sudo-rs
sudo-rs copied to clipboard
memorysafety
A memory safe implementation of sudo and su.
Cargo says libc::close_range doesn't exist... and looking at the libc crate docs it's only available on -linux-gnu 👀 Possibly related https://github.com/trifectatechfoundation/sudo-rs/issues/1068
This has the advantage that the actual source location of the failing command is shown, which is especially useful when multiple a test runs multiple commands. In addition the panic...
Fixes https://github.com/trifectatechfoundation/sudo-rs/issues/1080
See the individual commits what needed to be changed.
This is using seccomp syscall filtering of the execve and execveat syscalls. Unlike the original sudo this does not depend on using LD_PRELOAD. Instead SECCOMP_RET_USER_NOTIF is used combined with a...
Several compliance tests have something like ``` assert_not_contains!(stdout, "[sudo] password for"); ``` And obviously sudo-rs output does not contain that. We should probably rewrite that or remove those asserts.
This is the sudo version that will be in Debian Trixie. ``` ---- sudo::pam::env::default_and_override_pam_env_vars_are_parentheses_checked_but_set_vars_are_not stdout ---- Error: "program failed with exit code 1. stderr:\nsudo: pam_open_session: Critical error - immediate abort\nsudo:...
FreeBSD doesn't support seccomp, so this will have to load a dylib using LD_PRELOAD that overrides all the various exec* symbols that exist on FreeBSD.
See PR #1073; this requires rust 1.77. At the time of writing we could only bump or MSRV to 1.75 since Ubuntu LTS is on that.
Metadata
Owner
Metadata
A memory safe implementation of sudo and su.