search

trifectatechfoundation / sudo-rs

A memory safe implementation of sudo and su.
Other
2.9k stars 79 forks source link

Protect calls to ttyname and isatty #630

Closed squell closed 1 year ago

squell commented 1 year ago

This checks of the file is a character special device before firing calls on them that result in IOCTL's (as a mitigation for stuff like CVE-2023-2002)

github-actions[bot] commented 1 year ago

Number of dependencies and binary size impact report

Metric main PR #630 Delta
Direct dependencies 5 5 -
Total dependencies 10 10 -
Binary size 1.1 MiB 1.1 MiB -0.8%
Text size 652.5 KiB 650.8 KiB -0.3%
Dependencies diff ```diff └─ sudo-rs [v0.2.0-dev.20230703] ├─ glob [v0.3.1] ├─ libc [v0.2.147] ├─ log [v0.4.19] ├─ signal-hook [v0.3.15] | ├─ libc [v0.2.147] | ├─ signal-hook-registry [v1.4.1] | | └─ libc [v0.2.147] | └─ cc [v1.0.79] └─ signal-hook-registry [v1.4.1] ```
codecov[bot] commented 1 year ago

Codecov Report

Patch coverage: 100.00% and project coverage change: -0.05 :warning:

Comparison is base (22427b6) 86.83% compared to head (45986fc) 86.79%.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #630 +/- ## ========================================== - Coverage 86.83% 86.79% -0.05% ========================================== Files 61 61 Lines 8605 8654 +49 ========================================== + Hits 7472 7511 +39 - Misses 1133 1143 +10 ``` | [Impacted Files](https://app.codecov.io/gh/memorysafety/sudo-rs/pull/630?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=memorysafety) | Coverage Δ | | |---|---|---| | [src/exec/use\_pty/parent.rs](https://app.codecov.io/gh/memorysafety/sudo-rs/pull/630?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=memorysafety#diff-c3JjL2V4ZWMvdXNlX3B0eS9wYXJlbnQucnM=) | `75.40% <ø> (ø)` | | | [src/cutils/mod.rs](https://app.codecov.io/gh/memorysafety/sudo-rs/pull/630?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=memorysafety#diff-c3JjL2N1dGlscy9tb2QucnM=) | `100.00% <100.00%> (ø)` | | | [src/system/term/mod.rs](https://app.codecov.io/gh/memorysafety/sudo-rs/pull/630?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=memorysafety#diff-c3JjL3N5c3RlbS90ZXJtL21vZC5ycw==) | `94.91% <100.00%> (+0.32%)` | :arrow_up: | ... and [5 files with indirect coverage changes](https://app.codecov.io/gh/memorysafety/sudo-rs/pull/630/indirect-changes?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=memorysafety)

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.