Age | Commit message (Collapse) | Author | Files | Lines |
|
have been converted to USE_BUILDLINK2.
|
|
|
|
Closes pkg/17212.
While here, fix compilation with kerberos5.
|
|
Added --disable-root-mailer to CONFIGURE_ARGS better security.
Changes from 1.6.3p7 to 1.6.5 is attached bellow.
417) Visudo now checks for the existence of an editor and gives a sensible
error if it does not exist.
418) The path to the editor for visudo is now a colon-separated list of
allowable editors. If the user has $EDITOR set and it matches
one of the allowed editors that editor will be used. If not,
the first editor that actually exists is used.
419) Visudo now does its own fork/exec instead of calling system(3).
420) Allow special characters (including '#') to be embedded in pathnames
if quoted by a '\\'. The quoted chars will be dealt with by fnmatch().
Unfortunately, 'sudo -l' still prints the '\\'.
421) Added the always_set_home option.
422) Strip NLSPATH and PATH_LOCALE out from the environment to prevent
reading of protected files by a less privileged user.
423) Added support for BSD authentication and associated -a flag.
424) Added check for _innetgr(3) since NCR systems have this instead
of innetgr(3).
425) Added stay_setuid option for systems that have libraries that perform
extra paranoia checks in system libraries for setuid programs.
426) Environment munging is now done by hand. The environment is zeroed
upon sudo startup and a new environment is built before the command
is executed. This means we don't rely on getenv(3), putenv(3),
or setenv(3).
427) Added a class of environment variables that are only cleared if they
contain '/' or '%' characters.
428) Use stashed user_gid when checking against exempt gid since sudo
sets its gid to SUDOERS_GID, making getgid() return that, not the
real gid. Fixes problem with setting exempt group == SUDOERS_GID.
Fix from Paul Kranenburg.
429) Fixed file locking in visudo on NeXT which has a broken lockf().
Patch from twetzel@gwdg.de.
430) Regenerated configure script with autoconf-2.52 (required some
tweaking of configure.in and friends).
431) Added mail_badpass option to send mail when the user does not
authenticate successfully.
432) Added env_reset Defaults option to reset the environment to
a clean slate. Also implemented env_keep Defaults option
to specify variables to be preserved when resetting the
environment.
433) Added env_check and env_delete Defaults options to allow the admin
to modify the builtin list of environment variables to remove.
434) If timestamp_timeout < 0 then the timestamp never expires. This
allows users to manage their own timestamps and create or delete
them via 'sudo -v' and 'sudo -k' respectively.
435) Authentication routines that use sudo's tgetpass() now accept
^C or ^Z at the password prompt and sudo will act appropriately.
436) Added a check-only mode to visudo to check an existing sudoers
file for sanity.
437) Visudo can now edit an alternate sudoers file.
438) If sudo is configured with S/Key support and the system has
skeyaccess(3) use that to determine whether or not to allow
a normal Unix password or just S/Key.
439) Fixed CIDR handling in sudoers.
440) Fixed a segv if the local hostname is not resolvable and
the 'fqdn' option is set.
441) "listpw=never" was not having an effect for users who did not
appear in sudoers--now it does.
442) The --without-sendmail option now works on systems with
a /usr/include/paths.h file that defines _PATH_SENDMAIL.
443) Removed the "secure_path" Defaults option as it does not work and
cannot work until the parser is overhauled.
444) Added new -P flag and "preserve_groups" sudoers option to cause
sudo to preserve the group vector instead of setting it to that
of the target user. Previously, if the target user was root
the group vector was not changed. Now it is always changed unless
the -P flag or "preserve_groups" option was given.
445) If find_path() fails as root, try again as the invoking user (useful
for NFS). Idea from Chip Capelik.
446) Use setpwent()/endpwent() and its shadow equivalents to be sure
the passwd/shadow file gets closed.
447) Use getifaddrs(3) to get the list of network interfaces if it is
available.
448) Dump list of local IP addresses and environment variables to clear
when 'sudo -V' is run as root.
449) Reorganized the lexer a bit and added more states. Sudo now does a
better job of parsing command arguments in the sudoers file.
450) Wrap each call to syslog() with openlog()/closelog() since some
things (such as PAM) may call closelog(3) behind sudo's back.
451) The LOGNAME and USER environment variables are now set if the user
specified a target uid and that uid exists in the password database.
452) configure will no longer add the -g flag to CFLAGS by default.
453) Now call pam_setcreds() to setup creds for the target user when
PAM is in use. On Linux this often sets resource limits.
454) If "make install" is run by non-root and the destination dir
is writable, install things normally but don't set owner and mode.
455) The Makefile now supports installing in a shadow hierarchy
specified via the DESTDIR variable.
456) config.h.in is now generated by autoheader.
Sudo 1.6.4 released.
457) Move the call to rebuild_env() until after MODE_RESET_HOME is set.
Otherwise, the set_home option has no effect.
458) Fix use of freed memory when the "fqdn" flag is set. This was
introduced by the fix for the "segv when gethostbynam() fails" bug.
459) Add 'continue' statements to optimize the switch statement.
From Solar Designer.
Sudo 1.6.4p1 released.
460) Some special characters were not being escaped properly (e..g '\,')
in command line arguments and would cause a syntax error instead.
461) "sudo -l" would not work if the always_set_home option was set.
462) Added a configure option to disable use of POSIX saved IDs for
operating systems where these are broken.
463) The SHELL environment variable was preserved from the user's environment
instead of being reset based on the passwd database even when the
"env_reset" option was set.
Sudo 1.6.4p2 released.
464) Added a configure option to cause mail sent by sudo to be run as
the invoking user instead of root. Some people consider this to
be safer.
465) If the mailer is being run as root, use a hard-coded environment
that is not influenced in any way by the invoking user's environment.
466) Fixed the call to skeyaccess(). Patch from Phillip E. Lobbes.
Sudo 1.6.5 released.
|
|
|
|
Fixes pkg/13004.
|
|
Kerberos is simply not configured on the system.
|
|
support in Heimdal.
|
|
393) Users in the 'exempt' group shouldn't get their $PATH overridden
by 'secure-path'. Patch from jmknoble@pobox.com.
395) Fixed a bug that caused an infinite loop when the password
timeout was disabled.
396) It is now possible to set the path to the editor for visudo as well
as the flag that determines whether or not visudo will look at
$EDITOR in the sudoers file.
398) Added rootpw, runaspw, and targetpw to prompt for the root, runas_default
and target user's passwords respectively (instead of the invoking user's
password).
399) Added -S flag to force password read from stdin.
400) Restore coredumpsize resource limit before exec'ing the child
process (sudo sets it to 0 internally).
404) Fixed a bug where sudo would hang around and consume CPU if we spawn
a long-running process.
406) Added set_logname run-time option. When unset, sudo will not set
the USER and LOGNAME environment variables.
407) Wildcards are now allowed in the hostnames specified in sudoers.
The 'fqdn' option is often required for this to be useful.
408) Fixed a bug where host and user qualifiers in a Defaults entry were
not being used correctly and the entry was being applied globally.
409) Fixed targetpw, rootpw, and runaspw options when used with non-passwd
authentication (pam, etc).
410) When the targetpw flag is set, use the target username as part
of the timestamp path.
411) Fixed a bug that prevented the -H option from being useful.
412) Fixed a case where a string was used after it has been freed.
|
|
installation.
Still doesn't work; MIT Kerberos 5 is missing some calls that
sudo wants (tho Heimdal has them).
|
|
|
|
|
|
|
|
Changes since 1.5.6:
- Various bug fixes (not security related).
- All compile-time options are now set via options to the configure script.
- visudo is now installed in /usr/local/sbin where it belongs.
[of course this is ${PREFIX}/sbin in our package for a long time - TF]
- two problems with tgetpass() have been fixed. In one case the user was
not always given a chance to enter a password. In the other a newline
was not always printed after the password was entered on Linux.
- Added support for Digital UNIX SIA (Security Integration Architecture).
- %groups now work as RunAs specifiers like the man page says.
- Sudo now sets the USER environment variable to the target user
(root unless -u is specified).
- Sudo will print "command not found" unless configure was run with
--disable-path-info. Also, tell user when we ignore '.' in their path and
it would have been used but for --with-ignore-dot. This means that sudo can
be used to gather information about the existence of executable in
directories not accessible by a normal user. If this bothers you, run
configure with --disable-path-info.
[in our package --disable-path-info is default - TF]
- A longstanding bug wrt "sudo -l" has been fixed that could cause "sudo -l"
to complain about non-existent syntax errors.
- When configured with --with-tty-tickets the filename is now "user:tty"
(was "user.tty") since a username could have a '.' in it.
|
|
|
|
|
|
|
|
|
|
|