sudo-rs
sudo-rs copied to clipboard
memorysafety
Integration tests TODO list
Milestone 2
command line flags
- [x]
--user - [x]
--group#133 - [x] #186
- [x] #184
- [x] #182
- [x]
--reset-timestamp(lower prio) part of #304 - [x]
--validatepart of #304 - [x]
--chdir#183 - [x] #357
- [x] #391
sudoers tags
- [x]
NOPASSWD - [x]
PASSWD#531 - [x] #317
sudoers defaults
- [x]
env_reset(only true) - [x] #336
- [x] #252
- [x] #337
- [x]
secure_path#172 - [ ]
use_pty#301
sudoers user specification
- [x] user_list e.g.
<user_list> ALL(ALL:ALL) ALL#98 - [x] restricted runas user: e.g.
root ALL=(<specific-user>:ALL) ALL#133 - [x] restricted runas group: e.g.
root ALL=(ALL:<specific-group>) ALL#133 - [x] restricted command: e.g.
root ALL=(ALL:ALL) /usr/bin/ls#144 - [x] restricted hostname, e.g.
ALL remotehost = (ALL:ALL) ALL#145 - [x] User_Alias e.g.
User_Alias ADMINS = root, ferris#178 - [x] Runas_Alias (see also #13)
- [x] Host_Alias e.g.
Host_Alias SERVERS = main, www, mail#361 - [x] Cmnd_Alias e.g.
Cmnd_Alias CMDSGROUP = /bin/true, /bin/ls#385
password authentication
- [x] with
-Sflag #98 - [x] without
-Sflag #109
child process
- [x] stdin, stdout, stderr, exit status redirection #132
- [x] signal handling #111
third party integration
- [x]
pam#113 - [x] #376
- [x] #389
miscellaneous
- [x] #304
- [x] #307
su
command line options
- [x] #493
- [x] #550
- [x] #551
- [x] #527
- [x] #528
- [x] #495
- [x] #586
- [x] #496
- [x] #573
inter-operation
- [x] #628
- [x] #606
- [x] #629
misc
- [x] #589
Milestone 3
command line options
- [ ] ~~
-e, --edit~~ - [x]
-l, --list#530 - [ ] ~~
-R, --chroot=directory~~ - [ ]
-U, --other-user=user - [ ] "accepts full syntax sudoers, including options that are no-ops" -- possibly in connection to
visudo(-c)
visudo
incomplete list:
- [x] #655
Here is a list of applicable sudo advisories where we manually decided that we are secure:
Environment-related (we are secure since we force env_reset)
- [ ] https://www.sudo.ws/security/advisories/bash_functions/
- [ ] https://www.sudo.ws/security/advisories/bash_env/
- [ ] https://www.sudo.ws/security/advisories/perl_env/
We explicitly coded this:
- [ ] https://www.sudo.ws/security/advisories/tz/
- [ ] https://www.sudo.ws/security/advisories/linux_tty/ (not applicable, but we do what sudo does)
Our timestamping implementation uses system monotonic time (and is cleared upon a restart):
- [ ] https://www.sudo.ws/security/advisories/epoch_ticket/
Problems prevented by coding Rust:
- [ ] https://www.sudo.ws/security/advisories/path_race/ (this particular trigger of a race condition would not apply due to higher level coding practices, but race conditions themselves are of course still possible and we need to perform an audit for them)
- [ ] https://www.sudo.ws/security/advisories/group_vector/
- [ ] https://www.sudo.ws/security/advisories/cmnd_alias_negation/
- [ ] https://www.sudo.ws/security/advisories/secure_path/
- [ ] https://www.sudo.ws/security/advisories/runas_group/
- [ ] https://www.sudo.ws/security/advisories/runas_group_pw/
- [ ] https://www.sudo.ws/security/advisories/minus_1_uid/
Still need to check!
- [ ] https://www.sudo.ws/security/advisories/tty_tickets/
Here's a list of sudo advisories that do not apply to us since they involve features we don't support.
Things that would apply if we were to implement these features (we have no plans to do so):
- [ ] https://www.sudo.ws/security/advisories/double_free/ (unlikely in Rust)
- [ ] https://www.sudo.ws/security/advisories/postfix/
- [ ] https://www.sudo.ws/security/advisories/netmask/
- [ ] https://www.sudo.ws/security/advisories/env_add/ (we could be susceptible)
- [ ] https://www.sudo.ws/security/advisories/pwfeedback/ (unlikely in Rust)
Sudoedit related ones:
- [ ] https://www.sudo.ws/security/advisories/unescape_overflow/
- [ ] https://www.sudo.ws/security/advisories/sudoedit_selinux/
- [ ] https://www.sudo.ws/security/advisories/sudoedit_any/
- [ ] https://www.sudo.ws/security/advisories/sudoedit/
- [ ] https://www.sudo.ws/security/advisories/sudoedit_escalate/
- [ ] https://www.sudo.ws/security/advisories/sudoedit_escalate2/
Noexec:
- [ ] https://www.sudo.ws/security/advisories/noexec_wordexp/
- [ ] https://www.sudo.ws/security/advisories/noexec_bypass/