isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,156 Commits 1 Branch 0 Tags
ad8c96403d8c39d47138862bc94e996d2f19e30a
Commit Graph

128 Commits

Author SHA1 Message Date
Todd C. Miller
ad8c96403d Use "Nm sudoers" when talking about the plugin and "Em sudoers" when 
talking about the sudoers file.
 2016-01-16 16:46:17 -07:00
Todd C. Miller
5a77989a33 Add support for matching the entire netgroup tuple (user, host, domain). 2016-01-12 14:59:44 -07:00
Todd C. Miller
68c1073fe5 Rewritten sudoedit_checkdir support that checks all the dirs in the 
path and refuses to follow symlinks in writable directories.
This is a better fix for CVE-2015-5602.
Adapted from a diff by Ben Hutchings.  Bug #707
 2016-01-10 18:31:29 -07:00
Todd C. Miller
b20977d445 Add support for using fexecve() if supported on commands that are 
checksummed.
 2016-01-04 10:35:18 -07:00
Todd C. Miller
a6f8994a59 Document the names of the I/O log files and mention buffering. 
Document that I/O logs are in gzip format by default.
 2015-12-11 10:04:17 -07:00
Todd C. Miller
96201a275e Document the race condition between the digest check and command 
execution.
 2015-12-06 15:34:53 -07:00
Todd C. Miller
79be007bd6 Use https in urls. 2015-11-20 10:36:53 -07:00
Todd C. Miller
7761af6d7e Add always_query_group_plugin 2015-10-24 05:43:07 -06:00
Todd C. Miller
c50cead833 Add directory writability checks for sudoedit. 2015-10-23 14:04:35 -06:00
Todd C. Miller
6b81f0b88c The section is now called "EXEC and NOEXEC" and it is above, not 
below.
 2015-09-28 16:48:20 -06:00
Todd C. Miller
7b7db55db9 Adjust set_logname description to new behavior when any of LOGNAME, 
USER or USERNAME are preserved.
 2015-09-25 11:19:28 -06:00
Todd C. Miller
824021b51b Add explicit mention of sudo's netgroup semantics since they differ 
from most other netgroup consumers.
 2015-09-21 16:04:59 -06:00
Todd C. Miller
c45559e6c8 Properly escape the backslash before a comma in an example so the 
example rule is parsable by visudo.
 2015-09-09 14:33:01 -06:00
Todd C. Miller
f1053af3b5 Emphasis on the never. 2015-08-07 17:05:50 -06:00
Todd C. Miller
d4f1aeb196 Explicitly tell people not to grant sudoedit to directories the 
user can write to.  While sudoedit will no longer open symbolic
links, hard links are still an issue.
 2015-08-07 17:01:15 -06:00
Todd C. Miller
796911b3fa Emphasize that wildcards are not regexps. Bug #692 2015-08-07 12:37:15 -06:00
Todd C. Miller
329a8dee8a Emphasize that wildcards in command line arguments are dangerous. 
Document the failings of the passwd example on GNU systems.
Bug #691
 2015-08-07 12:21:37 -06:00
Todd C. Miller
dc5ccf4736 Escape the colons in [[:alpha:]] as required by sudoers. 2015-08-07 12:00:12 -06:00
Todd C. Miller
3354d27a17 Do not follow symbolic links in sudoedit by default. This behavior 
can be controlled by the sudoedit_follow Defaults flag as well as
the FOLLOW/NOFOLLOW tags.
 2015-08-06 13:20:01 -06:00
Todd C. Miller
e0969c162e maxseq is an int not a string 2015-08-04 11:28:43 -06:00
Todd C. Miller
5125f82c4e Document that the values printed by "sudo -V" are affected by 
Defaults settings in sudoers.
 2015-07-13 12:58:25 -06:00
Todd C. Miller
42666204e2 Attempt to clarify the conditions under which MAIL and HOME are 
set to the target user.
 2015-07-10 10:02:38 -06:00
Todd C. Miller
c525c5ca7a regen 2015-05-11 16:52:58 -06:00
Todd C. Miller
cd669526e5 Fix "mandoc -Tlint" warnings. 
Sync AUTHORS section in man pages.
Regenerate all man pages.
 2015-03-22 13:09:26 -06:00
Todd C. Miller
f95d762586 Document that Aliases may not be redefined and that "sudo -f /etc/sudo.d/foo" 
will not catch the redefinition.
 2015-02-26 16:54:14 -07:00
Todd C. Miller
615aee9d1e Sort tags lexically in the sudoers manual 2015-02-19 10:13:25 -07:00
Todd C. Miller
45548cf049 Add support for MAIL and NOMAIL command tags to toggle mail sending 
behavior on a per-command (or Cmnd_Alias) basis.
 2015-02-19 10:02:20 -07:00
Todd C. Miller
53ac30b63a Add mail_all_cmnds to always mail when a user runs a command (or 
tries to) including sudoedit.  The mail_always flag goes back to
its old semantic of always mailing when sudo is run.
 2015-02-15 20:30:11 -07:00
Todd C. Miller
915e08eecc Minor change in description of TZ path handling. 2015-02-10 13:39:03 -07:00
Todd C. Miller
00f663d54d Document that a leading ':' is skipped when checking TZ for a 
fully-qualified path name.
 2015-02-10 09:37:10 -07:00
Todd C. Miller
9669abdafd Typo. 2015-02-09 16:21:52 -07:00
Todd C. Miller
0414ea4579 Fix typos. 2015-02-09 11:39:28 -07:00
Todd C. Miller
c3c28773f5 Sanity check the TZ environment variable by special casing it in 
env_check.  The --with-tzdir configure option can be used to
specify the zoneinfo directory if configure doesn't find it.
 2015-02-06 11:01:05 -07:00
Todd C. Miller
ed4ffa6265 Don't send mail about pseudo-command failure unless it is an 
authentication failure.
 2015-02-02 15:01:06 -07:00
Todd C. Miller
721cab85e7 Fix typo. 2015-01-21 08:51:41 -07:00
Todd C. Miller
b1dc5c54d8 Remove the extra /sudo in sudo.ws urls 2014-12-04 17:00:38 -07:00
Todd C. Miller
9d3fe082fc Reference bugzilla.sudo.ws 2014-11-27 09:51:06 -07:00
Todd C. Miller
4d04c5644b No need to keep specifying ".Nm foo" since the Nm macro remembers 
the argument it was first called with and uses it if none is
specified.  Also fix a few minor formatting errors and
regen bulleted lists in the .man.in files.
 2014-11-11 15:29:19 -07:00
Todd C. Miller
e71c646c9a regen 2014-11-11 13:56:01 -07:00
Todd C. Miller
8f1fb89d53 The older style bash function exporting is not used by post-shellshock 
versions of bash.
 2014-10-10 14:04:10 -06:00
Todd C. Miller
2d22d0dca8 Document the interaction between sudoers environment handling and 
the pam_env module.
 2014-08-11 11:23:16 -06:00
Todd C. Miller
df0fd41530 Add explicit support for matching the full environment string 
(name=value).  Bash functions may now be preserved for full matches,
but not for name-only matches.
 2014-08-06 16:45:57 -06:00
Todd C. Miller
a1da1d1e4c "an EXEC tag" not "a EXEC tag" 2014-07-16 15:44:21 -06:00
Todd C. Miller
64005c2e0b Document that exec_background is off by default. 2014-07-16 15:25:41 -06:00
Todd C. Miller
81a989fd19 Fix typo: sudo.d -> sudoers.d. From RedHat bz #726634 2014-07-11 11:02:05 -06:00
Todd C. Miller
d6397e27cf Move zerowidth space in :alpha: after the colon for consistency. 2014-02-15 15:45:25 -07:00
Todd C. Miller
0ec92dae81 regen 2014-02-15 15:18:34 -07:00
Todd C. Miller
8287e21d36 Add use_netgroups sudoers option. For LDAP-based sudoers, netgroup 
support requires an expensive substring match on the server.  If
netgroups are not needed, this option can be disabled to reduce the
load on the LDAP server.
 2014-02-07 14:58:48 -07:00
Todd C. Miller
7155fc526f Bring back boot time checking code and zero out time stamp files 
that predate the boot time.  This should help systems w/o /var/run
where the admin has setup rc.d to clear the timestamp directory.
 2014-02-03 05:45:27 -07:00
Todd C. Miller
5502051ebe Elaborate on time stamp error message causes. 2014-02-02 05:17:47 -07:00