isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,433 Commits 1 Branch 0 Tags
6286ce1d16e11619efb8d5855b14dd296f355f9c
Commit Graph

10433 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
bb024cf093 Rename PLUGINDIR -> plugindir 2019-07-03 13:15:47 -06:00
Todd C. Miller
caceced2f5 Use $libexecdir in default settings used by the documentation. 
The web and pdf pages will substitute /usr/local/libexec for $noexec_file.
Also do substitution of variables using exec_prefix even if we don't use
them in the Makefile since the documentation may reference them.
 2019-07-03 13:13:04 -06:00
Todd C. Miller
cd258e1d39 Add conditional for sesh path in sudo.conf manual. 2019-07-03 09:06:45 -06:00
Todd C. Miller
6e497be935 Update plugindir even when --disable-shared is specified. 
Otherwise, the default value is substituted into the Makefiles and
documentation which may not match --prefix.  Bug #886
 2019-07-03 07:39:54 -06:00
Todd C. Miller
9d8f374397 Add ssizeof macro that returns ssize_t. 
We can use this instead of casting the result of size_t to int.
Also change checks for snprintf() returning <=0 to <0.
 2019-06-25 09:45:10 -06:00
Todd C. Miller
81602ad086 sudoedit should be used for editing files instead of "sudo editor" 
That way the user's editor config files are used by the editor.
 2019-06-21 14:54:09 -06:00
Todd C. Miller
1fe9644f54 Move the section on HOME to be after the environment section. 
Also strongly discourage the disabling of env_reset.
 2019-06-21 13:26:02 -06:00
Todd C. Miller
2d8949198d Remove the Solaris last login question, add one about HOME. 
The PAM session is opened with PAM_SILENT so last login info is not printed.
It is dangerous to preserve HOME from the user's environment.
 2019-06-20 21:49:11 -06:00
Todd C. Miller
a45732528b Use the term pseudo-terminal more consistently. 2019-06-20 16:52:49 -06:00
Todd C. Miller
ee214e5261 Document why HOME should not be preserved from the user's environment. 
Text was adapted from what is already present in the UPGRADE file.
Also mark set_home and always_set_home as obsolete.
 2019-06-20 16:32:18 -06:00
Todd C. Miller
e11fa62cdc Refer to command line options, not flags. 2019-06-20 16:12:32 -06:00
Todd C. Miller
646f09d74d sync 2019-06-20 14:14:03 -06:00
Todd C. Miller
c1fc4e6bec sudo will now prompt for a password as long as /dev/tty is available. 2019-06-20 14:03:03 -06:00
Todd C. Miller
71fdb8e037 Remove .cat pages, there is no need for them in the modern world. 
Sudo only shipped .cat pages for Irix, which lacked nroff.
Irix is long dead and there are multiple open source nroff options.
 2019-06-20 13:15:46 -06:00
Todd C. Miller
184484b213 Make env_editor the default. 
It is already the default in the package script.
 2019-06-20 11:51:47 -06:00
Todd C. Miller
958cf7e37f Don't describe env_editor as a security hole. 
Users that are able to edit sudoers can grant themselves permissions
so the fact that visudo runs the editor as root is not a security issue.
 2019-06-20 11:40:47 -06:00
Todd C. Miller
6fe2223298 Fix details of how EDITOR, VISUAL and SUDO_EDITOR are (or are not) preserved. 
The description in the editor option was incorrect and didn't mention env_keep.
Reported by Sander Bos
 2019-06-20 11:05:15 -06:00
Todd C. Miller
a193f39c83 Modern visudo locks the actual sudoers file, not the sudoers.tmp file. 
Refer to sudoers.tmp as a temporary file, not a lock file.
Reported by Sander Bos
 2019-06-20 10:11:26 -06:00
Todd C. Miller
29223d7f64 In tty_present(), check for /dev/tty if sudo was unable to get the tty name. 
For requiretty it is enough to check that /dev/tty is available.
If sudo can't get the tty from the kernel (missing /proc?) that is OK.
 2019-06-19 20:32:22 -06:00
Todd C. Miller
82920726fa Don't refuse to use the tty unless /dev/tty is unavailable. 
We don't care whether sudo was able to get the tty name from the kernel.
All that really matters is whether we are able to disable echo as needed.
 2019-06-19 20:29:08 -06:00
Todd C. Miller
7ce9b80085 Use of "they" was ambiguous. 2019-06-19 14:36:59 -06:00
Todd C. Miller
05f9643b89 Better description of secure_path. 
The secure_path option affects the resolution of unqualified commands
as well as the environment that commands run with.
 2019-06-19 14:29:25 -06:00
Todd C. Miller
0304416099 Add Sander Bos 2019-06-19 14:02:56 -06:00
Todd C. Miller
7d5b1e3b1b Fix a few typos and awkward wording. 
Use the singular "they" instead of he/she.
Add back missing text in description of variables starting with ().
Based on changes from Sander Bos.
 2019-06-19 14:02:16 -06:00
Todd C. Miller
cb4ded8fb6 Clarify which environment variables are set based on the target user. 2019-06-15 09:41:39 -06:00
Todd C. Miller
5d4142f294 libsudo_util depends on LT_DEP_LIBS even when building a static lib 2019-06-10 13:27:12 -06:00
Todd C. Miller
81c6cac81b Solaris getentropy() requires that sys/random.h be included. 2019-06-10 12:12:57 -06:00
Todd C. Miller
12c29e91bd Use the runhost for "User foo is not allowed to run sudo on bar." 
Otherwise, if the -h option is specified sudo will print the local
host name instead of the host specified via -h.
 2019-05-29 15:26:57 -06:00
Todd C. Miller
948007e771 Document that "no tty present and no askpass program specified" may 
happen when /proc is not accessible.
 2019-05-28 08:42:26 -06:00
Todd C. Miller
d63fe33d1f Add Sangamesh Mallayya and Michael Spradling 2019-05-27 08:51:06 -06:00
Todd C. Miller
19c548fd57 Add -B option to ring the bell before the password prompt. 2019-05-27 08:49:43 -06:00
Todd C. Miller
dae484213e Allow the user to change their password if expired on AIX. 
Bug #883
 2019-05-27 06:35:48 -06:00
Todd C. Miller
07ed5b86f2 When using AIX auth, don't display the AIX password incorrect message. 
Avoids a "3004-300 You entered an invalid login name or password"
message in addition to sudo's own "Sorry, try again" message.
 2019-05-26 16:29:08 -06:00
Todd C. Miller
8c9b23b0ca AIX packages were not being build with optimization enabled. 2019-05-24 16:02:58 -06:00
Todd C. Miller
e28ba02c78 Fix a typo. 2019-05-22 08:58:51 -06:00
Todd C. Miller
19e2da8eec Support using macOS SDKs from /Library/Developer/CommandLineTools/SDKs 2019-05-22 08:57:48 -06:00
Todd C. Miller
cd2cfeb8cb It is safe to assume _POSIX_VDISABLE is defined. 
The old compat defines were to support pre-termios systems.
 2019-05-16 12:24:48 -06:00
Todd C. Miller
30a5ee9c5d Remove second catopen() which is never called. 2019-05-06 10:04:07 -06:00
Todd C. Miller
14e72b3ec6 Sudo's conversation functions now filters out the last login information. 2019-05-01 10:56:43 -06:00
Todd C. Miller
976550084e Add pam_acct_mgmt setting to enable/disable PAM account validation. 2019-04-29 19:44:13 -06:00
Todd C. Miller
4b240c2673 regen 2019-04-29 19:43:17 -06:00
Todd C. Miller
91b6d71a04 Sudo 1.8.28 2019-04-29 19:40:51 -06:00
Todd C. Miller
1e1ef61902 Add SPDX-License-Identifier to files. 2019-04-29 07:21:51 -06:00
Todd C. Miller
96ac6adae5 Filter out last login messages on HP-UX unless running a shell. 
HP-UX in trusted mode will display last login messages as part of
the PAM account management module by libpam_comsec.  There is no
way to suppress these messages from the PAM configuration in trusted
mode so we need to filter them in the conversation function.  In
regular mode, similar (but different) messages may be produced by
libpam_hpsec.
 2019-04-28 07:26:45 -06:00
Todd C. Miller
30a56af6ef FreeBSD's /dev/fd only contains fds 0-2 unless fdescfs is mounted. 
In practice this doesn't matter since FreeBSD >= 8 has a native closefrom
 2019-04-26 15:21:29 -06:00
Todd C. Miller
aa0146d68d Keep debug fds open in send_mail() to aid in debugging. 
Adds closefrom_nodebug() which acts like closefrom(3) but doesn't
close debug fds for use by send_mail().
Also moves the code to exec the mailer to its own function.
 2019-04-20 17:28:45 -06:00
Todd C. Miller
9048ee6c48 Set def_mailerflags even if sendmail was not found at configure time. 
Fixes a NULL dereference when mailerpath is set but mailerflags is not.
Bug #878
 2019-04-19 10:14:10 -06:00
Todd C. Miller
de65d70929 Add a proper getdelim(3) replacement and use it instead of getline(3). 2019-04-08 10:37:30 -06:00
Todd C. Miller
f0910c01da Restrict the PAM_TTY kludge to Solaris and Linux-PAM. 
Setting PAM_TTY to the empty string causes problems with some modules
on HP-UX so restrict it to systems where it is fixes known issues.
 2019-04-08 08:50:03 -06:00
Todd C. Miller
731e796711 Fix the counting of supplementary groups on AIX. 
We should not assume that basegid will be present in the list of
gids returned by getgrset().
 2019-03-18 14:08:21 -06:00