isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,095 Commits 1 Branch 0 Tags
8dccf8fcc47d4ae93c49b969bc8ec5b29623a19c
Commit Graph

3095 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
8dccf8fcc4 More to a less restrictive, ISC-style license. 2004-02-13 21:36:43 +00:00
Todd C. Miller
5bc294b715 More to a less restrictive, ISC-style license. 2004-02-13 21:36:43 +00:00
Todd C. Miller
dda192f905 More to a less restrictive, ISC-style license. 2004-02-13 21:36:43 +00:00
Aaron Spangler
9f0dda088f Merged in LDAP Support 2004-02-13 02:08:27 +00:00
Aaron Spangler
b0226e939b Merged in LDAP Support 2004-02-13 02:08:27 +00:00
Aaron Spangler
240f4e0317 Merged in LDAP Support 2004-02-13 02:08:27 +00:00
Aaron Spangler
bd9be2cf05 Merged in LDAP Support 2004-02-13 02:08:27 +00:00
Todd C. Miller
d80d2e29ad Only do "extern int errno" if errno is not a macro. 2004-02-08 20:53:55 +00:00
Todd C. Miller
a622cb2795 setreuid(0, 0) fails on QNX if the euid is not already 0 so set the 
euid first, then just call setuid(0) to set the real uid too.
 2004-02-06 23:08:04 +00:00
Todd C. Miller
7bc6df0246 Use setresuid() and setreuid() for PERM_RUNAS when appropriate instead 
of seteuid() which may not exist.
 2004-02-06 19:52:17 +00:00
Todd C. Miller
c7f9bb0241 2004 2004-02-04 19:58:25 +00:00
Todd C. Miller
3a4d283109 Add --with-pc-insults configure option 2004-02-04 04:38:56 +00:00
Todd C. Miller
ff092a1a1c Prefer VISUAL over EDITOR like old vipw did. 2004-02-04 04:32:18 +00:00
Todd C. Miller
cb467e2a52 regen 2004-02-01 20:45:08 +00:00
Todd C. Miller
3a31bf9747 Add a note that noexec is not a cure-all. 2004-02-01 20:44:44 +00:00
Todd C. Miller
c892061f0e Mention that disabling "root_sudo" is pretty pointless. 2004-02-01 20:20:55 +00:00
Todd C. Miller
a7039ea7bd Substitute for root_sudo in sudoers.pod 2004-02-01 20:20:30 +00:00
Todd C. Miller
be4bcc99c9 Add sudoedit to the NAME section 2004-02-01 20:03:22 +00:00
Todd C. Miller
3802623a04 Document that fact that setting ignore_dot in sudoers has no effect 
due to the fact that find_path() is called *before* sudoers is read.
 2004-02-01 20:00:32 +00:00
Todd C. Miller
4716ea9880 Do not require _PATH_USRTMP to be set. 2004-01-30 00:50:41 +00:00
Todd C. Miller
926d3f5b5e sync 2004-01-30 00:42:58 +00:00
Todd C. Miller
9763592ef7 regen 2004-01-30 00:42:29 +00:00
Todd C. Miller
f452989c9e Clarify that when sudo is run by root with the SUDO_USER variable set, 
the sudoers lookup happens for root and not the SUDO_USER user.
 2004-01-30 00:41:43 +00:00
Todd C. Miller
c4a8ab8b99 Use the SET, CLR and ISSET macros. 2004-01-29 22:33:58 +00:00
Todd C. Miller
fb5a1aa3ae Use the SET, CLR and ISSET macros. 2004-01-29 22:33:54 +00:00
Todd C. Miller
262bb5e870 Use the SET, CLR and ISSET macros. 2004-01-29 22:33:54 +00:00
Todd C. Miller
22c30e08da MAIN was replaced with _SUDO_MAIN some time ago. 2004-01-29 21:22:55 +00:00
Todd C. Miller
7a07ad8641 Don't look at prev_user until after we've parsed sudoers and done the 
password check.  That way, if sudo/sudoedit is run from a root process
that was invoked by sudo, we check sudoers for root, not the previous
user.  This makes sudoedit much more useful and means that for the
sudo case, we get correct logging on who actually ran the command.
 2004-01-29 21:15:27 +00:00
Todd C. Miller
2af994ada6 Add a comment describing why we need to be notified about our child 
stopping.
 2004-01-23 00:22:28 +00:00
Todd C. Miller
04b8f60cad Update the noexec variable descriptions 2004-01-22 21:06:58 +00:00
Todd C. Miller
5a972df0ba noexec now replaces more than just execve() 2004-01-22 19:18:50 +00:00
Todd C. Miller
4ad4ba1740 Alas, all the world does not go through execve(2). Many systems 
still have an execv(2) system call, Linux 2.6 provides fexecve(2)
and it is not uncommon for libc to have underscore ('_') versions
of the functions to be used internally by the library.  Instead of
stubbing all these out by hand, define a macro and let it do the
work.  Extra exec functions pointed out by Reznic Valery.
 2004-01-22 17:14:18 +00:00
Todd C. Miller
5ccddf8176 Fix suspending the editor in -e mode. Because we do a fork() first 
we need to be notified when the child has been stopped and then send
that same signal to ourself so the shell can do its job control thing.
 2004-01-22 02:57:01 +00:00
Todd C. Miller
24155a405a Use WIFEXITED and WEXITSTATUS macros. If there are systems out there 
that want to run sudo that still don't support these we can try to
deal with that later.
 2004-01-22 02:44:13 +00:00
Todd C. Miller
6f2cfc2bca regen 2004-01-22 01:03:16 +00:00
Todd C. Miller
be8c6acf64 Document sudo -e / sudoedit 2004-01-22 01:00:54 +00:00
Todd C. Miller
63e1f3dd92 fix typo 2004-01-22 00:08:58 +00:00
Todd C. Miller
2d21140a3d Add SET/CLR/ISSET 2004-01-22 00:02:36 +00:00
Todd C. Miller
d1798a06b4 Allow non-exclusive flags when invoked as sudoedit. 
Pretty print the long usage() line to not wrap (assumes 80 char display)
 2004-01-21 23:55:39 +00:00
Todd C. Miller
2be964efea If sudo is invoked as "sudoedit" the -e flag is implied and no other 
flags are permitted.
 2004-01-21 23:01:35 +00:00
Todd C. Miller
c7d74402f3 Add a new flag, -e, that makes it possible to give users the ability 
to edit files with the editor of their choice as the invoking user,
not the runas user.  Temporary files are used for the actual edit
and the temp file is copied over the original after the editor is done.
 2004-01-21 23:00:43 +00:00
Todd C. Miller
4dc5700a6d Add a new flag, -e, that makes it possible to give users the ability 
to edit files with the editor of their choice as the invoking user,
not the runas user.  Temporary files are used for the actual edit
and the temp file is copied over the original after the editor is done.
 2004-01-21 22:25:10 +00:00
Todd C. Miller
8ab5b8c596 If real uid == 0 and the SUDO_USER environment variables is set, 
use that to determine the invoking user's true identity.  That way
the proper info gets logged by someone who has done "sudo su" but
still uses sudo to as root.  We can't do this for non-root users
since that would open up a security hole, though perhaps it would
be acceptable to use getlogin(2) on OSes where this a system call
(and doesn't just look in the utmp file).
 2004-01-21 22:06:02 +00:00
Todd C. Miller
cc7cfa707e Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP 2004-01-21 21:58:24 +00:00
Todd C. Miller
f4a4d4c666 Add check for fchown(2) 2004-01-21 21:57:59 +00:00
Todd C. Miller
063c2812e2 Back out portions of the -i commit that set NewArgv[0] in set_runaspw. 
It is far to late to set NewArgv[0] there and will have no effect
anyway as cmnd and safe_cmnd have already been set.
 2004-01-20 19:22:46 +00:00
Todd C. Miller
f068ee01c4 Prefer VISUAL over EDITOR like old vipw did. 2004-01-20 19:18:44 +00:00
Todd C. Miller
3001e7f296 In -i mode always set new environment based on the runas user's passwd entry. 2004-01-19 01:17:00 +00:00
Todd C. Miller
1b7cf30c7b Document the new -i flag and sync SYNOPSIS section with usage() in sudo.c. 
Also sort the flags in the OPTIONS section.
 2004-01-18 22:56:27 +00:00
Todd C. Miller
1ca6264df1 o Add -i that acts similar to "su -", based on patches from David J. MacKenzie 
o Sort the flags in the usage message
 2004-01-18 22:55:32 +00:00