isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,796 Commits 1 Branch 0 Tags
c91b6777d3d8fbfa65d016857fa36ecabff848f6
Commit Graph

599 Commits

Author SHA1 Message Date
Todd C. Miller
17514b55ea Add support for multiple '*' in env_keep, env_check and env_delete 
entries.
 2017-05-12 10:02:17 -06:00
Todd C. Miller
e51831fab3 Be clear that #includedir diverts control to the files in the 
specified directory and, when parsing of those files is complete,
returns control to the original file.  Bug #775
 2017-05-08 13:55:02 -06:00
Todd C. Miller
01228b735d Update based on information from Michael Felt. 2017-05-05 10:45:33 -06:00
Todd C. Miller
8468f13c69 Move syslog_maxlen to the "Integers" section. Move syslog_goodpri and 
syslog_badpri to the "Strings at can be used in a boolean context" section.
 2017-05-03 10:32:21 -06:00
Todd C. Miller
d9bfaa386e Fix a pasto that resulted in an extra (empty) syslog_goodpri list entry. 2017-05-03 10:24:12 -06:00
Todd C. Miller
ddf1fa16f8 Replace the list of "dangerous" environment variables and explain 
how sudo handles the environment instead.
 2017-05-01 11:33:51 -06:00
Todd C. Miller
0b81e0b195 Try to make it clear that when match_group_by_gid is enabled, groups 
in sudoers are looked up by group name instead of group ID.  This
doesn't usually cause problems, but if there are conflicting group
entries (for example, from a local /etc/group file and an LDAP or
AD group database), whether the group is resolved by name or ID can
be used to work around conflicts.
 2017-04-11 16:56:04 -06:00
Todd C. Miller
272a9c8e9b Document that commands matched by "sudo ALL" are not affected by 
fdexec.
 2017-03-27 11:10:18 -06:00
Todd C. Miller
7f26338071 Mention that iolog_user is useful for NFS. 2017-03-24 15:36:03 -06:00
Todd C. Miller
b3af85ddc8 Add restricted_env_file which is like env_file but subject to the 
same restrictions as the user's own environment.
 2017-03-22 13:39:25 -06:00
Todd C. Miller
8d57491dc1 Add PERM_IOLOG so we can create I/O log files on an NFS-mounted 
filesystem where root is remapped to an unprivileged user.
 2017-03-21 13:41:14 -06:00
Todd C. Miller
c4e703696a Add iolog_flush option. 2017-03-20 10:25:58 -06:00
Todd C. Miller
8c8d078f66 Don't allow the user to specify an I/O log file mode that sudo can't 
read or write to.  I/O logs must always be readable and writable
by the owner.
 2017-03-17 10:56:17 -06:00
Todd C. Miller
8b3845c1ca Regenerate the cat pages with newer mandoc which formats double 
quotes as "foo" instead of ``foo''.
 2017-03-14 09:13:25 -06:00
Todd C. Miller
4bdbc6b290 Make it clear that I/O logs will be complete even if the command 
run by sudo is terminated by a signal.  The I/O log buffering just
prevents the logs from being displayed in real-time as the command
is running.
 2017-03-14 09:11:56 -06:00
Todd C. Miller
05e52c7b82 Update the description of strict mode to current reality. Aliases 
haven't needed to be defined before they are used since sudo 1.7.
 2017-02-22 14:13:07 -07:00
Todd C. Miller
daa728fd88 Go back to using a Warning/Error prefix in the message printed to 
stderr for alias problems.  Requested by Tomas Sykora.
 2017-02-22 06:38:33 -07:00
Todd C. Miller
e5dee1557e Add NOTBEFORE and NOTAFTER command options similar to what is 
already available in LDAP.
 2017-02-18 15:35:48 -07:00
Todd C. Miller
31540e6228 Bump version to 1.11 for timeout entry in settings[] 2017-02-16 10:28:08 -07:00
Todd C. Miller
b030c96a86 regen 2017-02-16 10:13:48 -07:00
Todd C. Miller
c86a6a23ad Add a command line option to specify the command timeout, as long 
as sudoers does not specify a shorter time limit.
 2017-02-16 09:58:18 -07:00
Todd C. Miller
24cdbb8de1 Split out tags again so they must precede the command and not allow 
them to be mixed in with options.
 2017-02-14 15:56:34 -07:00
Todd C. Miller
3980f1531b Add support for command timeouts in sudoers. After the timeout, 
the command will be terminated.
 2017-02-14 15:56:34 -07:00
Todd C. Miller
4f9dcd7264 Merge command tags, SELinux type/role and Solaris privs settings 
into "command options".  This relaxes the order of things so tags
and other options can be interspersed.
 2017-02-14 15:56:34 -07:00
Todd C. Miller
3742f7a46e Add ignore_unknown_defaults flag to ignore unknown Defaults entries 
in sudoers instead of producing a warning.
 2017-02-06 05:41:57 -07:00
Todd C. Miller
8e3613340c update zlib to version 1.2.11 2017-01-25 15:11:32 -07:00
Todd C. Miller
413e1100b8 Add new fdexec sudoers setting to allow choose whether execve() or 
fexecve() is used.
 2017-01-22 18:56:16 -08:00
Todd C. Miller
df03020c4c Add support for SASL_MECH in ldap.conf; Bug #764 2017-01-17 11:09:23 -07:00
Todd C. Miller
34ba901baa Fix documentation bug, the contents of env_file have never been 
subject to env_keep or env_check.  However, variables are only added
if they have not already been preserved.
 2017-01-17 10:10:47 -07:00
Todd C. Miller
57933a8ff3 Safer example for rule that can change non-root passwords. GNU 
getopts allows options to follow arguments so we need to be able
to deny things like "passwd root -q".  From Paul "Joey" Clark.
Bug #772
 2017-01-17 08:55:40 -07:00
Todd C. Miller
0c3a8085b3 Avoid using the system strnlen/strndup on AIX < 6. Even if configure 
correctly detects it is working on the build machine, the sudo
package may be run on a system with an old libc were it is broken.
 2017-01-05 06:22:58 -07:00
Todd C. Miller
87d02bfe2d Dell spun off Quest so simplify the history by just talking 
about Quest and not Dell.
 2016-12-20 06:35:49 -07:00
Todd C. Miller
f847570ba9 Fix copyright year 2016-12-19 12:48:15 -07:00
Todd C. Miller
00b6be9dfa Allow syslog priority to be negated or set to "none" to disable 
logging successes or failures.
 2016-11-30 16:26:10 -07:00
Todd C. Miller
cb1f044017 Allow stdin and ttyin to be displayed too. The only one that is 
really useful in sudoreplay is stdin when input is from a pipe.
 2016-11-30 13:38:01 -07:00
Todd C. Miller
94b844ebb5 regen 2016-11-21 17:45:46 -07:00
Todd C. Miller
f70f595b5b Add umask to user_info passed in from the front end to the plugin. 2016-11-17 16:00:06 -07:00
Todd C. Miller
80217f0bbc Remove obsolete solaris issue with snprintf 2016-11-17 08:11:01 -07:00
Todd C. Miller
7524c231cc Store the file/lineno for alias and userspec entries so we can 
provide that info if there is an error.
 2016-11-12 19:22:32 -07:00
Todd C. Miller
541ffbeec8 Bump plugin minor version to 10 for sudo_mode, sudo_group and sudo_user. 2016-11-08 20:34:46 -07:00
Todd C. Miller
2b020c9f17 Pass iolog mode, group and user from policy plugin to I/O log plugin. 2016-11-07 10:19:04 -07:00
Todd C. Miller
a9715211a8 Use sudoedit in examples instead of "sudo vi" 2016-11-02 17:07:25 -06:00
Todd C. Miller
271a07ff00 Make the I/O log file/dir permissions and owner configurable. 2016-10-29 12:45:55 -06:00
Todd C. Miller
6fa59b7416 There are now 14 tag values, not 10. Don't bother mentioning the 
number since it keeps increasing.  Bug #759
 2016-10-19 07:33:07 -06:00
Todd C. Miller
44c2679f83 Add syslog_maxlen to control the max size of syslog messages. 2016-10-18 15:51:47 -06:00
Todd C. Miller
afcdc28534 Add wordexp() to the list of functions wrapped by sudo_noexec.so. 2016-10-14 10:33:55 -06:00
Todd C. Miller
db7ce3c219 Document that negated sudoHosts are only supported by 1.8.18 and higher. 2016-09-15 08:36:08 -06:00
Todd C. Miller
7fd6edb6df Document negated sudoHost entries. 2016-09-14 10:29:18 -06:00
Todd C. Miller
6eb1b8c7ea Norwegian Nynorsk translation of sudo from translationproject.org 2016-09-07 11:07:59 -06:00
Todd C. Miller
c0db5c1234 No line continuation support in ldap.conf. 2016-09-01 12:45:42 -06:00