isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,711 Commits 1 Branch 0 Tags
c702957879e42f0d1067003b6043c80a6a3ea020
Commit Graph

261 Commits

Author SHA1 Message Date
Todd C. Miller
a5504148a5 Add admin_flag sudoers option and make --enable-admin-flag take a path. 
It is now possible to disable the Ubuntu admin flag in sudoers
or change its location.
GitHub issue #56
 2021-02-16 13:20:02 -07:00
Todd C. Miller
1b72d6a5cc Allow SELinux support to be disabled via the sudoers file. 
Defaults to true if sudo is built with SELinux support and SELinux
is not disabled on the system.
 2021-01-08 19:29:17 -07:00
Todd C. Miller
f41b2c1f59 Direct execution of a command is incompatible with using a log server. 2020-12-11 09:45:14 -07:00
Todd C. Miller
38dd0f63b6 Event log data is sent to sudo_logsrvd even when not I/O logging. 2020-11-16 06:30:52 -07:00
Todd C. Miller
e0c2635fb3 Apply Google inclusive language guidelines. 
Also replace backwards with backward.
 2020-10-30 10:15:30 -06:00
Todd C. Miller
8dee1b1ecf regen 2020-10-29 06:31:45 -06:00
Todd C. Miller
28d6771d24 Add log_format sudoers setting to select sudo or json format logs. 
Defaults to sudo-format logs.
 2020-10-27 15:26:02 -06:00
Todd C. Miller
e826705b62 Fix pasto, TIMEOUT not CMND_TIMEOUT. 2020-09-25 15:07:25 -06:00
Todd C. Miller
b1a59accf7 Document reserved words that cannot be used as alias names. 
Bug #941
 2020-09-25 13:50:32 -06:00
Todd C. Miller
5ca6056a32 Add simple runchroot and runcwd examples. 
Also document the limitation of command-based Defaults settings.
 2020-09-09 21:16:38 -06:00
Todd C. Miller
1676f0ceeb Support "*" for CWD/CHROOT to allow user to specify cwd or chroot. 
Adds two new command line options, -D (--chdir) and -R (--chroot)
that can only be used when sudoers sets runcwd or runchroot to "*".
 2020-09-01 14:10:02 -06:00
Todd C. Miller
6bdfd010d2 Add CHROOT and CWD sudoers options. 
Also matching runchroot and runcwd Defaults settings.
 2020-09-01 06:26:00 -06:00
Todd C. Miller
47ed1721be Refer to "syntax error" instead of "parse error". 
This is the term the parser uses when there is an actual error.
 2020-08-27 16:12:09 -06:00
Todd C. Miller
a3364c1e95 Fix sudoers_policy plugin options when sudoers_audit is not listed. 
As of sudo 1.9.1 the sudoers file is opened by the audit plugin,
not the policy plugin.  As a result, plugin options set for
sudoers_policy have no effect.  If sudoers_policy has plugin options
in sudo.conf and sudoers_audit is not listed, move the options to
sudoers_audit so they will have an effect.
 2020-08-17 13:45:16 -06:00
Todd C. Miller
609910cc21 sudoers error recovery can be configured via an "error_recovery" setting. 
This setting is an argument to the sudoers plugin, similar to how
sudoers_file, sudoers_mode, sudoers_uid, etc. are implemented.
The default value is true.
 2020-08-17 13:14:30 -06:00
Todd C. Miller
71a879d905 Mention visudo in sudo(8) and document sudoers error recovery. 2020-08-11 14:07:31 -06:00
Todd C. Miller
d6bc75e1e0 Document the contents of the log.json file. 2020-07-06 12:35:41 -06:00
Todd C. Miller
f093cb2e52 Replace terms master and blacklist in docs and examples. 2020-06-15 14:38:46 -06:00
Todd C. Miller
741c6f274e Add support for @include and @includedir 
These are less confusing than #include and #includedir when the
hash character is also the comment character.

This commit also adds real parsing of include directives as opposed
to the pure lexer approach used previously.  As a result, it is now
possible to include files with spaces by either using a double-quoted
string or escaping the space characters with a backslash.
 2020-05-20 13:10:53 -06:00
Todd C. Miller
deb9ce7d12 Quiet some warnings from igor. 2020-05-07 08:02:49 -06:00
Todd C. Miller
e5f8214c0a Remove the tls parameter from the ServerHello message. 
The TLS connection is now initiated before ServerHello is received.
 2020-05-05 13:23:26 -06:00
Todd C. Miller
8186b98208 Adapt sudoers iolog client to log server dual port changes. 
The TLS handshake now occurs before the ServerHello message is read.
This fixes potential man-in-the-middle attacks and works better with
TLS 1.3.
 2020-05-05 13:23:26 -06:00
Todd C. Miller
66c8f69f8d Make it clear in the sudoers grammar that sudoedit needs file args. 
Debian bug #571621
 2020-04-03 10:17:19 -06:00
Todd C. Miller
ea8445e364 Allow the ALL keyword to be specified with a digest list. 2020-03-11 11:19:37 -06:00
Todd C. Miller
4eca443246 Allow a list of digests to be specified for a command. 2020-03-11 11:17:52 -06:00
Todd C. Miller
8c08f5ef03 Allow Cmd_Alias in addition to Cmnd_Alias. 
Some people find using Cmd_Alias more natural.
 2020-03-11 11:17:38 -06:00
Todd C. Miller
e1df9d1dc3 Add pam_ruser and pam_rhost sudoers flags. 2020-03-01 13:37:00 -07:00
Todd C. Miller
07a2965bab Document TCP keepalive options in the manual pages. 2020-01-22 11:07:01 -07:00
Todd C. Miller
b14d633ec6 Add runas_check_shell flag to require a runas user to have a valid shell. 
Not enabled by default.
 2019-12-09 19:29:45 -07:00
Todd C. Miller
df8f06609c Add a new flag "allow_unknown_runas_id" to control matching of unknown IDs. 
Previous, sudo would always allow unknown user or group IDs if the
sudoers entry permitted it.  This included the "ALL" alias.
With this change, the admin must explicitly enable support for unknown IDs.
 2019-12-09 17:14:06 -07:00
Todd C. Miller
d98022177e Document log_server_cabundle, log_server_peer_cert and log_server_peer_key 2019-12-06 13:23:51 -07:00
Todd C. Miller
f913249dd0 Rename "log_server" in sudoers to "log_servers" to match I/O plugin. 2019-11-18 09:39:03 -07:00
Todd C. Miller
d8ccf11c58 Document the log_server and log_server_timeout options 2019-11-15 13:41:52 -07:00
Todd C. Miller
635445d471 Transparently handle the "sudo sudoedit" problem. 
Some admin are confused about how to give users sudoedit permission
and many users try to run sudoedit via sudo instead of directly.
If the user runs "sudo sudoedit" sudo will now treat it as plain
"sudoedit" after issuing a warning.  If the admin has specified a
fully-qualified path for sudoedit in sudoers, sudo will treat it
as just "sudoedit" and match accordingly.  In visudo (but not sudo),
a fully-qualified path for sudoedit is now treated as an error.
 2019-11-05 15:18:34 -07:00
Todd C. Miller
c3ce3a84fb Refer to user-ID and group-ID instead of "user ID" and "group ID" 2019-10-19 14:26:41 -06:00
Todd C. Miller
6260bf60b4 sudoedit doesn't create a new PAM session so PAM umask does not apply. 2019-10-18 06:43:33 -06:00
Todd C. Miller
b02851dcf3 Change how the umask is handled with PAM and login.conf. 
If the umask is explicitly set in sudoers, use that value regardless
of what is in PAM or login.conf.  If using the default umask from
sudoers, allow PAM or login.conf to override it.  Bug #900
 2019-10-18 06:20:27 -06:00
Todd C. Miller
cf6c60c102 Add log_allowed and log_denied sudoers flags, defaulting to true. 2019-10-17 13:43:04 -06:00
Todd C. Miller
8761217f83 Be more consistent with how we talk about sudoers Defaults settings. 
Use "flag" not "option" when referring to boolean flags.
Use "setting" in place of "Defaults setting" in most places.
Use "the foo option" instead of "sudo's foo option" for command line options.
 2019-10-16 14:29:12 -06:00
Todd C. Miller
984382f8a9 Refer to number of terminal lines, not rows, for consistency. 2019-09-18 20:03:04 -06:00
Todd C. Miller
3e56be3564 Store signal name, not number in I/O log timing file. 
The "SIG" prefix is not used so, e.g. SIGTERM -> "TERM".
This makes the I/O log files portable from one system to another.
Older I/O log files with signal numbers can still be replayed.
 2019-08-05 16:30:58 -06:00
Todd C. Miller
6e0f7166e3 Document that PAM session modules are now run with the silent flag. 2019-07-19 10:38:53 -06:00
Todd C. Miller
10b5529a0b Clarify that ttyin contains raw terminal input. 2019-07-12 08:24:07 -06:00
Todd C. Miller
03ba6426e7 Expand the description of the I/O log files. 2019-07-11 13:42:12 -06:00
Todd C. Miller
bb024cf093 Rename PLUGINDIR -> plugindir 2019-07-03 13:15:47 -06:00
Todd C. Miller
81602ad086 sudoedit should be used for editing files instead of "sudo editor" 
That way the user's editor config files are used by the editor.
 2019-06-21 14:54:09 -06:00
Todd C. Miller
a45732528b Use the term pseudo-terminal more consistently. 2019-06-20 16:52:49 -06:00
Todd C. Miller
ee214e5261 Document why HOME should not be preserved from the user's environment. 
Text was adapted from what is already present in the UPGRADE file.
Also mark set_home and always_set_home as obsolete.
 2019-06-20 16:32:18 -06:00
Todd C. Miller
958cf7e37f Don't describe env_editor as a security hole. 
Users that are able to edit sudoers can grant themselves permissions
so the fact that visudo runs the editor as root is not a security issue.
 2019-06-20 11:40:47 -06:00
Todd C. Miller
6fe2223298 Fix details of how EDITOR, VISUAL and SUDO_EDITOR are (or are not) preserved. 
The description in the editor option was incorrect and didn't mention env_keep.
Reported by Sander Bos
 2019-06-20 11:05:15 -06:00