diff --git a/INSTALL.md b/INSTALL.md index e65bf1f02..46793850a 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -182,7 +182,7 @@ Defaults are listed in brackets after the description. This option should only be used for testing and not in a production environment. Due to some sanitizers' unchecked use of environment variables, it is trivial to exploit a - setuid root executable such as sudo. + set-user-ID root executable such as sudo. --enable-fuzzer Enable building sudo with the LLVM libFuzzer, see diff --git a/docs/TROUBLESHOOTING.md b/docs/TROUBLESHOOTING.md index 2bc06bf6e..c90703570 100644 --- a/docs/TROUBLESHOOTING.md +++ b/docs/TROUBLESHOOTING.md @@ -22,9 +22,9 @@ Troubleshooting tips and FAQ for Sudo /usr/local/bin/sudo must be owned by uid 0 and have the setuid bit set -> Sudo must be setuid root to do its work. Either `/usr/local/bin/sudo` -> is not owned by uid 0 or the setuid bit is not set. This should have -> been done for you by `make install` but you can fix it manually by +> Sudo must be set-user-ID root to do its work. Either `/usr/local/bin/sudo` +> is not owned by user-ID 0 or the set-user-ID bit is not set. This should +> have been done for you by `make install` but you can fix it manually by > running the following as root: chown root /usr/local/bin/sudo; chmod 4755 /usr/local/bin/sudo @@ -35,16 +35,16 @@ Troubleshooting tips and FAQ for Sudo 'nosuid' option set or an NFS file system without root privileges? > The owner and permissions on the sudo binary appear to be OK but when -> sudo ran, the setuid bit did not have an effect. There are two common -> causes for this. The first is that the file system the sudo binary -> is located on is mounted with the 'nosuid' mount option, which disables -> setuid binaries. The output of the 'mount' command should tell you if -> the file system is mounted with the 'nosuid' option. The other possible -> cause is that sudo is installed on an NFS-mounted file system that is -> exported without root privileges. By default, NFS file systems are -> exported with uid 0 mapped to a non-privileged uid (usually -2). You -> should be able to determine whether sudo is located on an NFS-mounted -> filesystem by running "df \`which sudo\`". +> sudo ran, the set-user-ID bit did not have an effect. There are two +> common causes for this. The first is that the file system the sudo +> binary is located on is mounted with the 'nosuid' mount option, which +> disables set-user-ID binaries. The output of the 'mount' command should +> tell you if the file system is mounted with the 'nosuid' option. The +> other possible cause is that sudo is installed on an NFS-mounted file +> system that is exported without root privileges. By default, NFS file +> systems are exported with user-ID 0 mapped to a non-privileged ID (usually +> -2). You should be able to determine whether sudo is located on an +> NFS-mounted filesystem by running "df \`which sudo\`". #### Sudo never gives me a chance to enter a password using PAM diff --git a/docs/sudo.conf.man.in b/docs/sudo.conf.man.in index 82033e58d..36055c507 100644 --- a/docs/sudo.conf.man.in +++ b/docs/sudo.conf.man.in @@ -17,7 +17,7 @@ .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .nr SL @SEMAN@ -.TH "SUDO.CONF" "@mansectform@" "January 19, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.TH "SUDO.CONF" "@mansectform@" "January 20, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .nh .if n .ad l .SH "NAME" @@ -174,7 +174,7 @@ manual for a list of supported arguments. .PP The same dynamic shared object may contain multiple plugins, each with a different symbol name. -The file must be owned by uid 0 and only writable by its owner. +The file must be owned by user-ID 0 and only writable by its owner. Because of ambiguities that arise from composite policies, only a single policy plugin may be specified. This limitation does not apply to I/O plugins. diff --git a/docs/sudo.conf.mdoc.in b/docs/sudo.conf.mdoc.in index d5dd74016..e7ab3fbcd 100644 --- a/docs/sudo.conf.mdoc.in +++ b/docs/sudo.conf.mdoc.in @@ -16,7 +16,7 @@ .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .nr SL @SEMAN@ -.Dd January 19, 2022 +.Dd January 20, 2022 .Dt SUDO.CONF @mansectform@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -159,7 +159,7 @@ manual for a list of supported arguments. .Pp The same dynamic shared object may contain multiple plugins, each with a different symbol name. -The file must be owned by uid 0 and only writable by its owner. +The file must be owned by user-ID 0 and only writable by its owner. Because of ambiguities that arise from composite policies, only a single policy plugin may be specified. This limitation does not apply to I/O plugins. diff --git a/docs/sudo.man.in b/docs/sudo.man.in index 39c09acaf..19b5b170f 100644 --- a/docs/sudo.man.in +++ b/docs/sudo.man.in @@ -1392,7 +1392,7 @@ was run by a process that has the Linux \(lqno new privileges\(rq flag is set. This causes the set-user-ID bit to be ignored when running an executable, -preventing +which will prevent \fBsudo\fR from functioning. The most likely cause for this is running diff --git a/docs/sudo.mdoc.in b/docs/sudo.mdoc.in index 5a6d8666c..9c373615d 100644 --- a/docs/sudo.mdoc.in +++ b/docs/sudo.mdoc.in @@ -1287,7 +1287,7 @@ was run by a process that has the Linux .Dq no new privileges flag is set. This causes the set-user-ID bit to be ignored when running an executable, -preventing +which will prevent .Nm from functioning. The most likely cause for this is running diff --git a/docs/sudo_plugin.man.in b/docs/sudo_plugin.man.in index 45514103b..919222755 100644 --- a/docs/sudo_plugin.man.in +++ b/docs/sudo_plugin.man.in @@ -16,7 +16,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.TH "SUDO_PLUGIN" "5" "January 19, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.TH "SUDO_PLUGIN" "5" "January 20, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .nh .if n .ad l .SH "NAME" @@ -390,13 +390,13 @@ Set to true if the user specified the option, indicating that the user wishes to run a shell. .TP 6n runas_group=string -The group name or gid to run the command as, if specified via +The group name or group-ID to run the command as, if specified via the \fB\-g\fR option. .TP 6n runas_user=string -The user name or uid to run the command as, if specified via the +The user name or user-ID to run the command as, if specified via the \fB\-u\fR option. .TP 6n @@ -1742,7 +1742,7 @@ sets up the execution environment for the command. It is run in the parent \fBsudo\fR -process and before any uid or gid changes. +process and before any user-ID or group-ID changes. This can be used to perform session setup that is not supported by \fIcommand_info\fR, such as opening the PAM session. @@ -1755,7 +1755,7 @@ used to tear down the session that was opened by The \fIpwd\fR argument points to a passwd struct for the user the -command will be run as if the uid the command will run as was found +command will be run as if the user-ID the command will run as was found in the password database, otherwise it will be \fRNULL\fR. .sp diff --git a/docs/sudo_plugin.mdoc.in b/docs/sudo_plugin.mdoc.in index 0c540f476..fe9cb17de 100644 --- a/docs/sudo_plugin.mdoc.in +++ b/docs/sudo_plugin.mdoc.in @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd January 19, 2022 +.Dd January 20, 2022 .Dt SUDO_PLUGIN @mansectform@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -354,12 +354,12 @@ Set to true if the user specified the .Fl s option, indicating that the user wishes to run a shell. .It runas_group=string -The group name or gid to run the command as, if specified via +The group name or group-ID to run the command as, if specified via the .Fl g option. .It runas_user=string -The user name or uid to run the command as, if specified via the +The user name or user-ID to run the command as, if specified via the .Fl u option. .It selinux_role=string @@ -1553,7 +1553,7 @@ sets up the execution environment for the command. It is run in the parent .Nm sudo -process and before any uid or gid changes. +process and before any user-ID or group-ID changes. This can be used to perform session setup that is not supported by .Em command_info , such as opening the PAM session. @@ -1566,7 +1566,7 @@ used to tear down the session that was opened by The .Em pwd argument points to a passwd struct for the user the -command will be run as if the uid the command will run as was found +command will be run as if the user-ID the command will run as was found in the password database, otherwise it will be .Dv NULL . .Pp diff --git a/docs/sudo_plugin_python.man.in b/docs/sudo_plugin_python.man.in index 1b6e7c9f5..f8bc84403 100644 --- a/docs/sudo_plugin_python.man.in +++ b/docs/sudo_plugin_python.man.in @@ -17,7 +17,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.TH "SUDO_PLUGIN_PYTHON" "5" "January 19, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.TH "SUDO_PLUGIN_PYTHON" "5" "January 20, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .nh .if n .ad l .SH "NAME" @@ -370,7 +370,7 @@ The function is called before \fBsudo\fR sets up the -execution environment for the command before any uid or gid changes. +execution environment for the command before any user-ID or group-ID changes. .sp The function arguments are as follows: .TP 6n diff --git a/docs/sudo_plugin_python.mdoc.in b/docs/sudo_plugin_python.mdoc.in index 888ec4265..43523f52d 100644 --- a/docs/sudo_plugin_python.mdoc.in +++ b/docs/sudo_plugin_python.mdoc.in @@ -16,7 +16,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd January 19, 2022 +.Dd January 20, 2022 .Dt SUDO_PLUGIN_PYTHON @mansectform@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -314,7 +314,7 @@ The function is called before .Nm sudo sets up the -execution environment for the command before any uid or gid changes. +execution environment for the command before any user-ID or group-ID changes. .Pp The function arguments are as follows: .Bl -tag -width 4n diff --git a/docs/sudoers.ldap.man.in b/docs/sudoers.ldap.man.in index c3bbc97a9..3dd073907 100644 --- a/docs/sudoers.ldap.man.in +++ b/docs/sudoers.ldap.man.in @@ -16,7 +16,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.TH "SUDOERS.LDAP" "@mansectform@" "January 18, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.TH "SUDOERS.LDAP" "@mansectform@" "January 20, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .nh .if n .ad l .SH "NAME" @@ -209,7 +209,7 @@ specific to the in which it resides. .TP 6n \fBsudoRunAsUser\fR -A user name or uid (prefixed with +A user name or user-ID (prefixed with \(oq#\(cq) that commands may be run as or a Unix group (prefixed with a \(oq%\(cq) @@ -255,7 +255,7 @@ Negated entries are only supported by version 1.8.26 or higher. .TP 6n \fBsudoRunAsGroup\fR -A Unix group or gid (prefixed with +A Unix group or group-ID (prefixed with \(oq#\(cq) that commands may be run as. The special value diff --git a/docs/sudoers.ldap.mdoc.in b/docs/sudoers.ldap.mdoc.in index 915129560..1a0d83abf 100644 --- a/docs/sudoers.ldap.mdoc.in +++ b/docs/sudoers.ldap.mdoc.in @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd January 18, 2022 +.Dd January 20, 2022 .Dt SUDOERS.LDAP @mansectform@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -195,7 +195,7 @@ specific to the .Li sudoRole in which it resides. .It Sy sudoRunAsUser -A user name or uid (prefixed with +A user name or user-ID (prefixed with .Ql # ) that commands may be run as or a Unix group (prefixed with a .Ql % ) @@ -240,7 +240,7 @@ Negated .Li sudoRunAsUser entries are only supported by version 1.8.26 or higher. .It Sy sudoRunAsGroup -A Unix group or gid (prefixed with +A Unix group or group-ID (prefixed with .Ql # ) that commands may be run as. The special value diff --git a/docs/sudoers.man.in b/docs/sudoers.man.in index 16a25f3c8..67ca7cec6 100644 --- a/docs/sudoers.man.in +++ b/docs/sudoers.man.in @@ -25,7 +25,7 @@ .nr BA @BAMAN@ .nr LC @LCMAN@ .nr PS @PSMAN@ -.TH "SUDOERS" "@mansectform@" "January 18, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.TH "SUDOERS" "@mansectform@" "January 20, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .nh .if n .ad l .SH "NAME" @@ -151,13 +151,13 @@ argument can be used to override the default path to the \fIsudoers\fR file. .TP 10n -sudoers_uid=uid +sudoers_uid=user-ID The \fIsudoers_uid\fR argument can be used to override the default owner of the sudoers file. It should be specified as a numeric user-ID. .TP 10n -sudoers_gid=gid +sudoers_gid=group-ID The \fIsudoers_gid\fR argument can be used to override the default group of the sudoers file. @@ -821,9 +821,9 @@ User_List ::= User | User ',' User_List User ::= '!'* user name | - '!'* #uid | + '!'* #user-ID | '!'* %group | - '!'* %#gid | + '!'* %#group-ID | '!'* +netgroup | '!'* %:nonunix_group | '!'* %:#nonunix_gid | @@ -860,9 +860,9 @@ the host member is not used when matching. .PP A \fRuser name\fR, -\fRuid\fR, +\fRuser-ID\fR, \fRgroup\fR, -\fRgid\fR, +\fRgroup-ID\fR, \fRnetgroup\fR, \fRnonunix_group\fR or @@ -911,9 +911,9 @@ Runas_List ::= Runas_Member | Runas_Member ',' Runas_List Runas_Member ::= '!'* user name | - '!'* #uid | + '!'* #user-ID | '!'* %group | - '!'* %#gid | + '!'* %#group-ID | '!'* %:nonunix_group | '!'* %:#nonunix_gid | '!'* +netgroup | @@ -3593,10 +3593,10 @@ by default. stay_setuid Normally, when \fBsudo\fR -executes a command the real and effective UIDs are set to the target +executes a command the real and effective user-IDs are set to the target user (root by default). -This option changes that behavior such that the real UID is left -as the invoking user's UID. +This option changes that behavior such that the real user-ID is left +as the invoking user's user-ID. In other words, this makes \fBsudo\fR act as a set-user-ID wrapper. diff --git a/docs/sudoers.mdoc.in b/docs/sudoers.mdoc.in index 9d42888c0..1b9ea07cf 100644 --- a/docs/sudoers.mdoc.in +++ b/docs/sudoers.mdoc.in @@ -24,7 +24,7 @@ .nr BA @BAMAN@ .nr LC @LCMAN@ .nr PS @PSMAN@ -.Dd January 18, 2022 +.Dd January 20, 2022 .Dt SUDOERS @mansectform@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -140,12 +140,12 @@ The argument can be used to override the default path to the .Em sudoers file. -.It sudoers_uid=uid +.It sudoers_uid=user-ID The .Em sudoers_uid argument can be used to override the default owner of the sudoers file. It should be specified as a numeric user-ID. -.It sudoers_gid=gid +.It sudoers_gid=group-ID The .Em sudoers_gid argument can be used to override the default group of the sudoers file. @@ -791,9 +791,9 @@ User_List ::= User | User ',' User_List User ::= '!'* user name | - '!'* #uid | + '!'* #user-ID | '!'* %group | - '!'* %#gid | + '!'* %#group-ID | '!'* +netgroup | '!'* %:nonunix_group | '!'* %:#nonunix_gid | @@ -829,9 +829,9 @@ the host member is not used when matching. .Pp A .Li user name , -.Li uid , +.Li user-ID , .Li group , -.Li gid , +.Li group-ID , .Li netgroup , .Li nonunix_group or @@ -877,9 +877,9 @@ Runas_List ::= Runas_Member | Runas_Member ',' Runas_List Runas_Member ::= '!'* user name | - '!'* #uid | + '!'* #user-ID | '!'* %group | - '!'* %#gid | + '!'* %#group-ID | '!'* %:nonunix_group | '!'* %:#nonunix_gid | '!'* +netgroup | @@ -3384,10 +3384,10 @@ by default. .It stay_setuid Normally, when .Nm sudo -executes a command the real and effective UIDs are set to the target +executes a command the real and effective user-IDs are set to the target user (root by default). -This option changes that behavior such that the real UID is left -as the invoking user's UID. +This option changes that behavior such that the real user-ID is left +as the invoking user's user-ID. In other words, this makes .Nm sudo act as a set-user-ID wrapper. diff --git a/docs/visudo.man.in b/docs/visudo.man.in index 13b1c1b02..6e7ade6af 100644 --- a/docs/visudo.man.in +++ b/docs/visudo.man.in @@ -21,7 +21,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.TH "VISUDO" "@mansectsu@" "January 19, 2022" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" +.TH "VISUDO" "@mansectsu@" "January 20, 2022" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" .nh .if n .ad l .SH "NAME" @@ -304,7 +304,7 @@ will also parse the arguments to the \fIsudoers\fR plugin to override the default \fIsudoers\fR -path name, UID, GID, and file mode. +path name, user-ID, group-ID, and file mode. These arguments, if present, should be listed after the path to the plugin (i.e., after \fIsudoers.so\fR). @@ -326,13 +326,13 @@ argument can be used to override the default path to the \fIsudoers\fR file. .TP 10n -sudoers_uid=uid +sudoers_uid=user-ID The \fIsudoers_uid\fR argument can be used to override the default owner of the sudoers file. It should be specified as a numeric user-ID. .TP 10n -sudoers_gid=gid +sudoers_gid=group-ID The \fIsudoers_gid\fR argument can be used to override the default group of the sudoers file. diff --git a/docs/visudo.mdoc.in b/docs/visudo.mdoc.in index 09c994956..b200cf0b2 100644 --- a/docs/visudo.mdoc.in +++ b/docs/visudo.mdoc.in @@ -20,7 +20,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.Dd January 19, 2022 +.Dd January 20, 2022 .Dt VISUDO @mansectsu@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -296,7 +296,7 @@ will also parse the arguments to the .Em sudoers plugin to override the default .Em sudoers -path name, UID, GID, and file mode. +path name, user-ID, group-ID, and file mode. These arguments, if present, should be listed after the path to the plugin (i.e., after .Pa sudoers.so ) . @@ -314,12 +314,12 @@ The argument can be used to override the default path to the .Em sudoers file. -.It sudoers_uid=uid +.It sudoers_uid=user-ID The .Em sudoers_uid argument can be used to override the default owner of the sudoers file. It should be specified as a numeric user-ID. -.It sudoers_gid=gid +.It sudoers_gid=group-ID The .Em sudoers_gid argument can be used to override the default group of the sudoers file.