diff options
| -rw-r--r-- | security/sudo/Makefile | 23 | ||||
| -rw-r--r-- | security/sudo/files/md5 | 1 | ||||
| -rw-r--r-- | security/sudo/patches/patch-aa | 43 | ||||
| -rw-r--r-- | security/sudo/patches/patch-ab | 10 | ||||
| -rw-r--r-- | security/sudo/patches/patch-ac | 115 | ||||
| -rw-r--r-- | security/sudo/patches/patch-ad | 35 | ||||
| -rw-r--r-- | security/sudo/pkg/COMMENT | 1 | ||||
| -rw-r--r-- | security/sudo/pkg/DESCR | 14 | ||||
| -rwxr-xr-x | security/sudo/pkg/INSTALL | 9 | ||||
| -rw-r--r-- | security/sudo/pkg/PLIST | 6 |
10 files changed, 257 insertions, 0 deletions
diff --git a/security/sudo/Makefile b/security/sudo/Makefile new file mode 100644 index 00000000000..150b2824753 --- /dev/null +++ b/security/sudo/Makefile @@ -0,0 +1,23 @@ +# New ports collection makefile for: sudo +# Version required: 1.5.3 +# Date created: Sun Aug 13 12:36:14 CDT 1995 +# Whom: erich@rrnet.com +# +# $Id: Makefile,v 1.1.1.1 1997/12/14 23:27:00 hubertf Exp $ +# + +DISTNAME= cu-sudo.v1.5.3 +PKGNAME= sudo-1.5.3 +CATEGORIES= security +MASTER_SITES= ftp://freestuff.cs.colorado.edu/pub/sysadmin/sudo/ +EXTRACT_SUFX= .tar.Z + +MAINTAINER= erich@rrnet.com + +GNU_CONFIGURE= yes +CONFIGURE_ARGS= --with-C2 --with-skey --with-fbsdops +WRKSRC= ${WRKDIR}/sudo.v1.5.3 +MAN5= sudoers.5 +MAN8= sudo.8 visudo.8 + +.include <bsd.port.mk> diff --git a/security/sudo/files/md5 b/security/sudo/files/md5 new file mode 100644 index 00000000000..9dcc1e7c1d2 --- /dev/null +++ b/security/sudo/files/md5 @@ -0,0 +1 @@ +MD5 (cu-sudo.v1.5.3.tar.Z) = 40bee550133a62e4886052236b406e0e diff --git a/security/sudo/patches/patch-aa b/security/sudo/patches/patch-aa new file mode 100644 index 00000000000..95030a59441 --- /dev/null +++ b/security/sudo/patches/patch-aa @@ -0,0 +1,43 @@ +--- configure.orig Sun Aug 25 12:32:03 1996 ++++ configure Thu Aug 29 10:26:50 1996 +@@ -37,6 +37,8 @@ + --with-libraries additional libraries to link with" + ac_help="$ac_help + --with-csops add CSOps standard options" ++ac_help="$ac_help ++ --with-fbsdops add FreeBSD standard options" + + # Initialize some variables set by options. + # The variables have the same names as the options, with +@@ -557,8 +559,8 @@ + + test "$mandir" = '${prefix}/man' && mandir='$(prefix)/man' + test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin' +-test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/etc' +-test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc' ++test "$sbindir" = '${exec_prefix}/sbin' || sbindir='$(exec_prefix)/etc' ++test "$sysconfdir" = '${prefix}/etc' || sysconfdir='/etc' + + + # Check whether --with-CC or --without-CC was given. +@@ -784,6 +786,20 @@ + yes) OPTIONS="${OPTIONS} -DIGNORE_DOT_PATH -DUSE_INSULTS -DCLASSIC_INSULTS -DCSOPS_INSULTS -DENV_EDITOR" + sbindir='$(exec_prefix)/sbin' + echo 'CSOps--adding options: IGNORE_DOT_PATH USE_INSULTS CLASSIC_INSULTS CSOPS_INSULTS ENV_EDITOR' ++ ;; ++ no) ;; ++ *) echo "Ignoring unknown argument to --with-csops: $with_csops" ++ ;; ++esac ++fi ++ ++# Check whether --with-fbsdops or --without-fbsdops was given. ++if test "${with_fbsdops+set}" = set; then ++ withval="$with_fbsdops" ++ case $with_fbsdops in ++ yes) OPTIONS="${OPTIONS} -DIGNORE_DOT_PATH -DENV_EDITOR -DUSE_TTY_TICKETS" ++ sbindir='$(exec_prefix)/sbin' ++ echo 'fbsdops--adding options: IGNORE_DOT_PATH ENV_EDITOR USE_TTY_TICKETS' + ;; + no) ;; + *) echo "Ignoring unknown argument to --with-csops: $with_csops" diff --git a/security/sudo/patches/patch-ab b/security/sudo/patches/patch-ab new file mode 100644 index 00000000000..9930c0de3e0 --- /dev/null +++ b/security/sudo/patches/patch-ab @@ -0,0 +1,10 @@ +--- ./Makefile.in.org Sun Aug 25 10:29:31 1996 ++++ ./Makefile.in Wed Oct 16 00:43:03 1996 +@@ -214,6 +214,7 @@ + else \ + $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0440 $(srcdir)/sudoers $(sudoersdir)/sudoers; \ + fi ++ $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0440 $(srcdir)/sudoers $(sudoersdir)/sudoers.sample + + install-man: + $(INSTALL) -o $(install_uid) -g $(install_gid) -m 0444 $(srcdir)/sudo.$(mantype) $(mandir8)/sudo.$(mansect8) diff --git a/security/sudo/patches/patch-ac b/security/sudo/patches/patch-ac new file mode 100644 index 00000000000..253990f28d8 --- /dev/null +++ b/security/sudo/patches/patch-ac @@ -0,0 +1,115 @@ +--- ./sudo.man.org Wed Nov 13 17:58:50 1996 ++++ ./sudo.man Mon Dec 9 20:44:48 1996 +@@ -180,10 +180,11 @@ + .IX Header "DESCRIPTION" + \fBsudo\fR allows a permitted user to execute a \fIcommand\fR + as the superuser (real and effective uid and gid are set +-to \f(CW0\fR and root's group as set in the passwd file respectively). ++to \f(CW0\fR and root's group as set in the passwd file respectively) ++by using the user's own password. + .PP + \fBsudo\fR determines who is an authorized user by consulting the +-file \fI/etc/sudoers\fR. By giving \fBsudo\fR the \f(CW-v\fR flag a user ++file \fI/usr/local/etc/sudoers\fR. By giving \fBsudo\fR the \f(CW-v\fR flag a user + can update the time stamp without running a \fIcommand.\fR + The password prompt itself will also time out if the password is + not entered with N minutes (again, this is defined at installation +@@ -321,7 +322,7 @@ + .IX Header "FILES" + .PP + .Vb 1 +-\& /etc/sudoers file of authorized users. ++\& /usr/local/etc/sudoers file of authorized users. + .Ve + .SH "ENVIRONMENT VARIABLES" + .IX Header "ENVIRONMENT VARIABLES" +--- ./sudoers.man.org Wed Nov 13 17:58:50 1996 ++++ ./sudoers.man Mon Dec 9 20:38:43 1996 +@@ -296,7 +296,7 @@ + \fB\s-1DO\s0 \s-1NOT\s0\fR define an alias of \fI\s-1ALL\s0\fR, it will \fB\s-1NOT\s0\fR be used. + Note that \fI\s-1ALL\s0\fR implies the entire universe of hosts/users/commands. + You can subtract elements from the universe by using the syntax: +- user host=\s-1ALL\s0,!\s-1ALIAS1\s0,!/etc/halt... ++ user host=\s-1ALL\s0,!\s-1ALIAS1\s0,!/sbin/halt... + Note that the \*(L"!\*(R" notation only works in a user's command list. You + may not use it to subtract elements in a User_Alias, Host_Alias, + Cmnd_Alias or user list. +@@ -334,7 +334,7 @@ + \& Cmnd_Alias SHELLS=/bin/sh,/bin/csh,/bin/tcsh,/bin/ksh + \& Cmnd_Alias SU=/bin/su + \& Cmnd_Alias MISC=/bin/rm,/bin/cat:\e +-\& SHUTDOWN=/etc/halt,/etc/shutdown ++\& SHUTDOWN=/sbin/halt,/sbin/shutdown + .Ve + .Vb 14 + \& # User specification +@@ -344,11 +344,11 @@ + \& +interns +openlabs=ALL,!SHELLS,!SU + \& britt REMOTE=SHUTDOWN:ALL=LPCS + \& jimbo CUNETS=/bin/su ?*,!/bin/su root +-\& nieusma SERVERS=SHUTDOWN,/etc/reboot:\e ++\& nieusma SERVERS=SHUTDOWN,/sbin/reboot:\e + \& HUB=ALL,!SHELLS +-\& jill houdini=/etc/shutdown -[hr] now,MISC +-\& markm HUB=ALL,!MISC,!/etc/shutdown,!/etc/halt +-\& davehieb merlin=(OP) ALL:SERVERS=/etc/halt:\e ++\& jill houdini=/sbin/shutdown -[hr] now,MISC ++\& markm HUB=ALL,!MISC,!/sbin/shutdown,!/sbin/halt ++\& davehieb merlin=(OP) ALL:SERVERS=/sbin/halt:\e + \& kodiakthorn=NOPASSWD: ALL + \& steve CSNETS=(operator) /usr/op_commands/ + .Ve +@@ -405,24 +405,24 @@ + .Ip "nieusma" 16 + .IX Item "nieusma" + The user \f(CWnieusma\fR may run commands in the \f(CWSHUTDOWN\fR alias +-as well as \fI/etc/reboot\fR on the \f(CWSERVER\fR machines and ++as well as \fI/sbin/reboot\fR on the \f(CWSERVER\fR machines and + any command except those in the \f(CWSHELLS\fR alias on the \f(CWHUB\fR + machines. + .Ip "jill" 16 + .IX Item "jill" +-The user \f(CWjill\fR may run \f(CW/etc/shutdown -h now\fR or +-\f(CW/etc/shutdown -r now\fR as well as the commands in the ++The user \f(CWjill\fR may run \f(CW/sbin/shutdown -h now\fR or ++\f(CW/sbin/shutdown -r now\fR as well as the commands in the + \f(CWMISC\fR alias on houdini. + .Ip "markm" 16 + .IX Item "markm" + The user \f(CWmarkm\fR may run any command on the \f(CWHUB\fR machines +-except \fI/etc/shutdown\fR, \fI/etc/halt\fR, and commands listed ++except \fI/sbin/shutdown\fR, \fI/sbin/halt\fR, and commands listed + in the \f(CWMISC\fR alias. + .Ip "davehieb" 16 + .IX Item "davehieb" + The user \f(CWdavehieb\fR may run any command on \f(CWmerlin\fR as any + user in the Runas_Alias \s-1OP\s0 (ie: root or operator). He may +-also run \fI/etc/halt\fR on the \f(CWSERVERS\fR and any command ++also run \fI/sbin/halt\fR on the \f(CWSERVERS\fR and any command + on \f(CWkodiakthorn\fR (no password required on \f(CWkodiakthorn\fR). + .Ip "steve" 16 + .IX Item "steve" +@@ -438,8 +438,8 @@ + .IX Header "FILES" + .PP + .Vb 2 +-\& /etc/sudoers file of authorized users. +-\& /etc/netgroup list of network groups. ++\& /usr/local/etc/sudoers file of authorized users. ++\& /etc/netgroup list of network groups. + .Ve + .SH "SEE ALSO" + .IX Header "SEE ALSO" +--- ./visudo.man.org Wed Nov 13 17:58:51 1996 ++++ ./visudo.man Mon Dec 9 20:39:01 1996 +@@ -211,8 +211,8 @@ + .IX Header "FILES" + .PP + .Vb 2 +-\& /etc/sudoers file of authorized users. +-\& /etc/stmp lock file for visudo. ++\& /usr/local/etc/sudoers file of authorized users. ++\& /usr/local/etc/stmp lock file for visudo. + .Ve + .SH "ENVIRONMENT VARIABLES" + .IX Header "ENVIRONMENT VARIABLES" diff --git a/security/sudo/patches/patch-ad b/security/sudo/patches/patch-ad new file mode 100644 index 00000000000..30e3d2c3026 --- /dev/null +++ b/security/sudo/patches/patch-ad @@ -0,0 +1,35 @@ +*** tgetpass.c.dist Wed Feb 19 00:09:13 1997 +--- tgetpass.c Wed Feb 19 00:09:21 1997 +*************** +*** 206,223 **** + tv.tv_sec = timeout; + tv.tv_usec = 0; + +- /* how many file descriptors may we have? */ +- #ifdef HAVE_SYSCONF +- n = sysconf(_SC_OPEN_MAX); +- #else +- n = getdtablesize(); +- #endif /* HAVE_SYSCONF */ +- + /* + * get password or return empty string if nothing to read by timeout + */ + buf[0] = '\0'; +! if (select(n, &readfds, 0, 0, &tv) > 0 && fgets(buf, sizeof(buf), input)) { + n = strlen(buf); + if (buf[n - 1] == '\n') + buf[n - 1] = '\0'; +--- 206,216 ---- + tv.tv_sec = timeout; + tv.tv_usec = 0; + + /* + * get password or return empty string if nothing to read by timeout + */ + buf[0] = '\0'; +! if (select(fileno(input)+1, &readfds, 0, 0, &tv) > 0 && fgets(buf, sizeof(buf), input)) { + n = strlen(buf); + if (buf[n - 1] == '\n') + buf[n - 1] = '\0'; + diff --git a/security/sudo/pkg/COMMENT b/security/sudo/pkg/COMMENT new file mode 100644 index 00000000000..3c4199465c2 --- /dev/null +++ b/security/sudo/pkg/COMMENT @@ -0,0 +1 @@ +Allow others to run commands as root. diff --git a/security/sudo/pkg/DESCR b/security/sudo/pkg/DESCR new file mode 100644 index 00000000000..08611e6e817 --- /dev/null +++ b/security/sudo/pkg/DESCR @@ -0,0 +1,14 @@ +This is the CU version of sudo, release 1.4. + +Sudo is a program designed to allow a sysadmin to give limited root privileges +to users and log root activity. The basic philosophy is to give as few +privileges as possible but still allow people to get their work done. + +MAILING LISTS: + +Please send bugs, problems, comments, etc to sudo-bugs@cs.colorado.edu +There is a mailing list that receives announcements whenever a new +version of sudo is released. You can subscribe to it by sending a +message to "majordomo@cs.colorado.edu" that includes the line +"subscribe sudo-announce". There is also a list for people working +on sudo. The command to add yourself is "subscribe sudo-workers". diff --git a/security/sudo/pkg/INSTALL b/security/sudo/pkg/INSTALL new file mode 100755 index 00000000000..b633da87b27 --- /dev/null +++ b/security/sudo/pkg/INSTALL @@ -0,0 +1,9 @@ +#!/bin/sh +if [ $2 != "POST-INSTALL" ]; then + exit 0 +fi +if [ -e ${PKG_PREFIX}/etc/sudoers ]; then + echo "Will not overwrite existing ${PKG_PREFIX}/etc/sudoers file." +else + cp -p ${PKG_PREFIX}/etc/sudoers.sample ${PKG_PREFIX}/etc/sudoers +fi diff --git a/security/sudo/pkg/PLIST b/security/sudo/pkg/PLIST new file mode 100644 index 00000000000..7a4482cb579 --- /dev/null +++ b/security/sudo/pkg/PLIST @@ -0,0 +1,6 @@ +bin/sudo +sbin/visudo +etc/sudoers.sample +man/man5/sudoers.5.gz +man/man8/sudo.8.gz +man/man8/visudo.8.gz |