Todd C. Miller [Mon, 31 Oct 2016 21:57:05 +0000 (15:57 -0600)]
The fix for Bug #408 broke editing of files in an include dir that
have a syntax error. Normally, visudo does not edit those files,
but if a syntax error is detected in one, the user gets a chance
to fix it.
Todd C. Miller [Mon, 31 Oct 2016 21:21:18 +0000 (15:21 -0600)]
Make a copy of the current sudoers path when assigning errorfile.
Fixes a potential use after free in visudo when there is an error
in one of the include files.
Todd C. Miller [Mon, 31 Oct 2016 19:36:35 +0000 (13:36 -0600)]
sudoers_debug_register() was not setting the active debug instance
to sudoers_debug_instance when called from the I/O log plugin. This
is because it relied on sudo_debug_register to do that but
sudoers_debug_parse_flags() doesn't set debug_files[]
sudoers_debug_instance is already set (we can only init sudoers
debug once).
To work around this, just make sudoers_debug_instance the active
debug instance in sudoers_debug_register() when it is already set.
Todd C. Miller [Wed, 26 Oct 2016 19:49:05 +0000 (13:49 -0600)]
Check for sudo_ldap_result_last_search() returning NULL. This can't
happen in practice because we always call sudo_ldap_result_add_search()
first which guarantees there is a result to be found.
Quiets a PVS-Studio warning.
Todd C. Miller [Wed, 26 Oct 2016 17:25:59 +0000 (11:25 -0600)]
Fix incorrect strncmp() lengths. The check for USERNAME was only
looking at the first 5 characters (copy and paste error). The check
for SUDO_PS1 was not checking the trailing '=' character (off by
one error). Found by PVS-Studio.
Todd C. Miller [Wed, 26 Oct 2016 17:22:30 +0000 (11:22 -0600)]
When checking for old-style bash functions in the environment, check
for values starting with "() " (note the trailing space) rather
than "()". Bash will only treat the value as a function if the
space after "()" is present. The trailing space was already present
in the compare string but when it was added, the length passed to
strncmp() was not updated from 3 to 4.
Found by PVS-Studio. No security impact.
Todd C. Miller [Wed, 26 Oct 2016 17:08:33 +0000 (11:08 -0600)]
Add some missing casts from uid_t/gid_t to int when printing uid/gid
values. We print these as signed so a value of -1 (no change) is
obvious. Quiets PVS-Studio warnings.
Todd C. Miller [Wed, 26 Oct 2016 16:46:03 +0000 (10:46 -0600)]
When checking syslog facility or priority, move the string
compare into the body of the loop and return if it matches.
If we finish the loop it means we didn't find a match.
This makes the code a little bit more readable.
Todd C. Miller [Mon, 17 Oct 2016 15:02:34 +0000 (09:02 -0600)]
Don't generate SIGTOU when restoring the terminal modes. It doen't
make sense to suspend the process only to restore the terminal
settings since in this case the shell has already taken ownership
of the tty.
Todd C. Miller [Sun, 9 Oct 2016 01:09:17 +0000 (19:09 -0600)]
Use a seccomp filter on Linux to disable execve(2) and execveat(2).
This still relies on LD_PRELOAD to work so it has the same issues
as the existing mether with respect to running 32-bit binaries on
a 64-bit kernel.
Todd C. Miller [Mon, 19 Sep 2016 12:19:49 +0000 (06:19 -0600)]
Fix matching when no sudoRunAsUser is present in a sudoRole.
If only a sudoRunAsGroup is present, match on the invoking user
if the -g option was specified and the group matched.
If no sudoRunAsGroup is present and the -g option was specified,
allow it if it matches the passwd gid of the runas user.
This matches the behavior of the sudoers backend.
Todd C. Miller [Thu, 15 Sep 2016 15:37:53 +0000 (09:37 -0600)]
Update check for whether or not the runas user was set in the ldap
and sssd backends to match the sudoers file backend. Introduces
the runas_user_set() macro to improve readability. Previously,
runas_pw was set late, now it is set before checking sudoers.
Todd C. Miller [Tue, 13 Sep 2016 15:06:25 +0000 (09:06 -0600)]
Move valid domain name check into a new valid_domain() function.
Fix memory leak if getdomainname(2) fails and avoid using heap
garbage for the domain name matching in this case.
Todd C. Miller [Thu, 8 Sep 2016 22:38:08 +0000 (16:38 -0600)]
Be consistent with the naming of the variable used to store the
function return value. Previously, some code used "rval", some
used "ret". This standardizes on "ret" and uses "rc" for temporary
return codes.
Todd C. Miller [Fri, 2 Sep 2016 14:05:07 +0000 (08:05 -0600)]
Don't disable large file support for Linux, just SVR4-style /proc.
Otherwise, stat(2) may fail on Linux when running a 32-bit sudo
on a 64-bit machine. Bug #755
Todd C. Miller [Tue, 30 Aug 2016 19:42:42 +0000 (13:42 -0600)]
Add match_group_by_gid Defaults option to allow sites with slow
group lookups and a small number of groups in sudoers to match
groups by group ID instead of by group name.