isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

sync for 1.6.4

Browse Source
This commit is contained in:
Todd C. Miller
2002-01-12 16:43:14 +00:00
parent 2fe1bcd3de
commit 81b534b292
1 changed files with 40 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

81
CHANGES
View File

@@ -1340,122 +1340,121 @@ Sudo 1.6.3p7 released.
419) Visudo now does its own fork/exec instead of calling system(3). 419) Visudo now does its own fork/exec instead of calling system(3).
420) Call clean_env very early in main() for paranoia's sake. Idea from 420) Allow special characters (including '#') to be embedded in pathnames
Marc Esipovich.
421) Allow special characters (including '#') to be embedded in pathnames
if quoted by a '\\'. The quoted chars will be dealt with by fnmatch(). if quoted by a '\\'. The quoted chars will be dealt with by fnmatch().
Unfortunately, 'sudo -l' still prints the '\\'. Unfortunately, 'sudo -l' still prints the '\\'.
422) Added always_set_home option. 421) Added the always_set_home option.
423) Strip NLSPATH and PATH_LOCALE out from the environment to prevent 422) Strip NLSPATH and PATH_LOCALE out from the environment to prevent
reading of protected files by a less priviledged user. reading of protected files by a less privileged user.
424) Add support for BSD authentication and associated -a flag. 423) Added support for BSD authentication and associated -a flag.
425) Added check for _innetgr(3) since NCR systems have this instead 424) Added check for _innetgr(3) since NCR systems have this instead
of innetgr(3). of innetgr(3).
426) Added stay_setuid option for systems that have libraries that perform 425) Added stay_setuid option for systems that have libraries that perform
extra paranoia checks in system libraries for setuid programs. extra paranoia checks in system libraries for setuid programs.
427) Environment munging is now done by hand. The environment is zeroed 426) Environment munging is now done by hand. The environment is zeroed
upon sudo startup and a new environment is built before the command upon sudo startup and a new environment is built before the command
is executed. This means we don't rely on getenv(3), putenv(3), is executed. This means we don't rely on getenv(3), putenv(3),
or setenv(3). or setenv(3).
428) Added a class of environment variables that are only cleared if they 427) Added a class of environment variables that are only cleared if they
contain '/' or '%' characters. contain '/' or '%' characters.
429) Use stashed user_gid when checking against exempt gid since sudo 428) Use stashed user_gid when checking against exempt gid since sudo
sets its gid to SUDOERS_GID, making getgid() return that, not the sets its gid to SUDOERS_GID, making getgid() return that, not the
real gid. Fixes problem with setting exempt group == SUDOERS_GID. real gid. Fixes problem with setting exempt group == SUDOERS_GID.
Fix from Paul Kranenburg. Fix from Paul Kranenburg.
430) Fixed file locking in visudo on NeXT which has a broken lockf(). 429) Fixed file locking in visudo on NeXT which has a broken lockf().
Patch from twetzel@gwdg.de. Patch from twetzel@gwdg.de.
431) Regenerated configure script with autoconf-2.52 (required some 430) Regenerated configure script with autoconf-2.52 (required some
tweaking of configure.in and friends). tweaking of configure.in and friends).
432) Added mail_badpass option to send mail when the user does not 431) Added mail_badpass option to send mail when the user does not
authenticate successfully. authenticate successfully.
433) Added env_reset Defaults option to reset the environment to 432) Added env_reset Defaults option to reset the environment to
a clean slate. Also implemented env_keep Defaults option a clean slate. Also implemented env_keep Defaults option
to specify variables to be preserved when resetting the to specify variables to be preserved when resetting the
environment. environment.
434) Added env_check and env_delete Defaults options to allow the admin 433) Added env_check and env_delete Defaults options to allow the admin
to modify the builtin list of environment variables to remove. to modify the builtin list of environment variables to remove.
435) If timestamp_timeout < 0 then the timestamp never expires. This 434) If timestamp_timeout < 0 then the timestamp never expires. This
allows users to manage their own timestamps and create or delete allows users to manage their own timestamps and create or delete
them via 'sudo -v' and 'sudo -k' respectively. them via 'sudo -v' and 'sudo -k' respectively.
436) Authentication routines that use sudo's tgetpass() can now use 435) Authentication routines that use sudo's tgetpass() now accept
^C or ^Z at the password prompt and sudo will act appropriately. ^C or ^Z at the password prompt and sudo will act appropriately.
437) Added a check-only mode to visudo to check an existing sudoers 436) Added a check-only mode to visudo to check an existing sudoers
file for sanity. file for sanity.
438) Visudo can now edit an alternate sudoers file. 437) Visudo can now edit an alternate sudoers file.
439) If sudo is configured with S/Key support and the system has 438) If sudo is configured with S/Key support and the system has
skeyaccess(3) use that to determine whether or not to allow skeyaccess(3) use that to determine whether or not to allow
a normal Unix password or just S/Key. a normal Unix password or just S/Key.
440) Fixed CIDR handling in sudoers. 439) Fixed CIDR handling in sudoers.
441) Fixed a segv if the local hostname is not resolvable and 440) Fixed a segv if the local hostname is not resolvable and
the 'fqdn' option is set. the 'fqdn' option is set.
442) "listpw=never" was not having an effect for users who did not 441) "listpw=never" was not having an effect for users who did not
appear in sudoers--now it does. appear in sudoers--now it does.
443) The --without-sendmail option now works on systems with 442) The --without-sendmail option now works on systems with
a /usr/include/paths.h file that defines _PATH_SENDMAIL. a /usr/include/paths.h file that defines _PATH_SENDMAIL.
444) Removed the "secure_path" Defaults option as it does not work and 443) Removed the "secure_path" Defaults option as it does not work and
cannot work until the parser is overhauled. cannot work until the parser is overhauled.
445) Added new -P flag and "preserve_groups" sudoers option to cause 444) Added new -P flag and "preserve_groups" sudoers option to cause
sudo to preserve the group vector instead of setting it to that sudo to preserve the group vector instead of setting it to that
of the target user. Previously, if the target user was root of the target user. Previously, if the target user was root
the group vector was not changed. Now it is always changed unless the group vector was not changed. Now it is always changed unless
the -P flag or "preserve_groups" option was given. the -P flag or "preserve_groups" option was given.
446) If find_path() fails as root, try again as the invoking user (useful 445) If find_path() fails as root, try again as the invoking user (useful
for NFS). Idea from Chip Capelik. for NFS). Idea from Chip Capelik.
447) Use setpwent()/endpwent() and its shadow equivalents to be sure 446) Use setpwent()/endpwent() and its shadow equivalents to be sure
the passwd/shadow file gets closed. the passwd/shadow file gets closed.
448) Use getifaddrs(3) to get the list of network interfaces if it is 447) Use getifaddrs(3) to get the list of network interfaces if it is
available. available.
449) Dump list of local IP addresses and environment variables to clear 448) Dump list of local IP addresses and environment variables to clear
when 'sudo -V' is run as root. when 'sudo -V' is run as root.
450) Reorganized the lexer a bit and added more states. Sudo now does a 449) Reorganized the lexer a bit and added more states. Sudo now does a
better job of parsing command arguments in the sudoers file. better job of parsing command arguments in the sudoers file.
451) Wrap each call to syslog() with openlog()/closelog() since some 450) Wrap each call to syslog() with openlog()/closelog() since some
things (such as PAM) may call closelog(3) behind sudo's back. things (such as PAM) may call closelog(3) behind sudo's back.
452) The LOGNAME and USER environment variables are now set if the user 451) The LOGNAME and USER environment variables are now set if the user
specified a target uid and that uid exists in the password database. specified a target uid and that uid exists in the password database.
453) configure will no longer add the -g flag to CFLAGS by default. 452) configure will no longer add the -g flag to CFLAGS by default.
454) Now call pam_setcreds() to setup creds for the target user when 453) Now call pam_setcreds() to setup creds for the target user when
PAM is in use. On Linux this often sets resource limits. PAM is in use. On Linux this often sets resource limits.
455) If "make install" is run by non-root and the destination dir 454) If "make install" is run by non-root and the destination dir
is writable, install things normally but don't set owner and mode. is writable, install things normally but don't set owner and mode.
456) The Makefile now supports installing in a shadow hierarchy 455) The Makefile now supports installing in a shadow hierarchy
specified via the DESTDIR variable. specified via the DESTDIR variable.
457) config.h.in is now generated by autoheader. 456) config.h.in is now generated by autoheader.
Sudo 1.6.4 released.