isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,515 Commits 1 Branch 0 Tags
bdde6dfa112f17d47bf5f4f8991023ece884780c
Commit Graph

130 Commits

Author SHA1 Message Date
Todd C. Miller
bdde6dfa11 visudo: document that a new file is only created if the editor writes it. 
If visudo is used to create a new file, the file will only be created
if the user writes to the file via the editor.  Simply running
visudo and exiting the editor will no longer cause the file to be
created.  There is an exception for file created due to the addition
of a @include directive, which need to be present for the sudoers
file to parse properly.  GitHub issue #294.
 2023-07-27 11:32:56 -06:00
Todd C. Miller
50fde5d815 Make the sections on bug reporting consistent with each other. 
GitHub issue #292
 2023-07-27 09:51:57 -06:00
Todd C. Miller
44cfa9e132 Add restrict keyword to sudo_printf_t in plugin docs. 2023-07-10 14:30:39 -06:00
Todd C. Miller
e0ee845dfc Reference SETENV-related settings in the command environment section. 
Based on GitHub PR #273 from Ilya Kulakov.
 2023-06-20 15:12:43 -06:00
Todd C. Miller
5d2b1761f6 Clarify that use_pty is on by default starting with 1.9.14. 2023-06-18 12:44:57 -06:00
Todd C. Miller
afb09e0044 Sudo runs the command in a pty by default in 1.9.14 and above. 2023-06-18 08:08:32 -06:00
Todd C. Miller
3786654dbd Add NETGROUP_QUERY option for servers that can't match nisNetgroupTriple. 
This can be used to support netgroup queries on systems that lack
the innetgr() function and where the LDAP server cannot query the
nisNetgroup by nisNetgroupTriple.
 2023-06-07 10:10:52 -06:00
Todd C. Miller
d633d82f22 Fix typos and update excluded/ignored codespell lists. 2023-05-25 12:53:27 -06:00
Todd C. Miller
d4c6ef1222 Add adminconfdir and --enable-adminconf to set it. 
Configuration paths in sudo are now a colon-separated list of files
with the adminconfdir instance first (if enabled), followed by a
sysconfdir instance.
 2023-05-02 10:37:39 -06:00
Todd C. Miller
894daa88f6 Enable the use_pty option by default for sudo 1.9.14. 
GitHub issue #258
 2023-04-06 11:30:51 -06:00
Todd C. Miller
493b2441d4 Fix display of escape sequencees in ldapsearch example. 2023-03-28 16:04:47 -06:00
Todd C. Miller
3b55de4e83 White space is not allowed between Defaults and '@', ':', '!', '>'. 
The EBNF made it appear that this is allowed when it really is not.
 2023-03-28 16:02:46 -06:00
Todd C. Miller
28ecbe4d51 Warn about ignored files in sudoers.d in visudo. 2023-03-20 18:29:33 -06:00
Todd C. Miller
24f04c8cb3 Add example to verify support for searching by nisNetgroupTriple. 2023-03-12 12:04:47 -06:00
Todd C. Miller
916d8b47c1 Sudo now does its own netgroup lookups if NETGROUP_BASE is set. 
Previously, it only performed netgroup queries to determine the
list of netgroups a user was a member of.
 2023-03-10 19:19:23 -07:00
Todd C. Miller
c6cc680069 Add a link to the sudo security advisories archive. 2023-01-19 15:20:38 -07:00
Todd C. Miller
0865e61d9e Pass back the number of files to edit when using sudoedit. 
The sudo front-end can use this to determine where the list of files
to edit begins.
 2023-01-18 13:38:15 -07:00
Todd C. Miller
334daf92b3 Escape control characters in log messages and "sudoreplay -l" output. 
The log message contains user-controlled strings that could include
things like terminal control characters.  Space characters in the
command path are now also escaped.

Command line arguments that contain spaces are surrounded with
single quotes and any literal single quote or backslash characters
are escaped with a backslash.  This makes it possible to distinguish
multiple command line arguments from a single argument that contains
spaces.

Issue found by Matthieu Barjole and Victor Cutillas of Synacktiv
(https://synacktiv.com).
 2023-01-18 08:21:34 -07:00
Todd C. Miller
3726e38394 Stop using 8n width in tagged lists. 
Use either 4n, when the body is expected to wrap or the width of
the longest tag when no wrapping is expected.
 2023-01-16 08:53:35 -07:00
Todd C. Miller
0814749132 Use -width Ds for the options list, not -width Fl. 2023-01-16 08:29:39 -07:00
Todd C. Miller
a7e8a20d0d Reduce the offset of bullet lists to 1n. 2023-01-16 08:15:46 -07:00
Todd C. Miller
4b0dc2eecb Substitute python plugin file name in sudo_plugin_python documentation. 
Also use prefix for group plugin fallback path section in sudoers manual.
 2022-12-30 13:38:40 -07:00
Todd C. Miller
95a6c04598 Document that -k does not interfere with sudo on other terminals. 
This should help clarify the difference between "sudo -k" and "sudo -K".
 2022-12-27 20:18:56 -07:00
Todd C. Miller
048b843e6d Use @intercept_file@ and @noexec_file@ like the example file. 2022-12-26 15:32:36 -07:00
Todd C. Miller
772fc914a8 There is a @pam_login_service@ substitution but no @pam_service@. 
Just use sudo instead of @pam_service@.
 2022-12-26 15:26:13 -07:00
Todd C. Miller
eeea67e70b Use @sudoers_plugin@ instead of @sudoers_module@. 2022-12-26 13:56:43 -07:00
Todd C. Miller
f6e0e87ba9 sudo 1.9.13 
Document the changes to AIX plugins in docs/UPGRADE.md and regenerate
configure using the latest autoconf from git.
 2022-12-26 10:47:51 -07:00
Todd C. Miller
50958a05da Remove developer mode from sudo.conf, it is no longer used. 2022-12-26 07:43:55 -07:00
Todd C. Miller
206700c3f0 Use AIX-style shared libraries on AIX by default instead of SVR4-style. 
This removes the need to use the -brtl linker flag which can cause
problems when there are both a .so and .a version of the same library
but with different versions.  This was particularly problematic
when using the AIX freeware version of OpenSSL.  The --with-aix-soname=svr4
option can be used to build SVR4-style shared libs instead.
 2022-12-26 07:43:55 -07:00
Todd C. Miller
11aa808ef7 Use ".Sy root" instead of ".Em root" when talking about the root user. 
Replace MANDOCPROG with "mandoc" now that MANDOCPROG has been removed.
 2022-12-25 10:53:40 -07:00
Todd C. Miller
3040bf54c9 Mention the "list" privilege in the description of the -U option. 2022-12-20 09:18:46 -07:00
Todd C. Miller
eada918bbb Add [arg ...] after command in SYNOPSIS and usage output. 
Use Ar markup when referring to the command and args.
 2022-12-20 09:09:25 -07:00
Todd C. Miller
2f32b45d59 New Albanian translation from translationproject.org 2022-12-17 11:11:31 -07:00
Todd C. Miller
c184a241a2 Mention the audit plugin in the "Process model" section. 
Remove extraneous information describing how sudo may exec the
command directly, this is already included in the non-pty section.
 2022-12-12 16:35:00 -07:00
Todd C. Miller
a514a6eed5 Add "list" pseudo-command to allow a user to list another user's 
privs.  Previously, only root or a user with the ability to run any
command as either root or the target user on the current host could
use the -U option.  For "sudo -l [-U otheruser] command", NewArgv[0]
is now set to "list" (just like "sudo -l") and the actual command
to be checked starts with NewArgv[1].
 2022-12-11 13:46:00 -07:00
Todd C. Miller
95a6731ff1 Add CODEOWNERS file, currently all owned by @millert. 2022-12-08 14:00:29 -07:00
Todd C. Miller
d744271a63 Make it clear that runas_default sets the default user for Runas_Spec. 
Also use mention runas_default in other parts of the manual, use
@runas_default@ instead of root and add markup around user names.
GitHub issue #186.
 2022-10-20 08:08:48 -06:00
Todd C. Miller
57b5ff8e8c Avoid a -Wshadow warning on Solaris 9. 2022-10-07 11:00:17 -06:00
Todd C. Miller
fa952bfbb7 Add -I flag to disable editing include files unless there is an error. 
This can be used when you only want to edit a single sudoers file
unless there is a pre-existing syntax error.
 2022-10-04 16:11:45 -06:00
Todd C. Miller
6cd99d0b71 Improve the description of JSON output. 2022-09-29 10:52:32 -06:00
Todd C. Miller
87b7209ebb Add support for logging stdin/stdout/stderr in the non-pty exec path. 
If we are logging I/O but not terminal input/output (either because
no terminal is present or because that is what the plugin requested),
the non-pty exec path is now taken.
 2022-09-27 13:46:55 -06:00
Todd C. Miller
88ac5e09b6 Use sudo_secure_open_file() instead of sudo_secure_file() where possible. 
Both sudo_secure_open_file() and sudo_secure_open_dir() are now passed
a struct stat pointer like sudo_secure_file() and sudo_secure_dir().
 2022-09-21 19:08:10 -06:00
Todd C. Miller
ce387a6849 Split log_{input,output} into log_{stdin,ttyin} and log_{ttyout,stdout,stderr} 
If log_input is set, log_{stdin,ttyin} will be set as well.
If log_output is set, log_{stdout,stderr,ttyout} will be set as well.
This provides more fine-grained control over I/O logging and makes it
possible to disable logging piped or redirected intput or output.
 2022-09-20 14:35:12 -06:00
Todd C. Miller
c341608072 Remove most uses of the deprecated Li macro which has no effect. 
Also fix some other incorrect markup.
 2022-09-13 19:56:45 -06:00
Todd C. Miller
3194d16674 Document apparmor_profile, intercept_verify, and update_ticket. 2022-09-11 19:06:26 -06:00
Todd C. Miller
5bcec02442 Fix some of the markup to be more consistent with sudo_plugin.mdoc.in. 
Also reword a few awkward phrases.
 2022-09-11 19:06:25 -06:00
Todd C. Miller
a7b200d014 Use correct markup of function arguments and struct members. 
Also remove most uses of the deprecated Li macro which has no effect.
 2022-09-11 19:06:24 -06:00
Todd C. Miller
3f6ffead0b Move the init_session() errstr description to where it belongs. 2022-09-11 19:06:23 -06:00
Todd C. Miller
b85f95cb30 Fix a typo 2022-09-11 19:06:22 -06:00
Todd C. Miller
67be673856 Mention how to restore the historic core resource limit behavior. 2022-09-03 09:50:00 -06:00