isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,878 Commits 1 Branch 0 Tags
06d52c97c22eeeaaf81a397612b4733e754ceff8
Commit Graph

617 Commits

Author SHA1 Message Date
Todd C. Miller
447c2c7e8c regen 2017-09-01 06:01:08 -06:00
Todd C. Miller
7652dad0d6 Fix typo (Auguest vs. August). From David Pocock. 2017-09-01 06:00:48 -06:00
Todd C. Miller
a01bbfacf4 Add Friulian translation for sudo from Fabio Tomat via translationproject.org 2017-08-10 10:14:57 -06:00
Todd C. Miller
54860cf7f5 In the Runas example that uses "boulder" make it clear that "boulder" 
is a host name.
 2017-08-04 14:55:03 -06:00
Todd C. Miller
c18dde2350 Allow the user to specify a list of environment variables to preserve. 
This adds an option paramter to the --preserve-env option, a
comma-separated list of variable names.
 2017-08-03 07:32:24 -06:00
Todd C. Miller
63d954d1fc Replace tty_tickets option with timestamp_type which can be 
global, ppid or tty.  Defaults to tty (no change in behavior).
Some users want the ppid behavior.
 2017-08-01 16:14:54 -06:00
Todd C. Miller
9ea9ecb183 start new sentences on a new line 2017-07-21 11:20:04 -06:00
Todd C. Miller
d76d5eaebc Clarify how the variable prompt options interact with each other 
and PAM.
 2017-07-21 11:18:13 -06:00
Todd C. Miller
d129f306ea Add syslog_pid sudoers option to log sudo's process ID when logging 
via syslog.  This is disabled by default to match historic behavior.
 2017-07-20 16:33:12 -06:00
Todd C. Miller
6b4d871b14 Document that "-p prompt" overrides SUDO_PROMPT. 2017-07-20 11:44:50 -06:00
Todd C. Miller
9a76678317 Allow sudoreplay to adjust the window size on xterm-like terminals. 2017-07-13 11:20:45 -06:00
Todd C. Miller
8898ec1f9c Pass window size change events to the plugin. 2017-07-12 05:47:28 -06:00
Todd C. Miller
e70a953fb4 Remove pointless subshells in targets that simply change the directory 
and execute a command.  The command is already run in a shell so
there is no need to execute a subshell in this case.
 2017-07-12 05:45:46 -06:00
Todd C. Miller
60146c2959 Fix the man section of sudo_plugin in cross-references. 2017-06-07 16:25:46 -06:00
Todd C. Miller
e1e2162dcf Instead of hard-coding a check for bash functions in env_should_delete(), 
use a "*=()* " pattern in initial_badenv_table[] to match them instead.
This allows the user to remove the check via env_delete.
 2017-06-03 08:43:32 -06:00
Todd C. Miller
0ab00964ec Mac OS X -> macOS 2017-06-02 16:10:37 -06:00
Todd C. Miller
7526869d87 devsearch is ignored on BSD, macOS and Solaris 2017-06-02 15:47:35 -06:00
Todd C. Miller
cc71b99849 Add a new "devsearch" Path setting to sudo.conf for configuring the 
/dev paths to traverse instead of hard-coding a list in ttyname.c
The default value can be set at configure time.
 2017-05-30 10:44:11 -06:00
Todd C. Miller
17514b55ea Add support for multiple '*' in env_keep, env_check and env_delete 
entries.
 2017-05-12 10:02:17 -06:00
Todd C. Miller
e51831fab3 Be clear that #includedir diverts control to the files in the 
specified directory and, when parsing of those files is complete,
returns control to the original file.  Bug #775
 2017-05-08 13:55:02 -06:00
Todd C. Miller
01228b735d Update based on information from Michael Felt. 2017-05-05 10:45:33 -06:00
Todd C. Miller
8468f13c69 Move syslog_maxlen to the "Integers" section. Move syslog_goodpri and 
syslog_badpri to the "Strings at can be used in a boolean context" section.
 2017-05-03 10:32:21 -06:00
Todd C. Miller
d9bfaa386e Fix a pasto that resulted in an extra (empty) syslog_goodpri list entry. 2017-05-03 10:24:12 -06:00
Todd C. Miller
ddf1fa16f8 Replace the list of "dangerous" environment variables and explain 
how sudo handles the environment instead.
 2017-05-01 11:33:51 -06:00
Todd C. Miller
0b81e0b195 Try to make it clear that when match_group_by_gid is enabled, groups 
in sudoers are looked up by group name instead of group ID.  This
doesn't usually cause problems, but if there are conflicting group
entries (for example, from a local /etc/group file and an LDAP or
AD group database), whether the group is resolved by name or ID can
be used to work around conflicts.
 2017-04-11 16:56:04 -06:00
Todd C. Miller
272a9c8e9b Document that commands matched by "sudo ALL" are not affected by 
fdexec.
 2017-03-27 11:10:18 -06:00
Todd C. Miller
7f26338071 Mention that iolog_user is useful for NFS. 2017-03-24 15:36:03 -06:00
Todd C. Miller
b3af85ddc8 Add restricted_env_file which is like env_file but subject to the 
same restrictions as the user's own environment.
 2017-03-22 13:39:25 -06:00
Todd C. Miller
8d57491dc1 Add PERM_IOLOG so we can create I/O log files on an NFS-mounted 
filesystem where root is remapped to an unprivileged user.
 2017-03-21 13:41:14 -06:00
Todd C. Miller
c4e703696a Add iolog_flush option. 2017-03-20 10:25:58 -06:00
Todd C. Miller
8c8d078f66 Don't allow the user to specify an I/O log file mode that sudo can't 
read or write to.  I/O logs must always be readable and writable
by the owner.
 2017-03-17 10:56:17 -06:00
Todd C. Miller
8b3845c1ca Regenerate the cat pages with newer mandoc which formats double 
quotes as "foo" instead of ``foo''.
 2017-03-14 09:13:25 -06:00
Todd C. Miller
4bdbc6b290 Make it clear that I/O logs will be complete even if the command 
run by sudo is terminated by a signal.  The I/O log buffering just
prevents the logs from being displayed in real-time as the command
is running.
 2017-03-14 09:11:56 -06:00
Todd C. Miller
05e52c7b82 Update the description of strict mode to current reality. Aliases 
haven't needed to be defined before they are used since sudo 1.7.
 2017-02-22 14:13:07 -07:00
Todd C. Miller
daa728fd88 Go back to using a Warning/Error prefix in the message printed to 
stderr for alias problems.  Requested by Tomas Sykora.
 2017-02-22 06:38:33 -07:00
Todd C. Miller
e5dee1557e Add NOTBEFORE and NOTAFTER command options similar to what is 
already available in LDAP.
 2017-02-18 15:35:48 -07:00
Todd C. Miller
31540e6228 Bump version to 1.11 for timeout entry in settings[] 2017-02-16 10:28:08 -07:00
Todd C. Miller
b030c96a86 regen 2017-02-16 10:13:48 -07:00
Todd C. Miller
c86a6a23ad Add a command line option to specify the command timeout, as long 
as sudoers does not specify a shorter time limit.
 2017-02-16 09:58:18 -07:00
Todd C. Miller
24cdbb8de1 Split out tags again so they must precede the command and not allow 
them to be mixed in with options.
 2017-02-14 15:56:34 -07:00
Todd C. Miller
3980f1531b Add support for command timeouts in sudoers. After the timeout, 
the command will be terminated.
 2017-02-14 15:56:34 -07:00
Todd C. Miller
4f9dcd7264 Merge command tags, SELinux type/role and Solaris privs settings 
into "command options".  This relaxes the order of things so tags
and other options can be interspersed.
 2017-02-14 15:56:34 -07:00
Todd C. Miller
3742f7a46e Add ignore_unknown_defaults flag to ignore unknown Defaults entries 
in sudoers instead of producing a warning.
 2017-02-06 05:41:57 -07:00
Todd C. Miller
8e3613340c update zlib to version 1.2.11 2017-01-25 15:11:32 -07:00
Todd C. Miller
413e1100b8 Add new fdexec sudoers setting to allow choose whether execve() or 
fexecve() is used.
 2017-01-22 18:56:16 -08:00
Todd C. Miller
df03020c4c Add support for SASL_MECH in ldap.conf; Bug #764 2017-01-17 11:09:23 -07:00
Todd C. Miller
34ba901baa Fix documentation bug, the contents of env_file have never been 
subject to env_keep or env_check.  However, variables are only added
if they have not already been preserved.
 2017-01-17 10:10:47 -07:00
Todd C. Miller
57933a8ff3 Safer example for rule that can change non-root passwords. GNU 
getopts allows options to follow arguments so we need to be able
to deny things like "passwd root -q".  From Paul "Joey" Clark.
Bug #772
 2017-01-17 08:55:40 -07:00
Todd C. Miller
0c3a8085b3 Avoid using the system strnlen/strndup on AIX < 6. Even if configure 
correctly detects it is working on the build machine, the sudo
package may be run on a system with an old libc were it is broken.
 2017-01-05 06:22:58 -07:00
Todd C. Miller
87d02bfe2d Dell spun off Quest so simplify the history by just talking 
about Quest and not Dell.
 2016-12-20 06:35:49 -07:00