isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,802 Commits 1 Branch 0 Tags
5bbfaa8e68b5ee6f27d4fbfa3c4e789341724f9c
Commit Graph

151 Commits

Author SHA1 Message Date
Todd C. Miller
f69031da24 Quest no longer sponsors sudo development. 2024-01-31 10:05:50 -07:00
Todd C. Miller
b39dc7c5f1 Document side-effects of enabling the use_pty option. 2024-01-08 14:28:58 -07:00
Todd C. Miller
6d4ffe6743 In the NOEXEC example make it clear that "shanty" is a host. 
Bug #1064
 2023-12-19 09:55:09 -07:00
THE-Spellchecker
5eba4b48cf Typographical and Grammatical fixes 2023-11-28 15:00:04 -07:00
Todd C. Miller
b4ae559c81 Reword the description of cmddenial_message. 2023-11-28 14:49:13 -07:00
Todd C. Miller
6b6e0aed0a Regenerate from sudoreplay.mdoc.in 2023-11-28 14:48:51 -07:00
Guillaume Destuynder
a4cbfecdae Add support for a custom message when the command execution is denied. 2023-11-28 14:19:26 -07:00
Todd C. Miller
7d7dfbfd44 Sync time stamp defines with sudoers timestamp.h 
The types and flags are now explicitly unsigned.
 2023-11-26 08:59:05 -07:00
Todd C. Miller
0c958e1852 Mention the tsdump utility 2023-11-26 08:55:41 -07:00
Todd C. Miller
61dbfe0924 Document ttydev and bump plugin version to 1.22 2023-11-25 18:38:36 -07:00
Todd C. Miller
3686c9fdd1 Document special cases for AIX-style shared libraries. 
The shared object is a member of an archive file that is specified
in parentheses.
 2023-11-06 09:39:36 -07:00
Todd C. Miller
e772479272 Add sudoers plugin Debug example and x-ref sudoers man page for details. 2023-11-04 19:36:35 -06:00
Todd C. Miller
ec6906f63b The HP-UX getgrouplist() code has been disabled due to bugs. 2023-11-04 18:51:36 -06:00
Todd C. Miller
86f1d52a0b Add Andika Triwidada 2023-10-23 07:52:23 -06:00
Todd C. Miller
3141f63b25 Mention potential problems with log_subcmds and intercept. 2023-09-28 17:01:02 -06:00
Todd C. Miller
f4acc43663 Mention the time stamp and lecture file name changes in 1.9.15. 2023-09-20 09:00:29 -06:00
Todd C. Miller
d9da92951a Replace '/' with '_' in paths using the user, group or host name. 2023-09-20 09:00:27 -06:00
Todd C. Miller
7363ad7b32 Use the user-ID instead of user-name for the timestamp and lecture file. 
This avoids problems if the user name itself contains a path separator.
 2023-09-11 10:27:35 -06:00
Todd C. Miller
3c05e748a4 Add ignore_perms plugin argument to skip the sudoers file security checks. 
This is not intended to be used in a production environment.
 2023-08-29 09:55:09 -06:00
Todd C. Miller
6842dd1bfd Document "sudo -ll command" output. 2023-08-09 10:57:16 -06:00
Todd C. Miller
980e0216ac Add basic support for 32-bit and 64-bit LD_PRELOAD equivalents. 
The noexec and intercept DSO settings may now include both a 32-bit
DSO and a 64-bit DSO specified by a colon.  For example:
/usr/libexec/sudo/sudo_intercept.so:/usr/libexec/sudo/sudo_intercept_64.so.
 2023-07-31 13:46:57 -06:00
Todd C. Miller
bdde6dfa11 visudo: document that a new file is only created if the editor writes it. 
If visudo is used to create a new file, the file will only be created
if the user writes to the file via the editor.  Simply running
visudo and exiting the editor will no longer cause the file to be
created.  There is an exception for file created due to the addition
of a @include directive, which need to be present for the sudoers
file to parse properly.  GitHub issue #294.
 2023-07-27 11:32:56 -06:00
Todd C. Miller
50fde5d815 Make the sections on bug reporting consistent with each other. 
GitHub issue #292
 2023-07-27 09:51:57 -06:00
Todd C. Miller
44cfa9e132 Add restrict keyword to sudo_printf_t in plugin docs. 2023-07-10 14:30:39 -06:00
Todd C. Miller
e0ee845dfc Reference SETENV-related settings in the command environment section. 
Based on GitHub PR #273 from Ilya Kulakov.
 2023-06-20 15:12:43 -06:00
Todd C. Miller
5d2b1761f6 Clarify that use_pty is on by default starting with 1.9.14. 2023-06-18 12:44:57 -06:00
Todd C. Miller
afb09e0044 Sudo runs the command in a pty by default in 1.9.14 and above. 2023-06-18 08:08:32 -06:00
Todd C. Miller
3786654dbd Add NETGROUP_QUERY option for servers that can't match nisNetgroupTriple. 
This can be used to support netgroup queries on systems that lack
the innetgr() function and where the LDAP server cannot query the
nisNetgroup by nisNetgroupTriple.
 2023-06-07 10:10:52 -06:00
Todd C. Miller
d633d82f22 Fix typos and update excluded/ignored codespell lists. 2023-05-25 12:53:27 -06:00
Todd C. Miller
d4c6ef1222 Add adminconfdir and --enable-adminconf to set it. 
Configuration paths in sudo are now a colon-separated list of files
with the adminconfdir instance first (if enabled), followed by a
sysconfdir instance.
 2023-05-02 10:37:39 -06:00
Todd C. Miller
894daa88f6 Enable the use_pty option by default for sudo 1.9.14. 
GitHub issue #258
 2023-04-06 11:30:51 -06:00
Todd C. Miller
493b2441d4 Fix display of escape sequencees in ldapsearch example. 2023-03-28 16:04:47 -06:00
Todd C. Miller
3b55de4e83 White space is not allowed between Defaults and '@', ':', '!', '>'. 
The EBNF made it appear that this is allowed when it really is not.
 2023-03-28 16:02:46 -06:00
Todd C. Miller
28ecbe4d51 Warn about ignored files in sudoers.d in visudo. 2023-03-20 18:29:33 -06:00
Todd C. Miller
24f04c8cb3 Add example to verify support for searching by nisNetgroupTriple. 2023-03-12 12:04:47 -06:00
Todd C. Miller
916d8b47c1 Sudo now does its own netgroup lookups if NETGROUP_BASE is set. 
Previously, it only performed netgroup queries to determine the
list of netgroups a user was a member of.
 2023-03-10 19:19:23 -07:00
Todd C. Miller
c6cc680069 Add a link to the sudo security advisories archive. 2023-01-19 15:20:38 -07:00
Todd C. Miller
0865e61d9e Pass back the number of files to edit when using sudoedit. 
The sudo front-end can use this to determine where the list of files
to edit begins.
 2023-01-18 13:38:15 -07:00
Todd C. Miller
334daf92b3 Escape control characters in log messages and "sudoreplay -l" output. 
The log message contains user-controlled strings that could include
things like terminal control characters.  Space characters in the
command path are now also escaped.

Command line arguments that contain spaces are surrounded with
single quotes and any literal single quote or backslash characters
are escaped with a backslash.  This makes it possible to distinguish
multiple command line arguments from a single argument that contains
spaces.

Issue found by Matthieu Barjole and Victor Cutillas of Synacktiv
(https://synacktiv.com).
 2023-01-18 08:21:34 -07:00
Todd C. Miller
3726e38394 Stop using 8n width in tagged lists. 
Use either 4n, when the body is expected to wrap or the width of
the longest tag when no wrapping is expected.
 2023-01-16 08:53:35 -07:00
Todd C. Miller
0814749132 Use -width Ds for the options list, not -width Fl. 2023-01-16 08:29:39 -07:00
Todd C. Miller
a7e8a20d0d Reduce the offset of bullet lists to 1n. 2023-01-16 08:15:46 -07:00
Todd C. Miller
4b0dc2eecb Substitute python plugin file name in sudo_plugin_python documentation. 
Also use prefix for group plugin fallback path section in sudoers manual.
 2022-12-30 13:38:40 -07:00
Todd C. Miller
95a6c04598 Document that -k does not interfere with sudo on other terminals. 
This should help clarify the difference between "sudo -k" and "sudo -K".
 2022-12-27 20:18:56 -07:00
Todd C. Miller
048b843e6d Use @intercept_file@ and @noexec_file@ like the example file. 2022-12-26 15:32:36 -07:00
Todd C. Miller
772fc914a8 There is a @pam_login_service@ substitution but no @pam_service@. 
Just use sudo instead of @pam_service@.
 2022-12-26 15:26:13 -07:00
Todd C. Miller
eeea67e70b Use @sudoers_plugin@ instead of @sudoers_module@. 2022-12-26 13:56:43 -07:00
Todd C. Miller
f6e0e87ba9 sudo 1.9.13 
Document the changes to AIX plugins in docs/UPGRADE.md and regenerate
configure using the latest autoconf from git.
 2022-12-26 10:47:51 -07:00
Todd C. Miller
50958a05da Remove developer mode from sudo.conf, it is no longer used. 2022-12-26 07:43:55 -07:00
Todd C. Miller
206700c3f0 Use AIX-style shared libraries on AIX by default instead of SVR4-style. 
This removes the need to use the -brtl linker flag which can cause
problems when there are both a .so and .a version of the same library
but with different versions.  This was particularly problematic
when using the AIX freeware version of OpenSSL.  The --with-aix-soname=svr4
option can be used to build SVR4-style shared libs instead.
 2022-12-26 07:43:55 -07:00