This patch will upgrade Sudo version 1.6.2 to version 1.6.2
patchlevel 3. To apply, do:
cd sudo-1.6.2
patch -p1 < sudo-1.6.2p3.patch
diff -ur sudo-1.6.2/CHANGES sudo-1.6.2p3/CHANGES
--- sudo-1.6.2/CHANGES Sun Jan 23 20:02:12 2000
+++ sudo-1.6.2p3/CHANGES Thu Mar 9 11:39:43 2000
@@ -1242,3 +1242,15 @@
392) PAM fixups: custom prompts now work correctly and errors are
dealt with more sanely. Patches from Cloyce D. Spradling.
+
+Sudo 1.6.2 released.
+
+393) Users in the 'exempt' group shouldn't get their $PATH overridden
+ by 'secure-path'. Patch from jmknoble@pobox.com.
+
+394) Pam now works on HP-UX 11.0, thanks to Jeff A. Earickson.
+
+395) Fixed a bug that caused an infinite loop when the password
+ timeout was disabled.
+
+396) Fixed a typo/thinko that broke secureware support for long passwords.
diff -ur sudo-1.6.2/INSTALL sudo-1.6.2p3/INSTALL
--- sudo-1.6.2/INSTALL Mon Jan 17 16:42:10 2000
+++ sudo-1.6.2p3/INSTALL Thu Jan 27 12:33:10 2000
@@ -159,11 +159,17 @@
on the machine.
--with-pam
- Enable PAM support. Tested on Redhat Linux 5.x, 6.0 and
- Solaris 2.6, 7.
- NOTE: on RedHat Linux (and perhaps others) you *must* install
- an /etc/pam.d/sudo file. You may either use the sample.pam
- file included with sudo or use /etc/pam.d/su as a reference.
+ Enable PAM support. Tested on:
+ Redhat Linux 5.x, 6.0, and 6.1
+ Solaris 2.6 and 7
+ HP-UX 11.0
+ NOTE: on RedHat Linux you *must* install an /etc/pam.d/sudo file.
+ You may either use the sample.pam file included with sudo or use
+ /etc/pam.d/su as a reference. On Solaris and HP-UX 11 systems
+ you should check (and understand) the contents of /etc/pam.conf.
+ Do a "man pam.conf" for more information and consider using the
+ "debug" option, if available, with your PAM libraries in
+ /etc/pam.conf to obtain syslog output for debugging purposes.
--with-AFS
Enable AFS support with kerberos authentication. Should work under
@@ -171,8 +177,14 @@
link without it.
--with-DCE
- Enable DCE support. Known to work on HP-UX 9.X and 10.0. Other
- platforms may require source code and/or `configure' changes.
+ Enable DCE support. Known to work on HP-UX 9.X, 10.X, and 11.0.
+ The use of PAM is recommended for HP-UX 11.X systems, since PAM is
+ fully implemented (this is not true for 10.20 and earlier versions).
+ Check to see that your 11.X (or other) system uses DCE via PAM by
+ looking at /etc/pam.conf to see if "libpam_dce" libraries are
+ referenced there. Other platforms may require source code and/or
+ `configure' changes; you should check to see if your platform can
+ access DCE via PAM before using this option.
--disable-sia
Disable SIA support. This is the "Security Integration Architecture"
@@ -228,11 +240,11 @@
security hole as most editors allow a user to get a shell (which would
be a root shell and hence, no logging).
-The following options are also configurable at runtime:
-
--with-otp-only
This option is now just an alias for --without-passwd.
+The following options are also configurable at runtime:
+
--with-long-otp-prompt
When validating with a One Time Password scheme (S/Key or OPIE), a
two-line prompt is used to make it easier to cut and paste the
@@ -286,7 +298,7 @@
Default is "*** SECURITY information for %h ***".
--without-mail-if-no-user
- Normally, sudo will mail to the "alermail" user if the user invoking
+ Normally, sudo will mail to the "alertmail" user if the user invoking
sudo is not in the sudoers file. This option disables that behavior.
--with-mail-if-no-host
@@ -357,8 +369,8 @@
The default is 5, set this to 0 for no password timeout.
--with-tty-tickets
- This makes sudo use a different ticket file for each tty (per user).
- Ie: instead of the ticket file being "username" it is "username:tty".
+ This makes sudo use a different ticket file for each user/tty combo.
+ Ie: instead of the ticket path being "username" it is "username/tty".
This is useful for "shared" accounts like "operator". Note that this
means that there will be more files in the timestamp dir. This is not
a problem if your system has a cron job to remove of files from /tmp
diff -ur sudo-1.6.2/Makefile.in sudo-1.6.2p3/Makefile.in
--- sudo-1.6.2/Makefile.in Mon Jan 17 16:46:24 2000
+++ sudo-1.6.2p3/Makefile.in Mon Jan 24 08:48:46 2000
@@ -34,7 +34,7 @@
#
# @configure_input@
#
-# $Sudo: Makefile.in,v 1.193 2000/01/17 23:46:24 millert Exp $
+# $Sudo: Makefile.in,v 1.194 2000/01/24 15:48:46 millert Exp $
#
#### Start of system configuration section. ####
@@ -148,7 +148,7 @@
sample.sudoers sudo.cat sudo.man sudo.pod sudoers sudoers.cat \
sudoers.man sudoers.pod visudo.cat visudo.man visudo.pod auth/API
-BINFILES= BUGS CHANGES FAQ HISTORY LICENSE README TODO TROUBLESHOOTING \
+BINFILES= BUGS CHANGES HISTORY LICENSE README TODO TROUBLESHOOTING \
UPGRADE install-sh mkinstalldirs sample.syslog.conf sample.sudoers \
sudo sudo.cat sudo.man sudo.pod sudoers sudoers.cat sudoers.man \
sudoers.pod visudo visudo.cat visudo.man visudo.pod
@@ -342,6 +342,7 @@
cp ../../$(srcdir)/$$i . ; \
fi ; \
done ; \
+ ln -s TROUBLESHOOTING FAQ ; \
for i in $(BINSPECIAL) ; do \
if [ -f ../../$$i ]; then \
cp ../../$$i `basename $$i .binary` ; \
diff -ur sudo-1.6.2/RUNSON sudo-1.6.2p3/RUNSON
--- sudo-1.6.2/RUNSON Sun Jan 23 20:41:58 2000
+++ sudo-1.6.2p3/RUNSON Sat Feb 26 20:22:33 2000
@@ -6,16 +6,16 @@
Name Rev Arch Used Version By Options
======= ======= ======= =============== ======= =============== ===============
Auspex 1.6.1 sun4 bundled cc 1.3.4 Alek Komarnitsky none
-SunOS 4.1.3 sun4 bundled cc 1.6.2 Todd Miller none
-SunOS 4.1.3 sun4 gcc2.9.5.2 1.6.2 Todd Miller none
+SunOS 4.1.3 sun4 bundled cc 1.6.2p2 Todd Miller none
+SunOS 4.1.3 sun4 gcc2.9.5.2 1.6.2p2 Todd Miller none
SunOS 4.1.3 sun4 gcc2.7.2.1 1.5.3 Todd Miller --with-kerb4
-SunOS 4.1.3 sun4 gcc2.9.5.2 1.6.2 Todd Miller --with-skey
+SunOS 4.1.3 sun4 gcc2.9.5.2 1.6.2p2 Todd Miller --with-skey
Solaris 2.5.1 sparc SC4.0 1.5.6p1 Brian Jackson none
Solaris 2.5.1 sun4u gcc2.7.2.3 1.5.4 Leon von Stauber none
Solaris 2.5.1 i386 gcc2.7.2 1.5.4 Leon von Stauber none
-Solaris 2.6 sparc gcc2.9.5.2 1.6.2 Todd Miller none
-Solaris 2.6 sparc gcc2.9.5.2 1.6.2 Todd Miller --with-pam
-Solaris 2.6 i386 gcc2.9.5.2 1.6.2 Todd Miller none
+Solaris 2.6 sparc gcc2.9.5.2 1.6.2p2 Todd Miller none
+Solaris 2.6 sparc gcc2.9.5.2 1.6.2p2 Todd Miller --with-pam
+Solaris 2.6 i386 gcc2.9.5.2 1.6.2p2 Todd Miller none
Solaris 2.6 sparc unbundled cc 1.5.7 Giff Hammar none
Solaris 2.6 i386 unbundled cc 1.5.8p2 Udo Keller none
Solaris 7 i386 gcc 2.8.1 1.6.1 Ido Dubrawsky none
@@ -32,14 +32,15 @@
HP-UX 9.05 hp700 gcc2.7.2.1 1.5.3 Todd Miller --with-kerb4
HP-UX 9.07 hp700 unbundled cc 1.5 Alek Komarnitsky --with-C2
HP-UX 9.05 hp700 unbundled cc 1.4 Todd Miller none
-HP-UX 10.10 hp700 unbundled cc 1.6.2 Todd Miller --with-skey
-HP-UX 10.20 hp700 gcc2.9.5.2 1.6.2 Todd Miller --with-skey
-HP-UX 10.20 hp700 bundled cc 1.6.2 Todd Miller none
+HP-UX 10.10 hp700 unbundled cc 1.6.2p2 Todd Miller --with-skey
+HP-UX 10.20 hp700 gcc2.9.5.2 1.6.2p2 Todd Miller --with-skey
+HP-UX 10.20 hp700 bundled cc 1.6.2p2 Todd Miller none
HP-UX 10.20 PA-RISC2.0 bundled cc 1.5.4 Leon von Stauber none
HP-UX 11.00 hp700 ansi-c 1.5.5b1 Alek Komarnitsky --with-C2
HP-UX 11.00 hp700 bundled cc 1.5.5p5 Lynn Osburn none
-HP-UX 10.20 hp700 gcc 2.8.1 1.5.6b2 Jeff Earickson --with-DCE
-Ultrix 4.3 mips bundled cc 1.6.2 Todd Miller none
+HP-UX 11.00 hp700 HP C compiler 1.6.2 Jeff Earickson --with-pam
+HP-UX 10.20 hp700 gcc 2.95.2 1.6.2 Jeff Earickson --with-DCE
+Ultrix 4.3 mips bundled cc 1.6.2p2 Todd Miller none
Ultrix 4.3 mips gcc2.7.2.1 1.5.9 Todd Miller --with-skey
IRIX 4.05H mips gcc2.6.3 1.5.3 Todd Miller none
IRIX 4.05H mips unbundled cc 1.4 Todd Miller none
@@ -47,8 +48,8 @@
IRIX 5.3 mips MipsPro C 1.5.6p1 Brian Jackson none
IRIX 6.2 mips MipsPro C 1.5.6p1 Brian Jackson none
IRIX 6.5 mips MipsPro C 1.5.6p1 Brian Jackson none
-IRIX 5.3 mips unbundled cc 1.6.2 Todd Miller none
-IRIX 5.3 mips gcc2.9.5.2 1.6.2 Todd Miller --with-skey
+IRIX 5.3 mips unbundled cc 1.6.2p2 Todd Miller none
+IRIX 5.3 mips gcc2.9.5.2 1.6.2p2 Todd Miller --with-skey
IRIX 5.3 mips gcc2.7.2.1 1.5.3 Todd Miller --with-kerb4
IRIX 5.3 mips unbundled cc 1.4 Wallace Winfrey --with-C2
IRIX 6.2 mips unbundled cc 1.5 Alek Komarnitsky --with-C2
@@ -66,15 +67,14 @@
NEXTSTEP 3.3 i386 bundled cc 1.4 Jonathan Adams none
NEXTSTEP 3.3 sparc bundled cc 1.5.3 Mike Kienenberger none
DEC UNIX 3.2c alpha bundled cc 1.5.3 Todd Miller none
-DEC UNIX 4.0D alpha gcc-2.9.5.2 1.6.2 Todd Miller --with-skey
+DEC UNIX 4.0D alpha gcc-2.9.5.2 1.6.2p2 Todd Miller --with-skey
DEC UNIX 4.0 alpha gcc-2.7.2.1 1.5.3 Todd Miller --with-kerb4
DEC UNIX 4.0D alpha bundled cc 1.5.3 Randall R. Cable --with-C2
DEC UNIX 4.0E alpha bundled cc 1.5.9p2 Vangelis Haniotakis none
AIX 3.2.X rs6000 bundled cc 1.4 Todd Miller none
-AIX 4.1.3 rs6000 gcc-2.8.1 1.6.2 Todd Miller none
AIX 4.1.3 PowerPC gcc-2.7.0 1.4 Bob Shair none
-AIX 4.1.4 rs6000 gcc-2.8.1 1.6.2 Todd Miller none
-AIX 4.1.4 rs6000 gcc-2.8.1 1.6.2 Todd Miller --with-authenticate
+AIX 4.1.4 rs6000 gcc-2.8.1 1.6.2p2 Todd Miller none
+AIX 4.1.4 rs6000 gcc-2.8.1 1.6.2p2 Todd Miller --with-authenticate
AIX 4.1.5 rs6000 gcc-2.7.2.3 1.4.4 Daniel Robitaille none
AIX 4.1.X rs6000 bundled cc 1.5.3 Robin Jackson --with-AFS
AIX 4.1.X PowerPC bundled cc 1.5.3 Robin Jackson --with-AFS
@@ -85,9 +85,9 @@
ConvexOS 9.1 convex bundled cc 1.3.6 Todd Miller none
ConvexOS 9.1 convex gcc2.4.5 1.3.6 Todd Miller none
BSD/OS 2.1 i386 shlicc 1.5.3 Todd Miller none
-OpenBSD 2.X i586 gcc-2.8.1 1.6.2 Todd Miller none
-OpenBSD 2.X alpha gcc-2.8.1 1.6.2 Todd Miller none
-OpenBSD 2.X m68k gcc-2.8.1 1.6.2 Todd Miller none
+OpenBSD 2.X i586 gcc-2.8.1 1.6.2p2 Todd Miller none
+OpenBSD 2.X alpha gcc-2.8.1 1.6.2p2 Todd Miller none
+OpenBSD 2.X m68k gcc-2.8.1 1.6.2p2 Todd Miller none
OpenBSD 2.X mvme88k gcc-2.8.1 1.5.9 Steve Murphree none
FreeBSD 1.1 i386 gcc 1.3.2 Dworkin Muller none
FreeBSD 2.0.5 i386 gcc 1.3.4 Dworkin Muller none
@@ -95,12 +95,12 @@
Linux 1.2.13 i486 gcc-2.7.0 1.4 Michael Forman none
Linux 1.2.8 i486 gcc-2.5.8 1.3.5 Ted Coady --with-C2
Linux 2.0.15 i586 gcc-2.7.2.1 1.5 Danny Barron none
-Linux 2.0.36 i586 gcc-2.95.2 1.6.2 Todd Miller none
+Linux 2.0.36 i586 gcc-2.95.2 1.6.2p2 Todd Miller none
Linux 2.0.34 i586 egcs-2.91.57 1.5.6p2 Darrin Chandler none
Linux 2.0.36 i586 gcc-2.7.2.3 1.5.7p4 Nathan Haney none
Linux 2.0.34 alpha egcs-2.90.27 1.5.3 Karl Schlitt none
Linux 2.0.33pl1 m68k gcc 2.7.2.3 1.5.6 James Troup none
-Linux 2.2.12 i586 gcc-2.95.2 1.6.2 Todd Miller --with-pam
+Linux 2.2.12 i586 gcc-2.95.2 1.6.2p2 Todd Miller --with-pam
Linux 2.2.6-15 ppc egcs-1.1.2 1.5.9p4 Barbara Schelkle none
Linux 2.0.34 mips gcc-2.7.2 1.6 Tristan Roddis none
UnixWare 1.1.4 i386 gcc-2.7.2 1.4 Michael Hancock none
diff -ur sudo-1.6.2/auth/sudo_auth.c sudo-1.6.2p3/auth/sudo_auth.c
--- sudo-1.6.2/auth/sudo_auth.c Sun Dec 5 23:47:19 1999
+++ sudo-1.6.2p3/auth/sudo_auth.c Thu Mar 9 11:38:57 2000
@@ -67,7 +67,7 @@
# ifndef WITHOUT_PASSWD
AUTH_ENTRY(0, "passwd", NULL, NULL, passwd_verify, NULL)
# endif
-# if defined(HAVE_SECUREWARE) && !defined(WITHOUT_PASSWD)
+# if defined(HAVE_GETPRPWNAM) && !defined(WITHOUT_PASSWD)
AUTH_ENTRY(0, "secureware", secureware_init, NULL, secureware_verify, NULL)
# endif
# ifdef HAVE_AFS
diff -ur sudo-1.6.2/configure sudo-1.6.2p3/configure
--- sudo-1.6.2/configure Wed Jan 19 11:52:00 2000
+++ sudo-1.6.2p3/configure Thu Jan 27 12:58:49 2000
@@ -7630,6 +7630,44 @@
AUTH_OBJS="${AUTH_OBJS} kerb5.o"
fi
+if test "$with_pam" = "yes"; then
+ echo $ac_n "checking for -ldl""... $ac_c" 1>&6
+echo "configure:7636: checking for -ldl" >&5
+if eval "test \"`echo '$''{'ac_cv_lib_dl'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ ac_save_LIBS="$LIBS"
+LIBS="-ldl $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 7643 "configure"
+#include "confdefs.h"
+
+int main() {
+main()
+; return 0; }
+EOF
+if { (eval echo configure:7650: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ ac_cv_lib_dl=yes
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ ac_cv_lib_dl=no
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+echo "$ac_t""$ac_cv_lib_dl" 1>&6
+if test "$ac_cv_lib_dl" = yes; then
+ SUDO_LIBS="${SUDO_LIBS} -ldl -lpam"
+else
+ SUDO_LIBS="${SUDO_LIBS} -lpam"
+fi
+
+fi
+
if test "$with_kerb4" = "yes"; then
cat >> confdefs.h <<\EOF
#define HAVE_KERB4 1
@@ -7658,21 +7696,21 @@
fi
echo $ac_n "checking for -ldes""... $ac_c" 1>&6
-echo "configure:7662: checking for -ldes" >&5
+echo "configure:7700: checking for -ldes" >&5
if eval "test \"`echo '$''{'ac_cv_lib_des'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
ac_save_LIBS="$LIBS"
LIBS="-ldes $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 7669 "configure"
+#line 7707 "configure"
#include "confdefs.h"
int main() {
main()
; return 0; }
EOF
-if { (eval echo configure:7676: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:7714: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
rm -rf conftest*
ac_cv_lib_des=yes
else
@@ -7695,10 +7733,6 @@
AUTH_OBJS="${AUTH_OBJS} kerb4.o"
fi
-if test "$with_pam" = "yes"; then
- SUDO_LIBS="${SUDO_LIBS} -ldl -lpam"
-fi
-
if test "$with_AFS" = "yes"; then
# looks like the "standard" place for AFS libs is /usr/afsws/lib
@@ -7795,7 +7829,7 @@
fi
echo $ac_n "checking for log file location""... $ac_c" 1>&6
-echo "configure:7799: checking for log file location" >&5
+echo "configure:7833: checking for log file location" >&5
if test -n "$with_logpath"; then
echo "$ac_t""$with_logpath" 1>&6
cat >> confdefs.h <<EOF
@@ -7825,7 +7859,7 @@
fi
echo $ac_n "checking for timestamp file location""... $ac_c" 1>&6
-echo "configure:7829: checking for timestamp file location" >&5
+echo "configure:7863: checking for timestamp file location" >&5
if test -n "$with_timedir"; then
echo "$ac_t""$with_timedir" 1>&6
cat >> confdefs.h <<EOF
diff -ur sudo-1.6.2/configure.in sudo-1.6.2p3/configure.in
--- sudo-1.6.2/configure.in Wed Jan 19 12:07:24 2000
+++ sudo-1.6.2p3/configure.in Thu Jan 27 13:01:37 2000
@@ -1,6 +1,6 @@
dnl
dnl Process this file with GNU autoconf to produce a configure script.
-dnl $Sudo: configure.in,v 1.299 2000/01/19 19:07:24 millert Exp $
+dnl $Sudo: configure.in,v 1.300 2000/01/27 20:01:37 millert Exp $
dnl
dnl Copyright (c) 1994-1996,1998-1999 Todd C. Miller <Todd.Miller@courtesan.com>
dnl
@@ -1433,6 +1433,13 @@
fi
dnl
+dnl PAM libs
+dnl
+if test "$with_pam" = "yes"; then
+ AC_HAVE_LIBRARY(dl, SUDO_LIBS="${SUDO_LIBS} -ldl -lpam", SUDO_LIBS="${SUDO_LIBS} -lpam")
+fi
+
+dnl
dnl Find kerberos 4 includes and libs or complain
dnl
if test "$with_kerb4" = "yes"; then
@@ -1461,13 +1468,6 @@
AC_HAVE_LIBRARY(des, SUDO_LIBS="${SUDO_LIBS} -lkrb -ldes", SUDO_LIBS="${SUDO_LIBS} -lkrb")
AUTH_OBJS="${AUTH_OBJS} kerb4.o"
-fi
-
-dnl
-dnl PAM libs
-dnl
-if test "$with_pam" = "yes"; then
- SUDO_LIBS="${SUDO_LIBS} -ldl -lpam"
fi
dnl
diff -ur sudo-1.6.2/find_path.c sudo-1.6.2p3/find_path.c
--- sudo-1.6.2/find_path.c Thu Oct 7 15:20:57 1999
+++ sudo-1.6.2p3/find_path.c Wed Jan 26 21:31:58 2000
@@ -64,7 +64,7 @@
#endif /* !STDC_HEADERS */
#ifndef lint
-static const char rcsid[] = "$Sudo: find_path.c,v 1.94 1999/10/07 21:20:57 millert Exp $";
+static const char rcsid[] = "$Sudo: find_path.c,v 1.95 2000/01/27 04:31:58 millert Exp $";
#endif /* lint */
/*
@@ -108,7 +108,7 @@
* Grab PATH out of the environment (or from the string table
* if SECURE_PATH is in effect) and make a local copy.
*/
- if (def_str(I_SECURE_PATH))
+ if (def_str(I_SECURE_PATH) && !user_is_exempt())
path = def_str(I_SECURE_PATH);
else if ((path = getenv("PATH")) == NULL)
return(NOT_FOUND);
diff -ur sudo-1.6.2/sudo.tab.c sudo-1.6.2p3/sudo.tab.c
--- sudo-1.6.2/sudo.tab.c Tue Jan 11 11:20:40 2000
+++ sudo-1.6.2p3/sudo.tab.c Thu Jan 27 18:41:33 2000
@@ -4,7 +4,7 @@
#if __GNUC__ == 2
__attribute__ ((unused))
#endif /* __GNUC__ == 2 */
- = "$OpenBSD: skeleton.c,v 1.13 1998/11/18 15:45:12 dm Exp $";
+ = "$OpenBSD: skeleton.c,v 1.15 2000/01/27 21:34:23 deraadt Exp $";
#endif
#include <stdlib.h>
#define YYBYACC 1
@@ -18,7 +18,7 @@
#define YYPREFIX "yy"
#line 2 "parse.yacc"
/*
- * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 1996, 1998-2000 Todd C. Miller <Todd.Miller@courtesan.com>
* All rights reserved.
*
* This code is derived from software contributed by Chris Jepeway
@@ -97,7 +97,7 @@
#endif /* HAVE_LSEARCH */
#ifndef lint
-static const char rcsid[] = "$Sudo: sudo.tab.c,v 1.47 2000/01/11 18:20:40 millert Exp $";
+static const char rcsid[] = "$Sudo: sudo.tab.c,v 1.49 2000/01/28 01:41:33 millert Exp $";
#endif /* lint */
/*
@@ -950,18 +950,27 @@
newss = yyss ? (short *)realloc(yyss, newsize * sizeof *newss) :
(short *)malloc(newsize * sizeof *newss);
if (newss == NULL)
- return -1;
+ goto bail;
yyss = newss;
yyssp = newss + i;
newvs = yyvs ? (YYSTYPE *)realloc(yyvs, newsize * sizeof *newvs) :
(YYSTYPE *)malloc(newsize * sizeof *newvs);
if (newvs == NULL)
- return -1;
+ goto bail;
yyvs = newvs;
yyvsp = newvs + i;
yystacksize = newsize;
yysslim = yyss + newsize - 1;
return 0;
+bail:
+ if (yyss)
+ free(yyss);
+ if (yyvs)
+ free(yyvs);
+ yyss = yyssp = NULL;
+ yyvs = yyvsp = NULL;
+ yystacksize = 0;
+ return -1;
}
#define YYABORT goto yyabort
@@ -1793,7 +1802,7 @@
yyval.BOOLEAN = TRUE;
}
break;
-#line 1797 "sudo.tab.c"
+#line 1806 "sudo.tab.c"
}
yyssp -= yym;
yystate = *yyssp;
diff -ur sudo-1.6.2/sudoers.cat sudo-1.6.2p3/sudoers.cat
--- sudo-1.6.2/sudoers.cat Sun Jan 23 20:59:01 2000
+++ sudo-1.6.2p3/sudoers.cat Thu Jan 27 13:11:06 2000
@@ -61,7 +61,7 @@
-23/Jan/2000 1.6.2 1
+26/Jan/2000 1.6.2 1
@@ -127,7 +127,7 @@
-23/Jan/2000 1.6.2 2
+26/Jan/2000 1.6.2 2
@@ -193,7 +193,7 @@
-23/Jan/2000 1.6.2 3
+26/Jan/2000 1.6.2 3
@@ -225,147 +225,284 @@
F�F�F�Fl�l�l�la�a�a�ag�g�g�gs�s�s�s:
long_otp_prompt
- Put OTP prompt on its own line
+ When validating with a One Time Password
+ scheme (S�S�S�S/�/�/�/K�K�K�Ke�e�e�ey�y�y�y or O�O�O�OP�P�P�PI�I�I�IE�E�E�E), a two-line prompt is
+ used to make it easier to cut and paste the
+ challenge to a local window. It's not as
+ pretty as the default but some people find it
+ more convenient. This flag is off by default.
+
+ ignore_dot If set, s�s�s�su�u�u�ud�d�d�do�o�o�o will ignore '.' or '' (current
+ dir) in $PATH; the $PATH itself is not
+ modified. This flag is off by default.
- ignore_dot Ignore '.' in $PATH
-
- mail_always Always send mail when sudo is run
+ mail_always Send mail to the _�m_�a_�i_�l_�t_�o user every time a
+ users runs sudo. This flag is off by default.
mail_no_user
- Send mail if the user is not in sudoers
+ If set, mail will be sent to the _�m_�a_�i_�l_�t_�o user
+ if the invoking user is not in the _�s_�u_�d_�o_�e_�r_�s
+ file. This flag is on by default.
mail_no_host
- Send mail if the user is not in sudoers for
- this host
+ If set, mail will be sent to the _�m_�a_�i_�l_�t_�o user
+ if the invoking user exists in the _�s_�u_�d_�o_�e_�r_�s
+ file, but is not allowed to run commands on
+ the current host. This flag is off by
+ default.
mail_no_perms
- Send mail if the user is not allowed to run a
- command
-
- tty_tickets Use a separate timestamp for each user/tty
- combo
+ If set, mail will be sent to the _�m_�a_�i_�l_�t_�o user
+ if the invoking user allowed to use sudo but
+ the command they are trying is not listed in
+ their _�s_�u_�d_�o_�e_�r_�s file entry. This flag is off by
- lecture Lecture user the first time they run sudo
- authenticate
- Require users to authenticate by default
- root_sudo Root may run sudo
+26/Jan/2000 1.6.2 4
- log_host Log the hostname in the (non-syslog) log file
- log_year Log the year in the (non-syslog) log file
+sudoers(5) FILE FORMATS sudoers(5)
-23/Jan/2000 1.6.2 4
+ default.
+ tty_tickets If set, users must authenticate on a per-tty
+ basis. Normally, s�s�s�su�u�u�ud�d�d�do�o�o�o uses a directory in the
+ ticket dir with the same name as the user
+ running it. With this flag enabled, s�s�s�su�u�u�ud�d�d�do�o�o�o will
+ use a file named for the tty the user is
+ logged in on in that directory. This flag is
+ off by default.
+ lecture If set, a user will receive a short lecture
+ the first time he/she runs s�s�s�su�u�u�ud�d�d�do�o�o�o. This flag is
+ on by default.
+ authenticate
+ If set, users must authenticate themselves via
+ a password (or other means of authentication)
+ before they may run commands. This default
+ may be overridden via the PASSWD and NOPASSWD
+ tags. This flag is on by default.
+
+ root_sudo If set, root is allowed to run sudo too.
+ Disabling this prevents users from "chaining"
+ sudo commands to get a root shell by doing
+ something like "sudo sudo /bin/sh". This flag
+ is on by default.
+
+ log_host If set, the hostname will be logged in the
+ (non-syslog) s�s�s�su�u�u�ud�d�d�do�o�o�o log file. This flag is off
+ by default.
+
+ log_year If set, the four-digit year will be logged in
+ the (non-syslog) s�s�s�su�u�u�ud�d�d�do�o�o�o log file. This flag is
+ off by default.
-sudoers(5) FILE FORMATS sudoers(5)
+ shell_noargs
+ If set and s�s�s�su�u�u�ud�d�d�do�o�o�o is invoked with no arguments
+ it acts as if the -s flag had been given.
+ That is, it runs a shell as root (the shell is
+ determined by the SHELL environment variable
+ if it is set, falling back on the shell listed
+ in the invoking user's /etc/passwd entry if
+ not). This flag is off by default.
+
+ set_home If set and s�s�s�su�u�u�ud�d�d�do�o�o�o is invoked with the -s flag
+ the HOME environment variable will be set to
+ the home directory of the target user (which
+ is root unless the -u option is used). This
+ effectively makes the -s flag imply -H. This
+ flag is off by default.
+
+ path_info Normally, s�s�s�su�u�u�ud�d�d�do�o�o�o will tell the user when a
+ command could not be found in their $PATH.
+ Some sites may wish to disable this as it
+
+
+
+26/Jan/2000 1.6.2 5
- shell_noargs
- If sudo is invoked with no arguments, start a
- shell
- set_home Set $HOME to the target user when starting a
- shell with -s
- path_info Allow some information gathering to give
- useful error messages
- fqdn Require fully-qualified hostnames in the
- sudoers file
+sudoers(5) FILE FORMATS sudoers(5)
- insults Insult the user when they enter an incorrect
- password
- requiretty Only allow the user to run sudo if they have a
- tty
+ could be used to gather information on the
+ location of executables that the normal user
+ does not have access to. The disadvantage is
+ that if the executable is simply not in the
+ user's $PATH, s�s�s�su�u�u�ud�d�d�do�o�o�o will tell the user that
+ they are not allowed to run it, which can be
+ confusing. This flag is off by default.
+
+ fqdn Set this flag if you want to put fully
+ qualified hostnames in the _�s_�u_�d_�o_�e_�r_�s file. Ie:
+ instead of myhost you would use
+ myhost.mydomain.edu. You may still use the
+ short form if you wish (and even mix the two).
+ Beware that turning on _�f_�q_�d_�n requires sudo to
+ make DNS lookups which may make s�s�s�su�u�u�ud�d�d�do�o�o�o unusable
+ if DNS stops working (for example if the
+ machine is not plugged into the network).
+ Also note that you must use the host's
+ official name as DNS knows it. That is, you
+ may not use a host alias (CNAME entry) due to
+ performance issues and the fact that there is
+ no way to get all aliases from DNS. If your
+ machine's hostname (as returned by the
+ hostname command) is already fully qualified
+ you shouldn't need to set _�f_�q_�f_�n. This flag is
+ off by default.
+
+ insults If set, sudo will insult users when they enter
+ an incorrect password. This flag is off by
+ default.
+
+ requiretty If set, sudo will only run when the user is
+ logged in to a real tty. This will disallow
+ things like "rsh somehost sudo ls" since
+ _�r_�s_�h(1) does not allocate a tty. Because it is
+ not possible to turn of echo when there is no
+ tty present, some sites may with to set this
+ flag to prevent a user from entering a visible
+ password. This flag is off by default.
I�I�I�In�n�n�nt�t�t�te�e�e�eg�g�g�ge�e�e�er�r�r�rs�s�s�s:
passwd_tries
- Number of tries to enter a password
+ The number of tries a user gets to enter
+ his/her password before sudo logs the failure
+ and exits. The default is 3.
I�I�I�In�n�n�nt�t�t�te�e�e�eg�g�g�ge�e�e�er�r�r�rs�s�s�s t�t�t�th�h�h�ha�a�a�at�t�t�t c�c�c�ca�a�a�an�n�n�n b�b�b�be�e�e�e u�u�u�us�s�s�se�e�e�ed�d�d�d i�i�i�in�n�n�n a�a�a�a b�b�b�bo�o�o�oo�o�o�ol�l�l�le�e�e�ea�a�a�an�n�n�n c�c�c�co�o�o�on�n�n�nt�t�t�te�e�e�ex�x�x�xt�t�t�t:
- loglinelen Length at which to wrap log file lines (use 0
- or negate for no wrap)
+ loglinelen Number of characters per line for the file
+ log. This value is used to decide when to
+ wrap lines for nicer log files. This has no
+ effect on the syslog log file, only the file
+ log. The default is 80 (use 0 or negate to
+
+
+
+26/Jan/2000 1.6.2 6
+
+
+
+
+
+sudoers(5) FILE FORMATS sudoers(5)
+
+
+ disable word wrap).
timestamp_timeout
- Authentication timestamp timeout
+ Number of minutes that can elapse before s�s�s�su�u�u�ud�d�d�do�o�o�o
+ will ask for a passwd again. The default is
+ 5, set this to 0 to always prompt for a
+ password.
passwd_timeout
- Password prompt timeout
-
- umask Umask to use or 0777 to use user's
+ Number of minutes before the sudo password
+ prompt times out. The default is 5, set this
+ to 0 for no password timeout.
+
+ umask Umask to use when running the root command.
+ Set this to 0777 to not override the user's
+ umask. The default is 0022.
S�S�S�St�t�t�tr�r�r�ri�i�i�in�n�n�ng�g�g�gs�s�s�s:
- mailsub Subject line for mail messages
+ mailsub Subject of the mail sent to the _�m_�a_�i_�l_�t_�o user.
+ The escape %h will expand to the hostname of
+ the machine. Default is "*** SECURITY
+ information for %h ***".
badpass_message
- Incorrect password message
+ Message that is displayed if a user enters an
+ incorrect password. The default is "Sorry,
+ try again." unless insults are enabled.
timestampdir
- Path to authentication timestamp dir
-
- passprompt Default password prompt
+ The directory in which s�s�s�su�u�u�ud�d�d�do�o�o�o stores its
+ timestamp files. The default is either
+ /var/run/sudo or /tmp/sudo.
+
+ passprompt The default prompt to use when asking for a
+ password; can be overridden via the -p option
+ or the SUDO_PROMPT environment variable.
+ Supports two escapes: "%u" expands to the
+ user's login name and "%h" expands to the
+ local hostname. The default value is
+ "Password:".
runas_default
- Default user to run commands as
+ The default user to run commands as if the -u
+ flag is not specified on the command line.
+ This defaults to "root".
syslog_goodpri
Syslog priority to use when user authenticates
+ successfully. Defaults to "notice".
+ syslog_badpri
+ Syslog priority to use when user authenticates
+ unsuccessfully. Defaults to "alert".
-23/Jan/2000 1.6.2 5
-
+26/Jan/2000 1.6.2 7
-sudoers(5) FILE FORMATS sudoers(5)
- successfully
+sudoers(5) FILE FORMATS sudoers(5)
- syslog_badpri
- Syslog priority to use when user authenticates
- unsuccessfully
S�S�S�St�t�t�tr�r�r�ri�i�i�in�n�n�ng�g�g�gs�s�s�s t�t�t�th�h�h�ha�a�a�at�t�t�t c�c�c�ca�a�a�an�n�n�n b�b�b�be�e�e�e u�u�u�us�s�s�se�e�e�ed�d�d�d i�i�i�in�n�n�n a�a�a�a b�b�b�bo�o�o�oo�o�o�ol�l�l�le�e�e�ea�a�a�an�n�n�n c�c�c�co�o�o�on�n�n�nt�t�t�te�e�e�ex�x�x�xt�t�t�t:
syslog Syslog facility if syslog is being used for
- logging (negate to disable syslog)
+ logging (negate to disable syslog logging).
+ Defaults to "local2".
- mailerpath Path to mail program
+ mailerpath Path to mail program used to send warning
+ mail. Defaults to the path to sendmail found
+ at configure time.
- mailerflags Flags for mail program
+ mailerflags Flags to use when invoking mailer. Defaults to
+ -t.
- mailto Address to send mail to
+ mailto Address to send warning and erorr mail to.
+ Defaults to "root".
exempt_group
Users in this group are exempt from password
- and PATH requirements
+ and PATH requirements. This is not set by
+ default.
- secure_path Value to override user's $PATH with
+ secure_path Path used for every command run from s�s�s�su�u�u�ud�d�d�do�o�o�o. If
+ you don't trust the people running sudo to
+ have a sane PATH environment variable you may
+ want to use this. Another use is if you want
+ to have the "root path" be separate from the
+ "user path." This is not set by default.
verifypw This option controls when a password will be
required when a user runs sudo with the -�-�-�-v�v�v�v.
It has the following possible values:
- all All the user's sudoers entries for the
+ all All the user's I<sudoers> entries for the
current host must have the C<NOPASSWD>
flag set to avoid entering a password.
- any At least one of the user's sudoers entries
+ any At least one of the user's I<sudoers> entries
for the current host must have the
C<NOPASSWD> flag set to avoid entering a
password.
@@ -382,16 +519,11 @@
required when a user runs sudo with the -�-�-�-l�l�l�l.
It has the following possible values:
- all All the user's sudoers entries for the
- current host must have the C<NOPASSWD>
- flag set to avoid entering a password.
-
-
-23/Jan/2000 1.6.2 6
+26/Jan/2000 1.6.2 8
@@ -400,7 +532,11 @@
sudoers(5) FILE FORMATS sudoers(5)
- any At least one of the user's sudoers entries
+ all All the user's I<sudoers> entries for the
+ current host must have the C<NOPASSWD>
+ flag set to avoid entering a password.
+
+ any At least one of the user's I<sudoers> entries
for the current host must have the
C<NOPASSWD> flag set to avoid entering a
password.
@@ -450,14 +586,10 @@
commands that follow it. What this means is that for the
entry:
- dgb boulder = (operator) /bin/ls, /bin/kill, /usr/bin/who
-
- The user d�d�d�dg�g�g�gb�b�b�b may run _�/_�b_�i_�n_�/_�l_�s, _�/_�b_�i_�n_�/_�k_�i_�l_�l, and _�/_�u_�s_�r_�/_�b_�i_�n_�/_�l_�p_�r_�m
- -- but only as o�o�o�op�p�p�pe�e�e�er�r�r�ra�a�a�at�t�t�to�o�o�or�r�r�r. Eg.
-23/Jan/2000 1.6.2 7
+26/Jan/2000 1.6.2 9
@@ -466,6 +598,11 @@
sudoers(5) FILE FORMATS sudoers(5)
+ dgb boulder = (operator) /bin/ls, /bin/kill, /usr/bin/who
+
+ The user d�d�d�dg�g�g�gb�b�b�b may run _�/_�b_�i_�n_�/_�l_�s, _�/_�b_�i_�n_�/_�k_�i_�l_�l, and _�/_�u_�s_�r_�/_�b_�i_�n_�/_�l_�p_�r_�m
+ -- but only as o�o�o�op�p�p�pe�e�e�er�r�r�ra�a�a�at�t�t�to�o�o�or�r�r�r. Eg.
+
sudo -u operator /bin/ls.
It is also possible to override a Runas_Spec later on in
@@ -515,22 +652,21 @@
* Matches any set of zero or more characters.
- ? Matches any single character.
-
- [...] Matches any character in the specified range.
+26/Jan/2000 1.6.2 10
-23/Jan/2000 1.6.2 8
+sudoers(5) FILE FORMATS sudoers(5)
-sudoers(5) FILE FORMATS sudoers(5)
+ ? Matches any single character.
+ [...] Matches any character in the specified range.
[!...] Matches any character n�n�n�no�o�o�ot�t�t�t in the specified range.
@@ -583,13 +719,9 @@
Long lines can be continued with a backslash ('\') as the
last character on the line.
- Whitespace between elements in a list as well as specicial
- syntactic characters in a _�U_�s_�e_�r _�S_�p_�e_�c_�i_�f_�i_�c_�a_�t_�i_�o_�n ('=', ':',
- '(', ')') is optional.
-
-23/Jan/2000 1.6.2 9
+26/Jan/2000 1.6.2 11
@@ -598,6 +730,10 @@
sudoers(5) FILE FORMATS sudoers(5)
+ Whitespace between elements in a list as well as specicial
+ syntactic characters in a _�U_�s_�e_�r _�S_�p_�e_�c_�i_�f_�i_�c_�a_�t_�i_�o_�n ('=', ':',
+ '(', ')') is optional.
+
The following characters must be escaped with a backslash
('\') when used as part of a word (eg. a username or
hostname): '@', '!', '=', ':', ',', '(', ')', '\'.
@@ -647,15 +783,11 @@
sure we log the year in each log line since the log
entries will be kept around for several years.
- # Override builtin defaults
- Defaults syslog=auth
- Defaults:FULLTIMERS !lecture
- Defaults:millert !authenticate
- Defaults@SERVERS log_year, logfile=/var/log/sudo.log
-23/Jan/2000 1.6.2 10
+
+26/Jan/2000 1.6.2 12
@@ -664,6 +796,12 @@
sudoers(5) FILE FORMATS sudoers(5)
+ # Override builtin defaults
+ Defaults syslog=auth
+ Defaults:FULLTIMERS !lecture
+ Defaults:millert !authenticate
+ Defaults@SERVERS log_year, logfile=/var/log/sudo.log
+
The _�U_�s_�e_�r _�s_�p_�e_�c_�i_�f_�i_�c_�a_�t_�i_�o_�n is the part that actually
determines who may run what.
@@ -713,15 +851,9 @@
pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root
- The user p�p�p�pe�e�e�et�t�t�te�e�e�e is allowed to change anyone's password
- except for root on the _�H_�P_�P_�A machines. Note that this
- assumes _�p_�a_�s_�s_�w_�d(1) does not take multiple usernames on the
- command line.
-
-
-23/Jan/2000 1.6.2 11
+26/Jan/2000 1.6.2 13
@@ -730,6 +862,11 @@
sudoers(5) FILE FORMATS sudoers(5)
+ The user p�p�p�pe�e�e�et�t�t�te�e�e�e is allowed to change anyone's password
+ except for root on the _�H_�P_�P_�A machines. Note that this
+ assumes _�p_�a_�s_�s_�w_�d(1) does not take multiple usernames on the
+ command line.
+
bob SPARC = (OP) ALL : SGI = (OP) ALL
The user b�b�b�bo�o�o�ob�b�b�b may run anything on the _�S_�P_�A_�R_�C and _�S_�G_�I
@@ -780,14 +917,9 @@
On his personal workstation, valkyrie, m�m�m�ma�a�a�at�t�t�tt�t�t�t needs to be
able to kill hung processes.
- WEBMASTERS www = (www) ALL, (root) /usr/bin/su www
-
- On the host www, any user in the _�W_�E_�B_�M_�A_�S_�T_�E_�R_�S User_Alias
- (will, wendy, and wim), may run any command as user www
-
-23/Jan/2000 1.6.2 12
+26/Jan/2000 1.6.2 14
@@ -796,6 +928,10 @@
sudoers(5) FILE FORMATS sudoers(5)
+ WEBMASTERS www = (www) ALL, (root) /usr/bin/su www
+
+ On the host www, any user in the _�W_�E_�B_�M_�A_�S_�T_�E_�R_�S User_Alias
+ (will, wendy, and wim), may run any command as user www
(which owns the web pages) or simply _�s_�u(1) to www.
ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\
@@ -849,11 +985,7 @@
-
-
-
-
-23/Jan/2000 1.6.2 13
+26/Jan/2000 1.6.2 15
@@ -919,6 +1051,6 @@
-23/Jan/2000 1.6.2 14
+26/Jan/2000 1.6.2 16
diff -ur sudo-1.6.2/sudoers.man sudo-1.6.2p3/sudoers.man
--- sudo-1.6.2/sudoers.man Sun Jan 23 20:57:49 2000
+++ sudo-1.6.2p3/sudoers.man Wed Jan 26 14:21:28 2000
@@ -1,9 +1,9 @@
.rn '' }`
-''' $RCSfile: sudoers.man,v $$Revision: 1.22 $$Date: 2000/01/24 03:57:49 $
+''' $RCSfile: sudoers.man,v $$Revision: 1.23 $$Date: 2000/01/26 21:21:28 $
'''
''' $Log: sudoers.man,v $
-''' Revision 1.22 2000/01/24 03:57:49 millert
-''' Add netgroup caveat
+''' Revision 1.23 2000/01/26 21:21:28 millert
+''' Expanded docs on sudoers 'defaults' options based on INSTALL file info.
'''
'''
.de Sh
@@ -96,7 +96,7 @@
.nr % 0
.rr F
.\}
-.TH sudoers 5 "1.6.2" "23/Jan/2000" "FILE FORMATS"
+.TH sudoers 5 "1.6.2" "26/Jan/2000" "FILE FORMATS"
.UC
.if n .hy 0
.if n .na
@@ -376,96 +376,172 @@
.PP
\fBFlags\fR:
.Ip "long_otp_prompt" 12
-Put \s-1OTP\s0 prompt on its own line
+When validating with a One Time Password scheme (\fBS/Key\fR or \fB\s-1OPIE\s0\fR),
+a two-line prompt is used to make it easier to cut and paste the
+challenge to a local window. It's not as pretty as the default but
+some people find it more convenient. This flag is off by default.
.Ip "ignore_dot" 12
-Ignore \*(L'.\*(R' in \f(CW$PATH\fR
+If set, \fBsudo\fR will ignore \*(L'.\*(R' or \*(L'\*(R' (current dir) in \f(CW$PATH\fR;
+the \f(CW$PATH\fR itself is not modified. This flag is off by default.
.Ip "mail_always" 12
-Always send mail when sudo is run
+Send mail to the \fImailto\fR user every time a users runs sudo.
+This flag is off by default.
.Ip "mail_no_user" 12
-Send mail if the user is not in sudoers
+If set, mail will be sent to the \fImailto\fR user if the invoking
+user is not in the \fIsudoers\fR file. This flag is on by default.
.Ip "mail_no_host" 12
-Send mail if the user is not in sudoers for this host
+If set, mail will be sent to the \fImailto\fR user if the invoking
+user exists in the \fIsudoers\fR file, but is not allowed to run
+commands on the current host. This flag is off by default.
.Ip "mail_no_perms" 12
-Send mail if the user is not allowed to run a command
+If set, mail will be sent to the \fImailto\fR user if the invoking
+user allowed to use sudo but the command they are trying is not
+listed in their \fIsudoers\fR file entry. This flag is off by default.
.Ip "tty_tickets" 12
-Use a separate timestamp for each user/tty combo
+If set, users must authenticate on a per-tty basis. Normally,
+\fBsudo\fR uses a directory in the ticket dir with the same name as
+the user running it. With this flag enabled, \fBsudo\fR will use a
+file named for the tty the user is logged in on in that directory.
+This flag is off by default.
.Ip "lecture" 12
-Lecture user the first time they run sudo
+If set, a user will receive a short lecture the first time he/she
+runs \fBsudo\fR. This flag is on by default.
.Ip "authenticate" 12
-Require users to authenticate by default
+If set, users must authenticate themselves via a password (or other
+means of authentication) before they may run commands. This default
+may be overridden via the \f(CWPASSWD\fR and \f(CWNOPASSWD\fR tags.
+This flag is on by default.
.Ip "root_sudo" 12
-Root may run sudo
+If set, root is allowed to run sudo too. Disabling this prevents users
+from \*(L"chaining\*(R" sudo commands to get a root shell by doing something
+like \f(CW"sudo sudo /bin/sh"\fR.
+This flag is on by default.
.Ip "log_host" 12
-Log the hostname in the (non-syslog) log file
+If set, the hostname will be logged in the (non-syslog) \fBsudo\fR log file.
+This flag is off by default.
.Ip "log_year" 12
-Log the year in the (non-syslog) log file
+If set, the four-digit year will be logged in the (non-syslog) \fBsudo\fR log file.
+This flag is off by default.
.Ip "shell_noargs" 12
-If sudo is invoked with no arguments, start a shell
+If set and \fBsudo\fR is invoked with no arguments it acts as if the
+\f(CW-s\fR flag had been given. That is, it runs a shell as root (the
+shell is determined by the \f(CWSHELL\fR environment variable if it is
+set, falling back on the shell listed in the invoking user's
+/etc/passwd entry if not). This flag is off by default.
.Ip "set_home" 12
-Set \f(CW$HOME\fR to the target user when starting a shell with \f(CW-s\fR
+If set and \fBsudo\fR is invoked with the \f(CW-s\fR flag the \f(CWHOME\fR
+environment variable will be set to the home directory of the target
+user (which is root unless the \f(CW-u\fR option is used). This effectively
+makes the \f(CW-s\fR flag imply \f(CW-H\fR. This flag is off by default.
.Ip "path_info" 12
-Allow some information gathering to give useful error messages
+Normally, \fBsudo\fR will tell the user when a command could not be
+found in their \f(CW$PATH\fR. Some sites may wish to disable this as
+it could be used to gather information on the location of executables
+that the normal user does not have access to. The disadvantage is
+that if the executable is simply not in the user's \f(CW$PATH\fR, \fBsudo\fR
+will tell the user that they are not allowed to run it, which can
+be confusing. This flag is off by default.
.Ip "fqdn" 12
-Require fully-qualified hostnames in the sudoers file
+Set this flag if you want to put fully qualified hostnames in the
+\fIsudoers\fR file. Ie: instead of myhost you would use myhost.mydomain.edu.
+You may still use the short form if you wish (and even mix the two).
+Beware that turning on \fIfqdn\fR requires sudo to make \s-1DNS\s0 lookups
+which may make \fBsudo\fR unusable if \s-1DNS\s0 stops working (for example
+if the machine is not plugged into the network). Also note that
+you must use the host's official name as \s-1DNS\s0 knows it. That is,
+you may not use a host alias (\f(CWCNAME\fR entry) due to performance
+issues and the fact that there is no way to get all aliases from
+\s-1DNS\s0. If your machine's hostname (as returned by the \f(CWhostname\fR
+command) is already fully qualified you shouldn't need to set
+\fIfqfn\fR. This flag is off by default.
.Ip "insults" 12
-Insult the user when they enter an incorrect password
+If set, sudo will insult users when they enter an incorrect
+password. This flag is off by default.
.Ip "requiretty" 12
-Only allow the user to run sudo if they have a tty
+If set, sudo will only run when the user is logged in to a real
+tty. This will disallow things like \f(CW"rsh somehost sudo ls"\fR since
+\fIrsh\fR\|(1) does not allocate a tty. Because it is not possible to turn
+of echo when there is no tty present, some sites may with to set
+this flag to prevent a user from entering a visible password. This
+flag is off by default.
.PP
\fBIntegers\fR:
.Ip "passwd_tries" 12
-Number of tries to enter a password
+The number of tries a user gets to enter his/her password before
+sudo logs the failure and exits. The default is 3.
.PP
\fBIntegers that can be used in a boolean context\fR:
.Ip "loglinelen" 12
-Length at which to wrap log file lines (use 0 or negate for no wrap)
+Number of characters per line for the file log. This value is used
+to decide when to wrap lines for nicer log files. This has no
+effect on the syslog log file, only the file log. The default is
+80 (use 0 or negate to disable word wrap).
.Ip "timestamp_timeout" 12
-Authentication timestamp timeout
+Number of minutes that can elapse before \fBsudo\fR will ask for a passwd
+again. The default is 5, set this to 0 to always prompt for a password.
.Ip "passwd_timeout" 12
-Password prompt timeout
+Number of minutes before the sudo password prompt times out.
+The default is 5, set this to 0 for no password timeout.
.Ip "umask" 12
-Umask to use or 0777 to use user's
+Umask to use when running the root command. Set this to 0777 to
+not override the user's umask. The default is 0022.
.PP
\fBStrings\fR:
.Ip "mailsub" 12
-Subject line for mail messages
+Subject of the mail sent to the \fImailto\fR user. The escape \f(CW%h\fR
+will expand to the hostname of the machine.
+Default is \*(L"*** \s-1SECURITY\s0 information for \f(CW%h\fR ***\*(R".
.Ip "badpass_message" 12
-Incorrect password message
+Message that is displayed if a user enters an incorrect password.
+The default is \*(L"Sorry, try again.\*(R" unless insults are enabled.
.Ip "timestampdir" 12
-Path to authentication timestamp dir
+The directory in which \fBsudo\fR stores its timestamp files.
+The default is either \f(CW/var/run/sudo\fR or \f(CW/tmp/sudo\fR.
.Ip "passprompt" 12
-Default password prompt
+The default prompt to use when asking for a password; can be overridden
+via the \f(CW-p\fR option or the \f(CWSUDO_PROMPT\fR environment variable. Supports
+two escapes: \*(L"%u\*(R" expands to the user's login name and \*(L"%h\*(R" expands
+to the local hostname. The default value is \*(L"Password:\*(R".
.Ip "runas_default" 12
-Default user to run commands as
+The default user to run commands as if the \f(CW-u\fR flag is not specified
+on the command line. This defaults to \*(L"root\*(R".
.Ip "syslog_goodpri" 12
-Syslog priority to use when user authenticates successfully
+Syslog priority to use when user authenticates successfully.
+Defaults to \*(L"notice\*(R".
.Ip "syslog_badpri" 12
-Syslog priority to use when user authenticates unsuccessfully
+Syslog priority to use when user authenticates unsuccessfully.
+Defaults to \*(L"alert\*(R".
.PP
\fBStrings that can be used in a boolean context\fR:
.Ip "syslog" 12
-Syslog facility if syslog is being used for logging (negate to disable syslog)
+Syslog facility if syslog is being used for logging (negate to
+disable syslog logging). Defaults to \*(L"local2\*(R".
.Ip "mailerpath" 12
-Path to mail program
+Path to mail program used to send warning mail.
+Defaults to the path to sendmail found at configure time.
.Ip "mailerflags" 12
-Flags for mail program
+Flags to use when invoking mailer. Defaults to \f(CW-t\fR.
.Ip "mailto" 12
-Address to send mail to
+Address to send warning and erorr mail to. Defaults to \*(L"root\*(R".
.Ip "exempt_group" 12
-Users in this group are exempt from password and \s-1PATH\s0 requirements
+Users in this group are exempt from password and \s-1PATH\s0 requirements.
+This is not set by default.
.Ip "secure_path" 12
-Value to override user's \f(CW$PATH\fR with
+Path used for every command run from \fBsudo\fR. If you don't trust the
+people running sudo to have a sane \f(CWPATH\fR environment variable you may
+want to use this. Another use is if you want to have the \*(L"root path\*(R"
+be separate from the \*(L"user path.\*(R" This is not set by default.
.Ip "verifypw" 12
This option controls when a password will be required when a
user runs sudo with the \fB\-v\fR. It has the following possible values:
.Sp
.Vb 3
-\& all All the user's sudoers entries for the
+\& all All the user's I<sudoers> entries for the
\& current host must have the C<NOPASSWD>
\& flag set to avoid entering a password.
.Ve
.Vb 4
-\& any At least one of the user's sudoers entries
+\& any At least one of the user's I<sudoers> entries
\& for the current host must have the
\& C<NOPASSWD> flag set to avoid entering a
\& password.
@@ -484,12 +560,12 @@
user runs sudo with the \fB\-l\fR. It has the following possible values:
.Sp
.Vb 3
-\& all All the user's sudoers entries for the
+\& all All the user's I<sudoers> entries for the
\& current host must have the C<NOPASSWD>
\& flag set to avoid entering a password.
.Ve
.Vb 4
-\& any At least one of the user's sudoers entries
+\& any At least one of the user's I<sudoers> entries
\& for the current host must have the
\& C<NOPASSWD> flag set to avoid entering a
\& password.
diff -ur sudo-1.6.2/sudoers.pod sudo-1.6.2p3/sudoers.pod
--- sudo-1.6.2/sudoers.pod Sun Jan 23 20:57:49 2000
+++ sudo-1.6.2p3/sudoers.pod Wed Jan 26 14:21:28 2000
@@ -32,7 +32,7 @@
OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-$Sudo: sudoers.pod,v 1.28 2000/01/24 03:57:49 millert Exp $
+$Sudo: sudoers.pod,v 1.29 2000/01/26 21:21:28 millert Exp $
=pod
=head1 NAME
@@ -223,75 +223,128 @@
=item long_otp_prompt
-Put OTP prompt on its own line
+When validating with a One Time Password scheme (B<S/Key> or B<OPIE>),
+a two-line prompt is used to make it easier to cut and paste the
+challenge to a local window. It's not as pretty as the default but
+some people find it more convenient. This flag is off by default.
=item ignore_dot
-Ignore '.' in $PATH
+If set, B<sudo> will ignore '.' or '' (current dir) in C<$PATH>;
+the C<$PATH> itself is not modified. This flag is off by default.
=item mail_always
-Always send mail when sudo is run
+Send mail to the I<mailto> user every time a users runs sudo.
+This flag is off by default.
=item mail_no_user
-Send mail if the user is not in sudoers
+If set, mail will be sent to the I<mailto> user if the invoking
+user is not in the I<sudoers> file. This flag is on by default.
=item mail_no_host
-Send mail if the user is not in sudoers for this host
+If set, mail will be sent to the I<mailto> user if the invoking
+user exists in the I<sudoers> file, but is not allowed to run
+commands on the current host. This flag is off by default.
=item mail_no_perms
-Send mail if the user is not allowed to run a command
+If set, mail will be sent to the I<mailto> user if the invoking
+user allowed to use sudo but the command they are trying is not
+listed in their I<sudoers> file entry. This flag is off by default.
=item tty_tickets
-Use a separate timestamp for each user/tty combo
+If set, users must authenticate on a per-tty basis. Normally,
+B<sudo> uses a directory in the ticket dir with the same name as
+the user running it. With this flag enabled, B<sudo> will use a
+file named for the tty the user is logged in on in that directory.
+This flag is off by default.
=item lecture
-Lecture user the first time they run sudo
+If set, a user will receive a short lecture the first time he/she
+runs B<sudo>. This flag is on by default.
=item authenticate
-Require users to authenticate by default
+If set, users must authenticate themselves via a password (or other
+means of authentication) before they may run commands. This default
+may be overridden via the C<PASSWD> and C<NOPASSWD> tags.
+This flag is on by default.
=item root_sudo
-Root may run sudo
+If set, root is allowed to run sudo too. Disabling this prevents users
+from "chaining" sudo commands to get a root shell by doing something
+like C<"sudo sudo /bin/sh">.
+This flag is on by default.
=item log_host
-Log the hostname in the (non-syslog) log file
+If set, the hostname will be logged in the (non-syslog) B<sudo> log file.
+This flag is off by default.
=item log_year
-Log the year in the (non-syslog) log file
+If set, the four-digit year will be logged in the (non-syslog) B<sudo> log file.
+This flag is off by default.
=item shell_noargs
-If sudo is invoked with no arguments, start a shell
+If set and B<sudo> is invoked with no arguments it acts as if the
+C<-s> flag had been given. That is, it runs a shell as root (the
+shell is determined by the C<SHELL> environment variable if it is
+set, falling back on the shell listed in the invoking user's
+/etc/passwd entry if not). This flag is off by default.
=item set_home
-Set $HOME to the target user when starting a shell with C<-s>
+If set and B<sudo> is invoked with the C<-s> flag the C<HOME>
+environment variable will be set to the home directory of the target
+user (which is root unless the C<-u> option is used). This effectively
+makes the C<-s> flag imply C<-H>. This flag is off by default.
=item path_info
-Allow some information gathering to give useful error messages
+Normally, B<sudo> will tell the user when a command could not be
+found in their C<$PATH>. Some sites may wish to disable this as
+it could be used to gather information on the location of executables
+that the normal user does not have access to. The disadvantage is
+that if the executable is simply not in the user's C<$PATH>, B<sudo>
+will tell the user that they are not allowed to run it, which can
+be confusing. This flag is off by default.
=item fqdn
-Require fully-qualified hostnames in the sudoers file
+Set this flag if you want to put fully qualified hostnames in the
+I<sudoers> file. Ie: instead of myhost you would use myhost.mydomain.edu.
+You may still use the short form if you wish (and even mix the two).
+Beware that turning on I<fqdn> requires sudo to make DNS lookups
+which may make B<sudo> unusable if DNS stops working (for example
+if the machine is not plugged into the network). Also note that
+you must use the host's official name as DNS knows it. That is,
+you may not use a host alias (C<CNAME> entry) due to performance
+issues and the fact that there is no way to get all aliases from
+DNS. If your machine's hostname (as returned by the C<hostname>
+command) is already fully qualified you shouldn't need to set
+I<fqfn>. This flag is off by default.
=item insults
-Insult the user when they enter an incorrect password
+If set, sudo will insult users when they enter an incorrect
+password. This flag is off by default.
=item requiretty
-Only allow the user to run sudo if they have a tty
+If set, sudo will only run when the user is logged in to a real
+tty. This will disallow things like C<"rsh somehost sudo ls"> since
+rsh(1) does not allocate a tty. Because it is not possible to turn
+of echo when there is no tty present, some sites may with to set
+this flag to prevent a user from entering a visible password. This
+flag is off by default.
=back
@@ -301,7 +354,8 @@
=item passwd_tries
-Number of tries to enter a password
+The number of tries a user gets to enter his/her password before
+sudo logs the failure and exits. The default is 3.
=back
@@ -311,19 +365,25 @@
=item loglinelen
-Length at which to wrap log file lines (use 0 or negate for no wrap)
+Number of characters per line for the file log. This value is used
+to decide when to wrap lines for nicer log files. This has no
+effect on the syslog log file, only the file log. The default is
+80 (use 0 or negate to disable word wrap).
=item timestamp_timeout
-Authentication timestamp timeout
+Number of minutes that can elapse before B<sudo> will ask for a passwd
+again. The default is 5, set this to 0 to always prompt for a password.
=item passwd_timeout
-Password prompt timeout
+Number of minutes before the sudo password prompt times out.
+The default is 5, set this to 0 for no password timeout.
=item umask
-Umask to use or 0777 to use user's
+Umask to use when running the root command. Set this to 0777 to
+not override the user's umask. The default is 0022.
=back
@@ -333,31 +393,41 @@
=item mailsub
-Subject line for mail messages
+Subject of the mail sent to the I<mailto> user. The escape C<%h>
+will expand to the hostname of the machine.
+Default is "*** SECURITY information for %h ***".
=item badpass_message
-Incorrect password message
+Message that is displayed if a user enters an incorrect password.
+The default is "Sorry, try again." unless insults are enabled.
=item timestampdir
-Path to authentication timestamp dir
+The directory in which B<sudo> stores its timestamp files.
+The default is either C</var/run/sudo> or C</tmp/sudo>.
=item passprompt
-Default password prompt
+The default prompt to use when asking for a password; can be overridden
+via the C<-p> option or the C<SUDO_PROMPT> environment variable. Supports
+two escapes: "%u" expands to the user's login name and "%h" expands
+to the local hostname. The default value is "Password:".
=item runas_default
-Default user to run commands as
+The default user to run commands as if the C<-u> flag is not specified
+on the command line. This defaults to "root".
=item syslog_goodpri
-Syslog priority to use when user authenticates successfully
+Syslog priority to use when user authenticates successfully.
+Defaults to "notice".
=item syslog_badpri
-Syslog priority to use when user authenticates unsuccessfully
+Syslog priority to use when user authenticates unsuccessfully.
+Defaults to "alert".
=back 12
@@ -367,38 +437,44 @@
=item syslog
-Syslog facility if syslog is being used for logging (negate to disable syslog)
+Syslog facility if syslog is being used for logging (negate to
+disable syslog logging). Defaults to "local2".
=item mailerpath
-Path to mail program
+Path to mail program used to send warning mail.
+Defaults to the path to sendmail found at configure time.
=item mailerflags
-Flags for mail program
+Flags to use when invoking mailer. Defaults to C<-t>.
=item mailto
-Address to send mail to
+Address to send warning and erorr mail to. Defaults to "root".
=item exempt_group
-Users in this group are exempt from password and PATH requirements
+Users in this group are exempt from password and PATH requirements.
+This is not set by default.
=item secure_path
-Value to override user's $PATH with
+Path used for every command run from B<sudo>. If you don't trust the
+people running sudo to have a sane C<PATH> environment variable you may
+want to use this. Another use is if you want to have the "root path"
+be separate from the "user path." This is not set by default.
=item verifypw
This option controls when a password will be required when a
user runs sudo with the B<-v>. It has the following possible values:
- all All the user's sudoers entries for the
+ all All the user's I<sudoers> entries for the
current host must have the C<NOPASSWD>
flag set to avoid entering a password.
- any At least one of the user's sudoers entries
+ any At least one of the user's I<sudoers> entries
for the current host must have the
C<NOPASSWD> flag set to avoid entering a
password.
@@ -416,11 +492,11 @@
This option controls when a password will be required when a
user runs sudo with the B<-l>. It has the following possible values:
- all All the user's sudoers entries for the
+ all All the user's I<sudoers> entries for the
current host must have the C<NOPASSWD>
flag set to avoid entering a password.
- any At least one of the user's sudoers entries
+ any At least one of the user's I<sudoers> entries
for the current host must have the
C<NOPASSWD> flag set to avoid entering a
password.
diff -ur sudo-1.6.2/tgetpass.c sudo-1.6.2p3/tgetpass.c
--- sudo-1.6.2/tgetpass.c Mon Jan 17 16:46:26 2000
+++ sudo-1.6.2p3/tgetpass.c Sat Feb 26 19:59:42 2000
@@ -223,7 +223,7 @@
free(readfds);
} else {
/* Keep reading until out of space, EOF, error, or newline */
- while (--left && (n = read(fd, &c, 1)) == 1 && (c != '\n' || c != '\r'))
+ while (--left && (n = read(fd, &c, 1)) == 1 && c != '\n' && c != '\r')
*cp++ = c;
}
*cp = '\0';
diff -ur sudo-1.6.2/version.h sudo-1.6.2p3/version.h
--- sudo-1.6.2/version.h Mon Jan 17 16:46:26 2000
+++ sudo-1.6.2p3/version.h Thu Mar 9 11:39:10 2000
@@ -37,6 +37,6 @@
#ifndef _SUDO_VERSION_H
#define _SUDO_VERSION_H
-static const char version[] = "1.6.2";
+static const char version[] = "1.6.2p3";
#endif /* _SUDO_VERSION_H */