These 19 commits are when the Protocol Buffers files have changed:
Commit: | 3cd9c5f | |
---|---|---|
Author: | Todd C. Miller |
Stop sending an InterceptResponse to a PolicyCheckRequest for log_subcmds. There's no real reason for the command to wait for sudo send back a response that will always be a PolicyAcceptMessage.
The documentation is generated from this commit.
Commit: | db75023 | |
---|---|---|
Author: | Todd C. Miller |
Avoid symbol name clash to fix --enable-static-sudoers linking.
Commit: | 9a690a8 | |
---|---|---|
Author: | Todd C. Miller |
Switch to a 128-bit token instead of a 64-bit secret. Protobuf doesn't have a 128-bit type so use two u64s. We now support partial reads of the token.
Commit: | 9137909 | |
---|---|---|
Author: | Todd C. Miller |
sudo_intercept.so: send the secret immediately after connecting. Sending the secret out of band, before the message size is read, should make it harder to mount a DoS attack.
Commit: | 168d5c4 | |
---|---|---|
Author: | Todd C. Miller |
Update runcwd in command_info[] before passing it to the audit plugin. Since sudoers does rejected commands itself the runcwd will still not be correct for those.
Commit: | c465d89 | |
---|---|---|
Author: | Todd C. Miller |
Change intercept IPC to use a localhost socket instead of inherited fd. This allows intercept mode to work with shells that close all open fds upon startup. The ctor in sudo_intercept.so requests the port number and secret over the socket inherited from the parent then closes it. For each policy request, a TCP connection is made to the sudo parent process to perform the policy check. Child processes re-use the TCP socket to request the port number and secret just like the initial process started by sudo does.
Commit: | eaf03a3 | |
---|---|---|
Author: | Todd C. Miller |
Pass a secret value to sudo_intercept.so and verify after policy check. The goal is to make it harder for someone to have a fake policy checker. This will not stop a determined adversary since the secret is present in the address space of the running process.
Commit: | cede7dd | |
---|---|---|
Author: | Todd C. Miller |
Define protocol for sudo <-> sudo_intercept.so communication. Uses google protocol buffers.
Commit: | 9d776b4 | |
---|---|---|
Author: | Todd C. Miller |
Allow multiple accept/reject messages during a logsrv conversation. The log server now advertises a subcommands flag if it supports logging subcommands (e.g. commands run from a sudo-spawned program like a shell). The client should only log additional commands during a session if this flag is set in the ServerHello message.
Commit: | 9779009 | |
---|---|---|
Author: | Todd C. Miller |
Add info_msgs to AlertMessage and populate it. This lets us log eventlog info along with the alert if it is available.
Commit: | 6901fc9 | |
---|---|---|
Author: | Todd C. Miller | |
Committer: | Todd C. Miller |
Add a ClientHello message that client sends to the server. This makes it easier to detect a plaintext client sending to a TLS port. Without this, the TLS server will be silent as it waits for the client to initiate the TLS connection.
Commit: | e5f8214 | |
---|---|---|
Author: | Todd C. Miller | |
Committer: | Todd C. Miller |
Remove the tls parameter from the ServerHello message. The TLS connection is now initiated before ServerHello is received.
Commit: | 24c9438 | |
---|---|---|
Author: | Laszlo Orban | |
Committer: | Todd C. Miller |
logserver option to disable certificate verification on server side and server authentication on client side
Commit: | 9935a7e | |
---|---|---|
Author: | Laszlo Orban | |
Committer: | Todd C. Miller |
Rename tls_checkpeer to tls_reqcert in ServerHello message
Commit: | 33f6a16 | |
---|---|---|
Author: | Laszlo Orban | |
Committer: | Laszlo Orban |
extend ServerHello message with two fields (tls, tls_checkpeer)
Commit: | 58cede6 | |
---|---|---|
Author: | Todd C. Miller |
Move protobuf-c.c, log_server.proto, log_server.pb-c.[ch] to lib/logsrv
Commit: | 3b8011e | |
---|---|---|
Author: | Todd C. Miller |
Add NumberList to InfoMessage. Also make comments fit in 80 columns when formatted as a man page.
Commit: | 077e9ae | |
---|---|---|
Author: | Todd C. Miller |
Rename ExecMessage -> AcceptMessage and add RejectMessage
Commit: | 2272430 | |
---|---|---|
Author: | Todd C. Miller |
Import proof of concept sudo log server.