summaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Use a "%s" format instead of using a translated string as the format.Todd C. Miller2023-05-031-2/+2
|
* Add adminconfdir and --enable-adminconf to set it.Todd C. Miller2023-05-021-1/+2
| | | | | | Configuration paths in sudo are now a colon-separated list of files with the adminconfdir instance first (if enabled), followed by a sysconfdir instance.
* Convert config file paths to colon-separated path list.Todd C. Miller2023-05-021-1/+1
| | | | | | This means that _PATH_SUDO_CONF, _PATH_SUDOERS, _PATH_SUDO_LOGSRVD_CONF, and _PATH_CVTSUDOERS_CONF can now specify multiple files. The first file that exists is used.
* disable_coredump: only change the soft limit, leave the hard limit as-isTodd C. Miller2023-04-241-20/+32
| | | | | | This should avoid problems on Linux in cases where sudo does not have CAP_SYS_RESOURCE which may be the case in an unprivileged container. GitHub issue #42
* More accurate description of what happens for "sudo -b".Todd C. Miller2023-04-191-1/+5
|
* Avoid calling isatty()/ttyname() on std{in,out,err} if not a char dev.Todd C. Miller2023-04-185-26/+59
| | | | | The user controls these fds so we should avoid calling ioctl(2) on them unless they correspond to actual character device files.
* Better support for "sudo -b" when running the command in a pty.Todd C. Miller2023-04-191-6/+20
| | | | | | | | When a command is run via "sudo -b" it has no access to terminal input. In non-pty mode, the command runs in an orphaned process group and reads from the controlling terminal fail with EIO. We cannot do the same while running in a pty but if we set stdin to a half-closed pipe, reads from it will get EOF. That is close enough.
* Hard-code usage() and help() for an 80-column terminal.Todd C. Miller2023-04-182-58/+76
| | | | | | | Trying to tailor the help and usage output to the terminal width is simply not worth it and could be abused to mark a socket as "trusted" on Linux if there are additional kernel bugs like CVE-2023-2002.
* Move CONFIGURE_ARGS from sudo_usage.h.in to config.h.in.Todd C. Miller2023-04-182-6/+0
|
* get_user_info: call sudo_get_ttysize() even if no /dev/ttyTodd C. Miller2023-04-171-6/+6
| | | | | We still want to initialize rows and cols based on the environment if possible.
* Get the tty size using stdout, not stderr, when printing help output.Todd C. Miller2023-04-161-1/+1
| | | | While usage() prints to stderr, help() prints to stdout.
* get_user_info: pass sudo_get_ttysize() the fd of /dev/tty, not stderr.Todd C. Miller2023-04-161-1/+1
| | | | | Both the plugin API and the main event loop expect lines/cols to refer to the user's terminal, so using /dev/tty is better here.
* Add an fd argument to sudo_get_ttysize() instead of always using stderr.Todd C. Miller2023-04-162-3/+3
| | | | | For sudoreplay we open /dev/tty, so use that instead of stderr when determining the terminal size.
* Make struct {command,user}_details pointers const where possible.Todd C. Miller2023-03-2713-65/+68
|
* Make user_details private to main.Todd C. Miller2023-03-274-31/+37
|
* Make user_details private to sudo.c.Todd C. Miller2023-03-279-79/+97
|
* Use sudo_get_ttysize() in help() and usage().Todd C. Miller2023-03-251-6/+10
| | | | This eliminates a dependency on the user_details global.
* Store submitcwd (from user_details) in struct command_details.Todd C. Miller2023-03-253-9/+11
| | | | This eliminates use of the user_details global from exec_setup().
* utmp_fill: user is now always non-NULL, no need for user_details.Todd C. Miller2023-03-241-6/+1
|
* Remove list_user global.Todd C. Miller2023-03-243-6/+8
|
* No need to declare tgetpass_flags, it is already in sudo.h.Todd C. Miller2023-03-241-3/+1
|
* No need for sudo_mode to be global anymore.Todd C. Miller2023-03-241-2/+1
|
* Make command_details private to main().Todd C. Miller2023-03-241-10/+10
|
* Make iobufs private to exec_iolog.c.Todd C. Miller2023-03-244-15/+13
|
* Remove ttymode and its associated values.Todd C. Miller2023-03-241-5/+0
|
* Move ptyname to struct exec_closureTodd C. Miller2023-03-245-38/+37
|
* Move pty_make_controlling() to exec_monitor.c where it is called.Todd C. Miller2023-03-243-25/+26
| | | | We can use details->tty to access the pty follower path.
* Eliminate utmp_user global, just use the value in struct command details.Todd C. Miller2023-03-242-8/+6
|
* Replace tty_mode global with term_raw flag in struct exec_closure.Todd C. Miller2023-03-244-57/+93
| | | | | | The pty_cleanup hook needs access to the closure so add pty_cleanup_init() to store a pointer to the closure for use by pty_cleanup_hook().
* Register pty cleanup function in exec_pty(), not exec_cmnd_pty().Todd C. Miller2023-03-243-6/+9
| | | | We want it to execute in the main sudo process, not the monitor.
* Make ttyblock private to exec_iolog.cTodd C. Miller2023-03-241-2/+3
|
* exec_pty.c: move foreground flag to struct exec_closure.Todd C. Miller2023-03-232-15/+16
| | | | | Also make pipeline flag private to exec_pty() and remove the unneeded check_foreground() prototype.
* On resume, always sync the pty terminal settings with /dev/tty.Todd C. Miller2023-03-231-25/+27
| | | | | | | | | | Changes made to the terminal settings while the command is suspended are now reflected in the pty when the command is resumed. This is more consistent with the non-pty behavior and allows for the removal of the "tty_initialized" global. One downside to this change is that if a terminal-based program using the pty is stopped with SIGSTOP it may have the wrong terminal settings on resume. However, this is no different from the non-pty case.
* Quiet compiler warnings on systems where pid_t is not an int.Todd C. Miller2023-03-221-3/+3
| | | | Historically, pid_t was a long on some 32-bit systems like Solaris.
* exec_pty: always copy the terminal settings from /dev/tty the pty.Todd C. Miller2023-03-221-13/+19
| | | | | | | | | Previously, we only did this when running in the foreground but this can cause problems when running a program that reads the terminal settings or window size in the background. If sudo is running in the background, the terminal settings will be updated if it transitions to the foreground process. Based on a suggestion from From Duncan Overbruck.
* check_foreground: use SFD_LEADER not SFD_FOLLOWER (which was closed).Todd C. Miller2023-03-221-3/+4
| | | | | Also use SFD_LEADER for sudo_term_copy() in exec_pty() for consistency. From Duncan Overbruck.
* suspend_sudo_pty: fix cut & pasto in last commit to catch SIGCONT.Todd C. Miller2023-03-221-4/+3
| | | | | Also set sa.sa_handler to SIG_DFL instead of SIG_IGN. There is no difference for SIGCONT but it means we can re-use sa as-is later.
* Catch SIGCONT and restore terminal settings on resume from SIGSTOP.Todd C. Miller2023-03-211-35/+75
| | | | | | While we cannot catch SIGSTOP, we _can_ catch SIGCONT and set /dev/tty to raw mode when running in the foreground. Ignore SIGCONT in suspend_sudo_pty() so we don't call resume_terminal() twice.
* Only convert a signal number to a name if we are going to use it.Todd C. Miller2023-03-212-41/+56
| | | | It is mostly used for debug logging.
* Move updating of the window size back to the main sudo process.Todd C. Miller2023-03-213-66/+18
| | | | | We can use the leader file descriptor with TIOCGWINSZ to set the window size of the pty. Thanks to Duncan Overbruck for the hint.
* Use LIBPROTOBUF_C and LIBUTIL variables and use them.Todd C. Miller2023-03-161-6/+7
|
* Sync non-intercept version of intercept_cleanup() declaration.Todd C. Miller2023-03-101-1/+1
|
* Plug a memory leak with ptrace-based intercept.Todd C. Miller2023-03-103-3/+9
|
* Plug memory leak when log_subcmds is enabled.Todd C. Miller2023-03-101-2/+3
|
* write_callback: only enable /dev/tty reader if the command is runningTodd C. Miller2023-03-012-7/+15
| | | | | | | This fixes a hang when there is /dev/tty data in a buffer to be flushed by the final call to del_io_events(). We do not want to re-enable the reader when flushing the buffers as part of pty_finish(). See PR #247 for analysis of the problem and how to reproduce it.
* Fix --enable-static-sudoers, broken in sudo 1.9.13.Todd C. Miller2023-02-231-0/+2
| | | | | sudo_qualify_plugin() should not try to fully-qualify the path to a statically-compiled plugin. GitHub issue #245
* Run the editor in its own process group.Todd C. Miller2023-02-218-248/+9
| | | | | This fixes suspending the editor on GNU Hurd which doesn't seem to have proper process group signal handling.
* ptrace_intercept_execve: preserve old argv[0] after policy check.Todd C. Miller2023-02-211-4/+28
| | | | | | We have to replace argv[0] with the pathname for the policy check but want to restore it afterwards if the policy has not changed the command's path name to avoid a mismatch later on.
* Handle "locale -a" returning both C.UTF-8 and C.utf8.Todd C. Miller2023-02-151-1/+1
| | | | | It is possible to have mutiple matches from the output of "locale -a". Just take the first one. Fixes GitHub issue #241.
* Add some missing files to the clean and distclean targets.Todd C. Miller2023-02-151-1/+2
|
View Lorry Controller Status