isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
9,685 Commits 1 Branch 0 Tags
f1d0c99e03cb49b41d91dc92833ac2bc97639bf0
Commit Graph

789 Commits

Author SHA1 Message Date
Todd C. Miller
e6fe02d646 Reference timestamp_type and timestamp_timeout in sudoers. 
This should help users find details on how time stamp files work.
 2019-11-01 12:42:41 -06:00
Todd C. Miller
955fa11b53 Clear the write bit on the timing file for completed logs. 
This allows us to tell whether or not a log can be restarted.
 2019-10-24 20:04:33 -06:00
Todd C. Miller
1df3230c2a Document the sudo log server protocol 2019-10-24 20:04:33 -06:00
Todd C. Miller
b57054785f Add manual pages for logsrvd and sendlog. 2019-10-24 20:04:32 -06:00
Todd C. Miller
8a16e62a88 Import protobuf-c source since to avoid an external dependency. 
The files generated with protoc-c are not standalone.
We need to include protobuf-c.c and protobuf-c.h from the protobuf-c
distribution too.  Building protoc-c requires a relative recent
version of gcc which limits its portability.
 2019-10-24 20:04:30 -06:00
Todd C. Miller
8ea71f9ae0 Sudo 1.8.29 2019-10-21 14:57:24 -06:00
Todd C. Miller
b157b96893 Add depend target to all Makefile.in files. 2019-10-21 15:20:21 -06:00
Todd C. Miller
c3ce3a84fb Refer to user-ID and group-ID instead of "user ID" and "group ID" 2019-10-19 14:26:41 -06:00
Todd C. Miller
6260bf60b4 sudoedit doesn't create a new PAM session so PAM umask does not apply. 2019-10-18 06:43:33 -06:00
Todd C. Miller
b02851dcf3 Change how the umask is handled with PAM and login.conf. 
If the umask is explicitly set in sudoers, use that value regardless
of what is in PAM or login.conf.  If using the default umask from
sudoers, allow PAM or login.conf to override it.  Bug #900
 2019-10-18 06:20:27 -06:00
Todd C. Miller
cf6c60c102 Add log_allowed and log_denied sudoers flags, defaulting to true. 2019-10-17 13:43:04 -06:00
Todd C. Miller
8761217f83 Be more consistent with how we talk about sudoers Defaults settings. 
Use "flag" not "option" when referring to boolean flags.
Use "setting" in place of "Defaults setting" in most places.
Use "the foo option" instead of "sudo's foo option" for command line options.
 2019-10-16 14:29:12 -06:00
Todd C. Miller
984382f8a9 Refer to number of terminal lines, not rows, for consistency. 2019-09-18 20:03:04 -06:00
Todd C. Miller
b2fadf66de sudoedit umask fix 2019-09-14 08:50:12 -06:00
Todd C. Miller
9eeedb470f If the sudoreplay ID option is a fully-qualified path, use it directly. 
Previously, one had to use the -d option to override the I/O log directory.
 2019-08-27 13:40:38 -06:00
Todd C. Miller
eb95a35edc Add conditional for sesh path in sudo.conf manual. 2019-08-27 08:09:28 -06:00
Todd C. Miller
44e990c2ac Mention I/O log signal change in NEWS and UPGRADE files. 2019-08-05 16:45:30 -06:00
Todd C. Miller
3e56be3564 Store signal name, not number in I/O log timing file. 
The "SIG" prefix is not used so, e.g. SIGTERM -> "TERM".
This makes the I/O log files portable from one system to another.
Older I/O log files with signal numbers can still be replayed.
 2019-08-05 16:30:58 -06:00
Todd C. Miller
6f3d826f8b Update error message when the password cannot be read from the terminal. 2019-07-19 17:46:57 -06:00
Todd C. Miller
15db0c3f82 More verbose error message when a password is required and no terminal 
is present.  Bug #828.
 2019-07-19 11:51:20 -06:00
Todd C. Miller
6e0f7166e3 Document that PAM session modules are now run with the silent flag. 2019-07-19 10:38:53 -06:00
Todd C. Miller
10b5529a0b Clarify that ttyin contains raw terminal input. 2019-07-12 08:24:07 -06:00
Todd C. Miller
03ba6426e7 Expand the description of the I/O log files. 2019-07-11 13:42:12 -06:00
Todd C. Miller
679f13ef53 Remove trailing whitespace. 2019-07-11 13:41:48 -06:00
Todd C. Miller
bb024cf093 Rename PLUGINDIR -> plugindir 2019-07-03 13:15:47 -06:00
Todd C. Miller
cd258e1d39 Add conditional for sesh path in sudo.conf manual. 2019-07-03 09:06:45 -06:00
Todd C. Miller
81602ad086 sudoedit should be used for editing files instead of "sudo editor" 
That way the user's editor config files are used by the editor.
 2019-06-21 14:54:09 -06:00
Todd C. Miller
1fe9644f54 Move the section on HOME to be after the environment section. 
Also strongly discourage the disabling of env_reset.
 2019-06-21 13:26:02 -06:00
Todd C. Miller
2d8949198d Remove the Solaris last login question, add one about HOME. 
The PAM session is opened with PAM_SILENT so last login info is not printed.
It is dangerous to preserve HOME from the user's environment.
 2019-06-20 21:49:11 -06:00
Todd C. Miller
a45732528b Use the term pseudo-terminal more consistently. 2019-06-20 16:52:49 -06:00
Todd C. Miller
ee214e5261 Document why HOME should not be preserved from the user's environment. 
Text was adapted from what is already present in the UPGRADE file.
Also mark set_home and always_set_home as obsolete.
 2019-06-20 16:32:18 -06:00
Todd C. Miller
e11fa62cdc Refer to command line options, not flags. 2019-06-20 16:12:32 -06:00
Todd C. Miller
c1fc4e6bec sudo will now prompt for a password as long as /dev/tty is available. 2019-06-20 14:03:03 -06:00
Todd C. Miller
71fdb8e037 Remove .cat pages, there is no need for them in the modern world. 
Sudo only shipped .cat pages for Irix, which lacked nroff.
Irix is long dead and there are multiple open source nroff options.
 2019-06-20 13:15:46 -06:00
Todd C. Miller
184484b213 Make env_editor the default. 
It is already the default in the package script.
 2019-06-20 11:51:47 -06:00
Todd C. Miller
958cf7e37f Don't describe env_editor as a security hole. 
Users that are able to edit sudoers can grant themselves permissions
so the fact that visudo runs the editor as root is not a security issue.
 2019-06-20 11:40:47 -06:00
Todd C. Miller
6fe2223298 Fix details of how EDITOR, VISUAL and SUDO_EDITOR are (or are not) preserved. 
The description in the editor option was incorrect and didn't mention env_keep.
Reported by Sander Bos
 2019-06-20 11:05:15 -06:00
Todd C. Miller
a193f39c83 Modern visudo locks the actual sudoers file, not the sudoers.tmp file. 
Refer to sudoers.tmp as a temporary file, not a lock file.
Reported by Sander Bos
 2019-06-20 10:11:26 -06:00
Todd C. Miller
7ce9b80085 Use of "they" was ambiguous. 2019-06-19 14:36:59 -06:00
Todd C. Miller
05f9643b89 Better description of secure_path. 
The secure_path option affects the resolution of unqualified commands
as well as the environment that commands run with.
 2019-06-19 14:29:25 -06:00
Todd C. Miller
0304416099 Add Sander Bos 2019-06-19 14:02:56 -06:00
Todd C. Miller
7d5b1e3b1b Fix a few typos and awkward wording. 
Use the singular "they" instead of he/she.
Add back missing text in description of variables starting with ().
Based on changes from Sander Bos.
 2019-06-19 14:02:16 -06:00
Todd C. Miller
cb4ded8fb6 Clarify which environment variables are set based on the target user. 2019-06-15 09:41:39 -06:00
Todd C. Miller
948007e771 Document that "no tty present and no askpass program specified" may 
happen when /proc is not accessible.
 2019-05-28 08:42:26 -06:00
Todd C. Miller
d63fe33d1f Add Sangamesh Mallayya and Michael Spradling 2019-05-27 08:51:06 -06:00
Todd C. Miller
19c548fd57 Add -B option to ring the bell before the password prompt. 2019-05-27 08:49:43 -06:00
Todd C. Miller
14e72b3ec6 Sudo's conversation functions now filters out the last login information. 2019-05-01 10:56:43 -06:00
Todd C. Miller
976550084e Add pam_acct_mgmt setting to enable/disable PAM account validation. 2019-04-29 19:44:13 -06:00
Todd C. Miller
4b240c2673 regen 2019-04-29 19:43:17 -06:00
Todd C. Miller
1e1ef61902 Add SPDX-License-Identifier to files. 2019-04-29 07:21:51 -06:00