Since sudoers does rejected commands itself the runcwd will still
not be correct for those.

Also remove useless free of a ptr that is always NULL on the error path.

The intercept fd is closed in the ctor but the debug fd will still be open.

Use this in sudo_intercept.so to avoid allocating a low-numbered
fd which the shell reserves for ...

This lets us log based on the command_info[] list passed in from
the front-end. Previously, much...

HP-UX 11.31 defines static functions for pread() and pwrite() which
will conflict with our macros.

This allows intercept mode to work with shells that close all open
fds upon startup. The ctor in...

lib/util/Makefile.in: use host CFLAGS and CPPFLAGS for mksig{name,list}

When cross-build support was added for mkig{name,list} was added, the
CFLAGS and CPPFLAGS should...

This allows intercept to work with csh which uses execv(3) not execve(2).

Don't try to enumerate all the sudo programs that support debugging
since all of them do.

The entries in the binding were separated with " ," instead of ", ".

This will define _LARGEFILE_SOURCE, if needed, to make the prototype
visible on older systems.

This time around, avoid defining _LARGEFILE64_SOURCE and just declare
pread64/pwrite64 ourselves.

only affects the old BSD-style fd passing code, not POSIX-style.

Also mention intercept_authenticate and intercept_allow_setid.

We must build these with the host C compiler but use the target
preprocessor to generate the output.

* fix trivial shell script issues
* remove trailing whitespace

The colon really doesn't belong there; we generally use a colon to
separate a message from the wa...

They are only required if sudo_logsrvd has tls_checkpeer enabled.

Avoids 3 translation strings that were effectively duplicated.

With this change, a shell in intercept mode cannot run a setuid or
setgid binary by default. On ...

Previously we special-cased handling of ALL but this complicates
some upcoming changes.

Also mention log_children under "Preventing shell escapes"

These are client-side not server-side.

This should make it easier to tell when a setting is present in the
wrong section.

Now instead of [email protected] we would log [email protected].

Otherwise we could end up creating them with a more restrictive
mode than indended. Coverity CID...

Coverity CID 238642

Coverity CID 238643

Move closure allocation closer to where it is used.

Quiets a compiler warning on systems where tv_sec in struct timeval
is not long long.

This can be used with sudoreplay to jump to when a specific command
was executed within a session...

The offset is a suffix in the form of @sec[.nanosec]

Needed for arc4random() and uin64_t.

The goal is to make it harder for someone to have a fake policy checker.
This will not stop a det...

The actual FreeBSD port supports multiple options but this is sufficient
for testing purposes.

Otherwise, a mode of 0 will be used, potentially rendering the
system unusable.

Previously, log_server_reject() and log_server_alert() just
checked whether client_closure has be...

This should ensure that the other side sees any queued data before
the connection is dropped.

The change to prefer SIGSYS over SIGUNUSED wasn't made to siglist.in.
Also, mksigname.c doesn't n...

Fixes a leak when evaluating the policy multiple times if sudoedit
is set.

Now that sudoers free old values of NewArgv and command_info the
fuzzer needs to reset those valu...

These would get cleaned up a policy close time but we don't want
to bloat sudo's memory footprint...

By default, sudoers will not require authentication of commands run
via an intercepted session. ...

We use the uuid to match the command with its exit status.

Only available when the server supports the subcommands capability.

Address sanitizer requires that it be preloaded before any other
DSO in LD_PRELOAD. This should ...

Otherwise, another dso could take precedence and ours would not be run.

Fixes building on Solaris and probably others. It is possible to
expose msg_control on Solaris b...

It now takes an intercept fd as an optional argument instead of a
list of extra variables to add....

Otherwise the policy plugin won't be able to read the password.

Previously, for intercepted commands we only called the policy plugin.

This makes sudo_settings, user_info, submit_argv, submit_envp and
submit_optind global. This wil...

Previously, they would just exit if there was an error.
Now the error is passed back up the stack...

Uses protobuf to talk to main sudo process over a socketpair.

Uses google protocol buffers.

We need to use it for sudo <-> sudo_intercept.so communication.

The log server now advertises a subcommands flag if it supports
logging subcommands (e.g. command...

Previously we used NewArgv[] and env_get() but now that logging is
performed via an audit plugin ...

If the perm stack depth is non-zero when set_perms(PERM_INITIAL)
is called, rewind it first and r...

We need to reset the Defaults values to their original state.

This is used for the intercept and log_children options.

This causes "intercept" to be set to true in command_info[] which
the sudo front-end will use to ...