.
b506497fe4e6c7d3bf07a908ff4074e3bee02ddb authored almost 3 years ago by Todd C. Miller <[email protected]>Otherwise, the resulting time may be off by and hour, depending on
whether DST is currently activ...
Until arm64e on macOS is finalized, continue to build arm64 packages.
12c8dba4caee4c4a92738f1f4614b70e52c3cf3a authored almost 3 years ago by Todd C. Miller <[email protected]>We originally used arm64 here but the correct ABI is arm64e.
The arm64 arch will be removed in a ...
7c4c61be0f55d94d106a14b810804f7de89e0cff authored almost 3 years ago by Todd C. Miller <[email protected]>
Older versions of OpenSSL and wolfSSL lack BIO_new_fd().
Also explicitly include openssl/bio.h an...
fc5fa1bbd405efb5f61bd67c59ab457acfd46a84 authored almost 3 years ago by Todd C. Miller <[email protected]>
77048c11931568a45255df8b02e9ac8e8a31e2b6 authored almost 3 years ago by Todd C. Miller <[email protected]>
Fedora does not appear to have an official wolfssl package.
21c240d809e0e3985c2fa12b658506e4df328fb7 authored almost 3 years ago by Todd C. Miller <[email protected]>094f4dac587fade4eb12a75a20761dc33f3fbd28 authored almost 3 years ago by Todd C. Miller <[email protected]>
Based on changes from Hayden Roche
cc6157d7d4ceec624da6ca0ac6bfc581fc868491 authored almost 3 years ago by Todd C. Miller <[email protected]>465bfbba728eda0bf1e7a1f9851cf275f2a93372 authored almost 3 years ago by Todd C. Miller <[email protected]>
This way there is no include file order issue with the
PROTOBUF_C_VERSION_NUMBER check.
1dbf95645d4590db35282f73c0293492be13e731 authored almost 3 years ago by Todd C. Miller <[email protected]>
While they are defined to the same value in OpenSSL one should not
rely on this.
a808f8e7e54e153d63a26e6c0b52461922981111 authored almost 3 years ago by Todd C. Miller <[email protected]>
With this change, sudo_sendlog can now round-trip sudo-style I/O
logs that use the newer log.json...
This was removed when Linux genentropy() was disabled.
ef3eb25a1b2410f97ead47cba728994d4f32cc41 authored almost 3 years ago by Todd C. Miller <[email protected]>88c577171ed39f63f334c5c1836c4a5058a7df28 authored almost 3 years ago by Todd C. Miller <[email protected]>
00f0c233b2575e1981b9a3f33223e052be186d94 authored almost 3 years ago by Todd C. Miller <[email protected]>
Define MAP_FAILED where relevant if undefined
cf47187eb5e6250db2b5bcac4aa624fd49a3802f authored almost 3 years ago by Todd C. Miller <[email protected]>
On systems such as HP-UX 10.20, MAP_FAILED is not
defined.
From Jeremy Huddleston Sequoia
cccefb962b76505fd9916e39c3ae7108b09c0bcc authored almost 3 years ago by Todd C. Miller <[email protected]>Try to fill the write buffer and then send to the server instead
of sending records one at a time.
1a26d2c883017b0ac26cfcc78a0c9d9c402a7fe3 authored almost 3 years ago by Todd C. Miller <[email protected]>
We may need to use RAND_bytes() in the getentropy() emulation.
9fbbca7b7a4cc60a8aa27d73de54278004a704c0 authored almost 3 years ago by Todd C. Miller <[email protected]>This test needs to be done after AC_LANG_WERROR to avoid including
sys/sysctl.h on systems where ...
The glibc getentropy() emulation will fail on older kernels that
don't support getrandom().
Also ...
de4fd4a31de922706fcc6b4f4728bd84ca8c5a85 authored almost 3 years ago by Todd C. Miller <[email protected]>
Apparently this code was never compiled anywhere.
badd6267bd81bc119560a643868dbb92a952e9e3 authored almost 3 years ago by Todd C. Miller <[email protected]>9dd6304940ce90b24b5ef81459c8c45365b67fb4 authored almost 3 years ago by Todd C. Miller <[email protected]>
803fc56bef87c8583d134146523764234469a433 authored about 3 years ago by Todd C. Miller <[email protected]>
f49c7ac5a525f24971ad08ea8bd0adb99e3955fe authored about 3 years ago by Todd C. Miller <[email protected]>
89b53d5edd1da355872b9415acb40bb63eb66b15 authored about 3 years ago by Todd C. Miller <[email protected]>
We need to call iolog_flush_all() _before_ scheduling the commit point.
If we fail to schedule to...
5eebc3098787295814b1e7f1c0819209c1b42300 authored about 3 years ago by Todd C. Miller <[email protected]>
a71d1f7ce60560de9e0a9868d83801b301bcf34e authored about 3 years ago by Todd C. Miller <[email protected]>
Now that struct eventlog includes the exit parameters we can simplify
how eventlog_exit() is called.
d415624ffc6cf16aa992279b3087bce66844c740 authored about 3 years ago by Todd C. Miller <[email protected]>
d21c935a150eb274030188be72b6830c28738961 authored about 3 years ago by Todd C. Miller <[email protected]>
f73bc6dee3878fca0f2cbea7c6cd0ce69167eb8e authored about 3 years ago by Todd C. Miller <[email protected]>
It is now possible to pass a NULL run_time to eventlog_exit().
77c339858d53b34ebbe2614fe3148f55b6d8c88b authored about 3 years ago by Todd C. Miller <[email protected]>Also document that logs are flushed before sending a commit point
even when flushing is disabled.
The commit point message means we have written the data to disk so
we should not be buffering it ...
If the connecton is interrupted before sudo sends back a commit_point
message, resuming at [0, 0]...
Since "cd" is a shell built-in command it cannot be run directly
via sudo. The user either needs...
We already avoid installing it when --disable-shared-util is specified.
64e57983188e053a5554ce6eeef5577230477f44 authored about 3 years ago by Todd C. Miller <[email protected]>Fixes a problem where the exit value from mkpkg was 0 even on error.
7a56c9871e1f3d5c88a2c21e7a5b447db7a54739 authored about 3 years ago by Todd C. Miller <[email protected]>4b7b3c05e954dd11139a8e78c601adc85b0ac5e5 authored about 3 years ago by Todd C. Miller <[email protected]>
For CSV output we double quotes strings that contain commas. For
each literal double quote chara...
de5ca187b8d05a891602d15af7059a34d98b6806 authored about 3 years ago by Todd C. Miller <[email protected]>
a4fb31aa06627831c4febdae9caa97b3f87f8ef2 authored about 3 years ago by Todd C. Miller <[email protected]>
032575f57bb6b04a357f3d2d9d494eabd8718a12 authored about 3 years ago by Todd C. Miller <[email protected]>
We now do separate builds with LDAP/SSSD enabled, logsrv client/server
disabled, and static-sudoe...
This introduces a sudoers-specific version of LT_STATIC instead of
appending the --tag=disable-sh...
May be needed for Fedora rawhide and Ubuntu testing, among others.
f6fc70e5dd0aa7c13ec1da4334864b298474ff83 authored about 3 years ago by Todd C. Miller <[email protected]>Fixes check_noexec with ASAN on Fedora where libasan.so just includes
the actual library file.
We need to disable leak sanitizer during "make check" because it
uses ptrace which is not allowed...
49611d6ccac3a627e17a5006e2540b1860ed0954 authored about 3 years ago by Todd C. Miller <[email protected]>