Ecosyste.ms: OpenCollective
An open API service for software projects hosted on Open Collective.
github.com/sudo-project/sudo
Utility to execute a command as another user
https://github.com/sudo-project/sudo
3edd6afedfc78147b0d047948b8872a5796f7f87 authored about 5 years ago by Todd C. Miller <[email protected]>
208a52c613011ab2f15e13f7677cd219269852e0 authored about 5 years ago by Todd C. Miller <[email protected]>
Fixes CVE-2019-14287.
Found by Joe Vennix from Apple Information Security.
Also adjust testsudoers/test5 which relied upon gid -1 parsing.
396bc57feff3e360007634f62448b64e0626390c authored about 5 years ago by Todd C. Miller <[email protected]>fd5d0f511efa009cd93edcdabc693f839818daad authored about 5 years ago by Todd C. Miller <[email protected]>
364821602d4046e4870eff8c59a82224f19f2a1c authored about 5 years ago by Todd C. Miller <[email protected]>
c64add170e7de2a2b2a1bc46eb38222f6f8ce0b3 authored about 5 years ago by Todd C. Miller <[email protected]>
45a79cf86fe78dfdc3214274673b580e98aa4f75 authored about 5 years ago by Todd C. Miller <[email protected]>
ab6cfc404aa20780a318cf1998e244a7f876dba8 authored about 5 years ago by Todd C. Miller <[email protected]>
Also fix broken tty labeling when running a command in a pty.
Includes a fix for a typo introduce...
b7b3fb72d0e5cf8670a080feae974babf29b39d3 authored about 5 years ago by Todd C. Miller <[email protected]>
Also be more extact with error return values
bcf8c3dd5ea4c085d1f6f8e7cbee0c516a4e1d78 authored about 5 years ago by Todd C. Miller <[email protected]>73dd3849c6c64c655cc0f0c41506be72a0ae9158 authored about 5 years ago by Todd C. Miller <[email protected]>
81a30dd44d4d08c5479619554391527acb370729 authored about 5 years ago by Todd C. Miller <[email protected]>
7355363d6ad6c7fb0b570348c17c07fa3c90c00b authored about 5 years ago by Todd C. Miller <[email protected]>
de87774ea3dc34de094bfa8a92251027b9fb9b8a authored about 5 years ago by Todd C. Miller <[email protected]>
If there is no installed nroff/mandoc they will need to install groff
or heirloom doctools to for...
984382f8a9c06f273db7d25eecd5e3278bc9b694 authored about 5 years ago by Todd C. Miller <[email protected]>
We want to use clang on systems where clang is the system compiler.
It is less common to have cla...
Also add deb package names for pam and ldap devel on Linux.
2707acf23f5f27efc47691801d2e91a069e6ce13 authored about 5 years ago by Todd C. Miller <[email protected]>d35670d1ae5f6ca7d763ee684924af918c136a6f authored about 5 years ago by Todd C. Miller <[email protected]>
b2fadf66de024e9eb99ca58e476be33c9e246851 authored about 5 years ago by Todd C. Miller <[email protected]>
8c96df036a252486fabe03b31ad406b886effa31 authored about 5 years ago by Todd C. Miller <[email protected]>
751c0c4440f70e5c71eb6abcb905d0ea4d120179 authored about 5 years ago by Todd C. Miller <[email protected]>
ab9a2ecac28a13d84843374d1905600a08ac3903 authored about 5 years ago by Todd C. Miller <[email protected]>
Only the ALL keyword should be compared case-sensitive.
8e58e6715a5a01f79a3f4a18664ad95fb8993cd4 authored about 5 years ago by Todd C. Miller <[email protected]>d94798e5d01304cf5f7678e5324d3d92d4b44982 authored about 5 years ago by Todd C. Miller <[email protected]>
ffaef7939aa3c183caa20ef8d22ab45850fa766f authored about 5 years ago by Todd C. Miller <[email protected]>
679cd38238333dbefc6a5bcdbc1698e76fccfb41 authored about 5 years ago by Todd C. Miller <[email protected]>
dd37f083664968095d0f167309a7428990c3e3b4 authored about 5 years ago by Todd C. Miller <[email protected]>
It also uses strerror(errno) for PAM_SYSTEM_ERR.
5138ed9bec0cba3033417498b056f2e46a05a8d0 authored about 5 years ago by Todd C. Miller <[email protected]>It is legal to pass pam_strerror() a NULL handle.
60862b4d07f58f2370566e3c063d55d70f38707e authored about 5 years ago by Todd C. Miller <[email protected]>Previously, one had to use the -d option to override the I/O log directory.
9eeedb470f03f7753d202aa5fe54df5d10c0691c authored about 5 years ago by Todd C. Miller <[email protected]>91d508d408a29f4c0158bb298c12e1634220e707 authored about 5 years ago by Todd C. Miller <[email protected]>
eb95a35edc641e222a195043221c3893359af303 authored about 5 years ago by Todd C. Miller <[email protected]>
62bb4aa6309778dc52dc11d621b8b1cf9029d0e4 authored about 5 years ago by Todd C. Miller <[email protected]>
This prevents the password and PAM prompts from being redirected.
Bug #895
5a22865131cd692f356aefa7dbc947d71a3ef423 authored about 5 years ago by Todd C. Miller <[email protected]>
2087f6354c33f69351d6b6aabb881d5cad2f4d7a authored about 5 years ago by Todd C. Miller <[email protected]>
e3967dc7dc3629fb9ace078f937614e34e68ed3a authored about 5 years ago by Todd C. Miller <[email protected]>
We already support group IDs but the user ID was missing.
From sudo-1.8.23-ldapsearchuidfix.patch...
From sudo-1.8.23-fix-double-quote-parsing-for-Defaults-values.patch in RHEL 7.
37670a008ba027f53883a01289240f51b4e03ef1 authored about 5 years ago by Todd C. Miller <[email protected]>Otherwise, we may override the limits set by PAM.
Bug #894
b98b82e4a2d8ba313819c3c4968d69694cd0ecf1 authored about 5 years ago by Todd C. Miller <[email protected]>
0bbfdc992047521b8ddfe6bef2efbd10c6ba8da0 authored about 5 years ago by Todd C. Miller <[email protected]>
48066e0dbd47ec0e9c99f9d920925d95216d0564 authored about 5 years ago by Todd C. Miller <[email protected]>
29534ad96a84966fc77bef75ef9dcca0ad75685f authored about 5 years ago by Todd C. Miller <[email protected]>
9f7db2df2c7a896b501a5647cb761fa814a29fec authored about 5 years ago by Todd C. Miller <[email protected]>
We now include the long and short hostname in sudo parser container.
e99082e05b9f0dd0e0f47fa1d2e1b9d922ea8c4c authored about 5 years ago by Todd C. Miller <[email protected]>b4bef30d31cd0181201c4d16b5a635d939d3fa8e authored about 5 years ago by Todd C. Miller <[email protected]>
44e990c2ac23d892c1578ff3f57e9d7683f406ac authored about 5 years ago by Todd C. Miller <[email protected]>
7a7f02a7ec6c1a153cca682036d6cf41a81d6e3c authored about 5 years ago by Todd C. Miller <[email protected]>
Previously, we just used the file name without $(srcdir).
37887c1544a2d6594def5be0ddeb833bea75a3a9 authored about 5 years ago by Todd C. Miller <[email protected]>The "SIG" prefix is not used so, e.g. SIGTERM -> "TERM".
This makes the I/O log files portable fr...
Strings in struct utmp/utmpx are not guaranteed to be NUL-terminated.
dfc32e5b3ece9b33dab339341ebeab4edad5023c authored about 5 years ago by Todd C. Miller <[email protected]>aa200cda6a7486440befb4d9ba2e52136d866cf1 authored about 5 years ago by Todd C. Miller <[email protected]>
aa73c86a5b38f40cc86933e6217099fb6d44a615 authored about 5 years ago by Todd C. Miller <[email protected]>
Otherwise we may get the version from the installed libsudo_util.so.
e91865fb228330844deea1f9fee73bedc9ad75da authored about 5 years ago by Todd C. Miller <[email protected]>7117948421e0e75de7ce242f5e8485edfb6cb435 authored about 5 years ago by Todd C. Miller <[email protected]>
Fixes a warning on newer versions of gcc.
5e424640b9dde5b61cd3ab4d2352d11f19efb0fb authored over 5 years ago by Todd C. Miller <[email protected]>6f3d826f8b90876c4feac51f514e6273e5f7fde6 authored over 5 years ago by Todd C. Miller <[email protected]>
f6342411105cfa2d3d04f66d4a2de678b55c55e6 authored over 5 years ago by Todd C. Miller <[email protected]>
We still want to match the command even if it doesn't exist so that the
NOPASSWD flag on sudoers ...
is present. Bug #828.
15db0c3f821f1fc71c5971cccdc3e75be8423fa5 authored over 5 years ago by Todd C. Miller <[email protected]>3c825e298d82b7e1507df7f957d5947b3334b71f authored over 5 years ago by Todd C. Miller <[email protected]>
6e0f7166e3b31f446330c081f243a24566095fc6 authored over 5 years ago by Todd C. Miller <[email protected]>
c49760e55d3e35db53139f7ac2247e214883cd8e authored over 5 years ago by Todd C. Miller <[email protected]>
By default, sudo relies soley on group permissions to read sudoers
to make it possible to store s...
10b5529a0b58cbb59869cc7b53746b9f13100efa authored over 5 years ago by Todd C. Miller <[email protected]>
03ba6426e7d53a15dbec038f6aac8e2fc8d9a82b authored over 5 years ago by Todd C. Miller <[email protected]>
679f13ef5375f14c1deec0ee6aee00c2929a66b8 authored over 5 years ago by Todd C. Miller <[email protected]>
bb024cf093ae2c702c43353f24acf9e73db75e0a authored over 5 years ago by Todd C. Miller <[email protected]>
The web and pdf pages will substitute /usr/local/libexec for $noexec_file.
Also do substitution o...
cd258e1d39d45a3c9316e8a03619d811afe54ecb authored over 5 years ago by Todd C. Miller <[email protected]>
Otherwise, the default value is substituted into the Makefiles and
documentation which may not ma...
We can use this instead of casting the result of size_t to int.
Also change checks for snprintf()...
That way the user's editor config files are used by the editor.
81602ad086e6fafe931831ff08a257289077d83e authored over 5 years ago by Todd C. Miller <[email protected]>Also strongly discourage the disabling of env_reset.
1fe9644f5417acc53246865e1884ac61ac7ced8e authored over 5 years ago by Todd C. Miller <[email protected]>The PAM session is opened with PAM_SILENT so last login info is not printed.
It is dangerous to p...
a45732528b0e1d2deb635d593d531c6eefb510d7 authored over 5 years ago by Todd C. Miller <[email protected]>
Text was adapted from what is already present in the UPGRADE file.
Also mark set_home and always_...
e11fa62cdce0335f9170262543a9f2efe1e46091 authored over 5 years ago by Todd C. Miller <[email protected]>
646f09d74d254366eb57c3c1f248a34fffa2af31 authored over 5 years ago by Todd C. Miller <[email protected]>
c1fc4e6becf4b1b8cb8d679c11eb13f9c1df1988 authored over 5 years ago by Todd C. Miller <[email protected]>
Sudo only shipped .cat pages for Irix, which lacked nroff.
Irix is long dead and there are multip...
It is already the default in the package script.
184484b21303d18333404919a008446a80921311 authored over 5 years ago by Todd C. Miller <[email protected]>Users that are able to edit sudoers can grant themselves permissions
so the fact that visudo runs...
The description in the editor option was incorrect and didn't mention env_keep.
Reported by Sande...
Refer to sudoers.tmp as a temporary file, not a lock file.
Reported by Sander Bos
For requiretty it is enough to check that /dev/tty is available.
If sudo can't get the tty from t...
We don't care whether sudo was able to get the tty name from the kernel.
All that really matters ...
7ce9b80085da3b9770e8acd32fc191699360cd97 authored over 5 years ago by Todd C. Miller <[email protected]>
The secure_path option affects the resolution of unqualified commands
as well as the environment ...
03044160999bacdeee7b612f81ba85ebce4ffeeb authored over 5 years ago by Todd C. Miller <[email protected]>
Use the singular "they" instead of he/she.
Add back missing text in description of variables star...
cb4ded8fb6344074832998cbf5b99e249dbf0de8 authored over 5 years ago by Todd C. Miller <[email protected]>
5d4142f2943f8daa536dd4e1928ef708cdea984b authored over 5 years ago by Todd C. Miller <[email protected]>
81c6cac81bad1bd83871fa6ac5488db2c42b7ef4 authored over 5 years ago by Todd C. Miller <[email protected]>
Otherwise, if the -h option is specified sudo will print the local
host name instead of the host ...
happen when /proc is not accessible.
948007e7716925d6a5ab5d755d58acc893f2b94b authored over 5 years ago by Todd C. Miller <[email protected]>