| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Return an error, setting errno to EINVAL, for negative sizes.
|
| |
|
|
|
|
| |
Configuration paths in sudo are now a colon-separated list of files
with the adminconfdir instance first (if enabled), followed by a
sysconfdir instance.
|
| |
|
|
|
|
| |
This means that _PATH_SUDO_CONF, _PATH_SUDOERS, _PATH_SUDO_LOGSRVD_CONF,
and _PATH_CVTSUDOERS_CONF can now specify multiple files. The first
file that exists is used.
|
| |
|
|
|
| |
For sudoreplay we open /dev/tty, so use that instead of stderr when
determining the terminal size.
|
| |
|
|
| |
Any operating system supported by sudo already includes getcwd(3).
|
| | |
|
| |
|
|
| |
It will be used in the upcoming log output tests.
|
| | |
|
| |
|
|
|
| |
This fixes suspending the editor on GNU Hurd which doesn't seem to
have proper process group signal handling.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the compiler supports [[noreturn]] as a attribute as in C23,
then we define sudo_noreturn to be it. When that's the case, we must place
it at the beginning of the declaration, before any other *extension*
attributes (__attribute(...)).
A bug has been filed with GCC regarding rejecting/accepting mixed
attribute styles.
sudo_dso_public is always an extension attribute, while sudo_noreturn only
might be, so put it first.
This only shows up with GCC 13 so far (see the linked GCC bug for a bit more
exploration). Clang 16 does support the attribute but doesn't let you use it
for earlier language versions (need to pass explicit -std=c2x, unlike with GCC here).
This is essentially a followup to e707ffe58b3ccfe5c72f54c38eac1d7069d5021e.
Tested with GCC 13.0.1 20230212 (unreleased), GCC 12.2.1 20230211,
Clang 16.0.0_rc2, and Clang 15.0.7.
Bug: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108796
Closes: https://github.com/sudo-project/sudo/issues/239
Fixes: e707ffe58b3ccfe5c72f54c38eac1d7069d5021e
Fixes: 16ae61dcd7d3cd8bf6eb10a22fa742d4505da4e9
|
| |
|
|
|
| |
This is used by mail_parse_errors() to send multi-line messages.
Previously, the newlines would be escaped as control characters.
|
| |
|
|
|
| |
This is better than just defining NSIG in sudo_compat.h if it is
not defined since signal.h may not have been included.
|
| |
|
|
| |
This replaces the custom log formatting used by "sudoreplay -l".
|
| |
|
|
|
| |
The sudo front-end can use this to determine where the list of files
to edit begins.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The log message contains user-controlled strings that could include
things like terminal control characters. Space characters in the
command path are now also escaped.
Command line arguments that contain spaces are surrounded with
single quotes and any literal single quote or backslash characters
are escaped with a backslash. This makes it possible to distinguish
multiple command line arguments from a single argument that contains
spaces.
Issue found by Matthieu Barjole and Victor Cutillas of Synacktiv
(https://synacktiv.com).
|
| |
|
|
|
|
| |
The numeric fields in struct sudo_lbuf are now unsigned so that
wraparound is defined, this make the overflow checks simpler.
Problem deteced by oss-fuzz using the fuzz_sudoers fuzzer.
|
| | |
|
| | |
|
| |
|
|
|
| |
Fix a bug in escaped control character handling.
Roll back changes to buffer if sudo_json_add_value() fails.
|
| |
|
|
|
| |
If the C23 attributes are not supported, use gcc-style attributes
where possible.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
If output is being written to a terminal in "raw" mode, we need to
add a carriage return after the newline to avoid "stair-step" output.
However, we should not write the carriage return if the terminal
is in "cooked" mode, output to a pipe, or output redirected to a file.
Bug #1042.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Both sudo_secure_open_file() and sudo_secure_open_dir() are now passed
a struct stat pointer like sudo_secure_file() and sudo_secure_dir().
|
| | |
|
| |
|
|
| |
We already had all the relevant fixes so this is just cosmetic.
|
| |
|
|
|
|
|
|
| |
Renamed __malloc -> sudo_malloclike, __printflike -> sudo_printflike,
__printf0like -> sudo_printf0like.
Add sudo_noreturn instead of __attribute__((__noreturn__)).
We do not use stdnoreturn.h since it has been deprecated in C23
in favor of the [[noreturn]] attribute.
|
| |
|
|
|
| |
The "update_ticket" entry was added to the settings list and the
"intercept_verify" entry was added to the command_info list.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
These allocate memory via mmap anonymous regions and store the mapped
size immediately before the returned pointer as an unsigned long.
They are intended to be used in cases where malloc(3) and free(3)
are unsuitable due to concerns about corrupting global state in
multi-threaded programs or signal handlers.
|
| |
|
|
|
| |
There's no real reason for the command to wait for sudo send back a
response that will always be a PolicyAcceptMessage.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
We can use a void * for the fd_set arrays and just add a cast when
using the FD_SET macros.
|
| | |
|
| |
|
|
| |
Also add riscv the little endian list.
|
| |\ |
|
| | |
| |
| |
| |
| | |
There should have been a minor version bump for sudo 1.9.8 when
intercept was originally implemented.
|
| |/
|
|
|
|
|
|
| |
Define a new sudo setting, `apparmor_profile`, that can be used to pass
in an AppArmor profile that should be used to confine commands. If
apparmor_profile is specified, sudo will execute the command using the
new `apparmor_execve` function, which confines the command under the
provided profile before exec'ing it.
|
| |
|
|
|
| |
We don't use it for anything other than a debug message and it will
cause problems when intercept mode starts using ptrace(2).
|
| |
|
|
| |
Bug #1026
|
