Ecosyste.ms: OpenCollective
An open API service for software projects hosted on Open Collective.
github.com/sudo-project/sudo
Utility to execute a command as another user
https://github.com/sudo-project/sudo
3fa025281f10c7886b58f4ddcaa67549138828ec authored about 3 years ago by Todd C. Miller <[email protected]>
Build container descriptions are in the new docker directory.
8d98a447c580fc39d3a2b390e32e8093af2529f2 authored about 3 years ago by Todd C. Miller <[email protected]>a02af3a45c1e73fdc61a72a2195d8a54dac76700 authored about 3 years ago by Todd C. Miller <[email protected]>
It now prints runchroot and runcwd (falling back on cwd).
As a result, submithost is now printed ...
3575e995a9f06a2002186741a85da7f622acea75 authored about 3 years ago by Todd C. Miller <[email protected]>
Can be disabled via --disable-hardening.
c5f983c643ec87f078b8a13fd35a718655d19b10 authored about 3 years ago by Todd C. Miller <[email protected]>Can be disabled via --disable-hardening.
edf30c727398f8de75f5b366c47cc4ebe7ee25d0 authored about 3 years ago by Todd C. Miller <[email protected]>There is no case where we should fail to find an editor just because
the values of EDITOR, VISUAL...
Avoids extraneous output in the fuzzer.
dde951a09892a67b0f687dd087ff44fed5299da3 authored about 3 years ago by Todd C. Miller <[email protected]>This makes it possible to parse sudoers without using quiet mode,
resulting in better coverage.
Also undo a change to fuzz_sudoers.c that snuck in to the last commit.
eefb7b0d5480343011ee1bdd176e06406f9f4c0c authored about 3 years ago by Todd C. Miller <[email protected]>Excessive output makes the fuzzer runs much less efficient.
7d964875df610bf995389f81f43950d62e2abd59 authored about 3 years ago by Todd C. Miller <[email protected]>It is possible for the buffer offset to be zero when the length is
non-zero. The proper value to...
This avoids relying on /dev/fd which may not exist in a chroot jail.
Adapted from a change in Ope...
FreeBSD returns EMLINK and NetBSD returns EFTYPE instead of ELOOP.
This is only used to present t...
1d203c83441c93c548f88f59b83e1a374504d27d authored about 3 years ago by Todd C. Miller <[email protected]>
For example "cvtsudoers -m cmd=/bin/ls" would only display entries
that would allow /bin/ls to be...
These are based on the code in testsudoers.
41f116050fcac0a34e4834648559d6e838a3b523 authored about 3 years ago by Todd C. Miller <[email protected]>a7367ce47de9bf824b301fc77bc9b4187623e1a6 authored about 3 years ago by Todd C. Miller <[email protected]>
Quiets a cppcheck warning; mksiglist.c already has this fixed.
99655f28dee1ea6f77d74f175bc7e719af27c799 authored about 3 years ago by Todd C. Miller <[email protected]>Coverity CID 188804
86df86ed9407d9d37495c3649e7e4e7be4a9ad98 authored about 3 years ago by Todd C. Miller <[email protected]>b9b84518304b9dd42f071f5a607ddfd300d2640e authored about 3 years ago by Todd C. Miller <[email protected]>
4a49f169679b455bf4b9b1bcd312d9081e62429f authored about 3 years ago by Todd C. Miller <[email protected]>
There are no remaining unchecked snprintf() that can actually overflow.
dc90df8de5164af992391aa970c368c2031cf2c4 authored about 3 years ago by Todd C. Miller <[email protected]>We make a copy of the directory so there's no real reason that
parameter can't be const.
sudo_rcstr_alloc() takes a length (not a size) parameter so when
calling snprintf() we need to ad...
This string is primarily used for warning messages.
Also check the snprintf() return value to avo...
4fef09e1c2e30e9cd2a8142279807d43376634c8 authored about 3 years ago by Todd C. Miller <[email protected]>
0340a9056e014064a710794991d3cf48dedd2904 authored about 3 years ago by Todd C. Miller <[email protected]>
a036cb02525af24653e0540d3e76e356c31fb736 authored about 3 years ago by Todd C. Miller <[email protected]>
Otherwise we end up with zero-length files in the incoming queue
dir and may end up relaying one ...
It is only the alias and defaults warnings we need to suppress.
b6561831b454a2a253967061221452c38cdd66cc authored about 3 years ago by Todd C. Miller <[email protected]>5421c6182824e6b0dcc522db7fe24ede4737c288 authored about 3 years ago by Todd C. Miller <[email protected]>
a8c4d9800b6c567f5020cef5f0907f5fcaba33d1 authored about 3 years ago by Todd C. Miller <[email protected]>
328bc282e0de0014612829dd2991a1acd94f8883 authored about 3 years ago by Todd C. Miller <[email protected]>
There is no need to send the log ID for each sub-command.
8cc7e4bb5e4cb843e9df0ec31db42ef204442259 authored about 3 years ago by Todd C. Miller <[email protected]>Plugs a small memory leak in intercept mode if the log server sends
the log ID again for sub-comm...
Some fuzzing inputs cause a huge number of warnings and displaying
them all can result in the fuz...
This helps prevent the fuzzer from going off the rails.
0ea561ca6ac1a0020250e962dbded8e31324de90 authored about 3 years ago by Todd C. Miller <[email protected]>Fixes a potential crash for "sudo -i" when the target user has bash
as the shell (which needs the...
It should not be possible to reach this point with a command defined
but argv[] empty but it does...
There's no point in warning about the same problem multiple times.
This implementation assumes a ...
1d2512ae10c8a337d0313f9de78503d5767307e0 authored about 3 years ago by Todd C. Miller <[email protected]>
Make the zero length check explicit so as not to confuse static
(or human) analyzers.
292916f43c9948caced9b62018d5ff510a5e0497 authored about 3 years ago by Todd C. Miller <[email protected]>
This has been possible with sudoers file entries since sudo 1.9.0
but no corresponding change was...
This is consistent with how sudo formatted time stamps prior to
the logging code being split off ...
Old versions of strftime(3) didn't guarantee to NUL-terminate the buffer
so we explicitly clear t...
18f1884ddc6b984b463e4392bdd0444431471d5c authored about 3 years ago by Todd C. Miller <[email protected]>
Avoids compiler warnings with OpenSSL 3.0. EVP_MD_CTX_new() is
only available for OpenSSL 1.1 an...
698481492c5838969272a7569499732c1bb5b365 authored about 3 years ago by Todd C. Miller <[email protected]>
7c550c5d10801ceea24fa2eba4528c309f31296d authored about 3 years ago by Todd C. Miller <[email protected]>
Sometime second granularity is not enough.
46d71c4360257d4fa97fb2163303d69f383b4ddb authored about 3 years ago by Todd C. Miller <[email protected]>fa71679b5a93046cf2b45451d4808cbd49745f8e authored about 3 years ago by Todd C. Miller <[email protected]>
On the HP-UX build machines these are named libssl_pic.a and
libcrypto_pic.a to avoid conflicting...
Fixes a warning on OpenSSL 3.0 and plugs a memory leak of dhparams
on config reload.
18613eee229f28cd730d988988e9f7db8db0ee42 authored about 3 years ago by Todd C. Miller <[email protected]>
cf225d2f10325cd11dadf11b91ce17de4f6dcba8 authored about 3 years ago by Todd C. Miller <[email protected]>
2445576e9bff7583be8f3cc99fd48f0c35f6ac51 authored about 3 years ago by Todd C. Miller <[email protected]>
eab915ae9740cc7611451ace4ea9e497a2b3b6e6 authored about 3 years ago by Todd C. Miller <[email protected]>
This was missed in the previous set of changes, resulting in a crash
for LDAP and SSSD rules that...
Fixes a fuzzer link error when building with ldap if the ldap libs
are not in the default library...
Since -lssl depends on -lcrypto, -lcrypto must be listed after -lssl.
Fixes linking of non-dynami...
e1653be4351665eba5a7cc909c44b3c9dbadbde8 authored about 3 years ago by Todd C. Miller <[email protected]>
We should only get a HelloResponse from sudo at this point.
51d5f05e67e6d53064258c489540591640a216b2 authored about 3 years ago by Todd C. Miller <[email protected]>db750232c5a63b74779a5e5a5b27c7cba9d2c450 authored about 3 years ago by Todd C. Miller <[email protected]>
The operation should simply be set to true/false.
Also treat a NULL file as coming from the front...
If static objs are disabled we need to add explicit dependencies for
.o files. The OpenBSD libto...
The OpenSSL pkgconfig files only include -L paths, not -R paths.
Using SUDO_APPEND_LIBPATH ensure...
This can be used to find the correct openssl pkg-config file
if it is not named "openssl" (also l...
yyerror() must be extern void
declare tokens with type instead of using separate %type lines
4b5a67cf8e63aa8ed505c08e2b709a73ca7988a0 authored about 3 years ago by Todd C. Miller <[email protected]>
197d4ced38045174a0156316924173008fce6326 authored about 3 years ago by Todd C. Miller <[email protected]>
02966f059ec0563fb8a492c0a08af4de0b8804f4 authored about 3 years ago by Todd C. Miller <[email protected]>
Copy pasta is not always the best kind of pasta.
4b365300a70900f000886729431be93dbbc323b0 authored about 3 years ago by Todd C. Miller <[email protected]>execvpe() is a GNU extension also found on *BSD (but not macOS).
3a4aec7a6216063701f63ed01291cdf4da52f173 authored about 3 years ago by Todd C. Miller <[email protected]>6d5f450a62c52befb14132bf35397ce00a25829e authored about 3 years ago by Todd C. Miller <[email protected]>
We want to use PATH from the current value of the environment, not
the initial value of PATH when...
Currently, PATH traversal is handled by sudoers which uses
the original PATH, not the one updated...
The configure check for alloca() was removed long ago but this got
missed.
aac09cf7be452704da4dc06dc439e3a487fb00c0 authored about 3 years ago by Todd C. Miller <[email protected]>
We want to treat it as an array of bytes, not an array of tokens.
Coverity CID 240011
f64d71674ea0a346942b84db7866af53fecf579a authored about 3 years ago by Todd C. Miller <[email protected]>
9a9a22e93ead03a543345778fe7218e4c022b4bb authored about 3 years ago by Todd C. Miller <[email protected]>
2f6cacd1ec7c78531e686d69fc9ec936eabb5b3f authored about 3 years ago by Todd C. Miller <[email protected]>
967bcab4dbfa79bc7b47233861b97710841d82c5 authored about 3 years ago by Todd C. Miller <[email protected]>
38d884a62d618140ffefd3dfa2370dfc06c344b5 authored about 3 years ago by Todd C. Miller <[email protected]>
5c2f1ebbcfeac3dbe31f6b6d57446661914a461d authored about 3 years ago by Todd C. Miller <[email protected]>
190e495b64d025aed72d2186fe1d4ea93c0cf293 authored about 3 years ago by Todd C. Miller <[email protected]>
SELinux policy will prevent the inherited socket from sudo from
being used and may also restrict ...
242e4d070fc2036515941ae3860b6b5eafb156d0 authored about 3 years ago by Todd C. Miller <[email protected]>
4ca5c7d64360bbbf3d46a7a6fb7e439a0455a972 authored about 3 years ago by Todd C. Miller <[email protected]>
Protobuf doesn't have a 128-bit type so use two u64s.
We now support partial reads of the token.
Also add regression test.
4bff82cab42af89b680b344c3d5fea2d87b33153 authored about 3 years ago by Todd C. Miller <[email protected]>Sending the secret out of band, before the message size is read,
should make it harder to mount a...
We know the length of what we are receiving so just loop until
we have it all, get EOF or an error.
We use -Wc,-fstack-clash-protection as the linker flag to prevent
libtool from removing it from t...
a078bc64bb5ac715e60eed84e4a5d553b527334e authored about 3 years ago by Todd C. Miller <[email protected]>
3c26b92a756a3d734bd9248e0bed15276527eadc authored about 3 years ago by Todd C. Miller <[email protected]>
If the command is not accepted we don't rebuild command_info[] and
must not free it. It will be ...