This patch will upgrade Sudo version 1.7.2 patchlevel 5 to Sudo version 1.7.2 patchlevel 6. To apply: $ cd sudo-1.7.2p5 $ patch -p1 < sudo-1.7.2p6.patch diff -urNa sudo-1.7.2p5/ChangeLog sudo-1.7.2p6/ChangeLog --- sudo-1.7.2p5/ChangeLog Mon Feb 22 20:09:54 2010 +++ sudo-1.7.2p6/ChangeLog Fri Apr 9 06:32:10 2010 @@ -1,3 +1,33 @@ +2010-04-09 Todd C. Miller + + * configure, configure.in: Fix installation of sudoers.ldap + in "make install" when --with-ldap was specified without a + directory. From Prof. Dr. Andreas Mueller + +2010-04-09 Todd C. Miller + + * find_path.c: Qualify the command even if it is in the + current working directory, e.g. "./foo" instead of just + returning "foo". This removes an ambiguity between real + commands and possible pseudo-commands in command matching. + +2010-04-07 Todd C. Miller + + * sudoers.cat, sudoers.man.in, sudoers.pod: Add a note about + the security implications of the fast_glob option. + + * memrchr.c: Remove duplicate includes + +2010-03-10 Todd C. Miller + + * sudo.c: Fix a bug introduced with def_closefrom. The value + of def_closefrom already includes the +1. + +2010-03-09 Todd C. Miller + + * match.c: When doing a glob match, short circuit if + gl.gl_pathc is 0. From Mark Kettenis. + 2010-02-22 Todd C. Miller * match.c: Check for pseudo-command by looking at the first diff -urNa sudo-1.7.2p5/Makefile.in sudo-1.7.2p6/Makefile.in --- sudo-1.7.2p5/Makefile.in Tue Nov 24 20:42:00 2009 +++ sudo-1.7.2p6/Makefile.in Fri Apr 9 17:13:21 2010 @@ -21,8 +21,6 @@ # # @configure_input@ # -# $Sudo: Makefile.in,v 1.340 2009/06/15 21:18:53 millert Exp $ -# #### Start of system configuration section. #### @@ -405,9 +403,6 @@ @DEV@LICENSE: license.pod @DEV@ pod2text -l -i0 $> | sed '1,2d' > $@ -ChangeLog: - cvs2cl --follow-only trunk - install: install-dirs install-binaries @INSTALL_NOEXEC@ install-sudoers install-man install-dirs: @@ -462,11 +457,9 @@ cleandir: realclean dist: - rm -f ../sudo-$(VERSION).tar.gz - ( cd .. ; TF="/tmp/sudo.dist$$$$" ; rm -f $$TF ; for i in $(DISTFILES) ; \ - do echo sudo-$(VERSION)/$$i >> $$TF ; done ; \ - tar Ocf sudo-$(VERSION).tar \ - `cat $$TF` && gzip --best sudo-$(VERSION).tar && rm -f $$TF) + pax -w -x ustar -s '/^/sudo-$(VERSION)\//' -f ../sudo-$(VERSION).tar \ + $(DISTFILES) + gzip -9f ../sudo-$(VERSION).tar ls -l ../sudo-$(VERSION).tar.gz bindist: @@ -531,5 +524,3 @@ gzip -f --best sudo-$(VERSION).depot; \ rm -rf tmp.depot ; \ ) - -.PHONY: ChangeLog diff -urNa sudo-1.7.2p5/aix.c sudo-1.7.2p6/aix.c --- sudo-1.7.2p5/aix.c Sat Feb 6 15:17:40 2010 +++ sudo-1.7.2p6/aix.c Wed Mar 3 19:49:49 2010 @@ -32,10 +32,6 @@ #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: aix.c,v 1.7 2008/11/06 00:42:37 millert Exp $"; -#endif /* lint */ - #ifdef HAVE_GETUSERATTR #ifndef HAVE_SETRLIMIT64 diff -urNa sudo-1.7.2p5/alias.c sudo-1.7.2p6/alias.c --- sudo-1.7.2p5/alias.c Mon May 25 08:02:41 2009 +++ sudo-1.7.2p6/alias.c Wed Mar 3 19:38:54 2010 @@ -46,10 +46,6 @@ #include "redblack.h" #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: alias.c,v 1.18 2009/05/25 12:02:41 millert Exp $"; -#endif /* lint */ - /* * Globals */ diff -urNa sudo-1.7.2p5/alloc.c sudo-1.7.2p6/alloc.c --- sudo-1.7.2p5/alloc.c Sun Nov 9 09:13:12 2008 +++ sudo-1.7.2p6/alloc.c Wed Mar 3 19:38:54 2010 @@ -48,10 +48,6 @@ #include "sudo.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: alloc.c,v 1.33 2008/11/09 14:13:12 millert Exp $"; -#endif /* lint */ - /* * If there is no SIZE_MAX or SIZE_T_MAX we have to assume that size_t * could be signed (as it is on SunOS 4.x). This just means that diff -urNa sudo-1.7.2p5/auth/afs.c sudo-1.7.2p6/auth/afs.c --- sudo-1.7.2p5/auth/afs.c Sun Nov 9 09:13:13 2008 +++ sudo-1.7.2p6/auth/afs.c Wed Mar 3 19:39:05 2010 @@ -50,10 +50,6 @@ #include #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: afs.c,v 1.15 2008/11/09 14:13:13 millert Exp $"; -#endif /* lint */ - int afs_verify(pw, pass, auth) struct passwd *pw; diff -urNa sudo-1.7.2p5/auth/aix_auth.c sudo-1.7.2p6/auth/aix_auth.c --- sudo-1.7.2p5/auth/aix_auth.c Mon May 25 08:02:42 2009 +++ sudo-1.7.2p6/auth/aix_auth.c Wed Mar 3 19:39:05 2010 @@ -46,10 +46,6 @@ #include "sudo.h" #include "sudo_auth.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: aix_auth.c,v 1.27 2009/05/25 12:02:42 millert Exp $"; -#endif /* lint */ - /* * For a description of the AIX authentication API, see * http://publib16.boulder.ibm.com/doc_link/en_US/a_doc_lib/libs/basetrf1/authenticate.htm diff -urNa sudo-1.7.2p5/auth/bsdauth.c sudo-1.7.2p6/auth/bsdauth.c --- sudo-1.7.2p5/auth/bsdauth.c Sun Nov 9 09:13:13 2008 +++ sudo-1.7.2p6/auth/bsdauth.c Wed Mar 3 19:39:05 2010 @@ -51,10 +51,6 @@ #include "sudo.h" #include "sudo_auth.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: bsdauth.c,v 1.23 2008/11/09 14:13:13 millert Exp $"; -#endif /* lint */ - extern char *login_style; /* from sudo.c */ int diff -urNa sudo-1.7.2p5/auth/dce.c sudo-1.7.2p6/auth/dce.c --- sudo-1.7.2p5/auth/dce.c Sat Feb 12 17:56:07 2005 +++ sudo-1.7.2p6/auth/dce.c Wed Mar 3 19:39:05 2010 @@ -64,10 +64,6 @@ #include "sudo.h" #include "sudo_auth.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: dce.c,v 1.14 2005/02/12 22:56:07 millert Exp $"; -#endif /* lint */ - static int check_dce_status __P((error_status_t, char *)); int diff -urNa sudo-1.7.2p5/auth/fwtk.c sudo-1.7.2p6/auth/fwtk.c --- sudo-1.7.2p5/auth/fwtk.c Sun Nov 9 09:13:13 2008 +++ sudo-1.7.2p6/auth/fwtk.c Wed Mar 3 19:39:05 2010 @@ -49,10 +49,6 @@ #include "sudo.h" #include "sudo_auth.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: fwtk.c,v 1.29 2008/11/09 14:13:13 millert Exp $"; -#endif /* lint */ - int fwtk_init(pw, promptp, auth) struct passwd *pw; diff -urNa sudo-1.7.2p5/auth/kerb4.c sudo-1.7.2p6/auth/kerb4.c --- sudo-1.7.2p5/auth/kerb4.c Sun Nov 9 09:13:13 2008 +++ sudo-1.7.2p6/auth/kerb4.c Wed Mar 3 19:39:05 2010 @@ -47,10 +47,6 @@ #include "sudo.h" #include "sudo_auth.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: kerb4.c,v 1.16 2008/11/09 14:13:13 millert Exp $"; -#endif /* lint */ - int kerb4_init(pw, promptp, auth) struct passwd *pw; diff -urNa sudo-1.7.2p5/auth/kerb5.c sudo-1.7.2p6/auth/kerb5.c --- sudo-1.7.2p5/auth/kerb5.c Mon Nov 23 19:59:27 2009 +++ sudo-1.7.2p6/auth/kerb5.c Fri Apr 9 06:12:02 2010 @@ -53,10 +53,6 @@ #include "sudo.h" #include "sudo_auth.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: kerb5.c,v 1.37 2009/11/03 14:51:20 millert Exp $"; -#endif /* lint */ - #ifdef HAVE_HEIMDAL # define extract_name(c, p) krb5_principal_get_comp_string(c, p, 1) # define krb5_free_data_contents(c, d) krb5_data_free(d) diff -urNa sudo-1.7.2p5/auth/pam.c sudo-1.7.2p6/auth/pam.c --- sudo-1.7.2p5/auth/pam.c Mon Nov 23 19:59:27 2009 +++ sudo-1.7.2p6/auth/pam.c Fri Apr 9 06:12:02 2010 @@ -72,10 +72,6 @@ # define PAM_CONST #endif -#ifndef lint -__unused static const char rcsid[] = "$Sudo: pam.c,v 1.69 2009/08/07 14:21:51 millert Exp $"; -#endif /* lint */ - static int sudo_conv __P((int, PAM_CONST struct pam_message **, struct pam_response **, void *)); static char *def_prompt = "Password:"; diff -urNa sudo-1.7.2p5/auth/passwd.c sudo-1.7.2p6/auth/passwd.c --- sudo-1.7.2p5/auth/passwd.c Sat Feb 12 17:56:07 2005 +++ sudo-1.7.2p6/auth/passwd.c Wed Mar 3 19:39:05 2010 @@ -46,10 +46,6 @@ #include "sudo.h" #include "sudo_auth.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: passwd.c,v 1.17 2005/02/12 22:56:07 millert Exp $"; -#endif /* lint */ - #define DESLEN 13 #define HAS_AGEINFO(p, l) (l == 18 && p[DESLEN] == ',') diff -urNa sudo-1.7.2p5/auth/rfc1938.c sudo-1.7.2p6/auth/rfc1938.c --- sudo-1.7.2p5/auth/rfc1938.c Sat Feb 12 17:56:07 2005 +++ sudo-1.7.2p6/auth/rfc1938.c Wed Mar 3 19:39:05 2010 @@ -63,10 +63,6 @@ #include "sudo.h" #include "sudo_auth.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: rfc1938.c,v 1.20 2005/02/12 22:56:07 millert Exp $"; -#endif /* lint */ - int rfc1938_setup(pw, promptp, auth) struct passwd *pw; diff -urNa sudo-1.7.2p5/auth/secureware.c sudo-1.7.2p6/auth/secureware.c --- sudo-1.7.2p5/auth/secureware.c Sat Feb 12 17:56:07 2005 +++ sudo-1.7.2p6/auth/secureware.c Wed Mar 3 19:39:05 2010 @@ -53,10 +53,6 @@ #include "sudo.h" #include "sudo_auth.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: secureware.c,v 1.13 2005/02/12 22:56:07 millert Exp $"; -#endif /* lint */ - int secureware_init(pw, promptp, auth) struct passwd *pw; diff -urNa sudo-1.7.2p5/auth/securid.c sudo-1.7.2p6/auth/securid.c --- sudo-1.7.2p5/auth/securid.c Sun Nov 9 09:13:13 2008 +++ sudo-1.7.2p6/auth/securid.c Wed Mar 3 19:39:05 2010 @@ -53,10 +53,6 @@ #include "sudo.h" #include "sudo_auth.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: securid.c,v 1.18 2008/11/09 14:13:13 millert Exp $"; -#endif /* lint */ - union config_record configure; int diff -urNa sudo-1.7.2p5/auth/securid5.c sudo-1.7.2p6/auth/securid5.c --- sudo-1.7.2p5/auth/securid5.c Sun Nov 9 09:13:13 2008 +++ sudo-1.7.2p6/auth/securid5.c Wed Mar 3 19:39:05 2010 @@ -55,10 +55,6 @@ #include "sudo.h" #include "sudo_auth.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: securid5.c,v 1.13 2008/11/09 14:13:13 millert Exp $"; -#endif /* lint */ - /* * securid_init - Initialises communications with ACE server * Arguments in: diff -urNa sudo-1.7.2p5/auth/sia.c sudo-1.7.2p6/auth/sia.c --- sudo-1.7.2p5/auth/sia.c Sun Nov 9 09:13:13 2008 +++ sudo-1.7.2p6/auth/sia.c Wed Mar 3 19:39:05 2010 @@ -49,10 +49,6 @@ #include "sudo.h" #include "sudo_auth.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: sia.c,v 1.19 2008/11/09 14:13:13 millert Exp $"; -#endif /* lint */ - static int sudo_collect __P((int, int, uchar_t *, int, prompt_t *)); static char *def_prompt; diff -urNa sudo-1.7.2p5/auth/sudo_auth.c sudo-1.7.2p6/auth/sudo_auth.c --- sudo-1.7.2p5/auth/sudo_auth.c Mon May 25 08:02:42 2009 +++ sudo-1.7.2p6/auth/sudo_auth.c Wed Mar 3 19:39:05 2010 @@ -52,10 +52,6 @@ #include "sudo_auth.h" #include "insults.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: sudo_auth.c,v 1.40 2009/05/25 12:02:42 millert Exp $"; -#endif /* lint */ - sudo_auth auth_switch[] = { #ifdef AUTH_STANDALONE AUTH_STANDALONE diff -urNa sudo-1.7.2p5/auth/sudo_auth.h sudo-1.7.2p6/auth/sudo_auth.h --- sudo-1.7.2p5/auth/sudo_auth.h Mon May 25 08:02:42 2009 +++ sudo-1.7.2p6/auth/sudo_auth.h Wed Mar 3 19:39:05 2010 @@ -12,8 +12,6 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Sudo: sudo_auth.h,v 1.29 2009/05/25 12:02:42 millert Exp $ */ #ifndef SUDO_AUTH_H diff -urNa sudo-1.7.2p5/check.c sudo-1.7.2p6/check.c --- sudo-1.7.2p5/check.c Mon May 25 08:02:41 2009 +++ sudo-1.7.2p6/check.c Fri Apr 9 06:12:02 2010 @@ -58,10 +58,6 @@ #include "sudo.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: check.c,v 1.247 2009/05/25 12:02:41 millert Exp $"; -#endif /* lint */ - /* Status codes for timestamp_status() */ #define TS_CURRENT 0 #define TS_OLD 1 diff -urNa sudo-1.7.2p5/closefrom.c sudo-1.7.2p6/closefrom.c --- sudo-1.7.2p5/closefrom.c Sun Nov 9 09:13:12 2008 +++ sudo-1.7.2p6/closefrom.c Wed Mar 3 19:39:05 2010 @@ -49,10 +49,6 @@ #include "sudo.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: closefrom.c,v 1.14 2008/11/09 14:13:12 millert Exp $"; -#endif /* lint */ - #ifndef HAVE_FCNTL_CLOSEM # ifndef HAVE_DIRFD # define closefrom_fallback closefrom diff -urNa sudo-1.7.2p5/compat.h sudo-1.7.2p6/compat.h --- sudo-1.7.2p5/compat.h Sun Nov 9 09:13:12 2008 +++ sudo-1.7.2p6/compat.h Fri Apr 9 06:12:02 2010 @@ -17,8 +17,6 @@ * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. - * - * $Sudo: compat.h,v 1.90 2008/11/09 14:13:12 millert Exp $ */ #ifndef _SUDO_COMPAT_H diff -urNa sudo-1.7.2p5/configure sudo-1.7.2p6/configure --- sudo-1.7.2p5/configure Mon Mar 1 06:16:11 2010 +++ sudo-1.7.2p6/configure Fri Apr 9 06:33:32 2010 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.61 for sudo 1.7.2p5. +# Generated by GNU Autoconf 2.61 for sudo 1.7.2p6. # # Report bugs to . # @@ -724,8 +724,8 @@ # Identity of this package. PACKAGE_NAME='sudo' PACKAGE_TARNAME='sudo' -PACKAGE_VERSION='1.7.2p5' -PACKAGE_STRING='sudo 1.7.2p5' +PACKAGE_VERSION='1.7.2p6' +PACKAGE_STRING='sudo 1.7.2p6' PACKAGE_BUGREPORT='http://www.sudo.ws/bugs/' # Factoring default headers for most tests. @@ -1417,7 +1417,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures sudo 1.7.2p5 to adapt to many kinds of systems. +\`configure' configures sudo 1.7.2p6 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1482,7 +1482,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of sudo 1.7.2p5:";; + short | recursive ) echo "Configuration of sudo 1.7.2p6:";; esac cat <<\_ACEOF @@ -1684,7 +1684,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -sudo configure 1.7.2p5 +sudo configure 1.7.2p6 generated by GNU Autoconf 2.61 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -1698,7 +1698,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by sudo $as_me 1.7.2p5, which was +It was created by sudo $as_me 1.7.2p6, which was generated by GNU Autoconf 2.61. Invocation command line was $ $0 $@ @@ -15831,6 +15831,7 @@ + for ac_func in strchr strrchr memchr memcpy memset sysconf tzset \ strftime setrlimit initgroups getgroups fstat gettimeofday \ setlocale getaddrinfo setsid setenv setrlimit64 @@ -22883,9 +22884,9 @@ CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include" with_ldap=yes - LDAP="" fi SUDO_OBJS="${SUDO_OBJS} ldap.o" + LDAP="" { echo "$as_me:$LINENO: checking for LDAP libraries" >&5 echo $ECHO_N "checking for LDAP libraries... $ECHO_C" >&6; } @@ -24558,7 +24559,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by sudo $as_me 1.7.2p5, which was +This file was extended by sudo $as_me 1.7.2p6, which was generated by GNU Autoconf 2.61. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -24607,7 +24608,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -sudo config.status 1.7.2p5 +sudo config.status 1.7.2p6 configured by $0, generated by GNU Autoconf 2.61, with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" diff -urNa sudo-1.7.2p5/configure.in sudo-1.7.2p6/configure.in --- sudo-1.7.2p5/configure.in Mon Mar 1 06:15:55 2010 +++ sudo-1.7.2p6/configure.in Fri Apr 9 06:32:18 2010 @@ -1,10 +1,9 @@ dnl dnl Process this file with GNU autoconf to produce a configure script. -dnl $Sudo: configure.in,v 1.549 2009/06/13 20:52:50 millert Exp $ dnl dnl Copyright (c) 1994-1996,1998-2010 Todd C. Miller dnl -AC_INIT([sudo], [1.7.2p5], [http://www.sudo.ws/bugs/], [sudo]) +AC_INIT([sudo], [1.7.2p6], [http://www.sudo.ws/bugs/], [sudo]) AC_CONFIG_HEADER(config.h pathnames.h) dnl dnl This won't work before AC_INIT @@ -2445,9 +2444,9 @@ SUDO_APPEND_LIBPATH(LDFLAGS, [${with_ldap}/lib]) CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include" with_ldap=yes - LDAP="" fi SUDO_OBJS="${SUDO_OBJS} ldap.o" + LDAP="" AC_MSG_CHECKING([for LDAP libraries]) LDAP_LIBS="" diff -urNa sudo-1.7.2p5/defaults.c sudo-1.7.2p6/defaults.c --- sudo-1.7.2p5/defaults.c Sun Nov 9 09:13:12 2008 +++ sudo-1.7.2p6/defaults.c Fri Apr 9 06:12:02 2010 @@ -49,10 +49,6 @@ #include "parse.h" #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: defaults.c,v 1.73 2008/11/09 14:13:12 millert Exp $"; -#endif /* lint */ - /* * For converting between syslog numbers and strings. */ diff -urNa sudo-1.7.2p5/defaults.h sudo-1.7.2p6/defaults.h --- sudo-1.7.2p5/defaults.h Sun Nov 9 09:13:12 2008 +++ sudo-1.7.2p6/defaults.h Fri Apr 9 06:12:02 2010 @@ -17,8 +17,6 @@ * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. - * - * $Sudo: defaults.h,v 1.33 2008/11/09 14:13:12 millert Exp $ */ #ifndef _SUDO_DEFAULTS_H diff -urNa sudo-1.7.2p5/emul/charclass.h sudo-1.7.2p6/emul/charclass.h --- sudo-1.7.2p5/emul/charclass.h Tue Dec 9 15:55:50 2008 +++ sudo-1.7.2p6/emul/charclass.h Wed Mar 3 19:39:05 2010 @@ -12,8 +12,6 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Sudo: charclass.h,v 1.3 2008/12/09 20:55:50 millert Exp $ */ /* diff -urNa sudo-1.7.2p5/emul/timespec.h sudo-1.7.2p6/emul/timespec.h --- sudo-1.7.2p5/emul/timespec.h Wed Jun 22 23:04:35 2005 +++ sudo-1.7.2p6/emul/timespec.h Wed Mar 3 19:39:05 2010 @@ -12,8 +12,6 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Sudo: timespec.h,v 1.1 2005/06/23 03:04:35 millert Exp $ */ #ifndef _SUDO_TIMESPEC_H diff -urNa sudo-1.7.2p5/env.c sudo-1.7.2p6/env.c --- sudo-1.7.2p5/env.c Tue Jun 23 14:24:42 2009 +++ sudo-1.7.2p6/env.c Fri Apr 9 06:12:02 2010 @@ -49,10 +49,6 @@ #include "sudo.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: env.c,v 1.106 2009/06/23 18:24:42 millert Exp $"; -#endif /* lint */ - /* * Flags used in rebuild_env() */ diff -urNa sudo-1.7.2p5/error.c sudo-1.7.2p6/error.c --- sudo-1.7.2p5/error.c Thu Nov 17 20:39:58 2005 +++ sudo-1.7.2p6/error.c Wed Mar 3 19:39:05 2010 @@ -23,10 +23,6 @@ #include #include "error.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: error.c,v 1.7 2005/11/18 01:39:58 millert Exp $"; -#endif /* lint */ - static void _warning __P((int, const char *, va_list)); void cleanup __P((int)); diff -urNa sudo-1.7.2p5/error.h sudo-1.7.2p6/error.h --- sudo-1.7.2p5/error.h Fri Nov 19 12:32:25 2004 +++ sudo-1.7.2p6/error.h Wed Mar 3 19:39:05 2010 @@ -12,8 +12,6 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Sudo: error.h,v 1.2 2004/11/19 17:32:25 millert Exp $ */ #ifndef _SUDO_ERROR_H_ diff -urNa sudo-1.7.2p5/fileops.c sudo-1.7.2p6/fileops.c --- sudo-1.7.2p5/fileops.c Mon May 25 08:02:41 2009 +++ sudo-1.7.2p6/fileops.c Wed Mar 3 19:39:05 2010 @@ -53,10 +53,6 @@ # define LINE_MAX 2048 #endif -#ifndef lint -__unused static const char rcsid[] = "$Sudo: fileops.c,v 1.19 2009/05/25 12:02:41 millert Exp $"; -#endif /* lint */ - /* * Update the access and modify times on an fd or file. */ diff -urNa sudo-1.7.2p5/find_path.c sudo-1.7.2p6/find_path.c --- sudo-1.7.2p5/find_path.c Tue Mar 29 09:29:46 2005 +++ sudo-1.7.2p6/find_path.c Fri Apr 9 06:12:18 2010 @@ -45,10 +45,6 @@ #include "sudo.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: find_path.c,v 1.115 2005/03/29 14:29:46 millert Exp $"; -#endif /* lint */ - /* * This function finds the full pathname for a command and * stores it in a statically allocated array, filling in a pointer @@ -126,7 +122,10 @@ * Check current dir if dot was in the PATH */ if (!result && checkdot) { - result = sudo_goodpath(infile, sbp); + len = snprintf(command, sizeof(command), "./%s", infile); + if (len <= 0 || len >= sizeof(command)) + errorx(1, "%s: File name too long", infile); + result = sudo_goodpath(command, sbp); if (result && def_ignore_dot) return(NOT_FOUND_DOT); } diff -urNa sudo-1.7.2p5/getcwd.c sudo-1.7.2p6/getcwd.c --- sudo-1.7.2p5/getcwd.c Mon Feb 7 22:55:42 2005 +++ sudo-1.7.2p6/getcwd.c Wed Mar 3 19:39:05 2010 @@ -78,10 +78,6 @@ (dp->d_name[0] == '.' && (dp->d_name[1] == '\0' || \ (dp->d_name[1] == '.' && dp->d_name[2] == '\0'))) -#ifndef lint -__unused static const char rcsid[] = "$Sudo: getcwd.c,v 1.28 2005/02/08 03:55:42 millert Exp $"; -#endif /* lint */ - char * getcwd(pt, size) char *pt; diff -urNa sudo-1.7.2p5/getprogname.c sudo-1.7.2p6/getprogname.c --- sudo-1.7.2p5/getprogname.c Sat Feb 12 17:56:06 2005 +++ sudo-1.7.2p6/getprogname.c Wed Mar 3 19:39:05 2010 @@ -24,10 +24,6 @@ #include #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: getprogname.c,v 1.7 2005/02/12 22:56:06 millert Exp $"; -#endif /* lint */ - const char * getprogname() { diff -urNa sudo-1.7.2p5/getspwuid.c sudo-1.7.2p6/getspwuid.c --- sudo-1.7.2p5/getspwuid.c Sat Feb 12 17:56:06 2005 +++ sudo-1.7.2p6/getspwuid.c Wed Mar 3 19:39:05 2010 @@ -70,10 +70,6 @@ #include "sudo.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: getspwuid.c,v 1.78 2005/02/12 22:56:06 millert Exp $"; -#endif /* lint */ - /* * Exported for auth/secureware.c */ diff -urNa sudo-1.7.2p5/gettime.c sudo-1.7.2p6/gettime.c --- sudo-1.7.2p5/gettime.c Sun Nov 9 09:13:12 2008 +++ sudo-1.7.2p6/gettime.c Wed Mar 3 19:39:05 2010 @@ -28,10 +28,6 @@ #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: gettime.c,v 1.8 2008/11/09 14:13:12 millert Exp $"; -#endif /* lint */ - /* * Get the current time via gettimeofday() for systems with * timespecs in struct stat or, otherwise, using time(). diff -urNa sudo-1.7.2p5/goodpath.c sudo-1.7.2p6/goodpath.c --- sudo-1.7.2p5/goodpath.c Sat Feb 12 17:56:06 2005 +++ sudo-1.7.2p6/goodpath.c Wed Mar 3 19:39:05 2010 @@ -38,10 +38,6 @@ #include "sudo.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: goodpath.c,v 1.44 2005/02/12 22:56:06 millert Exp $"; -#endif /* lint */ - /* * Verify that path is a normal file and executable by root. */ diff -urNa sudo-1.7.2p5/gram.c sudo-1.7.2p6/gram.c --- sudo-1.7.2p5/gram.c Sat Apr 18 19:25:08 2009 +++ sudo-1.7.2p6/gram.c Fri Apr 9 06:12:02 2010 @@ -72,10 +72,6 @@ #include "sudo.h" #include "parse.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: gram.c,v 1.35 2009/04/18 23:25:08 millert Exp $"; -#endif /* lint */ - /* * We must define SIZE_MAX for yacc's skeleton.c. * If there is no SIZE_MAX or SIZE_T_MAX we have to assume that size_t diff -urNa sudo-1.7.2p5/gram.y sudo-1.7.2p6/gram.y --- sudo-1.7.2p5/gram.y Mon May 25 08:02:41 2009 +++ sudo-1.7.2p6/gram.y Fri Apr 9 06:12:02 2010 @@ -53,10 +53,6 @@ #include "sudo.h" #include "parse.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: gram.y,v 1.36 2009/05/25 12:02:41 millert Exp $"; -#endif /* lint */ - /* * We must define SIZE_MAX for yacc's skeleton.c. * If there is no SIZE_MAX or SIZE_T_MAX we have to assume that size_t diff -urNa sudo-1.7.2p5/ins_2001.h sudo-1.7.2p6/ins_2001.h --- sudo-1.7.2p5/ins_2001.h Fri Feb 13 16:36:43 2004 +++ sudo-1.7.2p6/ins_2001.h Wed Mar 3 19:39:05 2010 @@ -12,8 +12,6 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Sudo: ins_2001.h,v 1.29 2004/02/13 21:36:43 millert Exp $ */ #ifndef _SUDO_INS_2001_H diff -urNa sudo-1.7.2p5/ins_classic.h sudo-1.7.2p6/ins_classic.h --- sudo-1.7.2p5/ins_classic.h Fri Feb 13 16:36:43 2004 +++ sudo-1.7.2p6/ins_classic.h Wed Mar 3 19:39:05 2010 @@ -12,8 +12,6 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Sudo: ins_classic.h,v 1.30 2004/02/13 21:36:43 millert Exp $ */ #ifndef _SUDO_INS_CLASSIC_H diff -urNa sudo-1.7.2p5/ins_csops.h sudo-1.7.2p6/ins_csops.h --- sudo-1.7.2p5/ins_csops.h Sun Nov 9 09:13:12 2008 +++ sudo-1.7.2p6/ins_csops.h Wed Mar 3 19:39:05 2010 @@ -13,8 +13,6 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Sudo: ins_csops.h,v 1.30 2008/11/09 14:13:12 millert Exp $ */ #ifndef _SUDO_INS_CSOPS_H diff -urNa sudo-1.7.2p5/ins_goons.h sudo-1.7.2p6/ins_goons.h --- sudo-1.7.2p5/ins_goons.h Fri Feb 13 16:36:43 2004 +++ sudo-1.7.2p6/ins_goons.h Wed Mar 3 19:39:05 2010 @@ -12,8 +12,6 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Sudo: ins_goons.h,v 1.29 2004/02/13 21:36:43 millert Exp $ */ #ifndef _SUDO_INS_GOONS_H diff -urNa sudo-1.7.2p5/install-sh sudo-1.7.2p6/install-sh --- sudo-1.7.2p5/install-sh Sun Mar 23 10:12:19 2008 +++ sudo-1.7.2p6/install-sh Wed Mar 3 07:16:55 2010 @@ -1,7 +1,7 @@ #! /bin/sh ## (From INN-1.4, written by Rich Salz) -## $Revision: 1.10 $ +## $Revision$ ## A script to install files and directories. PROGNAME=`basename $0` diff -urNa sudo-1.7.2p5/insults.h sudo-1.7.2p6/insults.h --- sudo-1.7.2p5/insults.h Sun Nov 9 09:13:12 2008 +++ sudo-1.7.2p6/insults.h Wed Mar 3 19:39:05 2010 @@ -13,8 +13,6 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Sudo: insults.h,v 1.47 2008/11/09 14:13:12 millert Exp $ */ #ifndef _SUDO_INSULTS_H diff -urNa sudo-1.7.2p5/interfaces.c sudo-1.7.2p6/interfaces.c --- sudo-1.7.2p5/interfaces.c Mon May 25 08:02:41 2009 +++ sudo-1.7.2p6/interfaces.c Wed Mar 3 19:39:05 2010 @@ -84,10 +84,6 @@ #include "sudo.h" #include "interfaces.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: interfaces.c,v 1.87 2009/05/25 12:02:41 millert Exp $"; -#endif /* lint */ - /* Minix apparently lacks IFF_LOOPBACK */ #ifndef IFF_LOOPBACK # define IFF_LOOPBACK 0 diff -urNa sudo-1.7.2p5/interfaces.h sudo-1.7.2p6/interfaces.h --- sudo-1.7.2p5/interfaces.h Sun Nov 9 09:13:12 2008 +++ sudo-1.7.2p6/interfaces.h Wed Mar 3 19:39:05 2010 @@ -17,8 +17,6 @@ * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. - * - * $Sudo: interfaces.h,v 1.12 2008/11/09 14:13:12 millert Exp $ */ #ifndef _SUDO_INTERFACES_H diff -urNa sudo-1.7.2p5/isblank.c sudo-1.7.2p6/isblank.c --- sudo-1.7.2p5/isblank.c Wed Nov 5 19:05:24 2008 +++ sudo-1.7.2p6/isblank.c Wed Mar 3 19:39:05 2010 @@ -17,10 +17,6 @@ #include #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: isblank.c,v 1.1 2008/11/06 00:05:24 millert Exp $"; -#endif /* lint */ - #undef isblank int isblank(ch) diff -urNa sudo-1.7.2p5/lbuf.c sudo-1.7.2p6/lbuf.c --- sudo-1.7.2p5/lbuf.c Mon May 25 08:02:41 2009 +++ sudo-1.7.2p6/lbuf.c Fri Apr 9 06:12:02 2010 @@ -52,10 +52,6 @@ #include "sudo.h" #include "lbuf.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: lbuf.c,v 1.9 2009/05/25 12:02:41 millert Exp $"; -#endif /* lint */ - #if !defined(TIOCGSIZE) && defined(TIOCGWINSZ) # define TIOCGSIZE TIOCGWINSZ # define ttysize winsize diff -urNa sudo-1.7.2p5/lbuf.h sudo-1.7.2p6/lbuf.h --- sudo-1.7.2p5/lbuf.h Wed Aug 22 18:31:07 2007 +++ sudo-1.7.2p6/lbuf.h Wed Mar 3 19:39:05 2010 @@ -14,8 +14,6 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * $Sudo: lbuf.h,v 1.2 2007/08/22 22:31:07 millert Exp $" */ #ifndef _SUDO_LBUF_H diff -urNa sudo-1.7.2p5/ldap.c sudo-1.7.2p6/ldap.c --- sudo-1.7.2p5/ldap.c Fri May 29 09:43:12 2009 +++ sudo-1.7.2p6/ldap.c Wed Mar 3 19:39:05 2010 @@ -81,10 +81,6 @@ #include "parse.h" #include "lbuf.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: ldap.c,v 1.108 2009/05/29 13:43:12 millert Exp $"; -#endif /* lint */ - #ifndef LDAP_OPT_SUCCESS # define LDAP_OPT_SUCCESS LDAP_SUCCESS #endif diff -urNa sudo-1.7.2p5/list.c sudo-1.7.2p6/list.c --- sudo-1.7.2p5/list.c Sun Nov 9 09:13:12 2008 +++ sudo-1.7.2p6/list.c Wed Mar 3 19:39:05 2010 @@ -31,10 +31,6 @@ #include "sudo.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: list.c,v 1.6 2008/11/09 14:13:12 millert Exp $"; -#endif /* lint */ - struct list_proto { struct list_proto *prev; struct list_proto *next; diff -urNa sudo-1.7.2p5/list.h sudo-1.7.2p6/list.h --- sudo-1.7.2p5/list.h Tue Sep 11 15:42:48 2007 +++ sudo-1.7.2p6/list.h Wed Mar 3 19:39:05 2010 @@ -12,8 +12,6 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Sudo: list.h,v 1.3 2007/09/11 19:42:48 millert Exp $ */ #ifndef _SUDO_LIST_H diff -urNa sudo-1.7.2p5/logging.c sudo-1.7.2p6/logging.c --- sudo-1.7.2p5/logging.c Sat Feb 6 13:40:13 2010 +++ sudo-1.7.2p6/logging.c Fri Apr 9 06:12:02 2010 @@ -57,10 +57,6 @@ #include "sudo.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: logging.c,v 1.205 2009/05/25 12:02:41 millert Exp $"; -#endif /* lint */ - static void do_syslog __P((int, char *)); static void do_logfile __P((char *)); static void send_mail __P((char *)); diff -urNa sudo-1.7.2p5/logging.h sudo-1.7.2p6/logging.h --- sudo-1.7.2p5/logging.h Mon May 25 08:02:41 2009 +++ sudo-1.7.2p6/logging.h Wed Mar 3 19:39:05 2010 @@ -13,8 +13,6 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Sudo: logging.h,v 1.15 2009/05/25 12:02:41 millert Exp $ */ #ifndef _LOGGING_H diff -urNa sudo-1.7.2p5/match.c sudo-1.7.2p6/match.c --- sudo-1.7.2p5/match.c Mon Feb 22 17:31:21 2010 +++ sudo-1.7.2p6/match.c Fri Apr 9 06:12:02 2010 @@ -93,10 +93,6 @@ # include "nonunix.h" #endif /* USING_NONUNIX_GROUPS */ -#ifndef lint -__unused static const char rcsid[] = "$Sudo: match.c,v 1.48 2009/11/23 15:56:14 millert Exp $"; -#endif /* lint */ - static struct member_list empty; static int command_matches_dir __P((char *, size_t)); @@ -469,7 +465,7 @@ * else return false. */ #define GLOB_FLAGS (GLOB_NOSORT | GLOB_MARK | GLOB_BRACE | GLOB_TILDE) - if (glob(sudoers_cmnd, GLOB_FLAGS, NULL, &gl) != 0) { + if (glob(sudoers_cmnd, GLOB_FLAGS, NULL, &gl) != 0 || gl.gl_pathc == 0) { globfree(&gl); return(FALSE); } diff -urNa sudo-1.7.2p5/memrchr.c sudo-1.7.2p6/memrchr.c --- sudo-1.7.2p5/memrchr.c Tue Nov 27 12:13:03 2007 +++ sudo-1.7.2p6/memrchr.c Wed Apr 7 06:36:27 2010 @@ -18,13 +18,6 @@ #include #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: memrchr.c,v 1.4 2007/11/27 17:13:03 millert Exp $"; -#endif /* lint */ - -#include -#include - /* * Reverse memchr() * Find the last occurrence of 'c' in the buffer 's' of size 'n'. diff -urNa sudo-1.7.2p5/mkinstalldirs sudo-1.7.2p6/mkinstalldirs --- sudo-1.7.2p5/mkinstalldirs Thu Apr 3 10:16:22 2003 +++ sudo-1.7.2p6/mkinstalldirs Wed Mar 3 19:39:07 2010 @@ -4,8 +4,6 @@ # Created: 1993-05-16 # Public domain -# $Sudo: mkinstalldirs,v 1.5 2003/04/03 15:16:22 millert Exp $ - umask 022 errstatus=0 dirmode="" diff -urNa sudo-1.7.2p5/mkstemp.c sudo-1.7.2p6/mkstemp.c --- sudo-1.7.2p5/mkstemp.c Wed Aug 20 07:40:15 2008 +++ sudo-1.7.2p6/mkstemp.c Wed Mar 3 19:39:07 2010 @@ -31,10 +31,6 @@ #include "sudo.h" -#ifndef lint -static const char rcsid[] = "$Sudo: mkstemp.c,v 1.2 2008/08/20 11:40:15 millert Exp $"; -#endif /* not lint */ - static unsigned int get_random __P((void)); static void seed_random __P((void)); diff -urNa sudo-1.7.2p5/parse.c sudo-1.7.2p6/parse.c --- sudo-1.7.2p5/parse.c Thu Dec 17 10:03:27 2009 +++ sudo-1.7.2p6/parse.c Fri Apr 9 06:12:02 2010 @@ -48,10 +48,6 @@ #include "lbuf.h" #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: parse.c,v 1.242 2009/05/25 12:02:41 millert Exp $"; -#endif /* lint */ - /* Characters that must be quoted in sudoers */ #define SUDOERS_QUOTED ":\\,=#\"" diff -urNa sudo-1.7.2p5/parse.h sudo-1.7.2p6/parse.h --- sudo-1.7.2p5/parse.h Mon May 25 08:02:41 2009 +++ sudo-1.7.2p6/parse.h Fri Apr 9 06:12:02 2010 @@ -13,8 +13,6 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Sudo: parse.h,v 1.49 2009/05/25 12:02:41 millert Exp $ */ #ifndef _SUDO_PARSE_H diff -urNa sudo-1.7.2p5/pathnames.h.in sudo-1.7.2p6/pathnames.h.in --- sudo-1.7.2p5/pathnames.h.in Mon May 25 08:02:41 2009 +++ sudo-1.7.2p6/pathnames.h.in Fri Apr 9 06:12:02 2010 @@ -17,8 +17,6 @@ * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. - * - * $Sudo: pathnames.h.in,v 1.65 2009/05/25 12:02:41 millert Exp $ */ /* diff -urNa sudo-1.7.2p5/pwutil.c sudo-1.7.2p6/pwutil.c --- sudo-1.7.2p5/pwutil.c Mon May 25 08:02:41 2009 +++ sudo-1.7.2p6/pwutil.c Fri Apr 9 06:12:02 2010 @@ -52,10 +52,6 @@ #include "sudo.h" #include "redblack.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: pwutil.c,v 1.23 2009/05/25 12:02:41 millert Exp $"; -#endif /* lint */ - #ifdef MYPW extern void (*my_setgrent) __P((void)); extern void (*my_endgrent) __P((void)); diff -urNa sudo-1.7.2p5/redblack.c sudo-1.7.2p6/redblack.c --- sudo-1.7.2p5/redblack.c Mon Jun 29 09:36:20 2009 +++ sudo-1.7.2p6/redblack.c Wed Mar 3 19:39:15 2010 @@ -57,10 +57,6 @@ #include "sudo.h" #include "redblack.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: redblack.c,v 1.12 2009/06/29 13:36:20 millert Exp $"; -#endif /* lint */ - static void rbrepair __P((struct rbtree *, struct rbnode *)); static void rotate_left __P((struct rbtree *, struct rbnode *)); static void rotate_right __P((struct rbtree *, struct rbnode *)); diff -urNa sudo-1.7.2p5/redblack.h sudo-1.7.2p6/redblack.h --- sudo-1.7.2p5/redblack.h Sun Nov 9 09:13:12 2008 +++ sudo-1.7.2p6/redblack.h Wed Mar 3 19:39:15 2010 @@ -12,8 +12,6 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Sudo: redblack.h,v 1.4 2008/11/09 14:13:12 millert Exp $ */ #ifndef _SUDO_REDBLACK_H diff -urNa sudo-1.7.2p5/sample.pam sudo-1.7.2p6/sample.pam --- sudo-1.7.2p5/sample.pam Fri Oct 1 10:58:15 2004 +++ sudo-1.7.2p6/sample.pam Wed Mar 3 19:39:15 2010 @@ -6,8 +6,6 @@ # There are two basic ways to configure PAM, either via pam_stack # or by explicitly specifying the various methods to use. # -# $Sudo: sample.pam,v 1.3 2004/10/01 14:58:15 millert Exp $ -# # Here we use pam_stack auth required pam_stack.so service=system-auth account required pam_stack.so service=system-auth diff -urNa sudo-1.7.2p5/sample.sudoers sudo-1.7.2p6/sample.sudoers --- sudo-1.7.2p5/sample.sudoers Fri Oct 3 15:55:57 2008 +++ sudo-1.7.2p6/sample.sudoers Wed Mar 3 19:39:15 2010 @@ -4,8 +4,6 @@ # This file MUST be edited with the 'visudo' command as root. # # See the sudoers man page for the details on how to write a sudoers file. -# -# $Sudo: sample.sudoers,v 1.29 2008/10/03 19:55:57 millert Exp $ ## # Override built-in defaults diff -urNa sudo-1.7.2p5/sample.syslog.conf sudo-1.7.2p6/sample.syslog.conf --- sudo-1.7.2p5/sample.syslog.conf Fri Oct 1 10:58:15 2004 +++ sudo-1.7.2p6/sample.syslog.conf Wed Mar 3 19:39:15 2010 @@ -16,8 +16,6 @@ # Syslogd will not create new log files for you, you must first # create the file before syslogd will log to it. Eg. # 'touch /var/log/sudo' -# -# $Sudo: sample.syslog.conf,v 1.3 2004/10/01 14:58:15 millert Exp $ # This logs successful and failed sudo attempts to the file /var/log/sudo local2.debug /var/log/sudo diff -urNa sudo-1.7.2p5/selinux.c sudo-1.7.2p6/selinux.c --- sudo-1.7.2p5/selinux.c Fri Feb 22 15:33:00 2008 +++ sudo-1.7.2p6/selinux.c Fri Apr 9 06:12:02 2010 @@ -48,10 +48,6 @@ #include "sudo.h" #include "pathnames.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: selinux.c,v 1.5 2008/02/22 20:33:00 millert Exp $"; -#endif /* lint */ - /* * This function attempts to revert the relabeling done to the tty. * fd - referencing the opened ttyn diff -urNa sudo-1.7.2p5/sesh.c sudo-1.7.2p6/sesh.c --- sudo-1.7.2p5/sesh.c Sat Feb 9 09:30:06 2008 +++ sudo-1.7.2p6/sesh.c Wed Mar 3 19:39:19 2010 @@ -29,10 +29,6 @@ #include "compat.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: sesh.c,v 1.1 2008/02/09 14:30:06 millert Exp $"; -#endif /* lint */ - int main (int argc, char **argv) { diff -urNa sudo-1.7.2p5/set_perms.c sudo-1.7.2p6/set_perms.c --- sudo-1.7.2p5/set_perms.c Thu Jun 25 08:44:33 2009 +++ sudo-1.7.2p6/set_perms.c Fri Apr 9 06:12:02 2010 @@ -51,10 +51,6 @@ #include "sudo.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: set_perms.c,v 1.49 2009/06/25 12:44:33 millert Exp $"; -#endif /* lint */ - #ifdef __TANDEM # define ROOT_UID 65535 #else diff -urNa sudo-1.7.2p5/sigaction.c sudo-1.7.2p6/sigaction.c --- sudo-1.7.2p5/sigaction.c Sat Feb 12 17:56:06 2005 +++ sudo-1.7.2p6/sigaction.c Wed Mar 3 19:39:19 2010 @@ -23,10 +23,6 @@ #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: sigaction.c,v 1.7 2005/02/12 22:56:06 millert Exp $"; -#endif /* lint */ - int sigaction(signo, sa, osa) int signo; diff -urNa sudo-1.7.2p5/snprintf.c sudo-1.7.2p6/snprintf.c --- sudo-1.7.2p5/snprintf.c Sun Nov 9 09:13:12 2008 +++ sudo-1.7.2p6/snprintf.c Wed Mar 3 19:39:19 2010 @@ -78,10 +78,6 @@ #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: snprintf.c,v 1.22 2008/11/09 14:13:12 millert Exp $"; -#endif /* lint */ - static int xxxprintf __P((char **, size_t, int, const char *, va_list)); /* diff -urNa sudo-1.7.2p5/strcasecmp.c sudo-1.7.2p6/strcasecmp.c --- sudo-1.7.2p5/strcasecmp.c Sat Feb 12 17:56:06 2005 +++ sudo-1.7.2p6/strcasecmp.c Wed Mar 3 19:39:19 2010 @@ -18,10 +18,6 @@ #include #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: strcasecmp.c,v 1.7 2005/02/12 22:56:06 millert Exp $"; -#endif /* lint */ - /* * Case insensitive string compare routines, same semantics as str[n]cmp() * (assumes ASCII..). diff -urNa sudo-1.7.2p5/strerror.c sudo-1.7.2p6/strerror.c --- sudo-1.7.2p5/strerror.c Sat Feb 12 17:56:06 2005 +++ sudo-1.7.2p6/strerror.c Wed Mar 3 19:39:19 2010 @@ -24,10 +24,6 @@ #include #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: strerror.c,v 1.11 2005/02/12 22:56:06 millert Exp $"; -#endif /* lint */ - /* * Map errno -> error string. */ diff -urNa sudo-1.7.2p5/strlcat.c sudo-1.7.2p6/strlcat.c --- sudo-1.7.2p5/strlcat.c Sat Feb 12 17:56:06 2005 +++ sudo-1.7.2p6/strlcat.c Wed Mar 3 19:39:19 2010 @@ -22,10 +22,6 @@ #include #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: strlcat.c,v 1.7 2005/02/12 22:56:06 millert Exp $"; -#endif /* lint */ - /* * Appends src to string dst of size siz (unlike strncat, siz is the diff -urNa sudo-1.7.2p5/strlcpy.c sudo-1.7.2p6/strlcpy.c --- sudo-1.7.2p5/strlcpy.c Sat Feb 12 17:56:06 2005 +++ sudo-1.7.2p6/strlcpy.c Wed Mar 3 19:39:19 2010 @@ -21,10 +21,6 @@ #include #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: strlcpy.c,v 1.7 2005/02/12 22:56:06 millert Exp $"; -#endif /* lint */ - /* * Copy src to string dst of size siz. At most siz-1 characters * will be copied. Always NUL terminates (unless siz == 0). diff -urNa sudo-1.7.2p5/sudo.c sudo-1.7.2p6/sudo.c --- sudo-1.7.2p5/sudo.c Mon Nov 23 19:59:27 2009 +++ sudo-1.7.2p6/sudo.c Fri Apr 9 06:12:02 2010 @@ -104,10 +104,6 @@ # include "nonunix.h" #endif -#ifndef lint -__unused static const char rcsid[] = "$Sudo: sudo.c,v 1.517 2009/05/27 00:49:07 millert Exp $"; -#endif /* lint */ - /* * Prototypes */ @@ -540,7 +536,7 @@ sudo_endpwent(); sudo_endgrent(); - closefrom(def_closefrom + 1); + closefrom(def_closefrom); #ifndef PROFILING if (ISSET(sudo_mode, MODE_BACKGROUND) && fork() > 0) { diff -urNa sudo-1.7.2p5/sudo.cat sudo-1.7.2p6/sudo.cat --- sudo-1.7.2p5/sudo.cat Mon Mar 1 06:16:53 2010 +++ sudo-1.7.2p6/sudo.cat Fri Apr 9 06:33:00 2010 @@ -61,7 +61,7 @@ -1.7.2p5 February 22, 2010 1 +1.7.2p6 March 3, 2010 1 @@ -127,7 +127,7 @@ -1.7.2p5 February 22, 2010 2 +1.7.2p6 March 3, 2010 2 @@ -193,7 +193,7 @@ -1.7.2p5 February 22, 2010 3 +1.7.2p6 March 3, 2010 3 @@ -259,7 +259,7 @@ -1.7.2p5 February 22, 2010 4 +1.7.2p6 March 3, 2010 4 @@ -325,7 +325,7 @@ -1.7.2p5 February 22, 2010 5 +1.7.2p6 March 3, 2010 5 @@ -391,7 +391,7 @@ -1.7.2p5 February 22, 2010 6 +1.7.2p6 March 3, 2010 6 @@ -457,7 +457,7 @@ -1.7.2p5 February 22, 2010 7 +1.7.2p6 March 3, 2010 7 @@ -523,7 +523,7 @@ -1.7.2p5 February 22, 2010 8 +1.7.2p6 March 3, 2010 8 @@ -589,7 +589,7 @@ -1.7.2p5 February 22, 2010 9 +1.7.2p6 March 3, 2010 9 @@ -655,6 +655,6 @@ -1.7.2p5 February 22, 2010 10 +1.7.2p6 March 3, 2010 10 diff -urNa sudo-1.7.2p5/sudo.h sudo-1.7.2p6/sudo.h --- sudo-1.7.2p5/sudo.h Mon May 25 08:02:41 2009 +++ sudo-1.7.2p6/sudo.h Fri Apr 9 06:12:02 2010 @@ -17,8 +17,6 @@ * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. - * - * $Sudo: sudo.h,v 1.273 2009/05/25 12:02:41 millert Exp $ */ #ifndef _SUDO_SUDO_H diff -urNa sudo-1.7.2p5/sudo.man.in sudo-1.7.2p6/sudo.man.in --- sudo-1.7.2p5/sudo.man.in Mon Mar 1 06:16:30 2010 +++ sudo-1.7.2p6/sudo.man.in Fri Apr 9 06:27:19 2010 @@ -18,7 +18,6 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.\" $Sudo: sudo.pod,v 1.125 2009/09/25 00:31:35 millert Exp $ .\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: @@ -145,7 +144,7 @@ .\" ======================================================================== .\" .IX Title "SUDO @mansectsu@" -.TH SUDO @mansectsu@ "February 22, 2010" "1.7.2p5" "MAINTENANCE COMMANDS" +.TH SUDO @mansectsu@ "March 3, 2010" "1.7.2p6" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urNa sudo-1.7.2p5/sudo.pod sudo-1.7.2p6/sudo.pod --- sudo-1.7.2p5/sudo.pod Tue Nov 24 20:48:18 2009 +++ sudo-1.7.2p6/sudo.pod Fri Apr 9 06:12:02 2010 @@ -18,7 +18,6 @@ Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F39502-99-1-0512. -$Sudo: sudo.pod,v 1.125 2009/09/25 00:31:35 millert Exp $ =pod =head1 NAME diff -urNa sudo-1.7.2p5/sudo_edit.c sudo-1.7.2p6/sudo_edit.c --- sudo-1.7.2p5/sudo_edit.c Mon Nov 23 19:59:27 2009 +++ sudo-1.7.2p6/sudo_edit.c Fri Apr 9 06:12:02 2010 @@ -55,10 +55,6 @@ #include "sudo.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: sudo_edit.c,v 1.39 2009/09/30 13:50:58 millert Exp $"; -#endif /* lint */ - extern sigaction_t saved_sa_int, saved_sa_quit, saved_sa_tstp; extern char **environ; diff -urNa sudo-1.7.2p5/sudo_noexec.c sudo-1.7.2p6/sudo_noexec.c --- sudo-1.7.2p5/sudo_noexec.c Sat Mar 12 18:43:40 2005 +++ sudo-1.7.2p6/sudo_noexec.c Wed Mar 3 19:39:22 2010 @@ -28,10 +28,6 @@ #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: sudo_noexec.c,v 1.12 2005/03/12 23:43:40 millert Exp $"; -#endif /* lint */ - /* * Dummy versions of the execve() family of syscalls. We don't need * to stub out all of them, just the ones that correspond to actual diff -urNa sudo-1.7.2p5/sudo_nss.c sudo-1.7.2p6/sudo_nss.c --- sudo-1.7.2p5/sudo_nss.c Mon May 25 08:02:41 2009 +++ sudo-1.7.2p6/sudo_nss.c Fri Apr 9 06:12:02 2010 @@ -44,10 +44,6 @@ #include "sudo.h" #include "lbuf.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: sudo_nss.c,v 1.8 2009/05/25 12:02:41 millert Exp $"; -#endif /* lint */ - extern struct sudo_nss sudo_nss_file; #ifdef HAVE_LDAP extern struct sudo_nss sudo_nss_ldap; diff -urNa sudo-1.7.2p5/sudo_nss.h sudo-1.7.2p6/sudo_nss.h --- sudo-1.7.2p5/sudo_nss.h Mon May 25 08:02:42 2009 +++ sudo-1.7.2p6/sudo_nss.h Wed Mar 3 19:39:22 2010 @@ -12,8 +12,6 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Sudo: sudo_nss.h,v 1.7 2009/05/25 12:02:42 millert Exp $ */ struct lbuf; diff -urNa sudo-1.7.2p5/sudo_usage.h.in sudo-1.7.2p6/sudo_usage.h.in --- sudo-1.7.2p5/sudo_usage.h.in Mon May 25 08:02:42 2009 +++ sudo-1.7.2p6/sudo_usage.h.in Fri Apr 9 06:12:02 2010 @@ -14,8 +14,6 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * $Sudo: sudo_usage.h.in,v 1.10 2009/05/25 12:02:42 millert Exp $ */ #ifndef _SUDO_USAGE_H diff -urNa sudo-1.7.2p5/sudoers.cat sudo-1.7.2p6/sudoers.cat --- sudo-1.7.2p5/sudoers.cat Mon Mar 1 06:16:56 2010 +++ sudo-1.7.2p6/sudoers.cat Fri Apr 9 06:33:01 2010 @@ -61,7 +61,7 @@ -1.7.2p5 February 22, 2010 1 +1.7.2p6 April 7, 2010 1 @@ -127,7 +127,7 @@ -1.7.2p5 February 22, 2010 2 +1.7.2p6 April 7, 2010 2 @@ -193,7 +193,7 @@ -1.7.2p5 February 22, 2010 3 +1.7.2p6 April 7, 2010 3 @@ -259,7 +259,7 @@ -1.7.2p5 February 22, 2010 4 +1.7.2p6 April 7, 2010 4 @@ -325,7 +325,7 @@ -1.7.2p5 February 22, 2010 5 +1.7.2p6 April 7, 2010 5 @@ -391,7 +391,7 @@ -1.7.2p5 February 22, 2010 6 +1.7.2p6 April 7, 2010 6 @@ -457,7 +457,7 @@ -1.7.2p5 February 22, 2010 7 +1.7.2p6 April 7, 2010 7 @@ -523,7 +523,7 @@ -1.7.2p5 February 22, 2010 8 +1.7.2p6 April 7, 2010 8 @@ -589,7 +589,7 @@ -1.7.2p5 February 22, 2010 9 +1.7.2p6 April 7, 2010 9 @@ -655,7 +655,7 @@ -1.7.2p5 February 22, 2010 10 +1.7.2p6 April 7, 2010 10 @@ -721,7 +721,7 @@ -1.7.2p5 February 22, 2010 11 +1.7.2p6 April 7, 2010 11 @@ -787,7 +787,7 @@ -1.7.2p5 February 22, 2010 12 +1.7.2p6 April 7, 2010 12 @@ -828,8 +828,14 @@ causes ssuuddoo to use the _f_n_m_a_t_c_h(3) function, which does not access the file system to do its matching. The disadvantage of _f_a_s_t___g_l_o_b is that it is unable to match - relative pathnames such as _._/_l_s or _._._/_b_i_n_/_l_s. This - flag is _o_f_f by default. + relative pathnames such as _._/_l_s or _._._/_b_i_n_/_l_s. This has + security implications when path names that include + globbing characters are used with the negation + operator, '!', as such rules can be trivially bypassed. + As such, this option should not be used when _s_u_d_o_e_r_s + contains rules that contain negated path names which + include globbing characters. This flag is _o_f_f by + default. stay_setuid Normally, when ssuuddoo executes a command the real and effective UIDs are set to the target user (root by @@ -844,24 +850,24 @@ targetpw If set, ssuuddoo will prompt for the password of the user specified by the --uu option (defaults to root) instead - of the password of the invoking user. Note that this - precludes the use of a uid not listed in the passwd - database as an argument to the --uu option. This flag is - _o_f_f by default. - tty_tickets If set, users must authenticate on a per-tty basis. +1.7.2p6 April 7, 2010 13 -1.7.2p5 February 22, 2010 13 - SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + of the password of the invoking user. Note that this + precludes the use of a uid not listed in the passwd + database as an argument to the --uu option. This flag is + _o_f_f by default. + + tty_tickets If set, users must authenticate on a per-tty basis. Normally, ssuuddoo uses a directory in the ticket dir with the same name as the user running it. With this flag enabled, ssuuddoo will use a file named for the tty the @@ -910,24 +916,24 @@ only the file log. The default is 80 (use 0 or negate the option to disable word wrap). - passwd_timeout Number of minutes before the ssuuddoo password prompt times - out. The default is 5; set this to 0 for no password - timeout. - timestamp_timeout - Number of minutes that can elapse before ssuuddoo will ask +1.7.2p6 April 7, 2010 14 -1.7.2p5 February 22, 2010 14 - SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + passwd_timeout Number of minutes before the ssuuddoo password prompt times + out. The default is 5; set this to 0 for no password + timeout. + + timestamp_timeout + Number of minutes that can elapse before ssuuddoo will ask for a passwd again. The default is 5. Set this to 0 to always prompt for a password. If set to a value less than 0 the user's timestamp will never expire. @@ -977,23 +983,22 @@ name (on if the machine's hostname is fully qualified or the _f_q_d_n option is set) - %h expanded to the local hostname without the domain - name - %p expanded to the user whose password is being asked - for (respects the _r_o_o_t_p_w, _t_a_r_g_e_t_p_w and _r_u_n_a_s_p_w +1.7.2p6 April 7, 2010 15 -1.7.2p5 February 22, 2010 15 - - SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + %h expanded to the local hostname without the domain + name + + %p expanded to the user whose password is being asked + for (respects the _r_o_o_t_p_w, _t_a_r_g_e_t_p_w and _r_u_n_a_s_p_w flags in _s_u_d_o_e_r_s) %U expanded to the login name of the user the command @@ -1043,23 +1048,22 @@ a file containing variables to be set in the environment of the program being run. Entries in this file should either be of the form VARIABLE=value or export VARIABLE=value. - The value may optionally be surrounded by single or double - quotes. Variables in this file are subject to other ssuuddoo - environment settings such as _e_n_v___k_e_e_p and _e_n_v___c_h_e_c_k. +1.7.2p6 April 7, 2010 16 -1.7.2p5 February 22, 2010 16 - - SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + The value may optionally be surrounded by single or double + quotes. Variables in this file are subject to other ssuuddoo + environment settings such as _e_n_v___k_e_e_p and _e_n_v___c_h_e_c_k. + exempt_group Users in this group are exempt from password and PATH requirements. This is not set by default. @@ -1111,21 +1115,20 @@ mailerflags Flags to use when invoking mailer. Defaults to --tt. - mailerpath Path to mail program used to send warning mail. Defaults - to the path to sendmail found at configure time. +1.7.2p6 April 7, 2010 17 -1.7.2p5 February 22, 2010 17 - - SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + mailerpath Path to mail program used to send warning mail. Defaults + to the path to sendmail found at configure time. + mailfrom Address to use for the "from" address when sending warning and error mail. The address should be enclosed in double quotes (") to protect against ssuuddoo interpreting the @ sign. @@ -1177,13 +1180,10 @@ programs. The argument may be a double-quoted, space- separated list or a single value without double-quotes. The list can be replaced, added to, deleted from, or - disabled by using the =, +=, -=, and ! operators - respectively. Regardless of whether the env_reset - option is enabled or disabled, variables specified by -1.7.2p5 February 22, 2010 18 +1.7.2p6 April 7, 2010 18 @@ -1192,6 +1192,9 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + disabled by using the =, +=, -=, and ! operators + respectively. Regardless of whether the env_reset + option is enabled or disabled, variables specified by env_check will be preserved in the environment if they pass the aforementioned check. The default list of environment variables to check is displayed when ssuuddoo @@ -1243,13 +1246,10 @@ User_Alias PARTTIMERS = bostley, jwfox, crawl User_Alias WEBMASTERS = will, wendy, wim - # Runas alias specification - Runas_Alias OP = root, operator - Runas_Alias DB = oracle, sybase -1.7.2p5 February 22, 2010 19 +1.7.2p6 April 7, 2010 19 @@ -1258,6 +1258,9 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + # Runas alias specification + Runas_Alias OP = root, operator + Runas_Alias DB = oracle, sybase Runas_Alias ADMINGRP = adm, oper # Host alias specification @@ -1309,21 +1312,21 @@ root ALL = (ALL) ALL %wheel ALL = (ALL) ALL - We let rroooott and any user in group wwhheeeell run any command on any host as - any user. +1.7.2p6 April 7, 2010 20 -1.7.2p5 February 22, 2010 20 - SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + We let rroooott and any user in group wwhheeeell run any command on any host as + any user. + FULLTIMERS ALL = NOPASSWD: ALL Full time sysadmins (mmiilllleerrtt, mmiikkeeff, and ddoowwddyy) may run any command on @@ -1376,20 +1379,19 @@ The user bboobb may run anything on the _S_P_A_R_C and _S_G_I machines as any user listed in the _O_P Runas_Alias (rroooott and ooppeerraattoorr). - jim +biglab = ALL +1.7.2p6 April 7, 2010 21 -1.7.2p5 February 22, 2010 21 - - SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + jim +biglab = ALL + The user jjiimm may run any command on machines in the _b_i_g_l_a_b netgroup. ssuuddoo knows that "biglab" is a netgroup due to the '+' prefix. @@ -1442,20 +1444,20 @@ Any user may mount or unmount a CD-ROM on the machines in the CDROM Host_Alias (orion, perseus, hercules) without entering a password. This is a bit tedious for users to type, so it is a prime candidate for - encapsulating in a shell script. +1.7.2p6 April 7, 2010 22 -1.7.2p5 February 22, 2010 22 - SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + encapsulating in a shell script. + SSEECCUURRIITTYY NNOOTTEESS It is generally not effective to "subtract" commands from ALL using the '!' operator. A user can trivially circumvent this by copying the @@ -1470,6 +1472,21 @@ kind of restrictions should be considered advisory at best (and reinforced by policy). + Furthermore, if the _f_a_s_t___g_l_o_b option is in use, it is not possible to + reliably negate commands where the path name includes globbing (aka + wildcard) characters. This is because the C library's _f_n_m_a_t_c_h(3) + function cannot resolve relative paths. While this is typically only + an inconvenience for rules that grant privileges, it can result in a + security issue for rules that subtract or revoke privileges. + + For example, given the following _s_u_d_o_e_r_s entry: + + john ALL = /usr/bin/passwd [a-zA-Z0-9]*, /usr/bin/chsh [a-zA-Z0-9]*, + /usr/bin/chfn [a-zA-Z0-9]*, !/usr/bin/* root + + User jjoohhnn can still run /usr/bin/passwd root if _f_a_s_t___g_l_o_b is enabled by + changing to _/_u_s_r_/_b_i_n and running ./passwd root instead. + PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS Once ssuuddoo executes a program, that program is free to do whatever it pleases, including run other programs. This can be a security issue @@ -1493,6 +1510,18 @@ shared library. On such systems, ssuuddoo's _n_o_e_x_e_c functionality can be used to prevent a program run by ssuuddoo from executing any other programs. Note, however, that this applies only to + + + +1.7.2p6 April 7, 2010 23 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + native dynamically-linked executables. Statically-linked executables and foreign executables running under binary emulation are not affected. @@ -1510,18 +1539,6 @@ in the standard library with its own that simply return an error. Unfortunately, there is no foolproof way to know whether or not _n_o_e_x_e_c will work at compile-time. _n_o_e_x_e_c - - - -1.7.2p5 February 22, 2010 23 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - should work on SunOS, Solaris, *BSD, Linux, IRIX, Tru64 UNIX, MacOS X, and HP-UX 11.x. It is known nnoott to work on AIX and UnixWare. _n_o_e_x_e_c is expected to work on most operating @@ -1559,6 +1576,18 @@ When using netgroups of machines (as opposed to users), if you store fully qualified hostnames in the netgroup (as is usually the case), you + + + +1.7.2p6 April 7, 2010 24 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + either need to have the machine's hostname be fully qualified as returned by the hostname command or use the _f_q_d_n option in _s_u_d_o_e_r_s. @@ -1576,18 +1605,6 @@ including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. See the LICENSE file distributed with ssuuddoo or - - - -1.7.2p5 February 22, 2010 24 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - http://www.sudo.ws/sudo/license.html for complete details. @@ -1628,23 +1645,6 @@ - - - - - - - - - - - - - - - - - -1.7.2p5 February 22, 2010 25 +1.7.2p6 April 7, 2010 25 diff -urNa sudo-1.7.2p5/sudoers.ldap.cat sudo-1.7.2p6/sudoers.ldap.cat --- sudo-1.7.2p5/sudoers.ldap.cat Mon Mar 1 06:16:59 2010 +++ sudo-1.7.2p6/sudoers.ldap.cat Fri Apr 9 06:33:01 2010 @@ -52,16 +52,16 @@ Cmnd_Alias that is referenced by multiple users, one can create a sudoRole that contains the commands and assign multiple users to it. - SSUUDDOOeerrss LLDDAAPP ccoonnttaaiinneerr - + SSUUDDOOeerrss LLDDAAPP ccoonnttaaiinneerr The _s_u_d_o_e_r_s configuration is contained in the ou=SUDOers LDAP container. Sudo first looks for the cn=default entry in the SUDOers container. If + found, the multi-valued sudoOption attribute is parsed in the same -1.7.2p5 February 22, 2010 1 +1.7.2p6 March 3, 2010 1 @@ -70,7 +70,6 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) - found, the multi-valued sudoOption attribute is parsed in the same manner as a global Defaults line in _/_e_t_c_/_s_u_d_o_e_r_s. In the following example, the SSH_AUTH_SOCK variable will be preserved in the environment for all users. @@ -127,12 +126,13 @@ -1.7.2p5 February 22, 2010 2 +1.7.2p6 March 3, 2010 2 + SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) @@ -144,8 +144,7 @@ sudoHost: ALL sudoCommand: ALL - AAnnaattoommyy ooff LLDDAAPP ssuuddooeerrss llooookkuupp - + AAnnaattoommyy ooff LLDDAAPP ssuuddooeerrss llooookkuupp When looking up a sudoer using LDAP there are only two or three LDAP queries per invocation. The first query is to parse the global options. The second is to match against the user's name and the groups @@ -154,8 +153,7 @@ third query returns all entries containing user netgroups and checks to see if the user belongs to any of them. - DDiiffffeerreenncceess bbeettwweeeenn LLDDAAPP aanndd nnoonn--LLDDAAPP ssuuddooeerrss - + DDiiffffeerreenncceess bbeettwweeeenn LLDDAAPP aanndd nnoonn--LLDDAAPP ssuuddooeerrss There are some subtle differences in the way sudoers is handled once in LDAP. Probably the biggest is that according to the RFC, LDAP ordering is arbitrary and you cannot expect that Attributes and Entries are @@ -190,10 +188,12 @@ objectClass: top cn: role2 sudoUser: puddles + sudoHost: ALL + sudoCommand: !/bin/sh -1.7.2p5 February 22, 2010 3 +1.7.2p6 March 3, 2010 3 @@ -202,8 +202,6 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) - sudoHost: ALL - sudoCommand: !/bin/sh sudoCommand: ALL Another difference is that negations on the Host, User or Runas are @@ -224,8 +222,7 @@ sudoHost: ALL sudoHost: !web01 - SSuuddooeerrss SScchheemmaa - + SSuuddooeerrss SScchheemmaa In order to use ssuuddoo's LDAP support, the ssuuddoo schema must be installed on your LDAP server. In addition, be sure to index the 'sudoUser' attribute. @@ -238,8 +235,7 @@ The schema for ssuuddoo in OpenLDAP form is included in the EXAMPLES section. - CCoonnffiigguurriinngg llddaapp..ccoonnff - + CCoonnffiigguurriinngg llddaapp..ccoonnff Sudo reads the _/_e_t_c_/_l_d_a_p_._c_o_n_f file for LDAP-specific configuration. Typically, this file is shared amongst different LDAP-aware clients. As such, most of the settings are not ssuuddoo-specific. Note that ssuuddoo @@ -256,10 +252,14 @@ UURRII ldap[s]://[hostname[:port]] ... Specifies a whitespace-delimited list of one or more URIs + describing the LDAP server(s) to connect to. The _p_r_o_t_o_c_o_l may be + either llddaapp or llddaappss, the latter being for servers that support TLS + (SSL) encryption. If no _p_o_r_t is specified, the default is port 389 + for ldap:// or port 636 for ldaps://. If no _h_o_s_t_n_a_m_e is specified, -1.7.2p5 February 22, 2010 4 +1.7.2p6 March 3, 2010 4 @@ -268,10 +268,6 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) - describing the LDAP server(s) to connect to. The _p_r_o_t_o_c_o_l may be - either llddaapp or llddaappss, the latter being for servers that support TLS - (SSL) encryption. If no _p_o_r_t is specified, the default is port 389 - for ldap:// or port 636 for ldaps://. If no _h_o_s_t_n_a_m_e is specified, ssuuddoo will connect to llooccaallhhoosstt. Only systems using the OpenSSL libraries support the mixing of ldap:// and ldaps:// URIs. The Netscape-derived libraries used on most commercial versions of Unix @@ -322,10 +318,14 @@ identity. By default, most LDAP servers will allow anonymous access. + BBIINNDDPPWW secret + The BBIINNDDPPWW parameter specifies the password to use when performing + LDAP operations. This is typically used in conjunction with the + BBIINNDDDDNN parameter. -1.7.2p5 February 22, 2010 5 +1.7.2p6 March 3, 2010 5 @@ -334,11 +334,6 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) - BBIINNDDPPWW secret - The BBIINNDDPPWW parameter specifies the password to use when performing - LDAP operations. This is typically used in conjunction with the - BBIINNDDDDNN parameter. - RROOOOTTBBIINNDDDDNN DN The RROOOOTTBBIINNDDDDNN parameter specifies the identity, in the form of a Distinguished Name (DN), to use when performing privileged LDAP @@ -389,21 +384,22 @@ used to authenticate the client to the LDAP server. The certificate type depends on the LDAP libraries used. + OpenLDAP: + tls_cert /etc/ssl/client_cert.pem + Netscape-derived: -1.7.2p5 February 22, 2010 6 +1.7.2p6 March 3, 2010 6 -SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) - OpenLDAP: - tls_cert /etc/ssl/client_cert.pem +SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) - Netscape-derived: + tls_cert /var/ldap/cert7.db When using Netscape-derived libraries, this file may also contain @@ -455,21 +451,22 @@ The path to the Kerberos 5 credential cache to use when authenticating with the remote server. + See the ldap.conf entry in the EXAMPLES section. -1.7.2p5 February 22, 2010 7 +1.7.2p6 March 3, 2010 7 -SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) - See the ldap.conf entry in the EXAMPLES section. - CCoonnffiigguurriinngg nnsssswwiittcchh..ccoonnff +SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) + + CCoonnffiigguurriinngg nnsssswwiittcchh..ccoonnff Unless it is disabled at build time, ssuuddoo consults the Name Service Switch file, _/_e_t_c_/_n_s_s_w_i_t_c_h_._c_o_n_f, to specify the _s_u_d_o_e_r_s search order. Sudo looks for a line beginning with sudoers: and uses this to @@ -502,8 +499,7 @@ Note that _/_e_t_c_/_n_s_s_w_i_t_c_h_._c_o_n_f is supported even when the underlying operating system does not use an nsswitch.conf file. - CCoonnffiigguurriinngg nneettssvvcc..ccoonnff - + CCoonnffiigguurriinngg nneettssvvcc..ccoonnff On AIX systems, the _/_e_t_c_/_n_e_t_s_v_c_._c_o_n_f file is consulted instead of _/_e_t_c_/_n_s_s_w_i_t_c_h_._c_o_n_f. ssuuddoo simply treats _n_e_t_s_v_c_._c_o_n_f as a variant of _n_s_s_w_i_t_c_h_._c_o_n_f; information in the previous section unrelated to the @@ -521,20 +517,21 @@ To treat LDAP as authoratative and only use the local sudoers file if the user is not present in LDAP, use: + sudoers = ldap = auth, files + Note that in the above example, the auth qualfier only affects user -1.7.2p5 February 22, 2010 8 +1.7.2p6 March 3, 2010 8 -SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) - sudoers = ldap = auth, files +SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) - Note that in the above example, the auth qualfier only affects user + lookups; both LDAP and _s_u_d_o_e_r_s will be queried for Defaults entries. If the _/_e_t_c_/_n_e_t_s_v_c_._c_o_n_f file is not present or there is no sudoers @@ -550,8 +547,7 @@ _/_e_t_c_/_n_e_t_s_v_c_._c_o_n_f determines sudoers source order on AIX EEXXAAMMPPLLEESS - EExxaammppllee llddaapp..ccoonnff - + EExxaammppllee llddaapp..ccoonnff # Either specify one or more URIs or one or more host:port pairs. # If neither is specified sudo will default to localhost, port 389. # @@ -586,10 +582,14 @@ # # LDAP protocol version, defaults to 3 #ldap_version 3 + # + # Define if you want to use an encrypted LDAP connection. + # Typically, you must also set the port to 636 (ldaps). + #ssl on -1.7.2p5 February 22, 2010 9 +1.7.2p6 March 3, 2010 9 @@ -599,10 +599,6 @@ # - # Define if you want to use an encrypted LDAP connection. - # Typically, you must also set the port to 636 (ldaps). - #ssl on - # # Define if you want to use port 389 and switch to # encryption before the bind credentials are sent. # Only supported by LDAP servers that support the start_tls @@ -652,10 +648,14 @@ # SDK will prevent specific file names from working. For this reason # it is suggested that tls_cert and tls_key be set to a directory, # not a file name. + # + # The certificate database specified by tls_cert may contain CA certs + # and/or the client's cert. If the client's cert is included, tls_key + # should be specified as well. -1.7.2p5 February 22, 2010 10 +1.7.2p6 March 3, 2010 10 @@ -664,10 +664,6 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) - # - # The certificate database specified by tls_cert may contain CA certs - # and/or the client's cert. If the client's cert is included, tls_key - # should be specified as well. # For backward compatibility, "sslpath" may be used in place of tls_cert. #tls_cert /var/ldap #tls_key /var/ldap @@ -680,8 +676,7 @@ # sasl_secprops none # krb5_ccname /etc/.ldapcache - SSuuddoo sscchheemmaa ffoorr OOppeennLLDDAAPP - + SSuuddoo sscchheemmaa ffoorr OOppeennLLDDAAPP The following schema is in OpenLDAP format. Simply copy it to the schema directory (e.g. _/_e_t_c_/_o_p_e_n_l_d_a_p_/_s_c_h_e_m_a), add the proper include line in slapd.conf and restart ssllaappdd. @@ -718,10 +713,15 @@ EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + attributetype ( 1.3.6.1.4.1.15953.9.1.6 + NAME 'sudoRunAsUser' + DESC 'User(s) impersonated by sudo' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -1.7.2p5 February 22, 2010 11 +1.7.2p6 March 3, 2010 11 @@ -730,11 +730,6 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) - attributetype ( 1.3.6.1.4.1.15953.9.1.6 - NAME 'sudoRunAsUser' - DESC 'User(s) impersonated by sudo' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.15953.9.1.7 NAME 'sudoRunAsGroup' @@ -787,6 +782,11 @@ -1.7.2p5 February 22, 2010 12 + + + + + +1.7.2p6 March 3, 2010 12 diff -urNa sudo-1.7.2p5/sudoers.ldap.man.in sudo-1.7.2p6/sudoers.ldap.man.in --- sudo-1.7.2p5/sudoers.ldap.man.in Mon Mar 1 06:16:42 2010 +++ sudo-1.7.2p6/sudoers.ldap.man.in Fri Apr 9 06:27:25 2010 @@ -14,19 +14,10 @@ .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $Sudo: sudoers.ldap.man.in,v 1.13 2009/06/11 20:29:12 millert Exp $ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -70,7 +61,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -149,7 +140,7 @@ .\" ======================================================================== .\" .IX Title "SUDOERS.LDAP @mansectform@" -.TH SUDOERS.LDAP @mansectform@ "February 22, 2010" "1.7.2p5" "MAINTENANCE COMMANDS" +.TH SUDOERS.LDAP @mansectform@ "March 3, 2010" "1.7.2p6" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -201,7 +192,7 @@ a Cmnd_Alias that is referenced by multiple users, one can create a sudoRole that contains the commands and assign multiple users to it. -.Sh "SUDOers \s-1LDAP\s0 container" +.SS "SUDOers \s-1LDAP\s0 container" .IX Subsection "SUDOers LDAP container" The \fIsudoers\fR configuration is contained in the \f(CW\*(C`ou=SUDOers\*(C'\fR \s-1LDAP\s0 container. @@ -271,7 +262,7 @@ \& sudoHost: ALL \& sudoCommand: ALL .Ve -.Sh "Anatomy of \s-1LDAP\s0 sudoers lookup" +.SS "Anatomy of \s-1LDAP\s0 sudoers lookup" .IX Subsection "Anatomy of LDAP sudoers lookup" When looking up a sudoer using \s-1LDAP\s0 there are only two or three \&\s-1LDAP\s0 queries per invocation. The first query is to parse the global @@ -280,7 +271,7 @@ in this query too.) If no match is returned for the user's name and groups, a third query returns all entries containing user netgroups and checks to see if the user belongs to any of them. -.Sh "Differences between \s-1LDAP\s0 and non-LDAP sudoers" +.SS "Differences between \s-1LDAP\s0 and non-LDAP sudoers" .IX Subsection "Differences between LDAP and non-LDAP sudoers" There are some subtle differences in the way sudoers is handled once in \s-1LDAP\s0. Probably the biggest is that according to the \s-1RFC\s0, @@ -342,7 +333,7 @@ \& sudoHost: ALL \& sudoHost: !web01 .Ve -.Sh "Sudoers Schema" +.SS "Sudoers Schema" .IX Subsection "Sudoers Schema" In order to use \fBsudo\fR's \s-1LDAP\s0 support, the \fBsudo\fR schema must be installed on your \s-1LDAP\s0 server. In addition, be sure to index the @@ -355,7 +346,7 @@ .PP The schema for \fBsudo\fR in OpenLDAP form is included in the \s-1EXAMPLES\s0 section. -.Sh "Configuring ldap.conf" +.SS "Configuring ldap.conf" .IX Subsection "Configuring ldap.conf" Sudo reads the \fI@ldap_conf@\fR file for LDAP-specific configuration. Typically, this file is shared amongst different LDAP-aware clients. @@ -538,7 +529,7 @@ with the remote server. .PP See the \f(CW\*(C`ldap.conf\*(C'\fR entry in the \s-1EXAMPLES\s0 section. -.Sh "Configuring nsswitch.conf" +.SS "Configuring nsswitch.conf" .IX Subsection "Configuring nsswitch.conf" Unless it is disabled at build time, \fBsudo\fR consults the Name Service Switch file, \fI@nsswitch_conf@\fR, to specify the \fIsudoers\fR @@ -579,7 +570,7 @@ .PP Note that \fI@nsswitch_conf@\fR is supported even when the underlying operating system does not use an nsswitch.conf file. -.Sh "Configuring netsvc.conf" +.SS "Configuring netsvc.conf" .IX Subsection "Configuring netsvc.conf" On \s-1AIX\s0 systems, the \fI@netsvc_conf@\fR file is consulted instead of \&\fI@nsswitch_conf@\fR. \fBsudo\fR simply treats \fInetsvc.conf\fR as a @@ -632,7 +623,7 @@ determines sudoers source order on \s-1AIX\s0 .SH "EXAMPLES" .IX Header "EXAMPLES" -.Sh "Example ldap.conf" +.SS "Example ldap.conf" .IX Subsection "Example ldap.conf" .Vb 10 \& # Either specify one or more URIs or one or more host:port pairs. @@ -739,7 +730,7 @@ \& # sasl_secprops none \& # krb5_ccname /etc/.ldapcache .Ve -.Sh "Sudo schema for OpenLDAP" +.SS "Sudo schema for OpenLDAP" .IX Subsection "Sudo schema for OpenLDAP" The following schema is in OpenLDAP format. Simply copy it to the schema directory (e.g. \fI/etc/openldap/schema\fR), add the proper diff -urNa sudo-1.7.2p5/sudoers.ldap.pod sudo-1.7.2p6/sudoers.ldap.pod --- sudo-1.7.2p5/sudoers.ldap.pod Fri May 29 09:43:12 2009 +++ sudo-1.7.2p6/sudoers.ldap.pod Fri Apr 9 06:12:02 2010 @@ -14,7 +14,6 @@ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -$Sudo: sudoers.ldap.pod,v 1.14 2009/05/29 13:43:12 millert Exp $ =pod =head1 NAME diff -urNa sudo-1.7.2p5/sudoers.man.in sudo-1.7.2p6/sudoers.man.in --- sudo-1.7.2p5/sudoers.man.in Mon Mar 1 06:16:47 2010 +++ sudo-1.7.2p6/sudoers.man.in Fri Apr 9 06:27:27 2010 @@ -1,4 +1,4 @@ -.\" Copyright (c) 1994-1996, 1998-2005, 2007-2009 +.\" Copyright (c) 1994-1996, 1998-2005, 2007-2010 .\" Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -18,7 +18,6 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.\" $Sudo: sudoers.pod,v 1.173 2009/06/30 12:41:09 millert Exp $ .\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: @@ -145,7 +144,7 @@ .\" ======================================================================== .\" .IX Title "SUDOERS @mansectform@" -.TH SUDOERS @mansectform@ "February 22, 2010" "1.7.2p5" "MAINTENANCE COMMANDS" +.TH SUDOERS @mansectform@ "April 7, 2010" "1.7.2p6" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -911,7 +910,12 @@ option causes \fBsudo\fR to use the \fIfnmatch\fR\|(3) function, which does not access the file system to do its matching. The disadvantage of \fIfast_glob\fR is that it is unable to match relative pathnames -such as \fI./ls\fR or \fI../bin/ls\fR. This flag is \fIoff\fR by default. +such as \fI./ls\fR or \fI../bin/ls\fR. This has security implications +when path names that include globbing characters are used with the +negation operator, \f(CW\*(Aq!\*(Aq\fR, as such rules can be trivially bypassed. +As such, this option should not be used when \fIsudoers\fR contains rules +that contain negated path names which include globbing characters. +This flag is \fIoff\fR by default. .IP "stay_setuid" 16 .IX Item "stay_setuid" Normally, when \fBsudo\fR executes a command the real and effective @@ -1532,6 +1536,24 @@ different name, or use a shell escape from an editor or other program. Therefore, these kind of restrictions should be considered advisory at best (and reinforced by policy). +.PP +Furthermore, if the \fIfast_glob\fR option is in use, it is not possible +to reliably negate commands where the path name includes globbing +(aka wildcard) characters. This is because the C library's +\&\fIfnmatch\fR\|(3) function cannot resolve relative paths. While this +is typically only an inconvenience for rules that grant privileges, +it can result in a security issue for rules that subtract or revoke +privileges. +.PP +For example, given the following \fIsudoers\fR entry: +.PP +.Vb 2 +\& john ALL = /usr/bin/passwd [a\-zA\-Z0\-9]*, /usr/bin/chsh [a\-zA\-Z0\-9]*, +\& /usr/bin/chfn [a\-zA\-Z0\-9]*, !/usr/bin/* root +.Ve +.PP +User \fBjohn\fR can still run \f(CW\*(C`/usr/bin/passwd root\*(C'\fR if \fIfast_glob\fR is +enabled by changing to \fI/usr/bin\fR and running \f(CW\*(C`./passwd root\*(C'\fR instead. .SH "PREVENTING SHELL ESCAPES" .IX Header "PREVENTING SHELL ESCAPES" Once \fBsudo\fR executes a program, that program is free to do whatever diff -urNa sudo-1.7.2p5/sudoers.pod sudo-1.7.2p6/sudoers.pod --- sudo-1.7.2p5/sudoers.pod Tue Nov 24 20:47:36 2009 +++ sudo-1.7.2p6/sudoers.pod Fri Apr 9 06:12:02 2010 @@ -1,4 +1,4 @@ -Copyright (c) 1994-1996, 1998-2005, 2007-2009 +Copyright (c) 1994-1996, 1998-2005, 2007-2010 Todd C. Miller Permission to use, copy, modify, and distribute this software for any @@ -18,7 +18,6 @@ Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F39502-99-1-0512. -$Sudo: sudoers.pod,v 1.173 2009/06/30 12:41:09 millert Exp $ =pod =head1 NAME @@ -809,7 +808,12 @@ option causes B to use the L function, which does not access the file system to do its matching. The disadvantage of I is that it is unable to match relative pathnames -such as F<./ls> or F<../bin/ls>. This flag is I by default. +such as F<./ls> or F<../bin/ls>. This has security implications +when path names that include globbing characters are used with the +negation operator, C<'!'>, as such rules can be trivially bypassed. +As such, this option should not be used when I contains rules +that contain negated path names which include globbing characters. +This flag is I by default. =item stay_setuid @@ -1469,6 +1473,22 @@ different name, or use a shell escape from an editor or other program. Therefore, these kind of restrictions should be considered advisory at best (and reinforced by policy). + +Furthermore, if the I option is in use, it is not possible +to reliably negate commands where the path name includes globbing +(aka wildcard) characters. This is because the C library's +L function cannot resolve relative paths. While this +is typically only an inconvenience for rules that grant privileges, +it can result in a security issue for rules that subtract or revoke +privileges. + +For example, given the following I entry: + + john ALL = /usr/bin/passwd [a-zA-Z0-9]*, /usr/bin/chsh [a-zA-Z0-9]*, + /usr/bin/chfn [a-zA-Z0-9]*, !/usr/bin/* root + +User B can still run C if I is +enabled by changing to F and running C<./passwd root> instead. =head1 PREVENTING SHELL ESCAPES diff -urNa sudo-1.7.2p5/sudoers2ldif sudo-1.7.2p6/sudoers2ldif --- sudo-1.7.2p5/sudoers2ldif Fri Dec 7 19:09:28 2007 +++ sudo-1.7.2p6/sudoers2ldif Wed Mar 3 19:39:22 2010 @@ -5,8 +5,6 @@ # Converts a sudoers file to LDIF format in prepration for loading into # the LDAP server. # -# $Sudo: sudoers2ldif,v 1.5 2007/12/08 00:09:28 millert Exp $ -# # BUGS: # Does not yet handle multiple lines with : in them diff -urNa sudo-1.7.2p5/term.c sudo-1.7.2p6/term.c --- sudo-1.7.2p5/term.c Wed Feb 25 05:47:12 2009 +++ sudo-1.7.2p6/term.c Fri Apr 9 06:12:02 2010 @@ -50,10 +50,6 @@ #include "sudo.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: term.c,v 1.4 2009/02/25 10:47:12 millert Exp $"; -#endif /* lint */ - #ifndef TCSASOFT # define TCSASOFT 0 #endif diff -urNa sudo-1.7.2p5/testsudoers.c sudo-1.7.2p6/testsudoers.c --- sudo-1.7.2p5/testsudoers.c Mon May 25 08:02:42 2009 +++ sudo-1.7.2p6/testsudoers.c Fri Apr 9 06:12:02 2010 @@ -70,11 +70,6 @@ # include "emul/fnmatch.h" #endif /* HAVE_FNMATCH */ -#ifndef lint -__unused static const char rcsid[] = "$Sudo: testsudoers.c,v 1.131 2009/05/25 12:02:42 millert Exp $"; -#endif /* lint */ - - /* * Globals */ diff -urNa sudo-1.7.2p5/tgetpass.c sudo-1.7.2p6/tgetpass.c --- sudo-1.7.2p5/tgetpass.c Mon May 25 08:02:42 2009 +++ sudo-1.7.2p6/tgetpass.c Fri Apr 9 06:12:02 2010 @@ -56,10 +56,6 @@ #include "sudo.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: tgetpass.c,v 1.131 2009/05/25 12:02:42 millert Exp $"; -#endif /* lint */ - static volatile sig_atomic_t signo; static void handler __P((int)); diff -urNa sudo-1.7.2p5/utimes.c sudo-1.7.2p6/utimes.c --- sudo-1.7.2p5/utimes.c Sun Nov 9 09:13:12 2008 +++ sudo-1.7.2p6/utimes.c Wed Mar 3 19:39:29 2010 @@ -31,10 +31,6 @@ #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: utimes.c,v 1.10 2008/11/09 14:13:12 millert Exp $"; -#endif /* lint */ - #ifndef HAVE_UTIMES /* * Emulate utimes() via utime() diff -urNa sudo-1.7.2p5/visudo.c sudo-1.7.2p6/visudo.c --- sudo-1.7.2p5/visudo.c Mon May 25 08:02:42 2009 +++ sudo-1.7.2p6/visudo.c Wed Mar 3 19:39:29 2010 @@ -86,10 +86,6 @@ #include "redblack.h" #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: visudo.c,v 1.234 2009/05/25 12:02:42 millert Exp $"; -#endif /* lint */ - struct sudoersfile { char *path; char *tpath; diff -urNa sudo-1.7.2p5/visudo.cat sudo-1.7.2p6/visudo.cat --- sudo-1.7.2p5/visudo.cat Mon Mar 1 06:17:02 2010 +++ sudo-1.7.2p6/visudo.cat Fri Apr 9 06:33:03 2010 @@ -61,7 +61,7 @@ -1.7.2p5 February 22, 2010 1 +1.7.2p6 March 3, 2010 1 @@ -127,7 +127,7 @@ -1.7.2p5 February 22, 2010 2 +1.7.2p6 March 3, 2010 2 @@ -193,6 +193,6 @@ -1.7.2p5 February 22, 2010 3 +1.7.2p6 March 3, 2010 3 diff -urNa sudo-1.7.2p5/visudo.man.in sudo-1.7.2p6/visudo.man.in --- sudo-1.7.2p5/visudo.man.in Mon Mar 1 06:16:50 2010 +++ sudo-1.7.2p6/visudo.man.in Fri Apr 9 06:27:30 2010 @@ -18,19 +18,10 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.\" $Sudo: visudo.man.in,v 1.34 2009/06/11 20:29:12 millert Exp $ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -74,7 +65,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -153,7 +144,7 @@ .\" ======================================================================== .\" .IX Title "VISUDO @mansectsu@" -.TH VISUDO @mansectsu@ "February 22, 2010" "1.7.2p5" "MAINTENANCE COMMANDS" +.TH VISUDO @mansectsu@ "March 3, 2010" "1.7.2p6" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urNa sudo-1.7.2p5/visudo.pod sudo-1.7.2p6/visudo.pod --- sudo-1.7.2p5/visudo.pod Sat Nov 15 13:34:01 2008 +++ sudo-1.7.2p6/visudo.pod Fri Apr 9 06:12:02 2010 @@ -18,7 +18,6 @@ Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F39502-99-1-0512. -$Sudo: visudo.pod,v 1.55 2008/11/15 18:34:01 millert Exp $ =pod =head1 NAME diff -urNa sudo-1.7.2p5/zero_bytes.c sudo-1.7.2p6/zero_bytes.c --- sudo-1.7.2p5/zero_bytes.c Sun Nov 9 09:13:12 2008 +++ sudo-1.7.2p6/zero_bytes.c Wed Mar 3 19:39:29 2010 @@ -19,10 +19,6 @@ #include #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: zero_bytes.c,v 1.7 2008/11/09 14:13:12 millert Exp $"; -#endif /* lint */ - /* * Like bzero(3) but with a volatile pointer. The hope is that * the compiler will not be able to optimize away this function.