Ecosyste.ms: OpenCollective
An open API service for software projects hosted on Open Collective.
github.com/sudo-project/sudo
Utility to execute a command as another user
https://github.com/sudo-project/sudo
Otherwise, sudo_ldap_role_to_priv() will treat a NULL host list as
as the "ALL" wildcard. This r...
Now that logging of successful commands is performed by sudoers as an
audit plugin we need to loa...
This adds audit plugin support to the sudoers module, currently
only used for accept events. As ...
With this change, the sudo front-end will send an "accept" audit
event to the audit plugins after...
This fixes an issue on Solaris 11.4 (and probably others) with "sudo
reboot" when I/O logging is ...
Fixes a problem on Solaris 11.4 (and possibly others) where sudo
continually tries to put itself ...
de31e6d53bbdfb00d4172aaaa58755256a307e6b authored over 4 years ago by Todd C. Miller <[email protected]>
a0aaae5541c6a3d328bc7cba23e5c6cbfa948102 authored over 4 years ago by Todd C. Miller <[email protected]>
ad70fb4f1efeee6f8a64603d5aeb6d2f5fcddcb2 authored over 4 years ago by Todd C. Miller <[email protected]>
51dc8ad83c0d4e713d7d1536855998109a7548ce authored over 4 years ago by Todd C. Miller <[email protected]>
BSM audit is no longer supported in Solaris 11.4.
e1aa76de16ead3eb7dcc24e994c7246829b6d09e authored over 4 years ago by Todd C. Miller <[email protected]>We cannot exec the command directly if any of the policy or audit
plugins use a close function.
d9cbb7bebd77d5d656d162e2264a2c4880fbadfc authored over 4 years ago by Todd C. Miller <[email protected]>
If the user specifies --runstatedir but not --with-rundir, use
runstatdir as the parent directory...
These are less confusing than #include and #includedir when the
hash character is also the commen...
This prevents problems caused by the change to strip the write bit
from the timing file when it i...
Avoids a generic "input in flex scanner failed" error message.
7febc39137569c559cc24c7300c4dc3d3e76e609 authored over 4 years ago by Todd C. Miller <[email protected]>a41d7b545a0fffd565509a1c429b349df41d844a authored over 4 years ago by Todd C. Miller <[email protected]>
5a69831dd4398173bf9e0020c082f66129b37c63 authored over 4 years ago by Todd C. Miller <[email protected]>
By default, sudoreplay will exit when it reaches the end of the
timing file. With the -F option,...
Works for both compressed and uncompressed I/O logs.
0312292e99889599d639d3f1ac1eb62f9266a214 authored over 4 years ago by Todd C. Miller <[email protected]>This matches the behavior of sudo_logsrvd.
2a29daee1845bdb77980d22a72ca046098905841 authored over 4 years ago by Todd C. Miller <[email protected]>84f0ae0cb82aa6f9a77a32e99f7a37fe0a9a6bb0 authored over 4 years ago by Todd C. Miller <[email protected]>
We no longer need to include sudo_gettext.h before sudo_compat.h
8ef5c4cf9d2886420aea59565b89011be32b5343 authored over 4 years ago by Todd C. Miller <[email protected]>In the pre-POSIX days BSD had strings.h, not string.h.
Now strings.h is only used for non-ANSI st...
Previously we needed to include headers required by the various
sudo*h files. Now those files ar...
In the past we've relied on the various .c files to include the
system headers that define types ...
This has no effect unless env_reset is disabled.
From Allan Wirth
Include sys/types.h for mode_t and id_t in sudo_debug.h
f4e9e4337f8844d199515ff2b762c914dd254cbd authored over 4 years ago by Dan Robertson <[email protected]>3d73f05e3b1b349627faca2a42d0dc6fa42a6472 authored over 4 years ago by Sebastian Rasmussen <[email protected]>
Fixes a regress failure on musl libc where SIGSYS and SIGUNUSED
share the same value.
26b599a5b13901fe254ed3c79abd436b9e6f0fbd authored over 4 years ago by Todd C. Miller <[email protected]>
36bbf629bed5a7550876f9683d82f96b8c8d242a authored over 4 years ago by Todd C. Miller <[email protected]>
Fixes a warning on musl libc where WIFCONTINUED is defined in
stdlib.h for some reason.
The version of OpenSSL in RHEL 6 is new enough for the log server to use.
4ea7ecffdd4c375af330df7478c251567774c6d1 authored over 4 years ago by Todd C. Miller <[email protected]>1c3946e9b10e7ab504d978fe8215ffe7a9a0ea93 authored over 4 years ago by Todd C. Miller <[email protected]>
3ded5cbd67b4db639be830a4bd816f4b32feac63 authored over 4 years ago by Todd C. Miller <[email protected]>
f71b569419f8abf134eda9d69402696d61c66861 authored over 4 years ago by Todd C. Miller <[email protected]>
This makes more sense when receiving event-only logs.
d2686dde0c338dd86b1ecc0a7260c2779d4eb23d authored over 4 years ago by Todd C. Miller <[email protected]>This fixes reject events as well as accept events without the
expect_iobufs flag set.
Only set expect_iobufs in AcceptMessage if sending I/O logs.
Set state to FINISHED immediately af...
If -A is specified, no I/O will be sent, only the accept event.
For -R, a reject event with the s...
The cfmakeraw(3) function exists but does not set VMIN to 1 or VTIME
to 0 in c_cc[] in struct ter...
af0d840322b779e4827ace7b3a47b605aefb96ba authored over 4 years ago by Todd C. Miller <[email protected]>
It is not used outside of the I/O log client and server and the
host:port syntax may change in th...
fbf25112e630d601d4dedf4034393332ffd06ce4 authored over 4 years ago by Todd C. Miller <[email protected]>
We want the log server to work with the default configuration. If
the default certificate path e...
3de3de8b75bde21dbbe055e5f0558dc7ad5e5de9 authored over 4 years ago by Todd C. Miller <[email protected]>
e9be26c4b1c17babc0a381bcc2836f52637f8547 authored over 4 years ago by Todd C. Miller <[email protected]>
92199e25c4b8a69bab862c2bd2d46c840caa23b1 authored over 4 years ago by Todd C. Miller <[email protected]>
deb9ce7d12aa6f0822c594ef21d9244f1297cfc8 authored over 4 years ago by Todd C. Miller <[email protected]>
7f2585ed0ac555421f186734709bc672041215dc authored over 4 years ago by Todd C. Miller <[email protected]>
04cb06160a514da574ddd56711c8c000266c8250 authored over 4 years ago by Todd C. Miller <[email protected]>
Previously, if multiple instances of the same command line option were
specified, the last one wo...
24ad424a57e62377e51e6157b224b74a2d4a97cd authored over 4 years ago by Todd C. Miller <[email protected]>
Fixes a problem when there are multiple users with the same user-ID
where the PAM session modules...
ea99394fcfcdbd346744e890e95d6f4809a03e36 authored over 4 years ago by Todd C. Miller <[email protected]>
e42afc7732900f5c5f4aa8ceade59cd122f39a2e authored over 4 years ago by Todd C. Miller <[email protected]>
Fixes from PR #30 (ka7) and Bug #925 (fossies.org codespell)
0cf2e09e0c2b62865d075009d7ea206c83974ac5 authored over 4 years ago by Todd C. Miller <[email protected]>The configure script already detects the python version, we just need
to use it.
f261d58af8da50612c78ab7276a1e299eb0f9b86 authored over 4 years ago by Todd C. Miller <[email protected]>
a3e94aefa320c70a3ac1ee06ed5c244e87b80d9f authored over 4 years ago by Todd C. Miller <[email protected]>
If SSL_read, SSL_write or SSL_connect fails we can use the reason
string to let the user know wha...
The TLS connection is now initiated before ServerHello is received.
e5f8214c0ae5ac525904d842d48afae4ce0c3f72 authored over 4 years ago by Todd C. Miller <[email protected]>We write messages to stderr until we become a daemon.
1f8da42f9aebcb024e3b7fa11b5001ab565916c7 authored over 4 years ago by Todd C. Miller <[email protected]>If the string "(tls)" appears at the end, the tls flag is set to true
and the default tls port is...
For TLS connections we now do the TLS handshake immediately before
the ServerHello message. This...
The TLS handshake now occurs before the ServerHello message is read.
This fixes potential man-in-...
This makes it easier to detect a plaintext client sending to a
TLS port. Without this, the TLS s...
82bc05d998fe755dce699def0c9301782708d917 authored over 4 years ago by Todd C. Miller <[email protected]>
3b078b7a9c067b5b5f3507a50e9fde9d9d6335d6 authored over 4 years ago by Todd C. Miller <[email protected]>
42df431ce2ac29c88825c1835b34a2e3a187b5f4 authored over 4 years ago by Todd C. Miller <[email protected]>
7d621fc6f13dfaf39c5535019b0df242b3189f34 authored over 4 years ago by Todd C. Miller <[email protected]>
On some systems, poll() and select() can return EAGAIN instead
of ENOMEM if there is a kernel res...
Newer versions of python3-config only include libpython in the
output when the --embed is used. ...
Fixes the final message at the end when there is a network error.
aba4915b833527417d74b81c904842a5f82cb2d2 authored over 4 years ago by Todd C. Miller <[email protected]>Both poll(2) and ppoll(2) will return EINVAL if the nfds function
argument is larger than the max...
85fe30e49b263f7587fb945d955e0fd3ad3dc534 authored over 4 years ago by Todd C. Miller <[email protected]>
Fixes a double free on error introduced with the TLS state cleanup in
client_closure_free().
2ab8f2a7329fb9622c019bdf13a42a8a5c15c138 authored over 4 years ago by Todd C. Miller <[email protected]>
79b064139f8706e1c9090649ac598959fb63ce30 authored over 4 years ago by Todd C. Miller <[email protected]>
Also add -t to the usage message
5dec0f763f8131d95068194114c929ff6b52d383 authored over 4 years ago by Todd C. Miller <[email protected]>Older, pre-C99, systems may not include strtoll() in their C library.
0fafcf6aea918ef9f666105ecb52abae67cbae16 authored over 4 years ago by Todd C. Miller <[email protected]>Old, pre-C99, systems may have inttypes.h but not stdint.h.
b26e32f398d20ce7c54b79375b6a50649d39e406 authored over 4 years ago by Todd C. Miller <[email protected]>On our build schroots we don't have systemctl installed but do have
the /etc/systemd and /lib/sys...
It is only effective to set pp_macos_default_service_id_prefix in
the indivisual %service section...
The default value in PolyPkg is "com.quest.rc."
c70606c3c9911c19fe8a2aa2172f648ac3a3179a authored over 4 years ago by Todd C. Miller <[email protected]>d5b06ff7fad613b9de896f8597a6c4ac7d46161a authored over 4 years ago by Todd C. Miller <[email protected]>
Also free the SSL data which is part of the client closure.
557be2b0b13b9f9800dfe305ce27d6b9954f1152 authored over 4 years ago by Todd C. Miller <[email protected]>We can't use run_command() to run sesh, that will use the sudo event
loop (and might run it in a ...
The SELinux sudoedit code now extends the destination file the
same way the non-SELinux version d...
The warning message says the files were preserved but they actually
got removed.
If the service file was installed as part of the package it will
be removed automatically when th...
99129ba41fc1f77497c46216cec05ca2f9f5db2f authored over 4 years ago by Todd C. Miller <[email protected]>
c161f68b4381a2fb5a29fc8df0182e8d9b008261 authored over 4 years ago by Todd C. Miller <[email protected]>
Instead of opening the original file for writing w/ tuncation, we
first extend the file with zero...
2a60816f75d3daeef2dd8f3956da5f366466088d authored over 4 years ago by Todd C. Miller <[email protected]>
af4eb80dfbae6530278981fe057018df9e0f6576 authored over 4 years ago by Todd C. Miller <[email protected]>
We already include the error string in the format so no need to use
errno too.
The logging functions may try to use the cache via set_perms(PERM_ROOT).
ae7bb12335d173eb0904cca82c36b47451702f52 authored over 4 years ago by Todd C. Miller <[email protected]>