This patch will upgrade Sudo version 1.6.9 patchlevel 20 to Sudo version 1.6.9 patchlevel 21. To apply: $ cd sudo-1.6.9p20 $ patch -p1 < sudo-1.6.9p21.patch diff -urNa sudo-1.6.9p20/CHANGES sudo-1.6.9p21/CHANGES --- sudo-1.6.9p20/CHANGES Wed Jan 28 11:08:36 2009 +++ sudo-1.6.9p21/CHANGES Mon Feb 22 19:51:36 2010 @@ -2156,3 +2156,21 @@ 679) Fixed a compilation problem on AIX. Sudo 1.6.9p20 released. + +680) Added fast_glob option to make sudo to use fnmatch() instead + of glob() for pathname globbing. + +681) Added umask_override option to restore historical umask behavior. + +682) The -k flag may now be used in conjuntion with a command, in which + case the user's timestamp file will be ignored (and not updated). + +683) The default runas user (usually root) was always used when setting + the auxiliary group vector, even when the runas_default option was + specified in sudoers. + +684) The -u flag may once again be used in conjunction with the -v flag. + +685) Users with permission to run sudoedit could run arbitrary commands. + +Sudo 1.6.9p21 released. diff -urNa sudo-1.6.9p20/Makefile.in sudo-1.6.9p21/Makefile.in --- sudo-1.6.9p20/Makefile.in Wed Jan 28 11:16:50 2009 +++ sudo-1.6.9p21/Makefile.in Tue Feb 23 07:17:53 2010 @@ -20,7 +20,7 @@ # # @configure_input@ # -# $Sudo: Makefile.in,v 1.246.2.36 2009/01/28 16:16:50 millert Exp $ +# $Sudo: Makefile.in,v 1.246.2.39 2009/02/23 14:19:25 millert Exp $ # #### Start of system configuration section. #### @@ -134,7 +134,7 @@ LIBOBJS = @LIBOBJS@ @ALLOCA@ -VERSION = 1.6.9p20 +VERSION = 1.6.9p21 DISTFILES = $(SRCS) $(HDRS) BUGS CHANGES HISTORY INSTALL INSTALL.configure \ LICENSE Makefile.in PORTING README README.LDAP \ @@ -289,7 +289,7 @@ visudo.man.in: $(srcdir)/visudo.pod @rm -f $(srcdir)/$@ - ( cd $(srcdir); mansectsu=`echo @MANSECTSU@|tr A-Z a-z`; mansectform=`echo @MANSECTFORM@|tr A-Z a-z`; sed -n -e '/^=pod/q' -e 's/^/.\\" /p' visudo.pod > $@; pod2man --quotes=none --date="`date '+%B %e, %Y'`" --section=$$mansectsu --release=$(VERSION) --center="MAINTENANCE COMMANDS" visudo.pod | sed -e "s/(5)/($$mansectform)/" -e "s/(8)/($$mansectsu)/" >> $@ ) + ( cd $(srcdir); mansectsu=`echo @MANSECTSU@|tr A-Z a-z`; mansectform=`echo @MANSECTFORM@|tr A-Z a-z`; sed -n -e '/^=pod/q' -e 's/^/.\\" /p' visudo.pod > $@; pod2man --quotes=none --date="`date '+%B %e, %Y'`" --section=$$mansectsu --release=$(VERSION) --center="MAINTENANCE COMMANDS" visudo.pod | sed -e "s/(5)/($$mansectform)/" -e "s/(8)/($$mansectsu)/" -e 's|\\fI\\f\((CW*\)*I@\([^@]*\)\\fI@|\\fI@\2@|g'>> $@ ) visudo.man: visudo.man.in CONFIG_FILES=$@ CONFIG_HEADERS= sh ./config.status @@ -313,22 +313,22 @@ $(DESTDIR)$(mandirsu) $(DESTDIR)$(mandirform) \ $(DESTDIR)$(noexecdir) -install-binaries: $(PROGS) +install-binaries: install-dirs $(PROGS) $(INSTALL) -O $(install_uid) -G $(install_gid) -M 4111 -s sudo $(DESTDIR)$(sudodir)/sudo rm -f $(DESTDIR)$(sudodir)/sudoedit ln $(DESTDIR)$(sudodir)/sudo $(DESTDIR)$(sudodir)/sudoedit $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s visudo $(DESTDIR)$(visudodir)/visudo @SELINUX@ $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s sesh $(DESTDIR)$(libexecdir)/sesh -install-noexec: sudo_noexec.la +install-noexec: install-dirs sudo_noexec.la test -f .libs/$(noexecfile) && $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0755 .libs/$(noexecfile) $(DESTDIR)$(noexecdir) -install-sudoers: +install-sudoers: install-dirs test -f $(DESTDIR)$(sudoersdir)/sudoers || \ $(INSTALL) -O $(sudoers_uid) -G $(sudoers_gid) -M $(sudoers_mode) \ $(srcdir)/sudoers $(DESTDIR)$(sudoersdir)/sudoers -install-man: +install-man: install-dirs $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudo.$(mantype) $(DESTDIR)$(mandirsu)/sudo.$(mansectsu) @rm -f $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu) ln $(DESTDIR)$(mandirsu)/sudo.$(mansectsu) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu) diff -urNa sudo-1.6.9p20/auth/pam.c sudo-1.6.9p21/auth/pam.c --- sudo-1.6.9p20/auth/pam.c Sat Nov 22 13:19:22 2008 +++ sudo-1.6.9p21/auth/pam.c Wed Feb 25 07:21:20 2009 @@ -72,12 +72,12 @@ #endif #ifndef lint -__unused static const char rcsid[] = "$Sudo: pam.c,v 1.43.2.11 2008/11/22 18:19:22 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: pam.c,v 1.43.2.12 2009/02/25 12:21:20 millert Exp $"; #endif /* lint */ static int sudo_conv __P((int, PAM_CONST struct pam_message **, struct pam_response **, VOID *)); -static char *def_prompt; +static char *def_prompt = "Password:"; #ifndef PAM_DATA_SILENT #define PAM_DATA_SILENT 0 diff -urNa sudo-1.6.9p20/check.c sudo-1.6.9p21/check.c --- sudo-1.6.9p20/check.c Sat Jan 5 18:59:42 2008 +++ sudo-1.6.9p21/check.c Wed Feb 25 06:07:43 2009 @@ -63,7 +63,7 @@ #include "sudo.h" #ifndef lint -__unused static const char rcsid[] = "$Sudo: check.c,v 1.223.2.10 2008/01/05 23:59:42 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: check.c,v 1.223.2.11 2009/02/25 11:07:43 millert Exp $"; #endif /* lint */ /* Status codes for timestamp_status() */ @@ -88,20 +88,26 @@ * verify who he/she is. */ void -check_user(validated) +check_user(validated, mode) int validated; + int mode; { char *timestampdir = NULL; char *timestampfile = NULL; char *prompt; int status; - if (user_uid == 0 || user_uid == runas_pw->pw_uid || user_is_exempt()) - return; + if (mode & MODE_INVALIDATE) { + /* do not check or update timestamp */ + status = TS_ERROR; + } else { + if (user_uid == 0 || user_uid == runas_pw->pw_uid || user_is_exempt()) + return; - build_timestamp(×tampdir, ×tampfile); - status = timestamp_status(timestampdir, timestampfile, user_name, - TS_MAKE_DIRS); + build_timestamp(×tampdir, ×tampfile); + status = timestamp_status(timestampdir, timestampfile, user_name, + TS_MAKE_DIRS); + } if (status != TS_CURRENT || ISSET(validated, FLAG_CHECK_USER)) { lecture(status); @@ -120,7 +126,6 @@ /* * Standard sudo lecture. - * TODO: allow the user to specify a file name instead. */ static void lecture(status) diff -urNa sudo-1.6.9p20/configure sudo-1.6.9p21/configure --- sudo-1.6.9p20/configure Wed Jan 28 11:12:06 2009 +++ sudo-1.6.9p21/configure Mon Feb 23 09:20:35 2009 @@ -870,10 +870,6 @@ host_cpu host_vendor host_os -target -target_cpu -target_vendor -target_os SED GREP EGREP @@ -1467,7 +1463,6 @@ System types: --build=BUILD configure for building on BUILD [guessed] --host=HOST cross-compile to build programs to run on HOST [BUILD] - --target=TARGET configure for building compilers for TARGET [HOST] _ACEOF fi @@ -5361,49 +5356,6 @@ case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac -{ echo "$as_me:$LINENO: checking target system type" >&5 -echo $ECHO_N "checking target system type... $ECHO_C" >&6; } -if test "${ac_cv_target+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test "x$target_alias" = x; then - ac_cv_target=$ac_cv_host -else - ac_cv_target=`$SHELL "$ac_aux_dir/config.sub" $target_alias` || - { { echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $target_alias failed" >&5 -echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $target_alias failed" >&2;} - { (exit 1); exit 1; }; } -fi - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_target" >&5 -echo "${ECHO_T}$ac_cv_target" >&6; } -case $ac_cv_target in -*-*-*) ;; -*) { { echo "$as_me:$LINENO: error: invalid value of canonical target" >&5 -echo "$as_me: error: invalid value of canonical target" >&2;} - { (exit 1); exit 1; }; };; -esac -target=$ac_cv_target -ac_save_IFS=$IFS; IFS='-' -set x $ac_cv_target -shift -target_cpu=$1 -target_vendor=$2 -shift; shift -# Remember, the first character of IFS is used to create $*, -# except with old shells: -target_os=$* -IFS=$ac_save_IFS -case $target_os in *\ *) target_os=`echo "$target_os" | sed 's/ /-/g'`;; esac - - -# The aliases save the names the user supplied, while $host etc. -# will get canonicalized. -test -n "$target_alias" && - test "$program_prefix$program_suffix$program_transform_name" = \ - NONENONEs,x,x, && - program_prefix=${target_alias}- # Check whether --enable-static was given. if test "${enable_static+set}" = set; then enableval=$enable_static; p=${PACKAGE-default} @@ -6129,7 +6081,7 @@ ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 6132 "configure"' > conftest.$ac_ext + echo '#line 6084 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -7988,11 +7940,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:7991: $lt_compile\"" >&5) + (eval echo "\"\$as_me:7943: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:7995: \$? = $ac_status" >&5 + echo "$as_me:7947: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -8278,11 +8230,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8281: $lt_compile\"" >&5) + (eval echo "\"\$as_me:8233: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:8285: \$? = $ac_status" >&5 + echo "$as_me:8237: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -8382,11 +8334,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8385: $lt_compile\"" >&5) + (eval echo "\"\$as_me:8337: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:8389: \$? = $ac_status" >&5 + echo "$as_me:8341: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -10742,7 +10694,7 @@ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext < conftest.$ac_ext <&5 diff -urNa sudo-1.6.9p20/configure.in sudo-1.6.9p21/configure.in --- sudo-1.6.9p20/configure.in Wed Jan 28 11:15:18 2009 +++ sudo-1.6.9p21/configure.in Mon Feb 23 09:21:31 2009 @@ -1,6 +1,6 @@ dnl dnl Process this file with GNU autoconf to produce a configure script. -dnl $Sudo: configure.in,v 1.413.2.57 2009/01/28 16:15:18 millert Exp $ +dnl $Sudo: configure.in,v 1.413.2.58 2009/02/23 14:21:31 millert Exp $ dnl dnl Copyright (c) 1994-1996,1998-2007 Todd C. Miller dnl @@ -1166,7 +1166,6 @@ dnl Libtool magic; enable shared libs and disable static libs dnl AC_CANONICAL_HOST -AC_CANONICAL_TARGET([]) AC_DISABLE_STATIC AC_PROG_LIBTOOL diff -urNa sudo-1.6.9p20/def_data.c sudo-1.6.9p21/def_data.c --- sudo-1.6.9p20/def_data.c Thu Apr 10 13:11:33 2008 +++ sudo-1.6.9p21/def_data.c Sat Feb 21 17:07:12 2009 @@ -252,6 +252,14 @@ "Reset the environment to a default set of variables", NULL, }, { + "fast_glob", T_FLAG, + "Use faster globbing that is less accurate but does not access the filesystem", + NULL, + }, { + "umask_override", T_FLAG, + "The umask specified in sudoers will override the user's, even if it is more permissive", + NULL, + }, { "env_check", T_LIST|T_BOOL, "Environment variables to check for sanity:", NULL, diff -urNa sudo-1.6.9p20/def_data.h sudo-1.6.9p21/def_data.h --- sudo-1.6.9p20/def_data.h Thu Apr 10 13:11:33 2008 +++ sudo-1.6.9p21/def_data.h Sat Feb 21 17:07:12 2009 @@ -112,16 +112,20 @@ #define I_SETENV 55 #define def_env_reset (sudo_defs_table[56].sd_un.flag) #define I_ENV_RESET 56 -#define def_env_check (sudo_defs_table[57].sd_un.list) -#define I_ENV_CHECK 57 -#define def_env_delete (sudo_defs_table[58].sd_un.list) -#define I_ENV_DELETE 58 -#define def_env_keep (sudo_defs_table[59].sd_un.list) -#define I_ENV_KEEP 59 -#define def_role (sudo_defs_table[60].sd_un.str) -#define I_ROLE 60 -#define def_type (sudo_defs_table[61].sd_un.str) -#define I_TYPE 61 +#define def_fast_glob (sudo_defs_table[57].sd_un.flag) +#define I_FAST_GLOB 57 +#define def_umask_override (sudo_defs_table[58].sd_un.flag) +#define I_UMASK_OVERRIDE 58 +#define def_env_check (sudo_defs_table[59].sd_un.list) +#define I_ENV_CHECK 59 +#define def_env_delete (sudo_defs_table[60].sd_un.list) +#define I_ENV_DELETE 60 +#define def_env_keep (sudo_defs_table[61].sd_un.list) +#define I_ENV_KEEP 61 +#define def_role (sudo_defs_table[62].sd_un.str) +#define I_ROLE 62 +#define def_type (sudo_defs_table[63].sd_un.str) +#define I_TYPE 63 enum def_tupple { never, diff -urNa sudo-1.6.9p20/def_data.in sudo-1.6.9p21/def_data.in --- sudo-1.6.9p20/def_data.in Sun Mar 23 10:21:27 2008 +++ sudo-1.6.9p21/def_data.in Sat Feb 21 17:05:36 2009 @@ -182,6 +182,12 @@ env_reset T_FLAG "Reset the environment to a default set of variables" +fast_glob + T_FLAG + "Use faster globbing that is less accurate but does not access the filesystem" +umask_override + T_FLAG + "The umask specified in sudoers will override the user's, even if it is more permissive" env_check T_LIST|T_BOOL "Environment variables to check for sanity:" diff -urNa sudo-1.6.9p20/logging.c sudo-1.6.9p21/logging.c --- sudo-1.6.9p20/logging.c Sun Nov 2 09:45:50 2008 +++ sudo-1.6.9p21/logging.c Wed Dec 9 11:21:32 2009 @@ -62,7 +62,7 @@ #include "sudo.h" #ifndef lint -__unused static const char rcsid[] = "$Sudo: logging.c,v 1.168.2.17 2008/11/02 14:45:50 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: logging.c,v 1.168.2.18 2009/12/09 16:21:32 millert Exp $"; #endif /* lint */ static void do_syslog __P((int, char *)); @@ -125,6 +125,9 @@ closelog(); } +#define FMT_FIRST "%8s : %s" +#define FMT_CONTD "%8s : (command continued) %s" + /* * Log a message to syslog, pre-pending the username and splitting the * message into parts if it is longer than MAXSYSLOGLEN. @@ -137,14 +140,12 @@ size_t len, maxlen; char *p, *tmp, save; const char *fmt; - const char *fmt_first = "%8s : %s"; - const char *fmt_contd = "%8s : (command continued) %s"; /* * Log the full line, breaking into multiple syslog(3) calls if necessary */ - fmt = fmt_first; - maxlen = MAXSYSLOGLEN - (sizeof(fmt_first) - 6 + strlen(user_name)); + fmt = FMT_FIRST; + maxlen = MAXSYSLOGLEN - (sizeof(FMT_FIRST) - 6 + strlen(user_name)); for (p = msg; *p != '\0'; ) { len = strlen(p); if (len > maxlen) { @@ -171,8 +172,8 @@ mysyslog(pri, fmt, user_name, p); p += len; } - fmt = fmt_contd; - maxlen = MAXSYSLOGLEN - (sizeof(fmt_contd) - 6 + strlen(user_name)); + fmt = FMT_CONTD; + maxlen = MAXSYSLOGLEN - (sizeof(FMT_CONTD) - 6 + strlen(user_name)); } } diff -urNa sudo-1.6.9p20/parse.c sudo-1.6.9p21/parse.c --- sudo-1.6.9p20/parse.c Tue Jan 27 19:50:01 2009 +++ sudo-1.6.9p21/parse.c Mon Feb 22 19:52:01 2010 @@ -90,10 +90,13 @@ #endif /* HAVE_EXTENDED_GLOB */ #ifndef lint -__unused static const char rcsid[] = "$Sudo: parse.c,v 1.160.2.22 2009/01/28 00:50:01 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: parse.c,v 1.160.2.24 2009/02/10 19:04:51 millert Exp $"; #endif /* lint */ static int command_matches_dir __P((char *, size_t)); +static int command_matches_glob __P((char *, char *)); +static int command_matches_fnmatch __P((char *, char *)); +static int command_matches_normal __P((char *, char *)); /* * Globals @@ -254,13 +257,8 @@ char *sudoers_cmnd; char *sudoers_args; { - struct stat sudoers_stat; - char **ap, *base, *cp; - glob_t gl; - size_t dlen; - /* Check for pseudo-commands */ - if (strchr(user_cmnd, '/') == NULL) { + if (sudoers_cmnd[0] != '/') { /* * Return true if both sudoers_cmnd and user_cmnd are "sudoedit" AND * a) there are no args in sudoers OR @@ -280,108 +278,163 @@ } else return(FALSE); } - dlen = strlen(sudoers_cmnd); - /* - * If sudoers_cmnd has meta characters in it, we may need to - * use glob(3) and fnmatch(3) to do the matching. - */ if (has_meta(sudoers_cmnd)) { /* - * First check to see if we can avoid the call to glob(3). - * Short circuit if there are no meta chars in the command itself - * and user_base and basename(sudoers_cmnd) don't match. + * If sudoers_cmnd has meta characters in it, we need to + * use glob(3) and/or fnmatch(3) to do the matching. */ - if (sudoers_cmnd[dlen - 1] != '/') { - if ((base = strrchr(sudoers_cmnd, '/')) != NULL) { - base++; - if (!has_meta(base) && strcmp(user_base, base) != 0) - return(FALSE); - } - } - /* - * Return true if we find a match in the glob(3) results AND - * a) there are no args in sudoers OR - * b) there are no args on command line and none required by sudoers OR - * c) there are args in sudoers and on command line and they match - * else return false. - */ -#define GLOB_FLAGS (GLOB_NOSORT | GLOB_MARK | GLOB_BRACE | GLOB_TILDE) - if (glob(sudoers_cmnd, GLOB_FLAGS, NULL, &gl) != 0) { - globfree(&gl); - return(FALSE); - } - /* For each glob match, compare basename, st_dev and st_ino. */ - for (ap = gl.gl_pathv; (cp = *ap) != NULL; ap++) { - /* If it ends in '/' it is a directory spec. */ - dlen = strlen(cp); - if (cp[dlen - 1] == '/') { - if (command_matches_dir(cp, dlen)) - return(TRUE); - continue; - } + if (def_fast_glob) + return(command_matches_fnmatch(sudoers_cmnd, sudoers_args)); + return(command_matches_glob(sudoers_cmnd, sudoers_args)); + } + return(command_matches_normal(sudoers_cmnd, sudoers_args)); +} - /* Only proceed if user_base and basename(cp) match */ - if ((base = strrchr(cp, '/')) != NULL) - base++; - else - base = cp; - if (strcmp(user_base, base) != 0 || - stat(cp, &sudoers_stat) == -1) - continue; - if (user_stat->st_dev == sudoers_stat.st_dev && - user_stat->st_ino == sudoers_stat.st_ino) { - efree(safe_cmnd); - safe_cmnd = estrdup(cp); - break; - } - } - globfree(&gl); - if (cp == NULL) - return(FALSE); +static int +command_matches_fnmatch(sudoers_cmnd, sudoers_args) + char *sudoers_cmnd; + char *sudoers_args; +{ + /* + * Return true if fnmatch(3) succeeds AND + * a) there are no args in sudoers OR + * b) there are no args on command line and none required by sudoers OR + * c) there are args in sudoers and on command line and they match + * else return false. + */ + if (fnmatch(sudoers_cmnd, user_cmnd, FNM_PATHNAME) != 0) + return(FALSE); + if (!sudoers_args || + (!user_args && sudoers_args && !strcmp("\"\"", sudoers_args)) || + (sudoers_args && + fnmatch(sudoers_args, user_args ? user_args : "", 0) == 0)) { + if (safe_cmnd) + free(safe_cmnd); + safe_cmnd = estrdup(user_cmnd); + return(TRUE); + } else + return(FALSE); +} - if (!sudoers_args || - (!user_args && sudoers_args && !strcmp("\"\"", sudoers_args)) || - (sudoers_args && - fnmatch(sudoers_args, user_args ? user_args : "", 0) == 0)) { - efree(safe_cmnd); - safe_cmnd = estrdup(user_cmnd); - return(TRUE); +static int +command_matches_glob(sudoers_cmnd, sudoers_args) + char *sudoers_cmnd; + char *sudoers_args; +{ + struct stat sudoers_stat; + size_t dlen; + char **ap, *base, *cp; + glob_t gl; + + /* + * First check to see if we can avoid the call to glob(3). + * Short circuit if there are no meta chars in the command itself + * and user_base and basename(sudoers_cmnd) don't match. + */ + dlen = strlen(sudoers_cmnd); + if (sudoers_cmnd[dlen - 1] != '/') { + if ((base = strrchr(sudoers_cmnd, '/')) != NULL) { + base++; + if (!has_meta(base) && strcmp(user_base, base) != 0) + return(FALSE); } + } + /* + * Return true if we find a match in the glob(3) results AND + * a) there are no args in sudoers OR + * b) there are no args on command line and none required by sudoers OR + * c) there are args in sudoers and on command line and they match + * else return false. + */ +#define GLOB_FLAGS (GLOB_NOSORT | GLOB_MARK | GLOB_BRACE | GLOB_TILDE) + if (glob(sudoers_cmnd, GLOB_FLAGS, NULL, &gl) != 0) { + globfree(&gl); return(FALSE); - } else { + } + /* For each glob match, compare basename, st_dev and st_ino. */ + for (ap = gl.gl_pathv; (cp = *ap) != NULL; ap++) { /* If it ends in '/' it is a directory spec. */ - if (sudoers_cmnd[dlen - 1] == '/') - return(command_matches_dir(sudoers_cmnd, dlen)); + dlen = strlen(cp); + if (cp[dlen - 1] == '/') { + if (command_matches_dir(cp, dlen)) + return(TRUE); + continue; + } - /* Only proceed if user_base and basename(sudoers_cmnd) match */ - if ((base = strrchr(sudoers_cmnd, '/')) == NULL) - base = sudoers_cmnd; - else + /* Only proceed if user_base and basename(cp) match */ + if ((base = strrchr(cp, '/')) != NULL) base++; + else + base = cp; if (strcmp(user_base, base) != 0 || - stat(sudoers_cmnd, &sudoers_stat) == -1) - return(FALSE); - - /* - * Return true if inode/device matches AND - * a) there are no args in sudoers OR - * b) there are no args on command line and none req by sudoers OR - * c) there are args in sudoers and on command line and they match - */ - if (user_stat->st_dev != sudoers_stat.st_dev || - user_stat->st_ino != sudoers_stat.st_ino) - return(FALSE); - if (!sudoers_args || - (!user_args && sudoers_args && !strcmp("\"\"", sudoers_args)) || - (sudoers_args && - fnmatch(sudoers_args, user_args ? user_args : "", 0) == 0)) { + stat(cp, &sudoers_stat) == -1) + continue; + if (user_stat == NULL || + (user_stat->st_dev == sudoers_stat.st_dev && + user_stat->st_ino == sudoers_stat.st_ino)) { efree(safe_cmnd); - safe_cmnd = estrdup(sudoers_cmnd); - return(TRUE); + safe_cmnd = estrdup(cp); + break; } + } + globfree(&gl); + if (cp == NULL) return(FALSE); + + if (!sudoers_args || + (!user_args && sudoers_args && !strcmp("\"\"", sudoers_args)) || + (sudoers_args && + fnmatch(sudoers_args, user_args ? user_args : "", 0) == 0)) { + efree(safe_cmnd); + safe_cmnd = estrdup(user_cmnd); + return(TRUE); } + return(FALSE); +} + +static int +command_matches_normal(sudoers_cmnd, sudoers_args) + char *sudoers_cmnd; + char *sudoers_args; +{ + struct stat sudoers_stat; + char *base; + size_t dlen; + + /* If it ends in '/' it is a directory spec. */ + dlen = strlen(sudoers_cmnd); + if (sudoers_cmnd[dlen - 1] == '/') + return(command_matches_dir(sudoers_cmnd, dlen)); + + /* Only proceed if user_base and basename(sudoers_cmnd) match */ + if ((base = strrchr(sudoers_cmnd, '/')) == NULL) + base = sudoers_cmnd; + else + base++; + if (strcmp(user_base, base) != 0 || + stat(sudoers_cmnd, &sudoers_stat) == -1) + return(FALSE); + + /* + * Return true if inode/device matches AND + * a) there are no args in sudoers OR + * b) there are no args on command line and none req by sudoers OR + * c) there are args in sudoers and on command line and they match + */ + if (user_stat != NULL && + (user_stat->st_dev != sudoers_stat.st_dev || + user_stat->st_ino != sudoers_stat.st_ino)) + return(FALSE); + if (!sudoers_args || + (!user_args && sudoers_args && !strcmp("\"\"", sudoers_args)) || + (sudoers_args && + fnmatch(sudoers_args, user_args ? user_args : "", 0) == 0)) { + efree(safe_cmnd); + safe_cmnd = estrdup(sudoers_cmnd); + return(TRUE); + } + return(FALSE); } /* diff -urNa sudo-1.6.9p20/set_perms.c sudo-1.6.9p21/set_perms.c --- sudo-1.6.9p20/set_perms.c Tue Nov 27 18:41:23 2007 +++ sudo-1.6.9p21/set_perms.c Sat Apr 25 10:12:55 2009 @@ -57,7 +57,7 @@ #include "sudo.h" #ifndef lint -__unused static const char rcsid[] = "$Sudo: set_perms.c,v 1.30.2.7 2007/11/27 23:41:23 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: set_perms.c,v 1.30.2.8 2009/04/25 14:12:55 millert Exp $"; #endif /* lint */ #ifdef __TANDEM @@ -376,11 +376,12 @@ #endif /* HAVE_SETRESUID */ #ifdef HAVE_INITGROUPS +static int runas_ngroups = -1; +static GETGROUPS_T *runas_groups; + static void runas_setgroups() { - static int ngroups = -1; - static GETGROUPS_T *groups; struct passwd *pw; if (def_preserve_groups) @@ -389,19 +390,26 @@ /* * Use stashed copy of runas groups if available, else initgroups and stash. */ - if (ngroups == -1) { + if (runas_ngroups == -1) { pw = runas_pw ? runas_pw : sudo_user.pw; if (initgroups(pw->pw_name, pw->pw_gid) < 0) log_error(USE_ERRNO|MSG_ONLY, "can't set runas group vector"); - if ((ngroups = getgroups(0, NULL)) < 0) + if ((runas_ngroups = getgroups(0, NULL)) < 0) log_error(USE_ERRNO|MSG_ONLY, "can't get runas ngroups"); - groups = emalloc2(ngroups, sizeof(GETGROUPS_T)); - if (getgroups(ngroups, groups) < 0) + runas_groups = emalloc2(runas_ngroups, sizeof(GETGROUPS_T)); + if (getgroups(runas_ngroups, runas_groups) < 0) log_error(USE_ERRNO|MSG_ONLY, "can't get runas group vector"); } else { - if (setgroups(ngroups, groups) < 0) + if (setgroups(runas_ngroups, runas_groups) < 0) log_error(USE_ERRNO|MSG_ONLY, "can't set runas group vector"); } +} + +void +runas_resetgroups() +{ + runas_ngroups = -1; + efree(runas_groups); } static void diff -urNa sudo-1.6.9p20/sudo.c sudo-1.6.9p21/sudo.c --- sudo-1.6.9p20/sudo.c Mon Nov 10 08:07:49 2008 +++ sudo-1.6.9p21/sudo.c Wed Dec 9 11:18:09 2009 @@ -105,7 +105,7 @@ #include "version.h" #ifndef lint -__unused __unused static const char rcsid[] = "$Sudo: sudo.c,v 1.369.2.50 2008/11/10 13:07:49 millert Exp $"; +__unused __unused static const char rcsid[] = "$Sudo: sudo.c,v 1.369.2.54 2009/12/09 16:18:09 millert Exp $"; #endif /* lint */ /* @@ -131,6 +131,7 @@ extern struct passwd *sudo_getpwnam __P((const char *)); extern struct passwd *sudo_getpwuid __P((uid_t)); extern struct passwd *sudo_pwdup __P((const struct passwd *)); +extern void runas_resetgroups __P((void)); /* * Globals @@ -226,7 +227,7 @@ user_cmnd = "shell"; else if (ISSET(sudo_mode, MODE_EDIT)) user_cmnd = "sudoedit"; - else + else { switch (sudo_mode) { case MODE_VERSION: (void) printf("Sudo version %s\n", version); @@ -243,6 +244,7 @@ usage(0); break; case MODE_VALIDATE: + case MODE_VALIDATE|MODE_INVALIDATE: user_cmnd = "validate"; pwflag = I_VERIFYPW; break; @@ -256,11 +258,13 @@ exit(0); break; case MODE_LIST: + case MODE_LIST|MODE_INVALIDATE: user_cmnd = "list"; pwflag = I_LISTPW; printmatches = 1; break; } + } /* Must have a command to run... */ if (user_cmnd == NULL && NewArgc == 0) @@ -359,7 +363,7 @@ /* Require a password if sudoers says so. */ if (!ISSET(validated, FLAG_NOPASS)) - check_user(validated); + check_user(validated, sudo_mode); /* If run as root with SUDO_USER set, set sudo_user.pw to that user. */ if (user_uid == 0 && prev_user != NULL && strcmp(prev_user, "root") != 0) { @@ -391,9 +395,9 @@ } log_auth(validated, 1); - if (sudo_mode == MODE_VALIDATE) + if (ISSET(sudo_mode, MODE_VALIDATE)) exit(0); - else if (sudo_mode == MODE_LIST) { + else if (ISSET(sudo_mode, MODE_LIST)) { list_matches(); #ifdef HAVE_LDAP sudo_ldap_list_matches(); @@ -401,12 +405,22 @@ exit(0); } - /* Override user's umask if configured to do so. */ + /* + * Override user's umask if configured to do so. + * If user's umask is more restrictive, OR in those bits too. + * Set umask based on sudoers. + * If user's umask is more restrictive, OR in those bits too + * unless umask_override is set. + */ if (def_umask != 0777) { - mode_t mask = umask(def_umask); - mask |= def_umask; - if (mask != def_umask) - umask(mask); + if (def_umask_override) { + umask(def_umask); + } else { + mode_t mask = umask(def_umask); + mask |= def_umask; + if (mask != def_umask) + umask(mask); + } } /* Restore coredumpsize resource limit. */ @@ -600,7 +614,7 @@ * users to place "sudo -k" in a .logout file which can cause sudo to * be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died. */ - if (sudo_mode & (MODE_INVALIDATE|MODE_KILL)) + if (sudo_mode == MODE_INVALIDATE || sudo_mode == MODE_KILL) errx(1, "uid %s does not exist in the passwd file!", pw_name); log_error(0, "uid %s does not exist in the passwd file!", pw_name); } @@ -742,8 +756,7 @@ if (strcmp(getprogname(), "sudoedit") == 0) { rval = MODE_EDIT; excl = 'e'; - } else - rval = MODE_RUN; + } while (NewArgc > 0) { if (NewArgv[0][0] == '-') { @@ -804,28 +817,42 @@ break; case 'e': rval = MODE_EDIT; - if (excl && excl != 'e') + if (excl == 'k') + SET(rval, MODE_INVALIDATE); + else if (excl && excl != 'e') usage_excl(1); excl = 'e'; break; case 'v': rval = MODE_VALIDATE; - if (excl && excl != 'v') + if (excl == 'k') + SET(rval, MODE_INVALIDATE); + else if (excl && excl != 'v') usage_excl(1); excl = 'v'; break; case 'i': SET(rval, (MODE_LOGIN_SHELL | MODE_SHELL)); def_env_reset = TRUE; - if (excl && excl != 'i') + if (excl == 'k') + SET(rval, MODE_INVALIDATE); + else if (excl && excl != 'i') usage_excl(1); excl = 'i'; break; case 'k': - rval = MODE_INVALIDATE; - if (excl && excl != 'k') - usage_excl(1); - excl = 'k'; + switch (excl) { + case 0: + excl = 'k'; + break; + case 'k': case 'v': case 'e': + case 'i': case 's': case 'l': + break; + default: + usage_excl(1); + } + CLR(rval, MODE_RUN); + SET(rval, MODE_INVALIDATE); break; case 'K': rval = MODE_KILL; @@ -841,7 +868,9 @@ break; case 'l': rval = MODE_LIST; - if (excl && excl != 'l') + if (excl == 'k') + SET(rval, MODE_INVALIDATE); + else if (excl && excl != 'l') usage_excl(1); excl = 'l'; break; @@ -859,7 +888,9 @@ break; case 's': SET(rval, MODE_SHELL); - if (excl && excl != 's') + if (excl == 'k') + SET(rval, MODE_INVALIDATE); + else if (excl && excl != 's') usage_excl(1); excl = 's'; break; @@ -936,7 +967,7 @@ warnx("you may not specify both the `-i' and `-E' options"); usage(1); } - if (user_runas != NULL && !ISSET(rval, (MODE_EDIT|MODE_RUN))) { + if (user_runas != NULL && !ISSET(rval, (MODE_EDIT|MODE_RUN|MODE_VALIDATE))) { if (excl != '\0') warnx("the `-u' and '-%c' options may not be used together", excl); usage(1); @@ -1263,6 +1294,7 @@ if (runas_pw == NULL) log_error(NO_MAIL|MSG_ONLY, "no passwd entry for %s!", user); } + runas_resetgroups(); return(TRUE); } @@ -1329,7 +1361,7 @@ NULL }; static char *uvec2[] = { - " [-bEHPS]", + " [-bEHkPS]", #ifdef HAVE_BSD_AUTH_H " [-a auth_type]", #endif @@ -1350,14 +1382,20 @@ }; static char *uvec3[] = { " -e", - " [-S]", + " [-kS]", #ifdef HAVE_BSD_AUTH_H " [-a auth_type]", #endif #ifdef HAVE_LOGIN_CAP_H " [-c class|-]", #endif +#ifdef HAVE_SELINUX + " [-r role]", +#endif " [-p prompt]", +#ifdef HAVE_SELINUX + " [-t type]", +#endif " [-u username|#uid]", " file ...", NULL diff -urNa sudo-1.6.9p20/sudo.cat sudo-1.6.9p21/sudo.cat --- sudo-1.6.9p20/sudo.cat Tue Jan 27 19:51:57 2009 +++ sudo-1.6.9p21/sudo.cat Tue Feb 23 07:20:48 2010 @@ -10,10 +10,10 @@ SSYYNNOOPPSSIISS ssuuddoo --hh | --KK | --kk | --LL | --ll | --VV | --vv - ssuuddoo [--bbEEHHPPSS] [--aa _a_u_t_h___t_y_p_e] [--cc _c_l_a_s_s|_-] [--pp _p_r_o_m_p_t] + ssuuddoo [--bbEEHHkkPPSS] [--aa _a_u_t_h___t_y_p_e] [--cc _c_l_a_s_s|_-] [--pp _p_r_o_m_p_t] [--uu _u_s_e_r_n_a_m_e|_#_u_i_d] [VVAARR=_v_a_l_u_e] {--ii | --ss | _c_o_m_m_a_n_d} - ssuuddooeeddiitt [--SS] [--aa _a_u_t_h___t_y_p_e] [--cc _c_l_a_s_s|_-] [--pp _p_r_o_m_p_t] + ssuuddooeeddiitt [--kkSS] [--aa _a_u_t_h___t_y_p_e] [--cc _c_l_a_s_s|_-] [--pp _p_r_o_m_p_t] [--uu _u_s_e_r_n_a_m_e|_#_u_i_d] file ... DDEESSCCRRIIPPTTIIOONN @@ -61,7 +61,7 @@ -1.6.9p20 January 27, 2008 1 +1.6.9p21 February 23, 2010 1 @@ -127,7 +127,7 @@ -1.6.9p20 January 27, 2008 2 +1.6.9p21 February 23, 2010 2 @@ -173,35 +173,42 @@ run. -K The --KK (sure _k_i_l_l) option is like --kk except that it - removes the user's timestamp entirely. Like --kk, this - option does not require a password. + removes the user's timestamp entirely and may not be + used in conjunction with a command or other option. + This option does not require a password. - -k The --kk (_k_i_l_l) option to ssuuddoo invalidates the user's - timestamp by setting the time on it to the Epoch. The - next time ssuuddoo is run a password will be required. - This option does not require a password and was added - to allow a user to revoke ssuuddoo permissions from a - .logout file. + -k When used by itself, the --kk (_k_i_l_l) option to ssuuddoo + invalidates the user's timestamp by setting the time + on it to the Epoch. The next time ssuuddoo is run a + password will be required. This option does not + require a password and was added to allow a user to + revoke ssuuddoo permissions from a .logout file. - -L The --LL (_l_i_s_t defaults) option will list out the - parameters that may be set in a _D_e_f_a_u_l_t_s line along - with a short description for each. This option is - useful in conjunction with _g_r_e_p(1). + When used in conjunction with a command or an option + that may require a password, the --kk option will cause + ssuuddoo to ignore the user's timestamp file. As a + result, ssuuddoo will prompt for a password (if one is + required by _s_u_d_o_e_r_s) and will not update the user's + timestamp file. - -l The --ll (_l_i_s_t) option will list out the allowed (and - forbidden) commands for the invoking user on the +1.6.9p21 February 23, 2010 3 -1.6.9p20 January 27, 2008 3 - SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) + -L The --LL (_l_i_s_t defaults) option will list out the + parameters that may be set in a _D_e_f_a_u_l_t_s line along + with a short description for each. This option is + useful in conjunction with _g_r_e_p(1). + + -l The --ll (_l_i_s_t) option will list out the allowed (and + forbidden) commands for the invoking user on the current host. -P The --PP (_p_r_e_s_e_r_v_e _g_r_o_u_p _v_e_c_t_o_r) option causes ssuuddoo to @@ -249,25 +256,26 @@ escaped with a backslash ('\'). Note that if the _t_a_r_g_e_t_p_w Defaults option is set (see _s_u_d_o_e_r_s(4)) it is not possible to run commands with a uid not listed in - the password database. - -V The --VV (_v_e_r_s_i_o_n) option causes ssuuddoo to print the - version number and exit. If the invoking user is - already root the --VV option will print out a list of - the defaults ssuuddoo was compiled with as well as the - machine's local network addresses. +1.6.9p21 February 23, 2010 4 -1.6.9p20 January 27, 2008 4 - SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) + the password database. + + -V The --VV (_v_e_r_s_i_o_n) option causes ssuuddoo to print the + version number and exit. If the invoking user is + already root the --VV option will print out a list of + the defaults ssuuddoo was compiled with as well as the + machine's local network addresses. + -v If given the --vv (_v_a_l_i_d_a_t_e) option, ssuuddoo will update the user's timestamp, prompting for the user's password if necessary. This extends the ssuuddoo timeout @@ -314,26 +322,26 @@ variables. By default, the _e_n_v___r_e_s_e_t _s_u_d_o_e_r_s option is enabled. This causes commands to be executed with a minimal environment containing TERM, PATH, HOME, SHELL, - LOGNAME, USER and USERNAME in addition to variables from - the invoking process permitted by the _e_n_v___c_h_e_c_k and - _e_n_v___k_e_e_p _s_u_d_o_e_r_s options. There is effectively a - whitelist for environment variables. - If, however, the _e_n_v___r_e_s_e_t option is disabled in _s_u_d_o_e_r_s, - any variables not explicitly denied by the _e_n_v___c_h_e_c_k and - _e_n_v___d_e_l_e_t_e options are inherited from the invoking +1.6.9p21 February 23, 2010 5 -1.6.9p20 January 27, 2008 5 - SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) + LOGNAME, USER and USERNAME in addition to variables from + the invoking process permitted by the _e_n_v___c_h_e_c_k and + _e_n_v___k_e_e_p _s_u_d_o_e_r_s options. There is effectively a + whitelist for environment variables. + + If, however, the _e_n_v___r_e_s_e_t option is disabled in _s_u_d_o_e_r_s, + any variables not explicitly denied by the _e_n_v___c_h_e_c_k and + _e_n_v___d_e_l_e_t_e options are inherited from the invoking process. In this case, _e_n_v___c_h_e_c_k and _e_n_v___d_e_l_e_t_e behave like a blacklist. Since it is not possible to blacklist all potentially dangerous environment variables, use of @@ -381,25 +389,24 @@ owner (root) and permissions (0700) in the system startup files. - ssuuddoo will not honor timestamps set far in the future. - Timestamps with a date greater than current_time + 2 * - TIMEOUT will be ignored and sudo will log and complain. - This is done to keep a user from creating his/her own - timestamp with a bogus date on systems that allow users to - give away files. +1.6.9p21 February 23, 2010 6 -1.6.9p20 January 27, 2008 6 - - SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) + ssuuddoo will not honor timestamps set far in the future. + Timestamps with a date greater than current_time + 2 * + TIMEOUT will be ignored and sudo will log and complain. + This is done to keep a user from creating his/her own + timestamp with a bogus date on systems that allow users to + give away files. + Please note that ssuuddoo will normally only log the command it explicitly runs. If a user runs a command such as sudo su or sudo sh, subsequent commands run from that shell @@ -447,25 +454,26 @@ USER Set to the target user (root unless the --uu option is specified) - VISUAL Default editor to use in --ee (sudoedit) - mode -FFIILLEESS - _/_e_t_c_/_s_u_d_o_e_r_s List of who can run what - _/_v_a_r_/_r_u_n_/_s_u_d_o Directory containing timestamps +1.6.9p21 February 23, 2010 7 -1.6.9p20 January 27, 2008 7 +SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) + VISUAL Default editor to use in --ee (sudoedit) + mode +FFIILLEESS + _/_e_t_c_/_s_u_d_o_e_r_s List of who can run what + _/_v_a_r_/_r_u_n_/_s_u_d_o Directory containing timestamps + EEXXAAMMPPLLEESS Note: the following examples assume suitable _s_u_d_o_e_r_s(4) entries. @@ -512,26 +520,27 @@ CCAAVVEEAATTSS There is no easy way to prevent a user from gaining a root shell if that user is allowed to run arbitrary commands - via ssuuddoo. Also, many programs (such as editors) allow the - user to run commands via shell escapes, thus avoiding - ssuuddoo's checks. However, on most systems it is possible to - prevent shell escapes with ssuuddoo's _n_o_e_x_e_c functionality. - See the _s_u_d_o_e_r_s(4) manual for details. - It is not meaningful to run the cd command directly via - sudo, e.g., +1.6.9p21 February 23, 2010 8 -1.6.9p20 January 27, 2008 8 - SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) + via ssuuddoo. Also, many programs (such as editors) allow the + user to run commands via shell escapes, thus avoiding + ssuuddoo's checks. However, on most systems it is possible to + prevent shell escapes with ssuuddoo's _n_o_e_x_e_c functionality. + See the _s_u_d_o_e_r_s(4) manual for details. + + It is not meaningful to run the cd command directly via + sudo, e.g., + $ sudo cd /usr/local/protected since when the command exits the parent process (your @@ -580,15 +589,6 @@ - - - - - - - - - -1.6.9p20 January 27, 2008 9 +1.6.9p21 February 23, 2010 9 diff -urNa sudo-1.6.9p20/sudo.h sudo-1.6.9p21/sudo.h --- sudo-1.6.9p20/sudo.h Sat Feb 9 09:44:48 2008 +++ sudo-1.6.9p21/sudo.h Wed Feb 25 06:07:43 2009 @@ -17,7 +17,7 @@ * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. * - * $Sudo: sudo.h,v 1.209.2.14 2008/02/09 14:44:48 millert Exp $ + * $Sudo: sudo.h,v 1.209.2.15 2009/02/25 11:07:43 millert Exp $ */ #ifndef _SUDO_SUDO_H @@ -232,7 +232,7 @@ char *sudo_goodpath __P((const char *, struct stat *)); char *tgetpass __P((const char *, int, int)); int find_path __P((char *, char **, struct stat *, char *)); -void check_user __P((int)); +void check_user __P((int, int)); void verify_user __P((struct passwd *, char *)); int sudoers_lookup __P((int)); #ifdef HAVE_LDAP diff -urNa sudo-1.6.9p20/sudo.man.in sudo-1.6.9p21/sudo.man.in --- sudo-1.6.9p20/sudo.man.in Wed Jan 28 11:16:50 2009 +++ sudo-1.6.9p21/sudo.man.in Tue Feb 23 07:20:23 2010 @@ -18,7 +18,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.\" $Sudo: sudo.man.in,v 1.29.2.30 2009/01/28 16:16:50 millert Exp $ +.\" $Sudo: sudo.man.in,v 1.29.2.32 2009/02/25 11:08:39 millert Exp $ .\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) .\" .\" Standard preamble: @@ -153,7 +153,7 @@ .\" ======================================================================== .\" .IX Title "SUDO @mansectsu@" -.TH SUDO @mansectsu@ "January 27, 2008" "1.6.9p20" "MAINTENANCE COMMANDS" +.TH SUDO @mansectsu@ "February 23, 2010" "1.6.9p21" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -164,7 +164,7 @@ .IX Header "SYNOPSIS" \&\fBsudo\fR \fB\-h\fR | \fB\-K\fR | \fB\-k\fR | \fB\-L\fR | \fB\-l\fR | \fB\-V\fR | \fB\-v\fR .PP -\&\fBsudo\fR [\fB\-bEHPS\fR] +\&\fBsudo\fR [\fB\-bEHkPS\fR] @BAMAN@[\fB\-a\fR\ \fIauth_type\fR] @LCMAN@[\fB\-c\fR\ \fIclass\fR|\fI\-\fR] [\fB\-p\fR\ \fIprompt\fR] @@ -172,10 +172,12 @@ [\fB\-u\fR\ \fIusername\fR|\fI#uid\fR] [\fB\s-1VAR\s0\fR=\fIvalue\fR] {\fB\-i\fR\ |\ \fB\-s\fR\ |\ \fIcommand\fR} .PP -\&\fBsudoedit\fR [\fB\-S\fR] +\&\fBsudoedit\fR [\fB\-kS\fR] @BAMAN@[\fB\-a\fR\ \fIauth_type\fR] @LCMAN@[\fB\-c\fR\ \fIclass\fR|\fI\-\fR] -[\fB\-p\fR\ \fIprompt\fR] [\fB\-u\fR\ \fIusername\fR|\fI#uid\fR] +[\fB\-p\fR\ \fIprompt\fR] +@SEMAN@[\fB\-r\fR\ \fIrole\fR] [\fB\-t\fR\ \fItype\fR] +[\fB\-u\fR\ \fIusername\fR|\fI#uid\fR] file ... .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -311,15 +313,22 @@ .IP "\-K" 4 .IX Item "-K" The \fB\-K\fR (sure \fIkill\fR) option is like \fB\-k\fR except that it removes -the user's timestamp entirely. Like \fB\-k\fR, this option does not -require a password. +the user's timestamp entirely and may not be used in conjunction +with a command or other option. This option does not require a +password. .IP "\-k" 4 .IX Item "-k" -The \fB\-k\fR (\fIkill\fR) option to \fBsudo\fR invalidates the user's timestamp -by setting the time on it to the Epoch. The next time \fBsudo\fR is -run a password will be required. This option does not require a password -and was added to allow a user to revoke \fBsudo\fR permissions from a .logout -file. +When used by itself, the \fB\-k\fR (\fIkill\fR) option to \fBsudo\fR invalidates +the user's timestamp by setting the time on it to the Epoch. The +next time \fBsudo\fR is run a password will be required. This option +does not require a password and was added to allow a user to revoke +\&\fBsudo\fR permissions from a .logout file. +.Sp +When used in conjunction with a command or an option that may require +a password, the \fB\-k\fR option will cause \fBsudo\fR to ignore the user's +timestamp file. As a result, \fBsudo\fR will prompt for a password +(if one is required by \fIsudoers\fR) and will not update the user's +timestamp file. .IP "\-L" 4 .IX Item "-L" The \fB\-L\fR (\fIlist\fR defaults) option will list out the parameters diff -urNa sudo-1.6.9p20/sudo.pod sudo-1.6.9p21/sudo.pod --- sudo-1.6.9p20/sudo.pod Wed Dec 3 12:47:20 2008 +++ sudo-1.6.9p21/sudo.pod Wed Feb 25 06:07:43 2009 @@ -18,7 +18,7 @@ Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F39502-99-1-0512. -$Sudo: sudo.pod,v 1.70.2.25 2008/12/03 17:42:06 millert Exp $ +$Sudo: sudo.pod,v 1.70.2.26 2009/02/25 11:07:43 millert Exp $ =pod =head1 NAME @@ -29,7 +29,7 @@ B B<-h> | B<-K> | B<-k> | B<-L> | B<-l> | B<-V> | B<-v> -B [B<-bEHPS>] +B [B<-bEHkPS>] S<[B<-a> I]> S<[B<-c> I|I<->]> S<[B<-p> I]> @@ -37,10 +37,12 @@ S<[B<-u> I|I<#uid>]> S<[B=I]> S<{B<-i> | B<-s> | I}> -B [B<-S>] +B [B<-kS>] S<[B<-a> I]> S<[B<-c> I|I<->]> -S<[B<-p> I]> S<[B<-u> I|I<#uid>]> +S<[B<-p> I]> +S<[B<-r> I]> S<[B<-t> I]> +S<[B<-u> I|I<#uid>]> file ... =head1 DESCRIPTION @@ -195,16 +197,23 @@ =item -K The B<-K> (sure I) option is like B<-k> except that it removes -the user's timestamp entirely. Like B<-k>, this option does not -require a password. +the user's timestamp entirely and may not be used in conjunction +with a command or other option. This option does not require a +password. =item -k -The B<-k> (I) option to B invalidates the user's timestamp -by setting the time on it to the Epoch. The next time B is -run a password will be required. This option does not require a password -and was added to allow a user to revoke B permissions from a .logout -file. +When used by itself, the B<-k> (I) option to B invalidates +the user's timestamp by setting the time on it to the Epoch. The +next time B is run a password will be required. This option +does not require a password and was added to allow a user to revoke +B permissions from a .logout file. + +When used in conjunction with a command or an option that may require +a password, the B<-k> option will cause B to ignore the user's +timestamp file. As a result, B will prompt for a password +(if one is required by I) and will not update the user's +timestamp file. =item -L diff -urNa sudo-1.6.9p20/sudoers.cat sudo-1.6.9p21/sudoers.cat --- sudo-1.6.9p20/sudoers.cat Tue Jan 27 19:52:00 2009 +++ sudo-1.6.9p21/sudoers.cat Tue Feb 23 07:20:48 2010 @@ -61,7 +61,7 @@ -1.6.9p20 January 27, 2008 1 +1.6.9p21 February 23, 2010 1 @@ -127,7 +127,7 @@ -1.6.9p20 January 27, 2008 2 +1.6.9p21 February 23, 2010 2 @@ -193,7 +193,7 @@ -1.6.9p20 January 27, 2008 3 +1.6.9p21 February 23, 2010 3 @@ -259,7 +259,7 @@ -1.6.9p20 January 27, 2008 4 +1.6.9p21 February 23, 2010 4 @@ -325,7 +325,7 @@ -1.6.9p20 January 27, 2008 5 +1.6.9p21 February 23, 2010 5 @@ -391,7 +391,7 @@ -1.6.9p20 January 27, 2008 6 +1.6.9p21 February 23, 2010 6 @@ -406,10 +406,10 @@ WWiillddccaarrddss ssuuddoo allows shell-style _w_i_l_d_c_a_r_d_s (aka meta or glob - characters) to be used in pathnames as well as command + characters) to be used in hostnames, pathnames and command line arguments in the _s_u_d_o_e_r_s file. Wildcard matching is - done via the PPOOSSIIXX _f_n_m_a_t_c_h(3) routine. Note that these - are _n_o_t regular expressions. + done via the PPOOSSIIXX _g_l_o_b(3) and _f_n_m_a_t_c_h(3) routines. Note + that these are _n_o_t regular expressions. * Matches any set of zero or more characters. @@ -457,7 +457,7 @@ -1.6.9p20 January 27, 2008 7 +1.6.9p21 February 23, 2010 7 @@ -523,7 +523,7 @@ -1.6.9p20 January 27, 2008 8 +1.6.9p21 February 23, 2010 8 @@ -589,7 +589,7 @@ -1.6.9p20 January 27, 2008 9 +1.6.9p21 February 23, 2010 9 @@ -655,7 +655,7 @@ -1.6.9p20 January 27, 2008 10 +1.6.9p21 February 23, 2010 10 @@ -721,7 +721,7 @@ -1.6.9p20 January 27, 2008 11 +1.6.9p21 February 23, 2010 11 @@ -787,7 +787,7 @@ -1.6.9p20 January 27, 2008 12 +1.6.9p21 February 23, 2010 12 @@ -796,6 +796,22 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + fast_glob Normally, ssuuddoo uses the _g_l_o_b(3) function + to do shell-style globbing when matching + pathnames. However, since it accesses the + file system, _g_l_o_b(3) can take a long time + to complete for some patterns, especially + when the pattern references a network file + system that is mounted on demand + (automounted). The _f_a_s_t___g_l_o_b option + causes ssuuddoo to use the _f_n_m_a_t_c_h(3) + function, which does not access the file + system to do its matching. The + disadvantage of _f_a_s_t___g_l_o_b is that it is + unable to match relative pathnames such as + _._/_l_s or _._._/_b_i_n_/_l_s. This flag is _o_f_f by + default. + stay_setuid Normally, when ssuuddoo executes a command the real and effective UIDs are set to the target user (root by default). This @@ -827,6 +843,28 @@ that directory. This flag is _o_f_f by default. + umask_override If set, ssuuddoo will set the umask as + specified by _s_u_d_o_e_r_s without modification. + This makes it possible to specify a more + permissive umask in _s_u_d_o_e_r_s than the + user's own umask and matches historical + behavior. If _u_m_a_s_k___o_v_e_r_r_i_d_e is not set, + ssuuddoo will set the umask to be the union of + + + +1.6.9p21 February 23, 2010 13 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + + the user's umask and what is specified in + _s_u_d_o_e_r_s. This flag is _o_f_f by default. + use_loginclass If set, ssuuddoo will apply the defaults specified for the target user's login class if one exists. Only available if @@ -850,18 +888,6 @@ negate the option to disable word wrap). passwd_timeout Number of minutes before the ssuuddoo password - - - -1.6.9p20 January 27, 2008 13 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - prompt times out. The default is 5; set this to 0 for no password timeout. @@ -890,6 +916,18 @@ SSttrriinnggss: + + + +1.6.9p21 February 23, 2010 14 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + badpass_message Message that is displayed if a user enters an incorrect password. The default is Sorry, try again. unless insults are @@ -917,17 +955,6 @@ equivalent. Defaults to _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o___n_o_e_x_e_c_._s_o. - - -1.6.9p20 January 27, 2008 14 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - passprompt The default prompt to use when asking for a password; can be overridden via the --pp option or the SUDO_PROMPT environment @@ -956,6 +983,17 @@ %% two consecutive % characters are collapsed into a single % character + + +1.6.9p21 February 23, 2010 15 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + The default value is Password:. runas_default The default user to run commands as if the @@ -982,18 +1020,6 @@ SSttrriinnggss tthhaatt ccaann bbee uusseedd iinn aa bboooolleeaann ccoonntteexxtt: - - - -1.6.9p20 January 27, 2008 15 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - exempt_group Users in this group are exempt from password and PATH requirements. This is not set by @@ -1022,6 +1048,18 @@ default, ssuuddoo uses a built-in lecture. listpw This option controls when a password will be + + + +1.6.9p21 February 23, 2010 16 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + required when a user runs ssuuddoo with the --ll option. It has the following possible values: @@ -1048,18 +1086,6 @@ logfile Path to the ssuuddoo log file (not the syslog log file). Setting a path turns on logging to a file; negating this option turns it off. By - - - -1.6.9p20 January 27, 2008 16 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - default, ssuuddoo logs via syslog. mailerflags Flags to use when invoking mailer. Defaults to @@ -1089,6 +1115,17 @@ always The user must always enter a password to use the --vv option. + + +1.6.9p21 February 23, 2010 17 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + any At least one of the user's _s_u_d_o_e_r_s entries for the current host must have the NOPASSWD flag set to avoid @@ -1114,18 +1151,6 @@ value without double-quotes. The list can be replaced, added to, deleted from, or disabled by using the =, +=, -=, and ! - - - -1.6.9p20 January 27, 2008 17 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - operators respectively. Regardless of whether the env_reset option is enabled or disabled, variables specified by env_check @@ -1155,6 +1180,18 @@ grained control over the environment ssuuddoo-spawned processes will receive. The argument may be a double-quoted, space- + + + +1.6.9p21 February 23, 2010 18 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + separated list or a single value without double-quotes. The list can be replaced, added to, deleted from, or disabled by @@ -1180,18 +1217,6 @@ EEXXAAMMPPLLEESS Since the _s_u_d_o_e_r_s file is parsed in a single pass, order - - - -1.6.9p20 January 27, 2008 18 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - is important. In general, you should structure _s_u_d_o_e_r_s such that the Host_Alias, User_Alias, and Cmnd_Alias specifications come first, followed by any Default_Entry @@ -1221,6 +1246,18 @@ Host_Alias SERVERS = master, mail, www, ns Host_Alias CDROM = orion, perseus, hercules + + + +1.6.9p21 February 23, 2010 19 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + # Cmnd alias specification Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\ /usr/sbin/restore, /usr/sbin/rrestore @@ -1246,18 +1283,6 @@ sure we log the year in each log line since the log entries will be kept around for several years. Lastly, we disable shell escapes for the commands in the PAGERS - - - -1.6.9p20 January 27, 2008 19 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - Cmnd_Alias (_/_u_s_r_/_b_i_n_/_m_o_r_e, _/_u_s_r_/_b_i_n_/_p_g and _/_u_s_r_/_b_i_n_/_l_e_s_s). # Override built-in defaults @@ -1288,6 +1313,17 @@ any command on any host but they must authenticate themselves first (since the entry lacks the NOPASSWD tag). + + +1.6.9p21 February 23, 2010 20 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + jack CSNETS = ALL The user jjaacckk may run any command on the machines in the @@ -1312,18 +1348,6 @@ joe ALL = /usr/bin/su operator - - - -1.6.9p20 January 27, 2008 20 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - The user jjooee may only _s_u(1) to operator. pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root @@ -1354,6 +1378,18 @@ fred ALL = (DB) NOPASSWD: ALL The user ffrreedd can run commands as any user in the _D_B + + + +1.6.9p21 February 23, 2010 21 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + Runas_Alias (oorraaccllee or ssyybbaassee) without giving a password. john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root* @@ -1379,17 +1415,6 @@ The user sstteevvee may run any command in the directory /usr/local/op_commands/ but only as user operator. - - -1.6.9p20 January 27, 2008 21 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - matt valkyrie = KILL On his personal workstation, valkyrie, mmaatttt needs to be @@ -1419,6 +1444,18 @@ bill ALL = ALL, !SU, !SHELLS Doesn't really prevent bbiillll from running the commands + + + +1.6.9p21 February 23, 2010 22 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + listed in _S_U or _S_H_E_L_L_S since he can simply copy those commands to a different name, or use a shell escape from an editor or other program. Therefore, these kind of @@ -1445,17 +1482,6 @@ shell escapes, restricting users to the set of programs that do not if often unworkable. - - -1.6.9p20 January 27, 2008 22 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - noexec Many systems that support shared libraries have the ability to override default library functions by pointing an environment variable @@ -1484,6 +1510,18 @@ there is no foolproof way to know whether or not _n_o_e_x_e_c will work at compile-time. _n_o_e_x_e_c should work on SunOS, Solaris, *BSD, Linux, IRIX, Tru64 + + + +1.6.9p21 February 23, 2010 23 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + UNIX, MacOS X, and HP-UX 11.x. It is known nnoott to work on AIX and UnixWare. _n_o_e_x_e_c is expected to work on most operating systems that support @@ -1510,24 +1548,12 @@ Note that restricting shell escapes is not a panacea. Programs running as root are still capable of many potentially hazardous operations (such as changing or - - - -1.6.9p20 January 27, 2008 23 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - overwriting files) that could lead to unintended privilege escalation. In the specific case of an editor, a safer approach is to give the user permission to run ssuuddooeeddiitt. SSEEEE AALLSSOO - _r_s_h(1), _s_u(1), _f_n_m_a_t_c_h(3), _s_u_d_o(1m), _v_i_s_u_d_o(8) + _r_s_h(1), _s_u(1), _f_n_m_a_t_c_h(3), _g_l_o_b(3), _s_u_d_o(1m), _v_i_s_u_d_o(8) CCAAVVEEAATTSS The _s_u_d_o_e_r_s file should aallwwaayyss be edited by the vviissuuddoo @@ -1550,6 +1576,18 @@ Limited free support is available via the sudo-users mailing list, see http://www.sudo.ws/mailman/listinfo/sudo-users to + + + +1.6.9p21 February 23, 2010 24 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + subscribe or search the archives. DDIISSCCLLAAIIMMEERR @@ -1579,6 +1617,34 @@ -1.6.9p20 January 27, 2008 24 + + + + + + + + + + + + + + + + + + + + + + + + + + + + +1.6.9p21 February 23, 2010 25 diff -urNa sudo-1.6.9p20/sudoers.man.in sudo-1.6.9p21/sudoers.man.in --- sudo-1.6.9p20/sudoers.man.in Wed Jan 28 11:16:50 2009 +++ sudo-1.6.9p21/sudoers.man.in Tue Feb 23 07:20:32 2010 @@ -18,7 +18,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.\" $Sudo: sudoers.man.in,v 1.45.2.32 2009/01/28 16:16:50 millert Exp $ +.\" $Sudo: sudoers.man.in,v 1.45.2.34 2009/02/21 22:08:42 millert Exp $ .\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) .\" .\" Standard preamble: @@ -153,7 +153,7 @@ .\" ======================================================================== .\" .IX Title "SUDOERS @mansectform@" -.TH SUDOERS @mansectform@ "January 27, 2008" "1.6.9p20" "MAINTENANCE COMMANDS" +.TH SUDOERS @mansectform@ "February 23, 2010" "1.6.9p21" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -501,9 +501,10 @@ .Sh "Wildcards" .IX Subsection "Wildcards" \&\fBsudo\fR allows shell-style \fIwildcards\fR (aka meta or glob characters) -to be used in pathnames as well as command line arguments in the -\&\fIsudoers\fR file. Wildcard matching is done via the \fB\s-1POSIX\s0\fR -\&\fIfnmatch\fR\|(3) routine. Note that these are \fInot\fR regular expressions. +to be used in hostnames, pathnames and command line arguments in +the \fIsudoers\fR file. Wildcard matching is done via the \fB\s-1POSIX\s0\fR +\&\fIglob\fR\|(3) and \fIfnmatch\fR\|(3) routines. Note that these are \fInot\fR +regular expressions. .ie n .IP "\*(C`*\*(C'" 8 .el .IP "\f(CW\*(C`*\*(C'\fR" 8 .IX Item "*" @@ -778,6 +779,17 @@ shell is determined by the \f(CW\*(C`SHELL\*(C'\fR environment variable if it is set, falling back on the shell listed in the invoking user's /etc/passwd entry if not). This flag is \fIoff\fR by default. +.IP "fast_glob" 16 +.IX Item "fast_glob" +Normally, \fBsudo\fR uses the \fIglob\fR\|(3) function to do shell-style +globbing when matching pathnames. However, since it accesses the +file system, \fIglob\fR\|(3) can take a long time to complete for some +patterns, especially when the pattern references a network file +system that is mounted on demand (automounted). The \fIfast_glob\fR +option causes \fBsudo\fR to use the \fIfnmatch\fR\|(3) function, which does +not access the file system to do its matching. The disadvantage +of \fIfast_glob\fR is that it is unable to match relative pathnames +such as \fI./ls\fR or \fI../bin/ls\fR. This flag is \fIoff\fR by default. .IP "stay_setuid" 16 .IX Item "stay_setuid" Normally, when \fBsudo\fR executes a command the real and effective @@ -802,6 +814,14 @@ the user running it. With this flag enabled, \fBsudo\fR will use a file named for the tty the user is logged in on in that directory. This flag is \fI@tty_tickets@\fR by default. +.IP "umask_override" 16 +.IX Item "umask_override" +If set, \fBsudo\fR will set the umask as specified by \fIsudoers\fR without +modification. This makes it possible to specify a more permissive +umask in \fIsudoers\fR than the user's own umask and matches historical +behavior. If \fIumask_override\fR is not set, \fBsudo\fR will set the +umask to be the union of the user's umask and what is specified in +\&\fIsudoers\fR. This flag is \fIoff\fR by default. @LCMAN@.IP "use_loginclass" 16 @LCMAN@.IX Item "use_loginclass" @LCMAN@If set, \fBsudo\fR will apply the defaults specified for the target user's @@ -1410,7 +1430,7 @@ \&\fBsudoedit\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIrsh\fR\|(1), \fIsu\fR\|(1), \fIfnmatch\fR\|(3), \fIsudo\fR\|(@mansectsu@), \fIvisudo\fR\|(8) +\&\fIrsh\fR\|(1), \fIsu\fR\|(1), \fIfnmatch\fR\|(3), \fIglob\fR\|(3), \fIsudo\fR\|(@mansectsu@), \fIvisudo\fR\|(8) .SH "CAVEATS" .IX Header "CAVEATS" The \fIsudoers\fR file should \fBalways\fR be edited by the \fBvisudo\fR diff -urNa sudo-1.6.9p20/sudoers.pod sudo-1.6.9p21/sudoers.pod --- sudo-1.6.9p20/sudoers.pod Wed Dec 3 15:57:26 2008 +++ sudo-1.6.9p21/sudoers.pod Sat Feb 21 17:08:43 2009 @@ -18,7 +18,7 @@ Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F39502-99-1-0512. -$Sudo: sudoers.pod,v 1.95.2.30 2008/12/03 20:57:26 millert Exp $ +$Sudo: sudoers.pod,v 1.95.2.34 2009/02/21 22:08:43 millert Exp $ =pod =head1 NAME @@ -342,9 +342,10 @@ =head2 Wildcards B allows shell-style I (aka meta or glob characters) -to be used in hostnames, pathnames and command line arguments in the -I file. Wildcard matching is done via the B -L routine. Note that these are I regular expressions. +to be used in hostnames, pathnames and command line arguments in +the I file. Wildcard matching is done via the B +L and L routines. Note that these are I +regular expressions. =over 8 @@ -659,6 +660,18 @@ set, falling back on the shell listed in the invoking user's /etc/passwd entry if not). This flag is I by default. +=item fast_glob + +Normally, B uses the L function to do shell-style +globbing when matching pathnames. However, since it accesses the +file system, L can take a long time to complete for some +patterns, especially when the pattern references a network file +system that is mounted on demand (automounted). The I +option causes B to use the L function, which does +not access the file system to do its matching. The disadvantage +of I is that it is unable to match relative pathnames +such as F<./ls> or F<../bin/ls>. This flag is I by default. + =item stay_setuid Normally, when B executes a command the real and effective @@ -686,6 +699,15 @@ file named for the tty the user is logged in on in that directory. This flag is I<@tty_tickets@> by default. +=item umask_override + +If set, B will set the umask as specified by I without +modification. This makes it possible to specify a more permissive +umask in I than the user's own umask and matches historical +behavior. If I is not set, B will set the +umask to be the union of the user's umask and what is specified in +I. This flag is I by default. + =item use_loginclass If set, B will apply the defaults specified for the target user's @@ -1323,7 +1345,7 @@ =head1 SEE ALSO -L, L, L, L, L +L, L, L, L, L, L =head1 CAVEATS diff -urNa sudo-1.6.9p20/version.h sudo-1.6.9p21/version.h --- sudo-1.6.9p20/version.h Wed Jan 28 11:16:50 2009 +++ sudo-1.6.9p21/version.h Tue Feb 10 14:06:18 2009 @@ -17,12 +17,12 @@ * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. * - * $Sudo: version.h,v 1.66.2.23 2009/01/28 16:16:50 millert Exp $ + * $Sudo: version.h,v 1.66.2.24 2009/02/10 19:06:18 millert Exp $ */ #ifndef _SUDO_VERSION_H #define _SUDO_VERSION_H -static const char version[] = "1.6.9p20"; +static const char version[] = "1.6.9p21"; #endif /* _SUDO_VERSION_H */ diff -urNa sudo-1.6.9p20/visudo.cat sudo-1.6.9p21/visudo.cat --- sudo-1.6.9p20/visudo.cat Tue Jan 27 19:52:03 2009 +++ sudo-1.6.9p21/visudo.cat Tue Feb 23 07:20:48 2010 @@ -61,7 +61,7 @@ -1.6.9p20 January 27, 2008 1 +1.6.9p21 February 23, 2010 1 @@ -72,8 +72,8 @@ this option vviissuuddoo will edit (or check) the _s_u_d_o_e_r_s file of your choice, instead of the default, - _@_s_y_s_c_o_n_f_d_i_r_@_/_s_u_d_o_e_r_s. The lock file used is the - specified _s_u_d_o_e_r_s file with ".tmp" appended to it. + _/_e_t_c_/_s_u_d_o_e_r_s. The lock file used is the specified + _s_u_d_o_e_r_s file with ".tmp" appended to it. -q Enable qquuiieett mode. In this mode details about syntax errors are not printed. This option is only useful @@ -98,10 +98,9 @@ EDITOR Used by visudo if VISUAL is not set FFIILLEESS - _@_s_y_s_c_o_n_f_d_i_r_@_/_s_u_d_o_e_r_s List of who can run what + _/_e_t_c_/_s_u_d_o_e_r_s List of who can run what - _@_s_y_s_c_o_n_f_d_i_r_@_/_s_u_d_o_e_r_s_._t_m_p - Lock file for visudo + _/_e_t_c_/_s_u_d_o_e_r_s_._t_m_p Lock file for visudo DDIIAAGGNNOOSSTTIICCSS sudoers file busy, try again later. @@ -124,10 +123,11 @@ Warning: runas_default set after old value is in use ... You have a _r_u_n_a_s___d_e_f_a_u_l_t Defaults setting listed in + the _s_u_d_o_e_r_s file after its value has already been -1.6.9p20 January 27, 2008 2 +1.6.9p21 February 23, 2010 2 @@ -136,7 +136,6 @@ VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m) - the _s_u_d_o_e_r_s file after its value has already been used. This means that entries prior to the _r_u_n_a_s___d_e_f_a_u_l_t setting will match based on the default value of _r_u_n_a_s___d_e_f_a_u_l_t (root) whereas entries aafftteerr @@ -193,6 +192,7 @@ -1.6.9p20 January 27, 2008 3 + +1.6.9p21 February 23, 2010 3 diff -urNa sudo-1.6.9p20/visudo.man.in sudo-1.6.9p21/visudo.man.in --- sudo-1.6.9p20/visudo.man.in Wed Jan 28 11:16:50 2009 +++ sudo-1.6.9p21/visudo.man.in Tue Feb 23 07:20:43 2010 @@ -17,7 +17,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.\" $Sudo: visudo.man.in,v 1.20.2.25 2009/01/28 16:16:50 millert Exp $ +.\" $Sudo: visudo.man.in,v 1.20.2.26 2009/02/10 19:06:18 millert Exp $ .\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) .\" .\" Standard preamble: @@ -152,7 +152,7 @@ .\" ======================================================================== .\" .IX Title "VISUDO @mansectsu@" -.TH VISUDO @mansectsu@ "January 27, 2008" "1.6.9p20" "MAINTENANCE COMMANDS" +.TH VISUDO @mansectsu@ "February 23, 2010" "1.6.9p21" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -210,7 +210,7 @@ .IX Item "-f" Specify and alternate \fIsudoers\fR file location. With this option \&\fBvisudo\fR will edit (or check) the \fIsudoers\fR file of your choice, -instead of the default, \fI\f(CI@sysconfdir\fI@/sudoers\fR. The lock file used +instead of the default, \fI@sysconfdir@/sudoers\fR. The lock file used is the specified \fIsudoers\fR file with \*(L".tmp\*(R" appended to it. .IP "\-q" 4 .IX Item "-q" @@ -242,12 +242,12 @@ Used by visudo if \s-1VISUAL\s0 is not set .SH "FILES" .IX Header "FILES" -.ie n .IP "\fI\fI@sysconfdir\fI@/sudoers\fR" 24 -.el .IP "\fI\f(CI@sysconfdir\fI@/sudoers\fR" 24 +.ie n .IP "\fI@sysconfdir@/sudoers\fR" 24 +.el .IP "\fI@sysconfdir@/sudoers\fR" 24 .IX Item "@sysconfdir@/sudoers" List of who can run what -.ie n .IP "\fI\fI@sysconfdir\fI@/sudoers.tmp\fR" 24 -.el .IP "\fI\f(CI@sysconfdir\fI@/sudoers.tmp\fR" 24 +.ie n .IP "\fI@sysconfdir@/sudoers.tmp\fR" 24 +.el .IP "\fI@sysconfdir@/sudoers.tmp\fR" 24 .IX Item "@sysconfdir@/sudoers.tmp" Lock file for visudo .SH "DIAGNOSTICS"