isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,535 Commits 1 Branch 0 Tags
c414a89eb35f8e4376384b0119e47dd0d497c8c7
Commit Graph

49 Commits

Author SHA1 Message Date
Todd C. Miller
c414a89eb3 Remove ABOUT-NLS file, it is no longer maintained as part of GNU gettext. 
Expand the Translations section in CONTRIBUTING.md.
 2022-04-20 12:58:11 -06:00
Todd C. Miller
c51b81fa53 Expand section about expired accounts to include /etc/shadow info. 
GitHub issue #143
 2022-04-20 15:47:42 -06:00
Todd C. Miller
cdee5d48da Add check-verbose Makefile target that runs tests in verbose mode. 2022-03-02 13:32:08 -07:00
Todd C. Miller
973a8f08f9 Document that negating mailto or mailerpath disables sending mail. 2022-02-21 13:50:49 -07:00
Todd C. Miller
9f5615e5b1 Avoid using "note that" and "note: " in documentation. 2022-02-16 16:38:44 -07:00
Todd C. Miller
9175954895 Remove "please" from the documentation, it is considered bad style. 2022-02-16 12:33:32 -07:00
Todd C. Miller
c4fc9b695b Mention regular expressions and "sudo -l -U user" behavior change. 2022-02-16 11:01:59 -07:00
Todd C. Miller
339ef82d62 Add security notes about regular expressions in sudoers rules. 2022-02-16 10:41:29 -07:00
Todd C. Miller
9f695f0fcc Restrict "sudo -U other -l" to users with sudo ALL for root or "other". 
Having "sudo ALL" permissions in no longer sufficient to be able to
list another user's privileges.  The invoking user must now have
"sudo ALL" for root or the target user.
GitHub issue #134
 2022-02-14 13:09:55 -07:00
Todd C. Miller
33f54c853b Limit regular expressions to 1024 characters each. 
Avoids a problem with the fuzzer creating large regular expressions
that blow up the glibc regcomp().
 2022-02-12 09:33:02 -07:00
Todd C. Miller
0bbe4b1813 Substitute paths set by configure in examples. Bug #1023 2022-02-11 19:07:08 -07:00
Todd C. Miller
7c17f84a35 Add helper function to compile a regex that supports (?i). 2022-02-11 12:01:31 -07:00
Todd C. Miller
86d2173937 Add support for matching command and args using regular expressions. 
Either the command, its arguments or both may be (separate)
regular expressions.
 2022-02-10 18:26:24 -07:00
Todd C. Miller
3b6f620e3e Update links to sudo web site and reference markdown docs. 2022-02-10 13:15:39 -07:00
Todd C. Miller
7b5f0dfaf7 Use a 4n indent for code blocks instead of the default 6n. 2022-02-10 13:05:34 -07:00
Todd C. Miller
8adad85b4b A few minor (mostly cosmetic) fixes. 
Add missing ALL to Runas_Member and Host.
Replace some tabs with spaces.
Fix the syntax of a sudoedit example.
 2022-02-08 11:26:55 -07:00
Todd C. Miller
c5133d84eb Upgrade http links to https where possible and fix some broken links. 2022-02-04 08:31:03 -07:00
Todd C. Miller
85fef8b50f Add sudoers option to perform authentication even in non-interative mode. 
If noninteractive_auth is set, authentication methods that do not
require input from the user's terminal may proceed.  It is off by
default, which restores the pre-1.9.9 behavior of "sudo -n".
 2022-02-01 20:08:26 -07:00
Todd C. Miller
9b93961b3e Add new log_passwords and passprompt_regex settings. 
When logging terminal input, if log_passwords is false and any
of the regular expressions in the passprompt_regex list are found
in the terminal output, terminal input will be replaced with '*'
characters until a newline or carriage return is found in the input
or an output character is received.
 2022-01-28 08:52:42 -07:00
Todd C. Miller
0efe280037 Add a new sudoers settings log_passwords and passprompt_regex. 
When logging terminal input, if log_passwords is disabled and any
of the regular expressions in the passprompt_regex list are found
in the terminal output, terminal input will be replaced with '*'
characters until a newline or carriage return is found in the input
or an output character is received.
 2022-01-28 08:52:41 -07:00
Todd C. Miller
be45d8fef4 "plain text" -> "plaintext" for consistency. 2022-01-27 12:43:19 -07:00
Todd C. Miller
5f45fd907b Document how commands are passed to the shell for the -i and -s options. 
The concatenation of command and arguments and escaping of special
characters was not documented.
Text adapted from GitHub issue #121 from Kris Rinzwind
 2022-01-20 14:05:00 -07:00
Todd C. Miller
805e1b9470 Also mention no_new_privs error in the troubleshooting guide. 2022-01-20 10:26:01 -07:00
Todd C. Miller
e4ee1a8502 Replace uid and gid with user-ID and group-ID in more places. 2022-01-20 10:08:34 -07:00
Todd C. Miller
9d79a0767c Use the Oxford comma consistently, it is helpful in technical documents. 2022-01-19 19:03:12 -07:00
Todd C. Miller
78e74c605e Document the error message when no_new_privs is set. 2022-01-19 18:53:03 -07:00
Todd C. Miller
17b7ac3460 Sudo now recovers from sudoers syntax errors. 2022-01-19 18:42:09 -07:00
Todd C. Miller
0d0e7de454 Use the Oxford comma consistently, it is helpful in technical documents. 2022-01-19 18:41:23 -07:00
Todd C. Miller
9a013b79b8 Mention https://www.sudo.ws/security/fuzzing/ in the fuzzing section. 2022-01-19 11:02:19 -07:00
Todd C. Miller
e88087721b Add support in the LDAP filter for negated users. 
Based on a diff from Simon Lees
 2022-01-18 11:20:22 -07:00
Todd C. Miller
48bc498a6f Add pam_askpass_service sudoers setting for "sudo -A". 
This makes it possible to use a different PAM configuration for
when "sudo -A" is used.  The main use case is to only use PAM modules
that can interact with the askpass program.  GitHub issue #112.
 2022-01-08 11:35:03 -07:00
Todd C. Miller
59d55c5308 LICENSE.md moved to the top-level src dir. 2022-01-03 10:26:15 -07:00
Todd C. Miller
e22cc72530 Back out changes to enable SELinux by default. 
This may return in a future release in a different form.
 2021-12-22 11:13:22 -07:00
Todd C. Miller
0ed92e6165 Move LICENSE.md out of docs and back to the top-level. 
GitHub expects it to be in the top-level directory.
 2021-12-22 11:05:00 -07:00
Todd C. Miller
991ef32508 Add group_file, match_local, and passwd_file to cvtsudoers.conf. 
Previously, these were only settable via command line options.
 2021-12-16 15:42:06 -07:00
Todd C. Miller
537f75dc74 Remove question about running Solaris 11 binaries on Solaris 10. 
Current versions of sudo use many APIs that are not present on
Solaris 10.  If you want a sudo Solaris 10 binary, build it on
Solaris 10, not 11.
 2021-12-12 18:57:17 -07:00
Todd C. Miller
e66e1ca383 In SECURITY NOTES, clarify that PATH may be overridden by the policy. 
Bug #1014
 2021-12-11 09:08:03 -07:00
Todd C. Miller
a2aa709707 Minor formatting tweak so we can import into the sudo web site. 2021-12-10 20:14:48 -07:00
Todd C. Miller
014339948c Surround email addresses with angle brackets, not square backets. 2021-12-09 18:51:37 -07:00
Todd C. Miller
d324a53065 Minor formatting tweaks. 2021-12-06 09:27:54 -07:00
Todd C. Miller
3bd572ba80 Convert README and docs files to markdown. 
This makes things look better on GitHub and we can use the
markdown version directly in the new sudo web site.
 2021-12-05 21:02:04 -07:00
Todd C. Miller
2c754a8d49 Policy -> Disclosure Policy 2021-12-04 16:29:49 -07:00
Todd C. Miller
003f9550f1 cvtsudoers: add -l option to log merge actions 
The "-l logfile" option can be used to store a log of what
actions cvtsudoers took when merging multiple files.
For example, which aliases were renamed, which entries were overriden
or removed as duplicated.
 2021-11-24 06:52:51 -07:00
Todd C. Miller
409410b029 New Persian (Farsi) translation from translationproject.org 2021-11-21 09:53:50 -07:00
Todd C. Miller
cc79038730 Document how to merge sudoers files with cvtsudoers. 2021-11-19 12:29:21 -07:00
Todd C. Miller
3ab280fc61 Fix formatting of links. 2021-11-11 14:19:22 -07:00
Todd C. Miller
781a4fb691 Add contributing guide. 2021-11-11 13:56:36 -07:00
Todd C. Miller
85325a7d2f Add security doc, inspired by the Microsoft template. 2021-11-10 17:26:26 -07:00
Todd C. Miller
289a045a4f Rename "doc" directory to "docs" for better GitHub compatibility. 2021-11-10 16:45:16 -07:00