isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,358 Commits 1 Branch 0 Tags
3a85a8892f982cc47cf44ece71a2f7e7d7550905
Commit Graph

538 Commits

Author SHA1 Message Date
Todd C. Miller
3a85a8892f forgot to update date in last commit 2016-06-15 10:08:06 -06:00
Todd C. Miller
6c7eb07e0e Fix typo; cn=default should be cn=defaults 2016-06-15 05:14:33 -06:00
Todd C. Miller
638acc28cf The sudoers.ldap manual is installed in section 4 or 5, not 1m or 8. 
Also fix the section for ldap.conf cross-references.
 2016-05-31 13:17:38 -06:00
Todd C. Miller
77331392e0 Fix copy pasta, "sudoNotAfter" not "sudoNotBefore". 
Add missing word "order" in a sentence describing sudoOrder.
 2016-05-31 13:14:30 -06:00
Todd C. Miller
c6b41b1657 Setting timestamp_timeout less than zero only lasts until the 
next reboot.  Adapted from a RedHat patch.
 2016-05-31 12:57:08 -06:00
Todd C. Miller
63dbb74250 Korean translation for sudo and sudoers from translationproject.org. 2016-05-25 08:41:27 -06:00
Todd C. Miller
ab861b92d2 Document that in 1.8.12 sudo started being able to check the NIS 
domain on Solaris.
 2016-05-23 11:21:34 -06:00
Todd C. Miller
7461dcf9a8 Regen for 1.8.17 2016-05-13 12:02:53 -06:00
Todd C. Miller
d25500afa8 Document that you need to preserve EDITOR and/or VISUAL for env_editor 
to be useful.
 2016-05-13 12:02:23 -06:00
Todd C. Miller
ea44d3757e For "sudoreplay -l", not all predicates may be shortened to a single 
character.  Both 'c' and 't' have more than one possibility.
 2016-05-04 16:44:52 -06:00
Todd C. Miller
b4309d4aea Ignore SIGPIPE for the duration of sudo and not just in a few select 
places.  We have no control over what nss, PAM modules or sudo
plugins might do so ignoring SIGPIPE is safest.
 2016-04-22 16:36:36 -06:00
Todd C. Miller
7cd6d4ec79 The header for sudo.conf(5) should be SUDO.CONF(5) not SUDO(5). 2016-03-17 10:46:23 -06:00
Todd C. Miller
99978e4a70 Fix documented bug with duplicate role names and turn on perl warnings. 
Based on a diff from Aaron Peschel
 2016-02-22 11:07:33 -07:00
Todd C. Miller
ec37504dfb Document the race with sudoedit_checkdir in 1.8.15. 2016-01-20 11:00:05 -07:00
Todd C. Miller
42671f6b95 Document sudoedit_checkdir 2016-01-20 10:56:47 -07:00
Todd C. Miller
647bfa4a9d Add 1.8.16 changes 2016-01-19 15:21:15 -07:00
Todd C. Miller
de0208a01b Make sudoedit_checkdir the default and update the documentation accordingly. 2016-01-19 14:16:25 -07:00
Todd C. Miller
7f8a29dfc0 Add "I/O LOG FILES" section to the manual and move many of the 
details from the log_input and log_output descriptions to it.
 2016-01-16 16:47:42 -07:00
Todd C. Miller
ad8c96403d Use "Nm sudoers" when talking about the plugin and "Em sudoers" when 
talking about the sudoers file.
 2016-01-16 16:46:17 -07:00
Todd C. Miller
5a77989a33 Add support for matching the entire netgroup tuple (user, host, domain). 2016-01-12 14:59:44 -07:00
Todd C. Miller
68c1073fe5 Rewritten sudoedit_checkdir support that checks all the dirs in the 
path and refuses to follow symlinks in writable directories.
This is a better fix for CVE-2015-5602.
Adapted from a diff by Ben Hutchings.  Bug #707
 2016-01-10 18:31:29 -07:00
Todd C. Miller
b20977d445 Add support for using fexecve() if supported on commands that are 
checksummed.
 2016-01-04 10:35:18 -07:00
Todd C. Miller
584aebe738 Clarify when SIGINT and SIGQUIT are relayed by sudo to the command. 2015-12-18 14:41:11 -07:00
Todd C. Miller
55531958de Allow sudo.conf Path settings to disable path names (by setting the 
value of NULL).
 2015-12-18 12:31:28 -07:00
Todd C. Miller
a6f8994a59 Document the names of the I/O log files and mention buffering. 
Document that I/O logs are in gzip format by default.
 2015-12-11 10:04:17 -07:00
Todd C. Miller
96201a275e Document the race condition between the digest check and command 
execution.
 2015-12-06 15:34:53 -07:00
Todd C. Miller
79be007bd6 Use https in urls. 2015-11-20 10:36:53 -07:00
Todd C. Miller
7761af6d7e Add always_query_group_plugin 2015-10-24 05:43:07 -06:00
Todd C. Miller
c50cead833 Add directory writability checks for sudoedit. 2015-10-23 14:04:35 -06:00
Todd C. Miller
588460405f For env_reset, SHELL should be set based on the target user, not 
the invoking user unless preserved via env_keep.
 2015-10-06 10:25:43 -06:00
Todd C. Miller
4c7431ecb4 Add new Slovak and Hungarian translations from translationproject.org 2015-10-05 06:03:42 -06:00
Todd C. Miller
d5086dfde4 List all the functions wrapped by sudo_noexec.so. 2015-09-28 16:48:46 -06:00
Todd C. Miller
6b81f0b88c The section is now called "EXEC and NOEXEC" and it is above, not 
below.
 2015-09-28 16:48:20 -06:00
Todd C. Miller
52ec12f52f LOGNAME and USERNAME are set the same way as USER 2015-09-27 15:40:05 -06:00
Todd C. Miller
4be48e7845 Document behavior when the command dies from a signal in EXIT STATUS. 2015-09-27 08:59:46 -06:00
Todd C. Miller
7b7db55db9 Adjust set_logname description to new behavior when any of LOGNAME, 
USER or USERNAME are preserved.
 2015-09-25 11:19:28 -06:00
Todd C. Miller
824021b51b Add explicit mention of sudo's netgroup semantics since they differ 
from most other netgroup consumers.
 2015-09-21 16:04:59 -06:00
Todd C. Miller
3ac17b302b SIGHUP is now relayed to the command. Bug #719 2015-09-15 12:24:19 -06:00
Todd C. Miller
241174ea2d Document what happens when the on_suspend/on_resume callbacks 
return an error.
 2015-09-09 15:14:06 -06:00
Todd C. Miller
edfeee6a7a No need to have version macros for hooks, callbacks and the sudoers 
group plugin.  We can just use the main sudo API macros.  The sudoers
group plugin macros are preserved for source compatibility but are
not documented.
 2015-09-09 14:56:52 -06:00
Todd C. Miller
c45559e6c8 Properly escape the backslash before a comma in an example so the 
example rule is parsable by visudo.
 2015-09-09 14:33:01 -06:00
Todd C. Miller
2042aa2b75 Mention time stamp file locking changes, fix some spelling. 2015-09-09 09:57:10 -06:00
Todd C. Miller
98a15d9879 Add a struct sudo_conv_callback that contains on_suspend and on_resume 
function pointer args plus a closure pointer and at it to the
conversation function.
 2015-09-07 06:06:08 -06:00
Todd C. Miller
af47293800 Make hook_version and hook_type unsigned. 2015-09-02 08:00:27 -06:00
Todd C. Miller
13869d349c Linux sets si_pid in struct siginfo to 0 when the process that sent 
the signal is in a different container since the PID namespaces in
different conatiners are separate.  Avoid looking up the process
group by id when si_pid is 0 since getpgid(0) returns the process
group of the current process.  Since sudo ignores signals sent
by processes in its own process group, this had the effect of
ignoring signals sent from other containers.  From Maarten de Vries
 2015-08-10 15:13:37 -06:00
Todd C. Miller
ad9a51bd9d Document that sudo uses the real uid to map from uid to passwd file 
user name.
 2015-08-09 16:22:16 -06:00
Todd C. Miller
b2f1bbfb02 disable_coredump can be set to no on modern OSes without 
security consequences.
 2015-08-09 16:12:00 -06:00
Todd C. Miller
f1053af3b5 Emphasis on the never. 2015-08-07 17:05:50 -06:00
Todd C. Miller
d4f1aeb196 Explicitly tell people not to grant sudoedit to directories the 
user can write to.  While sudoedit will no longer open symbolic
links, hard links are still an issue.
 2015-08-07 17:01:15 -06:00
Todd C. Miller
c12dd68d1e Add warning about writable directories and sudo/sudoedit. 2015-08-07 17:00:42 -06:00