]> granicus.if.org Git - sudo/log
sudo
7 years agoClear input, output, control and local flags before copying them
Todd C. Miller [Wed, 12 Jul 2017 11:47:28 +0000 (05:47 -0600)]
Clear input, output, control and local flags before copying them
from the source terminal.  Otherwise, flags that are disabled
in the source terminal may still be enabled in the destination.

7 years agoRemove pointless subshells in targets that simply change the directory
Todd C. Miller [Wed, 12 Jul 2017 11:45:46 +0000 (05:45 -0600)]
Remove pointless subshells in targets that simply change the directory
and execute a command.  The command is already run in a shell so
there is no need to execute a subshell in this case.

7 years agoStore the debug instance ID for I/O plugins too.
Todd C. Miller [Mon, 10 Jul 2017 22:28:10 +0000 (16:28 -0600)]
Store the debug instance ID for I/O plugins too.
Now iolog_open() is consistent with policy_open().

7 years agoMove the bits to fill in the new event base to sudo_ev_base_init(),
Todd C. Miller [Thu, 1 Jun 2017 15:45:23 +0000 (09:45 -0600)]
Move the bits to fill in the new event base to sudo_ev_base_init(),
which is not currently exported.

7 years agoUse getentropy() in mkstemp/mkdtemp replacement.
Todd C. Miller [Fri, 30 Jun 2017 00:11:30 +0000 (18:11 -0600)]
Use getentropy() in mkstemp/mkdtemp replacement.

7 years agoUse _PATH_DEV consistently
Todd C. Miller [Fri, 30 Jun 2017 00:10:53 +0000 (18:10 -0600)]
Use _PATH_DEV consistently

7 years agoWhen copying terminal settings from one tty to another only copy a
Todd C. Miller [Thu, 15 Jun 2017 18:59:46 +0000 (12:59 -0600)]
When copying terminal settings from one tty to another only copy a
subset of the flags.  Sudo now copies the same set of flags that
OpenSSH uses, which should be safe.

7 years agoAdd debug warning when we have wait status but don't overwrite the
Todd C. Miller [Thu, 15 Jun 2017 13:51:02 +0000 (07:51 -0600)]
Add debug warning when we have wait status but don't overwrite the
existing cstat.

7 years agoBetter handling of SIGCONT from in command in the monitor. It is
Todd C. Miller [Thu, 15 Jun 2017 13:51:00 +0000 (07:51 -0600)]
Better handling of SIGCONT from in command in the monitor.  It is
useful to know when the command continued but we don't want to
inform the parent or store the wait status in this case.  Fixes a
hang after multiple suspends on Linux.

7 years agoavoid padding in struct cmndspec
Todd C. Miller [Fri, 9 Jun 2017 14:58:44 +0000 (08:58 -0600)]
avoid padding in struct cmndspec

7 years agoFix the man section of sudo_plugin in cross-references.
Todd C. Miller [Wed, 7 Jun 2017 22:25:46 +0000 (16:25 -0600)]
Fix the man section of sudo_plugin in cross-references.

7 years agoDon't treat an unchanged file as an error. From Xin Li.
Todd C. Miller [Mon, 5 Jun 2017 13:47:43 +0000 (07:47 -0600)]
Don't treat an unchanged file as an error.  From Xin Li.

7 years agosudo_edit() must return a wait status but if there is an error, or
Todd C. Miller [Mon, 5 Jun 2017 13:11:09 +0000 (07:11 -0600)]
sudo_edit() must return a wait status but if there is an error, or
even if no changes were made to the file, it was returning 1 instead
which would be interpreted as the command having received SIGHUP.
Use the W_EXITCODE() to construct a proper wait status in the error
case too.

7 years agoAvoid sign extension when assigning the value of tty_nr in
Todd C. Miller [Sat, 3 Jun 2017 14:45:29 +0000 (08:45 -0600)]
Avoid sign extension when assigning the value of tty_nr in
/proc/self/stat on Linux.  It is an unsigned int value that
is printed as a signed int but dev_t is unsigned long long.
We need to cast to unsigned int before assigning to a dev_t.

7 years agoInstead of hard-coding a check for bash functions in env_should_delete(),
Todd C. Miller [Sat, 3 Jun 2017 14:43:32 +0000 (08:43 -0600)]
Instead of hard-coding a check for bash functions in env_should_delete(),
use a "*=()* " pattern in initial_badenv_table[] to match them instead.
This allows the user to remove the check via env_delete.

7 years agoMac OS X -> macOS
Todd C. Miller [Fri, 2 Jun 2017 22:10:37 +0000 (16:10 -0600)]
Mac OS X -> macOS

7 years agodevsearch is ignored on BSD, macOS and Solaris
Todd C. Miller [Fri, 2 Jun 2017 21:47:35 +0000 (15:47 -0600)]
devsearch is ignored on BSD, macOS and Solaris

7 years agoSudo 1.8.20p2
Todd C. Miller [Wed, 31 May 2017 15:14:31 +0000 (09:14 -0600)]
Sudo 1.8.20p2

7 years agoA command name may also contain newline characters so read
Todd C. Miller [Wed, 31 May 2017 15:14:31 +0000 (09:14 -0600)]
A command name may also contain newline characters so read
/proc/self/stat until EOF.  It is not legal for /proc/self/stat to
contain embedded NUL bytes so treat the file as corrupt if we see
any.  With help from Qualys.

This is not exploitable due to the /dev traversal changes in sudo
1.8.20p1 (thanks Solar!).

7 years agoUse /proc/self consistently on Linux. As far as I know, only AIX
Todd C. Miller [Tue, 30 May 2017 16:44:11 +0000 (10:44 -0600)]
Use /proc/self consistently on Linux.  As far as I know, only AIX
doesn't support /proc/self.

7 years agoAdd a new "devsearch" Path setting to sudo.conf for configuring the
Todd C. Miller [Tue, 30 May 2017 16:44:11 +0000 (10:44 -0600)]
Add a new "devsearch" Path setting to sudo.conf for configuring the
/dev paths to traverse instead of hard-coding a list in ttyname.c
The default value can be set at configure time.

7 years agoAfter opening a tty device, fstat() and error out if it is not
Todd C. Miller [Tue, 30 May 2017 16:44:11 +0000 (10:44 -0600)]
After opening a tty device, fstat() and error out if it is not
a character device.

7 years agoSudo 1.8.20p1
Todd C. Miller [Mon, 29 May 2017 20:36:17 +0000 (14:36 -0600)]
Sudo 1.8.20p1

7 years agoFix for CVE-2017-1000367, parsing of /proc/pid/stat on Linux when
Todd C. Miller [Mon, 29 May 2017 20:32:53 +0000 (14:32 -0600)]
Fix for CVE-2017-1000367, parsing of /proc/pid/stat on Linux when
the process name contains spaces.  Since the user has control over
the command name this could be used by a user with sudo access to
overwrite an arbitrary file.
Thanks to Qualys for investigating and reporting this bug.

Also stop performing a breadth-first traversal of /dev when looking
for the device.  Only the directories specified in search_devs[]
are checked.

7 years agoFix potential memory leak on reallocarray() error. Coverity CID 169639
Todd C. Miller [Tue, 23 May 2017 19:26:54 +0000 (13:26 -0600)]
Fix potential memory leak on reallocarray() error.  Coverity CID 169639

7 years agoOnly fall back to deprecated getaudit() on FreeBSD. Fixes compiler warnings on macOS.
Todd C. Miller [Tue, 23 May 2017 19:19:50 +0000 (13:19 -0600)]
Only fall back to deprecated getaudit() on FreeBSD.  Fixes compiler warnings on macOS.

7 years agoUse clang on macOS if present
Todd C. Miller [Tue, 23 May 2017 18:56:59 +0000 (12:56 -0600)]
Use clang on macOS if present

7 years agofix paths to LICENSE and NEWS files for macOS packages
Todd C. Miller [Tue, 23 May 2017 17:52:40 +0000 (11:52 -0600)]
fix paths to LICENSE and NEWS files for macOS packages

7 years agoTo avoid overwriting existing command status, check for CMD_INVALID
Todd C. Miller [Thu, 18 May 2017 19:53:15 +0000 (13:53 -0600)]
To avoid overwriting existing command status, check for CMD_INVALID
instead of CMD_ERRNO or CMD_WSTATUS.

7 years agoAdd some patterns that could result in exponential run time for
Todd C. Miller [Thu, 18 May 2017 19:10:52 +0000 (13:10 -0600)]
Add some patterns that could result in exponential run time for
poorly written '*' matching.

7 years agoOn HP-UX 11.0, sys/ioctl.h is not sufficient to make struct winsize
Todd C. Miller [Mon, 15 May 2017 15:37:58 +0000 (09:37 -0600)]
On HP-UX 11.0, sys/ioctl.h is not sufficient to make struct winsize
visisble, we need termios.h too.

7 years agoAlways used TIOCGWINSZ.
Todd C. Miller [Mon, 15 May 2017 15:21:00 +0000 (09:21 -0600)]
Always used TIOCGWINSZ.

7 years agoMove exec_setup(), unlimit_nproc() and restore_nproc() from sudo.c
Todd C. Miller [Mon, 15 May 2017 15:01:10 +0000 (09:01 -0600)]
Move exec_setup(), unlimit_nproc() and restore_nproc() from sudo.c
to exec.c.

7 years agoNo need to include selinux.h here.
Todd C. Miller [Mon, 15 May 2017 15:00:15 +0000 (09:00 -0600)]
No need to include selinux.h here.

7 years agoFix compilation error on macOS
Todd C. Miller [Mon, 15 May 2017 14:57:45 +0000 (08:57 -0600)]
Fix compilation error on macOS

7 years agoAvoid a clang analyzer false positive.
Todd C. Miller [Fri, 12 May 2017 16:02:18 +0000 (10:02 -0600)]
Avoid a clang analyzer false positive.

7 years agoAdd cov-build and cov-submit targets for checking with coverity.
Todd C. Miller [Fri, 12 May 2017 16:02:18 +0000 (10:02 -0600)]
Add cov-build and cov-submit targets for checking with coverity.

7 years agoUse debug logging instead of ignore_result() where possible.
Todd C. Miller [Fri, 12 May 2017 16:02:18 +0000 (10:02 -0600)]
Use debug logging instead of ignore_result() where possible.

7 years agoRemove use of non-standard sigaction_t
Todd C. Miller [Fri, 12 May 2017 16:02:18 +0000 (10:02 -0600)]
Remove use of non-standard sigaction_t

7 years agoRemove use of the non-standard SA_INTERRUPT
Todd C. Miller [Fri, 12 May 2017 16:02:17 +0000 (10:02 -0600)]
Remove use of the non-standard SA_INTERRUPT

7 years agosudo 1.8.21
Todd C. Miller [Fri, 12 May 2017 16:02:17 +0000 (10:02 -0600)]
sudo 1.8.21

7 years agoAdd support for multiple '*' in env_keep, env_check and env_delete
Todd C. Miller [Fri, 12 May 2017 16:02:17 +0000 (10:02 -0600)]
Add support for multiple '*' in env_keep, env_check and env_delete
entries.

7 years agoAdd SIGCHLD to the list of signals we install sudo_handler() for.
Todd C. Miller [Fri, 12 May 2017 16:02:17 +0000 (10:02 -0600)]
Add SIGCHLD to the list of signals we install sudo_handler() for.
Otherwise, it is possible for the command to exit before the SIGCHLD
handler is installed.  POSIX says that signals that are ignored by
default are still ignored even if the signal mask would block them.
We need to have a handler installed for SIGCHLD before the fork().

7 years agoActivate the sigevents inside the signal pipe callback itself
Todd C. Miller [Fri, 12 May 2017 16:02:17 +0000 (10:02 -0600)]
Activate the sigevents inside the signal pipe callback itself
and call signal_pipe_cb() directly if the backend returns EINTR
and the signal_caught flag is set.  This has the side effect of
processing signal events in the current pass of the event loop
instead of the next one.

7 years agoUse SUDO_EV_SIGNAL and SUDO_EV_SIGINFO instead of managing the
Todd C. Miller [Fri, 12 May 2017 16:02:17 +0000 (10:02 -0600)]
Use SUDO_EV_SIGNAL and SUDO_EV_SIGINFO instead of managing the
signal_pipe explicitly.

7 years agoHandle the possibility of the siginfo parameter in sa_sigaction
Todd C. Miller [Fri, 12 May 2017 16:02:17 +0000 (10:02 -0600)]
Handle the possibility of the siginfo parameter in sa_sigaction
handler being NULL.

7 years agoAdd support for signal events in sudo's event subsystem
Todd C. Miller [Fri, 12 May 2017 16:02:17 +0000 (10:02 -0600)]
Add support for signal events in sudo's event subsystem

7 years agoRestore the error message for sudo_ev_add() failure.
Todd C. Miller [Fri, 12 May 2017 16:02:17 +0000 (10:02 -0600)]
Restore the error message for sudo_ev_add() failure.

7 years agoAdd workaround for clang static analyzer being confused by LIST_REMOVE
Todd C. Miller [Fri, 12 May 2017 15:56:06 +0000 (09:56 -0600)]
Add workaround for clang static analyzer being confused by LIST_REMOVE
and TAILQ_REMOVE.

7 years agoFix "make check" when openssl or gcrypt is used. Bug #787
Todd C. Miller [Thu, 11 May 2017 11:28:19 +0000 (05:28 -0600)]
Fix "make check" when openssl or gcrypt is used.  Bug #787

7 years agoOnly display string version of errno if sudo_ev_add() fails for now
Todd C. Miller [Wed, 10 May 2017 15:22:07 +0000 (09:22 -0600)]
Only display string version of errno if sudo_ev_add() fails for now

7 years agoupdate
Todd C. Miller [Mon, 8 May 2017 20:03:29 +0000 (14:03 -0600)]
update

7 years agoBe clear that #includedir diverts control to the files in the
Todd C. Miller [Mon, 8 May 2017 19:55:02 +0000 (13:55 -0600)]
Be clear that #includedir diverts control to the files in the
specified directory and, when parsing of those files is complete,
returns control to the original file.  Bug #775

7 years agosync with translationproject.org
Todd C. Miller [Sun, 7 May 2017 12:44:33 +0000 (06:44 -0600)]
sync with translationproject.org

7 years agoupdate
Todd C. Miller [Fri, 5 May 2017 20:48:19 +0000 (14:48 -0600)]
update

7 years agoFix a hang introduced in the last commit. Don't close the pty slave
Todd C. Miller [Fri, 5 May 2017 20:45:35 +0000 (14:45 -0600)]
Fix a hang introduced in the last commit.  Don't close the pty slave
until after we have the controlling tty.

7 years agoIf any of std{in,out,err} are not hooked up to a tty only interpose
Todd C. Miller [Fri, 5 May 2017 20:27:42 +0000 (14:27 -0600)]
If any of std{in,out,err} are not hooked up to a tty only interpose
ourselves with a pipe if the plugin will actually log the data.
This avoids a problem with non-interactive commands where no tty
is present where sudo will consume stdin even when log_input is not
enabled in sudoers.

7 years agoupdate
Todd C. Miller [Fri, 5 May 2017 16:51:18 +0000 (10:51 -0600)]
update

7 years agoUpdate based on information from Michael Felt.
Todd C. Miller [Fri, 5 May 2017 16:45:33 +0000 (10:45 -0600)]
Update based on information from Michael Felt.

7 years agoIn check_input() when switch()ing on the return value of read(),
Todd C. Miller [Thu, 4 May 2017 18:25:51 +0000 (12:25 -0600)]
In check_input() when switch()ing on the return value of read(),
use the default label instead of 1 for the success case.  It is
only reading a single byte so the two are equivalent but it reads
better using default.

7 years agoCheck sudo_ev_add() return value. Coverity CID 168362
Todd C. Miller [Thu, 4 May 2017 17:10:42 +0000 (11:10 -0600)]
Check sudo_ev_add() return value.  Coverity CID 168362

7 years agoAdd io_open() wrapper for open(2) that retries with PERM_IOLOG if
Todd C. Miller [Thu, 4 May 2017 17:00:22 +0000 (11:00 -0600)]
Add io_open() wrapper for open(2) that retries with PERM_IOLOG if
open(2) fails with EACCES.  Use io_open() instead of duplicate
copies of the same fallback code.

7 years agoDon't retry the open() if set_perms() fails.
Todd C. Miller [Thu, 4 May 2017 16:45:05 +0000 (10:45 -0600)]
Don't retry the open() if set_perms() fails.

7 years agoFix typo (fd2 vs. fd) caught by coverity, CID 168359.
Todd C. Miller [Thu, 4 May 2017 16:30:59 +0000 (10:30 -0600)]
Fix typo (fd2 vs. fd) caught by coverity, CID 168359.

7 years agosync with translationproject.org
Todd C. Miller [Thu, 4 May 2017 15:17:19 +0000 (09:17 -0600)]
sync with translationproject.org

7 years agoWarn people not to use --enable-asan in production.
Todd C. Miller [Wed, 3 May 2017 18:56:06 +0000 (12:56 -0600)]
Warn people not to use --enable-asan in production.

7 years agoMove the invocation of check_noexec into the main "check" target
Todd C. Miller [Wed, 3 May 2017 17:58:40 +0000 (11:58 -0600)]
Move the invocation of check_noexec into the main "check" target
but only run it if not cross compiling and whe CHECK_NOEXEC is not
empty.

7 years agoMove @CHECK_NOEXEC@ to TEST_PROGS so it gets cleaned up properly.
Todd C. Miller [Wed, 3 May 2017 17:32:56 +0000 (11:32 -0600)]
Move @CHECK_NOEXEC@ to TEST_PROGS so it gets cleaned up properly.

7 years agoMove syslog_maxlen to the "Integers" section. Move syslog_goodpri and
Todd C. Miller [Wed, 3 May 2017 16:32:21 +0000 (10:32 -0600)]
Move syslog_maxlen to the "Integers" section.  Move syslog_goodpri and
syslog_badpri to the "Strings at can be used in a boolean context" section.

7 years agoFix a pasto that resulted in an extra (empty) syslog_goodpri list entry.
Todd C. Miller [Wed, 3 May 2017 16:24:12 +0000 (10:24 -0600)]
Fix a pasto that resulted in an extra (empty) syslog_goodpri list entry.

7 years agoAdd tests for parsing tuples and syslog options.
Todd C. Miller [Wed, 3 May 2017 15:54:30 +0000 (09:54 -0600)]
Add tests for parsing tuples and syslog options.

7 years agoAllow the syslog Defaults option to be used in a "true" boolean
Todd C. Miller [Wed, 3 May 2017 15:53:03 +0000 (09:53 -0600)]
Allow the syslog Defaults option to be used in a "true" boolean
context and use the compiled in default log facility in this case.

7 years agoAllow a tuple to be set to boolean true. Regression introduced by
Todd C. Miller [Wed, 3 May 2017 15:28:36 +0000 (09:28 -0600)]
Allow a tuple to be set to boolean true.  Regression introduced by
refactor of set_default_entry() in sudo 1.8.18.

7 years agoReplace the list of "dangerous" environment variables and explain
Todd C. Miller [Mon, 1 May 2017 17:33:51 +0000 (11:33 -0600)]
Replace the list of "dangerous" environment variables and explain
how sudo handles the environment instead.

7 years agoFix exponential behavior in glob() with respect to multiple '*'.
Todd C. Miller [Fri, 28 Apr 2017 18:12:00 +0000 (12:12 -0600)]
Fix exponential behavior in glob() with respect to multiple '*'.
See https://research.swtch.com/glob
Adapted from https://perl5.git.perl.org/perl.git/commit/33252c318625f3c6c89b816ee88481940e3e6f95

7 years agoWe no longer need to write to the tty if the command was killed by
Todd C. Miller [Fri, 28 Apr 2017 16:32:15 +0000 (10:32 -0600)]
We no longer need to write to the tty if the command was killed by
a signal.  Sudo will terminate itself with the same signal the
command died from.  Unfortunately, we lose the "core dumped" bit
since sudo itself will not dump core, but there doesn't appear to
be a way around that.

7 years agoOn Linux, if the command we ran dumped core, set PR_SET_DUMPABLE
Todd C. Miller [Thu, 27 Apr 2017 18:28:08 +0000 (12:28 -0600)]
On Linux, if the command we ran dumped core, set PR_SET_DUMPABLE
to 0.  This will prevent sudo itself from dumping core in this case.

7 years agoUpdate path to sudo_noexec.so
Todd C. Miller [Thu, 27 Apr 2017 18:02:29 +0000 (12:02 -0600)]
Update path to sudo_noexec.so

7 years agoIf the command terminated due to a signal, sudo will send that same
Todd C. Miller [Thu, 27 Apr 2017 16:34:30 +0000 (10:34 -0600)]
If the command terminated due to a signal, sudo will send that same
signal to itself so the parent shell knows the command died from
a signal.  However, we don't want sudo itself to dump core.

7 years agosync
Todd C. Miller [Thu, 27 Apr 2017 02:33:20 +0000 (20:33 -0600)]
sync

7 years agoThe fix for Bug #722 contained a typo/thinko that resulted in the
Todd C. Miller [Thu, 27 Apr 2017 02:17:34 +0000 (20:17 -0600)]
The fix for Bug #722 contained a typo/thinko that resulted in the
exit status being 0 when a command was killed by a signal other
than SIGINT.  This fixes the signal handler setup so sudo will
terminate with the same signal as the command.  Bug #784.

7 years agoBetter check for /etc/rc.d/rc2.d/S90sudo on AIX
Todd C. Miller [Wed, 26 Apr 2017 21:49:10 +0000 (15:49 -0600)]
Better check for /etc/rc.d/rc2.d/S90sudo on AIX

7 years agoDon't install the rc.d link when installing to a DESTDIR.
Todd C. Miller [Wed, 26 Apr 2017 20:49:05 +0000 (14:49 -0600)]
Don't install the rc.d link when installing to a DESTDIR.
DESTDIR is generally only set when installing to a temporary
directory for packaging in which case the link should be
made in a post-install script.

7 years agoIn "make install", install sample sudoers file as /etc/sudoers.dist
Todd C. Miller [Wed, 26 Apr 2017 19:52:49 +0000 (13:52 -0600)]
In "make install", install sample sudoers file as /etc/sudoers.dist
and copy it to /etc/sudoers if there is no existing /etc/sudoers.
Packages either contain /etc/sudoers (RPM and Debian) or /etc/sudoers.dist
(everything else).

7 years agoAllow "make dist" and "make depend" to work for out of tree builds.
Todd C. Miller [Wed, 26 Apr 2017 16:43:42 +0000 (10:43 -0600)]
Allow "make dist" and "make depend" to work for out of tree builds.

7 years agoAdd missing $(srcdir) prefix to shlib_exp definition.
Todd C. Miller [Mon, 24 Apr 2017 16:05:38 +0000 (10:05 -0600)]
Add missing $(srcdir) prefix to shlib_exp definition.

7 years agoFix typo in killpg macro.
Todd C. Miller [Fri, 21 Apr 2017 15:25:17 +0000 (09:25 -0600)]
Fix typo in killpg macro.

7 years agoFix the killpg macro for systems without killpg() in libc.
Todd C. Miller [Fri, 21 Apr 2017 13:28:45 +0000 (07:28 -0600)]
Fix the killpg macro for systems without killpg() in libc.

7 years agoUse the standard idiom for popping all entries from a tail queue.
Todd C. Miller [Thu, 20 Apr 2017 22:13:14 +0000 (16:13 -0600)]
Use the standard idiom for popping all entries from a tail queue.
The llvm checker gets confused by TAILQ_REMOVE and generate
use-after-free false positives.

7 years agorewrite errpipe callbacks
Todd C. Miller [Thu, 20 Apr 2017 22:12:53 +0000 (16:12 -0600)]
rewrite errpipe callbacks

7 years agouse pipe2() with O_CLOEXEC instead of pipe() + fcntl() and FD_CLOEXEC
Todd C. Miller [Thu, 20 Apr 2017 21:10:57 +0000 (15:10 -0600)]
use pipe2() with O_CLOEXEC instead of pipe() + fcntl() and FD_CLOEXEC

7 years agoinit io_pipe[][] to -1, not 0
Todd C. Miller [Thu, 20 Apr 2017 21:09:07 +0000 (15:09 -0600)]
init io_pipe[][] to -1, not 0

7 years agoIn sudo_sss_check_user() it is not possible for handle to be NULL.
Todd C. Miller [Wed, 19 Apr 2017 20:30:30 +0000 (14:30 -0600)]
In sudo_sss_check_user() it is not possible for handle to be NULL.

7 years agoFix a use after free when the fqdn sudoOption is set and no hostname
Todd C. Miller [Wed, 19 Apr 2017 20:15:18 +0000 (14:15 -0600)]
Fix a use after free when the fqdn sudoOption is set and no hostname
value is present in sssd.conf.

7 years agoAvoid unused variable when getgrouplist_2() is available.
Todd C. Miller [Wed, 19 Apr 2017 15:39:55 +0000 (09:39 -0600)]
Avoid unused variable when getgrouplist_2() is available.
It would be nicer to just provide getgrouplist_2() (or the equivalent)
and avoid the ugly #ifdefs.

7 years agosync with translationproject.org
Todd C. Miller [Wed, 19 Apr 2017 15:07:55 +0000 (09:07 -0600)]
sync with translationproject.org

7 years agoregen
Todd C. Miller [Thu, 13 Apr 2017 19:45:00 +0000 (13:45 -0600)]
regen

7 years agoIn sudo_ttyname_scan() if dir is the empty string, set errno to
Todd C. Miller [Wed, 12 Apr 2017 23:06:48 +0000 (17:06 -0600)]
In sudo_ttyname_scan() if dir is the empty string, set errno to
ENOENT before returning.

7 years agoTry to make it clear that when match_group_by_gid is enabled, groups
Todd C. Miller [Tue, 11 Apr 2017 22:56:04 +0000 (16:56 -0600)]
Try to make it clear that when match_group_by_gid is enabled, groups
in sudoers are looked up by group name instead of group ID.  This
doesn't usually cause problems, but if there are conflicting group
entries (for example, from a local /etc/group file and an LDAP or
AD group database), whether the group is resolved by name or ID can
be used to work around conflicts.

7 years agosync with translationproject.org
Todd C. Miller [Fri, 7 Apr 2017 16:32:52 +0000 (10:32 -0600)]
sync with translationproject.org