isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,469 Commits 1 Branch 0 Tags
0181bf2c2358e6a3e81320eafcb3a9857d1b51fe
Commit Graph

550 Commits

Author SHA1 Message Date
Todd C. Miller
c0db5c1234 No line continuation support in ldap.conf. 2016-09-01 12:45:42 -06:00
Todd C. Miller
852fe25bc1 A comment character ('#') is only special at the beginning of the 
line.
 2016-09-01 09:28:40 -06:00
Todd C. Miller
dba28a945c Mention that match_group_by_gid has no effect when sudoers is stored 
in LDAP.
 2016-08-31 12:29:54 -06:00
Todd C. Miller
edcb137f60 match_group_by_gid is only available in sudo 1.8.18 and above 2016-08-30 14:37:57 -06:00
Todd C. Miller
7aeb11a920 Mention match_group_by_gid 2016-08-30 14:37:11 -06:00
Todd C. Miller
c57979bfb6 Document match_group_by_gid 2016-08-30 14:35:16 -06:00
Todd C. Miller
ed18d0d5f8 Make the behavior when we cannot write to a log or audit file 
configurable.  File log failures are ignored by default for consistency
with syslog.  Audit errors are ignored by default to allow the admin
to fix the issue.  I/O log file errors are still fatal by default
since if I/O logging is activated it is usually to have an audit trail.
Bug #751
 2016-08-17 07:22:51 -06:00
Todd C. Miller
a08ea1b14d Set runas_pw early and adjust runaslist_matches() to deal. Since 
we now set runas_default early there is no need to call update_defaults
with SETDEF_RUNAS after sudoers has been parsed.
 2016-08-10 10:56:05 -06:00
Todd C. Miller
56ead73886 Load sudoers group plugin via an early callback. 2016-08-09 13:14:31 -06:00
Todd C. Miller
d17bc132de Document that fqdn, runas_default and sudoers_locale are parsed early. 2016-08-09 10:26:02 -06:00
Todd C. Miller
ac20b8ddff Regen for 1.8.18 2016-08-09 10:25:50 -06:00
Todd C. Miller
f98b481af2 Point the reader to the sudoers manual for the list of supported 
arguments after the plugin path.
 2016-06-15 10:10:59 -06:00
Todd C. Miller
3a85a8892f forgot to update date in last commit 2016-06-15 10:08:06 -06:00
Todd C. Miller
6c7eb07e0e Fix typo; cn=default should be cn=defaults 2016-06-15 05:14:33 -06:00
Todd C. Miller
638acc28cf The sudoers.ldap manual is installed in section 4 or 5, not 1m or 8. 
Also fix the section for ldap.conf cross-references.
 2016-05-31 13:17:38 -06:00
Todd C. Miller
77331392e0 Fix copy pasta, "sudoNotAfter" not "sudoNotBefore". 
Add missing word "order" in a sentence describing sudoOrder.
 2016-05-31 13:14:30 -06:00
Todd C. Miller
c6b41b1657 Setting timestamp_timeout less than zero only lasts until the 
next reboot.  Adapted from a RedHat patch.
 2016-05-31 12:57:08 -06:00
Todd C. Miller
63dbb74250 Korean translation for sudo and sudoers from translationproject.org. 2016-05-25 08:41:27 -06:00
Todd C. Miller
ab861b92d2 Document that in 1.8.12 sudo started being able to check the NIS 
domain on Solaris.
 2016-05-23 11:21:34 -06:00
Todd C. Miller
7461dcf9a8 Regen for 1.8.17 2016-05-13 12:02:53 -06:00
Todd C. Miller
d25500afa8 Document that you need to preserve EDITOR and/or VISUAL for env_editor 
to be useful.
 2016-05-13 12:02:23 -06:00
Todd C. Miller
ea44d3757e For "sudoreplay -l", not all predicates may be shortened to a single 
character.  Both 'c' and 't' have more than one possibility.
 2016-05-04 16:44:52 -06:00
Todd C. Miller
b4309d4aea Ignore SIGPIPE for the duration of sudo and not just in a few select 
places.  We have no control over what nss, PAM modules or sudo
plugins might do so ignoring SIGPIPE is safest.
 2016-04-22 16:36:36 -06:00
Todd C. Miller
7cd6d4ec79 The header for sudo.conf(5) should be SUDO.CONF(5) not SUDO(5). 2016-03-17 10:46:23 -06:00
Todd C. Miller
99978e4a70 Fix documented bug with duplicate role names and turn on perl warnings. 
Based on a diff from Aaron Peschel
 2016-02-22 11:07:33 -07:00
Todd C. Miller
ec37504dfb Document the race with sudoedit_checkdir in 1.8.15. 2016-01-20 11:00:05 -07:00
Todd C. Miller
42671f6b95 Document sudoedit_checkdir 2016-01-20 10:56:47 -07:00
Todd C. Miller
647bfa4a9d Add 1.8.16 changes 2016-01-19 15:21:15 -07:00
Todd C. Miller
de0208a01b Make sudoedit_checkdir the default and update the documentation accordingly. 2016-01-19 14:16:25 -07:00
Todd C. Miller
7f8a29dfc0 Add "I/O LOG FILES" section to the manual and move many of the 
details from the log_input and log_output descriptions to it.
 2016-01-16 16:47:42 -07:00
Todd C. Miller
ad8c96403d Use "Nm sudoers" when talking about the plugin and "Em sudoers" when 
talking about the sudoers file.
 2016-01-16 16:46:17 -07:00
Todd C. Miller
5a77989a33 Add support for matching the entire netgroup tuple (user, host, domain). 2016-01-12 14:59:44 -07:00
Todd C. Miller
68c1073fe5 Rewritten sudoedit_checkdir support that checks all the dirs in the 
path and refuses to follow symlinks in writable directories.
This is a better fix for CVE-2015-5602.
Adapted from a diff by Ben Hutchings.  Bug #707
 2016-01-10 18:31:29 -07:00
Todd C. Miller
b20977d445 Add support for using fexecve() if supported on commands that are 
checksummed.
 2016-01-04 10:35:18 -07:00
Todd C. Miller
584aebe738 Clarify when SIGINT and SIGQUIT are relayed by sudo to the command. 2015-12-18 14:41:11 -07:00
Todd C. Miller
55531958de Allow sudo.conf Path settings to disable path names (by setting the 
value of NULL).
 2015-12-18 12:31:28 -07:00
Todd C. Miller
a6f8994a59 Document the names of the I/O log files and mention buffering. 
Document that I/O logs are in gzip format by default.
 2015-12-11 10:04:17 -07:00
Todd C. Miller
96201a275e Document the race condition between the digest check and command 
execution.
 2015-12-06 15:34:53 -07:00
Todd C. Miller
79be007bd6 Use https in urls. 2015-11-20 10:36:53 -07:00
Todd C. Miller
7761af6d7e Add always_query_group_plugin 2015-10-24 05:43:07 -06:00
Todd C. Miller
c50cead833 Add directory writability checks for sudoedit. 2015-10-23 14:04:35 -06:00
Todd C. Miller
588460405f For env_reset, SHELL should be set based on the target user, not 
the invoking user unless preserved via env_keep.
 2015-10-06 10:25:43 -06:00
Todd C. Miller
4c7431ecb4 Add new Slovak and Hungarian translations from translationproject.org 2015-10-05 06:03:42 -06:00
Todd C. Miller
d5086dfde4 List all the functions wrapped by sudo_noexec.so. 2015-09-28 16:48:46 -06:00
Todd C. Miller
6b81f0b88c The section is now called "EXEC and NOEXEC" and it is above, not 
below.
 2015-09-28 16:48:20 -06:00
Todd C. Miller
52ec12f52f LOGNAME and USERNAME are set the same way as USER 2015-09-27 15:40:05 -06:00
Todd C. Miller
4be48e7845 Document behavior when the command dies from a signal in EXIT STATUS. 2015-09-27 08:59:46 -06:00
Todd C. Miller
7b7db55db9 Adjust set_logname description to new behavior when any of LOGNAME, 
USER or USERNAME are preserved.
 2015-09-25 11:19:28 -06:00
Todd C. Miller
824021b51b Add explicit mention of sudo's netgroup semantics since they differ 
from most other netgroup consumers.
 2015-09-21 16:04:59 -06:00
Todd C. Miller
3ac17b302b SIGHUP is now relayed to the command. Bug #719 2015-09-15 12:24:19 -06:00