isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

regen

Browse Source
This commit is contained in:
Todd C. Miller
2004-06-08 23:20:11 +00:00
parent fc1dea2ed3
commit ceb351fd99
2 changed files with 46 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
sudoers.cat
View File

@@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN
1.6.8 June 6, 2004 1
1.6.8 June 8, 2004 1
@@ -127,7 +127,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.6.8 June 6, 2004 2
1.6.8 June 8, 2004 2
@@ -193,7 +193,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.6.8 June 6, 2004 3
1.6.8 June 8, 2004 3
@@ -259,7 +259,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.6.8 June 6, 2004 4
1.6.8 June 8, 2004 4
@@ -325,7 +325,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.6.8 June 6, 2004 5
1.6.8 June 8, 2004 5
@@ -391,7 +391,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.6.8 June 6, 2004 6
1.6.8 June 8, 2004 6
@@ -457,7 +457,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.6.8 June 6, 2004 7
1.6.8 June 8, 2004 7
@@ -523,7 +523,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.6.8 June 6, 2004 8
1.6.8 June 8, 2004 8
@@ -589,7 +589,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.6.8 June 6, 2004 9
1.6.8 June 8, 2004 9
@@ -655,7 +655,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.6.8 June 6, 2004 10
1.6.8 June 8, 2004 10
@@ -721,7 +721,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.6.8 June 6, 2004 11
1.6.8 June 8, 2004 11
@@ -787,7 +787,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.6.8 June 6, 2004 12
1.6.8 June 8, 2004 12
@@ -853,7 +853,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.6.8 June 6, 2004 13
1.6.8 June 8, 2004 13
@@ -919,7 +919,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.6.8 June 6, 2004 14
1.6.8 June 8, 2004 14
@@ -985,7 +985,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.6.8 June 6, 2004 15
1.6.8 June 8, 2004 15
@@ -1051,7 +1051,7 @@ EEXXAAMMPPLLEESS
1.6.8 June 6, 2004 16
1.6.8 June 8, 2004 16
@@ -1117,7 +1117,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.6.8 June 6, 2004 17
1.6.8 June 8, 2004 17
@@ -1183,7 +1183,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.6.8 June 6, 2004 18
1.6.8 June 8, 2004 18
@@ -1249,7 +1249,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.6.8 June 6, 2004 19
1.6.8 June 8, 2004 19
@@ -1301,7 +1301,7 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS
To tell whether or not ssuuddoo supports _n_o_e_x_e_c, you can run
the following as root:
\# sudo -V | grep "dummy exec"
sudo -V | grep "dummy exec"
If the resulting output contains a line that begins with:
@@ -1315,7 +1315,7 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS
1.6.8 June 6, 2004 20
1.6.8 June 8, 2004 20
@@ -1333,10 +1333,17 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
ported.
To enable _n_o_e_x_e_c for a command, use the NOEXEC tag as doc<6F>
umented in the User Specification section above. If you
are unsure whether or not your system is capable of sup<75>
porting _n_o_e_x_e_c you can always just try it out and see if
it works.
umented in the User Specification section above. Here is
that example again:
aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
This allows user aaaarroonn to run _/_u_s_r_/_b_i_n_/_m_o_r_e and
_/_u_s_r_/_b_i_n_/_v_i with _n_o_e_x_e_c enabled. This will prevent those
two commands from executing other commands (such as a
shell). If you are unsure whether or not your system is
capable of supporting _n_o_e_x_e_c you can always just try it
out and see if it works.
Note that disabling shell escapes is not a panacea. Pro<72>
grams running as root are still capable of many poten<65>
@@ -1374,13 +1381,6 @@ SSEEEE AALLSSOO
1.6.8 June 6, 2004 21
1.6.8 June 8, 2004 21

18
sudoers.man.in
View File

@@ -149,7 +149,7 @@
.\" ========================================================================
.\"
.IX Title "SUDOERS @mansectform@"
.TH SUDOERS @mansectform@ "June 6, 2004" "1.6.8" "MAINTENANCE COMMANDS"
.TH SUDOERS @mansectform@ "June 8, 2004" "1.6.8" "MAINTENANCE COMMANDS"
.SH "NAME"
sudoers \- list of which users may execute what
.SH "DESCRIPTION"
@@ -1283,7 +1283,7 @@ To tell whether or not \fBsudo\fR supports \fInoexec\fR, you can run
the following as root:
.PP
.Vb 1
\& \e# sudo -V | grep "dummy exec"
\& sudo -V | grep "dummy exec"
.Ve
.PP
If the resulting output contains a line that begins with:
@@ -1304,9 +1304,17 @@ manual pages for the dynamic linker (usually ld.so, ld.so.1, dyld,
dld.sl, rld, or loader) to see if \f(CW\*(C`LD_PRELOAD\*(C'\fR is supported.
.PP
To enable \fInoexec\fR for a command, use the \f(CW\*(C`NOEXEC\*(C'\fR tag as documented
in the User Specification section above. If you are unsure whether
or not your system is capable of supporting \fInoexec\fR you can always
just try it out and see if it works.
in the User Specification section above. Here is that example again:
.PP
.Vb 1
\& aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
.Ve
.PP
This allows user \fBaaron\fR to run \fI/usr/bin/more\fR and \fI/usr/bin/vi\fR
with \fInoexec\fR enabled. This will prevent those two commands from
executing other commands (such as a shell). If you are unsure
whether or not your system is capable of supporting \fInoexec\fR you
can always just try it out and see if it works.
.PP
Note that disabling shell escapes is not a panacea. Programs running
as root are still capable of many potentially hazardous operations