Ecosyste.ms: OpenCollective
An open API service for software projects hosted on Open Collective.
github.com/sudo-project/sudo
Utility to execute a command as another user
https://github.com/sudo-project/sudo
Since sudoers does rejected commands itself the runcwd will still
not be correct for those.
22de92b0da9c75106b1137ec4d7378c06d629187 authored about 3 years ago by Todd C. Miller <[email protected]>
75bac8dee935cd5251da7ccec21413815a71a8c9 authored about 3 years ago by Todd C. Miller <[email protected]>
ba171724f70d33f6291e136fa9379d96e7203692 authored about 3 years ago by Todd C. Miller <[email protected]>
d8d4023335818110c0d5889df1bc4cbf2e827bcf authored about 3 years ago by Todd C. Miller <[email protected]>
dcab17900b4b43fa5384e7d04a2856622b5c3694 authored about 3 years ago by Todd C. Miller <[email protected]>
Also remove useless free of a ptr that is always NULL on the error path.
3d8b327c6056476a19b28325ba792d42ffd66f97 authored about 3 years ago by Todd C. Miller <[email protected]>The intercept fd is closed in the ctor but the debug fd will still be open.
dc30c842bb006d5ecb765399f0ca9eca7533beeb authored about 3 years ago by Todd C. Miller <[email protected]>Use this in sudo_intercept.so to avoid allocating a low-numbered
fd which the shell reserves for ...
d6a71fe32ebddf49299304b4efcebc254550d76a authored about 3 years ago by Todd C. Miller <[email protected]>
This lets us log based on the command_info[] list passed in from
the front-end. Previously, much...
HP-UX 11.31 defines static functions for pread() and pwrite() which
will conflict with our macros.
This allows intercept mode to work with shells that close all open
fds upon startup. The ctor in...
438a0cf07ef5ba8592a061c0c030156664fcb266 authored about 3 years ago by Todd C. Miller <[email protected]>
0aedc965f88a08912eae945cd6cb15ca4f8faae2 authored about 3 years ago by Todd C. Miller <[email protected]>
lib/util/Makefile.in: use host CFLAGS and CPPFLAGS for mksig{name,list}
9980357a73183d1032b53d985a02d0790dbf296c authored about 3 years ago by Todd C. Miller <[email protected]>
When cross-build support was added for mkig{name,list} was added, the
CFLAGS and CPPFLAGS should...
448536e0f78a750566ff73a3f85cde5f48e19b2c authored about 3 years ago by Todd C. Miller <[email protected]>
222d6f94cdad6000d76cea15b96c7fc1ea0de1fd authored about 3 years ago by Todd C. Miller <[email protected]>
1391813443a724480a40e09d5daa27ebf08b925d authored about 3 years ago by Todd C. Miller <[email protected]>
df68f4c8d9ff59e0b6ab85660c832e0846ff2f5f authored about 3 years ago by Todd C. Miller <[email protected]>
This allows intercept to work with csh which uses execv(3) not execve(2).
98401c05881c6725d3c1c603c98c56aded1cf339 authored about 3 years ago by Todd C. Miller <[email protected]>02b78c38ed9cbd85f7c4f062f5f0cc29181910c6 authored about 3 years ago by Todd C. Miller <[email protected]>
Don't try to enumerate all the sudo programs that support debugging
since all of them do.
bb40491c99f92dae0d672018a50c313078404658 authored about 3 years ago by Todd C. Miller <[email protected]>
8ccb7f0096cfb1a8b7f155a86cde444af056b30c authored about 3 years ago by Todd C. Miller <[email protected]>
The entries in the binding were separated with " ," instead of ", ".
7df245dc91d45bf46abb79d71e3f824195f1250b authored about 3 years ago by Todd C. Miller <[email protected]>4ccd966e22d70263661cab8ed16ee99c0feef5e2 authored about 3 years ago by Todd C. Miller <[email protected]>
dc281f0366fa0c48ad9b4546ea4dee6505219894 authored about 3 years ago by Todd C. Miller <[email protected]>
This will define _LARGEFILE_SOURCE, if needed, to make the prototype
visible on older systems.
This time around, avoid defining _LARGEFILE64_SOURCE and just declare
pread64/pwrite64 ourselves.
23e5304b7802c1575d43fa6d22fdcc9b21d11591 authored about 3 years ago by Todd C. Miller <[email protected]>
only affects the old BSD-style fd passing code, not POSIX-style.
5d3ab032f2b5d93b164e092b6c912f6a61261faa authored about 3 years ago by Todd C. Miller <[email protected]>d333f484eca442023118105cc1ee969d53497f5d authored about 3 years ago by Todd C. Miller <[email protected]>
52e7594ae584b1da3a4d34635011bae2de140366 authored about 3 years ago by Todd C. Miller <[email protected]>
Also mention intercept_authenticate and intercept_allow_setid.
09f160779b1c6eaa818b9fae04b70115c5185cd2 authored about 3 years ago by Todd C. Miller <[email protected]>90aee138baf82adc42a710d1e24d25aea3ad0705 authored about 3 years ago by Todd C. Miller <[email protected]>
We must build these with the host C compiler but use the target
preprocessor to generate the output.
* fix trivial shell script issues
* remove trailing whitespace
The colon really doesn't belong there; we generally use a colon to
separate a message from the wa...
They are only required if sudo_logsrvd has tls_checkpeer enabled.
1c52c24a9325204bfc31285a649b07ea62cef5a2 authored about 3 years ago by Todd C. Miller <[email protected]>Avoids 3 translation strings that were effectively duplicated.
e17003b35c2e8b6ba7a35a20cc37ec011fecf8be authored about 3 years ago by Todd C. Miller <[email protected]>ad5feeb40b20cd81f028e7b00ac6305d2085629c authored about 3 years ago by Todd C. Miller <[email protected]>
With this change, a shell in intercept mode cannot run a setuid or
setgid binary by default. On ...
Previously we special-cased handling of ALL but this complicates
some upcoming changes.
dad40a50a1dab8f04fc1b3ed8c448b9395d72618 authored about 3 years ago by Todd C. Miller <[email protected]>
Also mention log_children under "Preventing shell escapes"
fc9a01936c20ebf48b6ea7fee5b966e953263bb0 authored about 3 years ago by Todd C. Miller <[email protected]>e4809d634d0527da90b47fdf5b6e5137025edc15 authored about 3 years ago by Todd C. Miller <[email protected]>
These are client-side not server-side.
a85cf1f3fddf1a89da3013d1a443f56fbbeee3e7 authored about 3 years ago by Todd C. Miller <[email protected]>This should make it easier to tell when a setting is present in the
wrong section.
Now instead of [email protected] we would log [email protected].
5902c0e21cc67f55773266d17c6d4f75a912a028 authored about 3 years ago by Todd C. Miller <[email protected]>Otherwise we could end up creating them with a more restrictive
mode than indended. Coverity CID...
babb498c6ebe09723a751127b104f43ab643ee91 authored about 3 years ago by Todd C. Miller <[email protected]>
Coverity CID 238642
6d3cf0ffda1dd7aab0b77c1d4319e50e09f7cf25 authored about 3 years ago by Todd C. Miller <[email protected]>Coverity CID 238643
e2abcd6cb63ab42ddf09d9a734580b319111d2fc authored about 3 years ago by Todd C. Miller <[email protected]>Move closure allocation closer to where it is used.
340d7539471faf1ca241a26151dcfad356055df2 authored about 3 years ago by Todd C. Miller <[email protected]>4add9c2c0082ec0490dd5d11fb80a2d0a3f8cc98 authored about 3 years ago by Todd C. Miller <[email protected]>
Quiets a compiler warning on systems where tv_sec in struct timeval
is not long long.
This can be used with sudoreplay to jump to when a specific command
was executed within a session...
The offset is a suffix in the form of @sec[.nanosec]
695f4bea0588c8b29ac90d9b64fc1470e414d3b6 authored about 3 years ago by Todd C. Miller <[email protected]>064981fb146c6914d76bb36a8aa279f56ec38e72 authored about 3 years ago by Todd C. Miller <[email protected]>
62aca803ceb971e6c4024dbb1fe5b800408bdb50 authored about 3 years ago by Todd C. Miller <[email protected]>
Needed for arc4random() and uin64_t.
a55b54329e0276840af29d8dad34154d1afa9cf7 authored about 3 years ago by Todd C. Miller <[email protected]>The goal is to make it harder for someone to have a fake policy checker.
This will not stop a det...
c9d9225469beb45d71e37d3171baa8d82dee93d9 authored about 3 years ago by Todd C. Miller <[email protected]>
The actual FreeBSD port supports multiple options but this is sufficient
for testing purposes.
Otherwise, a mode of 0 will be used, potentially rendering the
system unusable.
Previously, log_server_reject() and log_server_alert() just
checked whether client_closure has be...
This should ensure that the other side sees any queued data before
the connection is dropped.
79129613e5999addbe62bc12d67a829aba79f976 authored about 3 years ago by Todd C. Miller <[email protected]>
ffdd7920cd98b495a42775bb35012ec259e33a46 authored about 3 years ago by Todd C. Miller <[email protected]>
The change to prefer SIGSYS over SIGUNUSED wasn't made to siglist.in.
Also, mksigname.c doesn't n...
Fixes a leak when evaluating the policy multiple times if sudoedit
is set.
abac069566a73172f6c48c661b28e4347281a157 authored about 3 years ago by Todd C. Miller <[email protected]>
Now that sudoers free old values of NewArgv and command_info the
fuzzer needs to reset those valu...
aa20eccad4a313b859abf914355e508b10182b77 authored about 3 years ago by Todd C. Miller <[email protected]>
These would get cleaned up a policy close time but we don't want
to bloat sudo's memory footprint...
By default, sudoers will not require authentication of commands run
via an intercepted session. ...
We use the uuid to match the command with its exit status.
dae370fb70da81a0e7f358e61c146215deca870a authored about 3 years ago by Todd C. Miller <[email protected]>Only available when the server supports the subcommands capability.
2e99450d4017e20c3e716635f32e5939bd07125c authored about 3 years ago by Todd C. Miller <[email protected]>Address sanitizer requires that it be preloaded before any other
DSO in LD_PRELOAD. This should ...
Otherwise, another dso could take precedence and ours would not be run.
8f8a9c37b35ba8deba3dc4e0ccee2b934b3c4f0d authored about 3 years ago by Todd C. Miller <[email protected]>Fixes building on Solaris and probably others. It is possible to
expose msg_control on Solaris b...
258fa9d4f934af8777ab229d14dd4301201895b8 authored about 3 years ago by Todd C. Miller <[email protected]>
It now takes an intercept fd as an optional argument instead of a
list of extra variables to add....
Otherwise the policy plugin won't be able to read the password.
60e76e3e3567880346de939f06d74ebe539cfaf3 authored about 3 years ago by Todd C. Miller <[email protected]>Previously, for intercepted commands we only called the policy plugin.
42598735d007f6e7933243689e7c6e701b64c286 authored about 3 years ago by Todd C. Miller <[email protected]>This makes sudo_settings, user_info, submit_argv, submit_envp and
submit_optind global. This wil...
Previously, they would just exit if there was an error.
Now the error is passed back up the stack...
Uses protobuf to talk to main sudo process over a socketpair.
4cf3d1c416775c592433a40b25bd7d9fb0d69d1a authored about 3 years ago by Todd C. Miller <[email protected]>d7380bb271c3dd02bd4f38d5f9989931cb6f19b6 authored about 3 years ago by Todd C. Miller <[email protected]>
Uses google protocol buffers.
cede7dd92dec7e0290ded3ae3e0d66b97f33265c authored about 3 years ago by Todd C. Miller <[email protected]>We need to use it for sudo <-> sudo_intercept.so communication.
5d4120fa5d908689a55a85564dd76f5af3e153c8 authored about 3 years ago by Todd C. Miller <[email protected]>The log server now advertises a subcommands flag if it supports
logging subcommands (e.g. command...
Previously we used NewArgv[] and env_get() but now that logging is
performed via an audit plugin ...
If the perm stack depth is non-zero when set_perms(PERM_INITIAL)
is called, rewind it first and r...
We need to reset the Defaults values to their original state.
132936f8f0a4cc6daaa74699e42bd0534eb5e031 authored about 3 years ago by Todd C. Miller <[email protected]>This is used for the intercept and log_children options.
a556b373c989bec2b7268715585c7f641c28a999 authored about 3 years ago by Todd C. Miller <[email protected]>6287e8ca7d3295c6f123b0fed84ddd5a0cd4891a authored about 3 years ago by Todd C. Miller <[email protected]>
This causes "intercept" to be set to true in command_info[] which
the sudo front-end will use to ...