o stay_setuid - sudo will remain setuid if system has saved uids or setreuid(2)
o env_reset - reset the environment to a sane default
o env_keep - preserve environment variables that would otherwise be cleared
No longer use getenv/putenv/setenv functions--do environment munging by hand.
Potentially dangerous environment variables can be cleared only if they
contain '/' pr '%' characters to protect buggy programs.
Moved environment routines into env.c (new file)
error if it does not exist.
The path to the editor for visudo is now a colon-separated list of
allowable editors. If the user has $EDITOR set and it matches
one of the allowed editors that editor will be used. If not,
the first editor in the list that actually exists is used.
that holds flags to be passed in to tgetpass(). Change echo_off
param to tgetpass() into a flags field. There are currently 2
possible flags for tgetpass(): TGP_ECHO and TGP_STDIN. In tgetpass(),
abstract the echo set/clear via macros and if (flags & TGP_ECHO)
but echo is not set on the terminal, but sure to set it.
o oprunasuser and runaslist now return a value
o in a runasspec, if a runaslist does not return TRUE, set runas_matches to
FALSE. Normally, a runaslist only returns FALSE for explicitly denied
users.
o since runaslist does not modify the stack there is no need for a push/pop
in runasalias.
o Visudo now locks the sudoers temp file instead of bailing when
the temp file already exists. This fixes the problem of stale
temp files but it does *require* that you not try to put the
temp file in a world-writable directory. This shoud not be
an issue as the temp file should live in the same dir as sudoers.
o Visudo now only installs the temp file as sudoers if it changed.
It turns out the old DES crypt does the right thing with passwords
longert than 8 characters.
o Fix common typo (necesary -> necessary)
o Update TODO list
system strdup(3) which may or may not exist. There is now no need to
provide strdup() for those w/o it. Also, the prototype for estrdup()
was wrong, it returns char * and its param is const.
and ! commands. For example:
millert ALL=(daemon) /usr/bin/whoami,!/bin/ls
would allow millert to run whoami as root as well as daemon when it should
just allow daemon. The problem was that comma-separated commands in
a list shared the same entry on the matching stack. Now they get
their own entry iff there is a full match. It may be better to just make
the runas spec persistent across all commands in a list like the user
and host entries of the matching stack. However, since that is a
fairly major change it should gets its own minor rev increase.
