Rename set_perms_saved_uid() -> set_perms_posix()
Make set_perms_setreuid simply be set_perms_fallback() and simply include
the appropriate function at compile time (setreuid() vs. setuid()).
o stay_setuid - sudo will remain setuid if system has saved uids or setreuid(2)
o env_reset - reset the environment to a sane default
o env_keep - preserve environment variables that would otherwise be cleared
No longer use getenv/putenv/setenv functions--do environment munging by hand.
Potentially dangerous environment variables can be cleared only if they
contain '/' pr '%' characters to protect buggy programs.
Moved environment routines into env.c (new file)
if available.
Added stay_setuid option for systems that have libraries that perform
extra paranoia checks in system libraries for setuid programs (ie:
anything with issetugid(2)).
by deferring the call to log_error() until things are better setup.
Fix return value of set_loginclass() in non-BSD-auth case.
Hard-code 'sudo' in the usage message so we can fit more options on a line
the value of the default was checked *before* sudoers was parsed.
Instead of passing in the value of PWCHECK_* to sudoers_lookup(),
pass in the arg for def_ival() so the check can be deferred until
after sudoers is parsed.
authentication methods (like PAM) may do their own logging via
syslog. Since we don't use syslog much (usually just once per
session) this doesn't really incur a performance penalty.
It also Fixes a SEGV with pam_kafs.
that holds flags to be passed in to tgetpass(). Change echo_off
param to tgetpass() into a flags field. There are currently 2
possible flags for tgetpass(): TGP_ECHO and TGP_STDIN. In tgetpass(),
abstract the echo set/clear via macros and if (flags & TGP_ECHO)
but echo is not set on the terminal, but sure to set it.
until after the sudoers file has been parsed but since there are now
other options that operate that way this one can too. Based on a patch
from bguillory@email.com.
0400 to whatever SUDOERS_MODE is (converting from the old sudoers mode).
Assumes that SUDOERS_MODE is less restrictive than 0400 which should
always be the case.
if there is *any* entry for the user on the host with a NOPASSWD flag.
For -v, only allow w/o a passwd if *all* entries for the user on the host
w/ the specified runas user have the NOPASSWD flag set.
be set before sudoers is parsed.
o Fix the "set_home" sudoers option (only worked at compile time).
o Fix "fqdn" sudoers option. We now set host/shost via set_fqdn which
gets called when the "fqdn" option is set in sudoers.
o Move the openlog() to store_syslogfac() so this gets overridden
correctly from the sudoers file.
o Implement mailer_flags
o Store syslog stuff both in int and string form. Setting the string
form magically updates the int version.
o Add boolean attribute to strings where it makes sense to say !foo
changable at runtime (and on a global, per-host and per-user basis).
Both the names and the internal representation are still subject to change.
It was necessary to make sudo_user.runas but a char ** instead of a
char * since this value can be changed by a Defaults line. There is a
similar (but more complicated) issue with sudo_user.prompt but it
is handled differently at the moment.
Add a "-L" flag to list the name of options with their descriptions. This
may only be temporary.
Move some prototypes to parse.h
Be much less restrictive on what is allowed for a username.
gain us anything to run as the user since an attacker can just have
an setuid(0) in their egg. Running as root solves potential problems
wrt signalling.
