Ecosyste.ms: OpenCollective
An open API service for software projects hosted on Open Collective.
github.com/sudo-project/sudo
Utility to execute a command as another user
https://github.com/sudo-project/sudo
Extremely unlikely to happen but better safe than sorry.
92cf172edad0f068364e08c262d4c2ea46ed210d authored over 3 years ago by Todd C. Miller <[email protected]>Found locally using libfuzzer/oss-fuzz.
665f8d2e3e52c3260bfc682044843a4183ecc210 authored over 3 years ago by Todd C. Miller <[email protected]>If we allow the fuzzer to choose include paths it will include
random files in the file system. ...
This should avoid some issues with the fuzzer.
f5fc5d64170f51a864fe891cb3520ec54dcaf3d5 authored over 3 years ago by Todd C. Miller <[email protected]>Fixes a potential buffer overflow introduced in the last commit.
10e37223b5cc780a7862ae3f6c7834b56e93211c authored over 3 years ago by Todd C. Miller <[email protected]>We need to be able to display it using alias_error().
Only free what we actually allocated in ali...
oss-fuzz issue #30252
884b2fb86b3089f900cfd6d0379bf8629d2fc5be authored over 3 years ago by Todd C. Miller <[email protected]>Fixes spurious errors from fuzz_sudoers, which calls the parser multiple times.
077c9b0c745f3bf67da01d98252ede6635fea485 authored over 3 years ago by Todd C. Miller <[email protected]>This lets us track things correctly when buffers are realloc()d.
Rewrote fill() and append() to b...
Since we run the parser multiple times we need to restart it each time.
3237a18ee3feae91346933c6eb6ca92dad08e1c6 authored over 3 years ago by Todd C. Miller <[email protected]>Fixes oss-fuzz issue #30238
e66b132d7674778105b6c98153470631aaad773c authored over 3 years ago by Todd C. Miller <[email protected]>bde441186726e3a3a311b16b16534e69625bb6ca authored over 3 years ago by Todd C. Miller <[email protected]>
Should fix oss-fuzz issue #30236
bd4e8bc699ba1355c5579f345b4521017b8454f1 authored over 3 years ago by Todd C. Miller <[email protected]>d2901f4121e5490f9d1128458a8e229f4870b3cd authored over 3 years ago by Todd C. Miller <[email protected]>
GitHub issue #87
29f5f3c53ecf92c53151dde2b607bc7d2f4b31ea authored over 3 years ago by Todd C. Miller <[email protected]>The caller should be the one to handle this.
aaa2e8ddecf85903d71146532e40a14ea952ca2e authored over 3 years ago by Todd C. Miller <[email protected]>68939adee2f17d6f3338b9bc7985bf479bd072d7 authored over 3 years ago by Todd C. Miller <[email protected]>
We now need to remove the name and members from the leak list
*before* calling alias_add() since ...
8f2254594f09c53f4d469f28cc50deb57e4f0c82 authored over 3 years ago by Todd C. Miller <[email protected]>
20b3904f4f7e0b6199b783d6155b84d11b1dbbcd authored over 3 years ago by Todd C. Miller <[email protected]>
2fd4a2ad710bce6aa467f3ff1c738b98b095fd17 authored over 3 years ago by Todd C. Miller <[email protected]>
Also simplify the progname code so we only need a single implementation.
eec4f42366aa5967a2850879a3fa55590022d4db authored over 3 years ago by Todd C. Miller <[email protected]>Also warn if we find an unexpected JSON type.
71997da168ec173f4cf367f2e13bc25c6bf8fe02 authored over 3 years ago by Todd C. Miller <[email protected]>Since parsed_policy is for the sudoers parser we should declare our own.
0d34fa4285ba3e8375e84e2adff3381fbefcda0d authored over 3 years ago by Todd C. Miller <[email protected]>d3735b98e9f45db697eb85ed8b847acbcd076ef8 authored over 3 years ago by Todd C. Miller <[email protected]>
f30670a42f3a7b80a7ce8e876a58d008e5a30542 authored over 3 years ago by Todd C. Miller <[email protected]>
f59a8f30359c7884db0dfe154598b0efb331f638 authored over 3 years ago by Todd C. Miller <[email protected]>
These are not yet hooked up to the sudo build.
1e3cecc60831ed9b2c817c6f96bbf653f1a91dd5 authored over 3 years ago by Todd C. Miller <[email protected]>a74e8502c0452b720c143a2856848930bbe3f109 authored over 3 years ago by Todd C. Miller <[email protected]>
66cd61a9bdbb0e8dabaa56dab1809241a130fd04 authored over 3 years ago by Todd C. Miller <[email protected]>
This makes it possible to avoid memory leaks when there is a parse error.
9ed14870c69e1ae711f2848d849828dded14f108 authored over 3 years ago by Todd C. Miller <[email protected]>568931035dbb65fc57bafe9f0222d85107c2cd7f authored over 3 years ago by Todd C. Miller <[email protected]>
Found locally using libfuzzer/oss-fuzz.
4cd6350cadff4dd59f455f8c3a243e211edf4947 authored over 3 years ago by Todd C. Miller <[email protected]>de82d08e70aabcd1f4dea234f82d1eeabdb0c42f authored over 3 years ago by Todd C. Miller <[email protected]>
5dc297d300c44efe2e19f1adf336f7873c2abc25 authored over 3 years ago by Todd C. Miller <[email protected]>
Fixes an out of bounds read found locally using libfuzzer/oss-fuzz.
439660c7fb02c17f43497fab3fa04bd59fe7ac53 authored over 3 years ago by Todd C. Miller <[email protected]>The last option wins but we also now warn about the duplicate.
Found locally using libfuzzer/oss-...
A sudoRole with multiple sudoCommands is converted to a privilege
with multiple cmndspecs. Howev...
Fixes issue 30080 by ClusterFuzz-External
75f76eba819b9b8b19924f1427220db1532c1181 authored over 3 years ago by Todd C. Miller <[email protected]>This enables the extra freeing of memory before exit also enabled
by --enable-asan. To be used b...
Fixes potential out of bounds read found by libfuzzer/oss-fuzz.
995601c621b5f6d1e57bccf267308b37b0d7ad49 authored over 3 years ago by Todd C. Miller <[email protected]>419c8952402b5b5642a0d093aa713819f26a36e3 authored over 3 years ago by Todd C. Miller <[email protected]>
Return NULL instead of treating as a fatal error.
This should make life a little easier for oss-f...
6c8242c3579efcf885a4f8ec726cd327cc051e08 authored over 3 years ago by Todd C. Miller <[email protected]>
init_eventlog_config() is called immediately after initializing the
Defaults settings, which is b...
8f114c2aaec50ef8973c8180e69882a6275f752f authored over 3 years ago by Todd C. Miller <[email protected]>
8ca47cc99d47214cdb4f583a14771fce5e3a9c1e authored over 3 years ago by Todd C. Miller <[email protected]>
AIX xlc compiler doesn't like cpp directives in between strings.
Also fixes a complaint from cppc...
c9eff93854f53fdc8f57744c7f069388b6753393 authored over 3 years ago by Todd C. Miller <[email protected]>
Emulates an overflow like: sudoedit -s '\' `perl -e 'print "A" x 65536'`
888f63a9c8b4a848d1049871c05ce3656c015ffc authored over 3 years ago by Todd C. Miller <[email protected]>This is used when building up the user_args string.
29acc6419270d4dc8413c18517e089b4d2dc6907 authored over 3 years ago by Todd C. Miller <[email protected]>Includes unit test.
2804c2c78e7007c6e718754efb739b7fa8831f0c authored over 3 years ago by Todd C. Miller <[email protected]>Found by OSS-Fuzz.
aa50aaf8dae9c3c5e6c27ee743cedec1b0524fba authored over 3 years ago by Todd C. Miller <[email protected]>Tuple size cannot be negative and we already handle the case where
it is zero.
We no longer need to check for any string that ends in "edit".
19d5845f8b6ae429a597d53c7f8201514537b590 authored over 3 years ago by Todd C. Miller <[email protected]>We want to zero the struct starting at flags, not type (which was just set).
Found by Qualys.
98d5cc2a856c8fcd68e5066b8a7523a795eaaac2 authored over 3 years ago by Todd C. Miller <[email protected]>
While this is how the kernel behaves it is not a portable assumption.
The assumption may also be ...
Also, do not try to unescaping backslashes unless in run mode *and*
we are running the command vi...
This is consistent with how the -e option is handled.
Also reject -H and -P flags for sudoedit as...
Don't assume the sudo front-end is sending reasonable mode flags.
These checks need to be kept co...
If a PAM module wants to authenticate user using GSSAPI, the authentication
is broken if non-def...
Since version 1.9.4 and
https://github.com/sudo-project/sudo/commit/bd1ca79cca827a92e904f022e49d...
In client_msg_cb() we only remove a buffer from the queue when it is
finished. Inserting the buf...
happen when the socket cannot be written to immediately.
We need to set the read_instead_of_write...
For fully-qualified paths, store the string starting after the last slash,
not at the slash itself.
e60ff9058b65f12652847316ec81954b4bce7bbe authored almost 4 years ago by Todd C. Miller <[email protected]>
Fixes a bug introduced in sudo 1.9.5 where the editor was run setuid
root unless SELinux RBAC was...
ea150d5918d7250f485b944a8ff77ac428e0865e authored almost 4 years ago by Todd C. Miller <[email protected]>
01d0bbfb8555a15ace944138fa69a6c1a516ce15 authored almost 4 years ago by Todd C. Miller <[email protected]>
250cccfe4ca2a15ae106adc7884db2742648794d authored almost 4 years ago by Todd C. Miller <[email protected]>
9e111eae57524ca72002ad1db36eb68ccd50b167 authored almost 4 years ago by Todd C. Miller <[email protected]>
Defaults to true if sudo is built with SELinux support and SELinux
is not disabled on the system.
4603da02afad0969937bc1c2b3a53821c41aff12 authored almost 4 years ago by Todd C. Miller <[email protected]>
4e11bc0e26b76dfd885d968b925688ec1880c734 authored almost 4 years ago by Todd C. Miller <[email protected]>
108e29446d36b6ed044e5c1f3dcf0cccb8500bb7 authored almost 4 years ago by Todd C. Miller <[email protected]>
92c88d4105f00809b462a8d8bcd77a854c9b077a authored almost 4 years ago by Todd C. Miller <[email protected]>
We can use this when we need to pass around credential info instead
of the user_details and comma...
397a07e86f5e2ccfe046f4c76aff8d21b1980b24 authored almost 4 years ago by Todd C. Miller <[email protected]>
a5be62c68fca656beab7e68590d817154cbf6a4c authored almost 4 years ago by Todd C. Miller <[email protected]>
84b3a1dae1b4f0a04a7cbd950309b4a98f6a9cca authored almost 4 years ago by Todd C. Miller <[email protected]>
The new sesh_edit_create_tfiles() and sesh_edit_copy_tfiles() functions
are analogous to sudo_edi...
9e068c15e07cfe3a915dd4e71aa3e4be90be4306 authored almost 4 years ago by Todd C. Miller <[email protected]>
For sudo_edit_open() et al what we need is a copy of the current
cred to restore after dir_is_wri...
These were never added to the SELinux RBAC path.
46e2d7290a0df7b7257e8489181ade5095e9cae5 authored almost 4 years ago by Todd C. Miller <[email protected]>The program name is also used when matching Debug lines in sudo.conf.
We don't want the user to b...
Otherwise, it may be possible for the user running sudoedit to
replace the newly-created temporar...
When creating a new file, sudoedit checks to make sure the parent
directory exists so it can prov...
This should never fail unless the fd is invalid.
Problem reported by Matthias Gerstner of SUSE.
295f099cfcdf14d44e5e14c1be36fb1da4c10dbf authored almost 4 years ago by Todd C. Miller <[email protected]>
Found by PVS Studio.
741cf082a358120dcbbe1005bd794bad157e4e10 authored almost 4 years ago by Todd C. Miller <[email protected]>4ea6f73060c6b7c7fc24fbff78fc4c89a828e30f authored almost 4 years ago by Todd C. Miller <[email protected]>
7f34b8bbbd1609b160ad0aeac836f169216c7e25 authored almost 4 years ago by Todd C. Miller <[email protected]>
6e1986e91577f4ec3b8dc1787becda86d7f1ed36 authored almost 4 years ago by Todd C. Miller <[email protected]>
This makes it possible to remove some ugly #ifdefs and only affects
very old systems.
267b9a8a237f32fe291967bafe70f7c82f194d45 authored almost 4 years ago by Todd C. Miller <[email protected]>
Coverity CID 215884.
f6452c7caf9261d8cef476e8ced22b5e57e3bcd3 authored almost 4 years ago by Todd C. Miller <[email protected]>Also add compareBoolExpressionWithInt to suppression list.
86178333853296e12b7ecfff748a28667f269150 authored almost 4 years ago by Todd C. Miller <[email protected]>8ea19e294ba30268c9b0878fd30c9050cae4da47 authored almost 4 years ago by Todd C. Miller <[email protected]>
The SLIST_FOREACH_PREVPTR macro doesn't work the way I thought it did.
Just store our own prev po...