--- /dev/null
+# Configuration file for git-buildpackage and friends
+
+[DEFAULT]
+# the default build command:
+#builder = debuild -i\.git/ -I.git
+# the default clean command:
+#cleaner = debuild clean
+# the default branch for upstream sources:
+upstream-branch = upstream
+# the default branch for the debian patch:
+debian-branch = master
+# the default tag formats used:
+#upstream-tag = upstream/%(version)s
+#debian-tag = debian/%(version)s
+# use pristine-tar:
+pristine-tar = True
+
+# Options only affecting git-buildpackage
+[git-buildpackage]
+#upstream-branch = dfsgclean
+# uncomment this to automatically GPG sign tags
+#sign-tags = True
+# keyid to GPG sign tags with
+#keyid = 0xdeadbeef
+# push to a remote repository after a successful tag:
+#posttag = git-push git.example.com
+# use this for more svn-buildpackage like behaviour:
+export-dir = ../build-area/sudo/
+#tarball-dir = ../tarballs/
+
+# Options only affecting git-import-orig
+[git-import-orig]
+#upstream-branch = newupstream
+#debian-branch = dfsgclean
+#filter = .svn
+
+# Options only affecting git-import-dsc
+[git-import-dsc]
+#upstream-branch = svn-upstream
+#filter = [ 'CVS', '.cvsignore' ]
+
+# Options only affecting git-dch
+[git-dch]
+#git-log = --no-merges
+#snapshot-number = snapshot + 1
+
@DEV@PARSESRCS = sudo.tab.h sudo.tab.c lex.yy.c def_data.c def_data.h
# Uncomment the following if you intend to modify parse.yacc
-@DEV@sudo.tab.c sudo.tab.h: parse.yacc
-@DEV@ rm -f sudo.tab.h sudo.tab.c
-@DEV@ $(YACC) -d -b sudo $(srcdir)/parse.yacc
+sudo.tab.c sudo.tab.h: parse.yacc
+ rm -f sudo.tab.h sudo.tab.c
+ $(YACC) -d -b sudo $(srcdir)/parse.yacc
# Uncomment the following if you intend to modify parse.lex
@DEV@lex.yy.c: parse.lex
$(INSTALL) -O $(sudoers_uid) -G $(sudoers_gid) -M $(sudoers_mode) \
$(srcdir)/sudoers $(DESTDIR)$(sudoersdir)/sudoers
-install-man:
+install-man: sudo.$(mantype) visudo.$(mantype) sudoers.$(mantype)
$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudo.$(mantype) $(DESTDIR)$(mandirsu)/sudo.$(mansectsu)
@rm -f $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)
ln $(DESTDIR)$(mandirsu)/sudo.$(mansectsu) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)
fi ; \
cp $(srcdir)/INSTALL.binary $$tdir/INSTALL ; \
sh ./config.status --file=Makefile.binary && cp Makefile.binary $$tdir/Makefile ; \
- strip sudo ; \
- strip visudo ; \
cd tmp.$$ARCH && tar Ocf ../sudo-$(VERSION)-$$ARCH.tar sudo-$(VERSION) && cd .. ; \
gzip --best sudo-$(VERSION)-$$ARCH.tar ; \
rm -rf tmp.$$ARCH ; \
-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
- -apple | -axis | -knuth | -cray | -sr2201*)
+ -apple | -axis | -knuth | -cray)
os=
basic_machine=$1
;;
basic_machine=h8500-hitachi
os=-hms
;;
- sr2201*)
- basic_machine=harp1e-hitachi
- os=-hiuxmpp
- ;;
harris)
basic_machine=m88k-harris
os=-sysv3
--bindir=DIR user executables [EPREFIX/bin]
--sbindir=DIR system admin executables [EPREFIX/sbin]
--libexecdir=DIR program executables [EPREFIX/libexec]
- --sysconfdir=DIR read-only single-machine data [etc]
+ --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
--libdir=DIR object code libraries [EPREFIX/lib]
--- /dev/null
+sudo (1.6.8p12-5) unstable; urgency=low
+
+ The sudo package is no longer configured --with-exempt=sudo. If you
+ depend on members of group sudo being able to run sudo without needing
+ a password, you will need to put "%sudo ALL=NOPASSWD: ALL" in
+ /etc/sudoers to preserve equivalent functionality.
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:13:39 -0600
+
--- /dev/null
+The following options were used to configure sudo for Debian GNU/Linux.
+
+ --with-devel
+
+ Force flex and bison runs on each build.
+
+ --with-pam
+
+ Support for pluggable authentication modules.
+
+ --with-ldap
+
+ Support for LDAP authentication, in the sudo-ldap package version only.
+
+ --with-fqdn
+
+ Allow use of fully qualified domain names in the sudoers file.
+
+ --disable-root-mailer
+
+ Send mail as the invoking user, not as root.
+
+ --with-logging=syslog
+ --with-logfac=authpriv
+
+ Where logging information goes.
+
+ --with-env-editor
+ --with-editor=/usr/bin/editor
+
+ Honor the EDITOR and VISUAL environment variables. If they are not
+ present, default to the preferred systemwide default editor.
+
+ --with-timeout=15
+ --with-password-timeout=0
+
+ Allow 15 minutes before a user has to re-type their passord, versus
+ the sudo usual default of 5. Never time out while waiting for a
+ password to be typed, this is a seriously big deal for Debian package
+ developers using 'dpkg-buildpackage -rsudo'.
+
+ --with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:\
+ /sbin:/bin:/usr/X11R6/bin"
+
+ Give a reasonable default path for commands run as root via sudo.
+
+ --with-all-insults
+
+ Include all the insults in the binary, won't be enabled unless turned
+ on in the sudoers file.
+
+ --with-sendmail=/usr/sbin/sendmail
+
+ Use Debian policy to know the location of sendmail instead of trying
+ to detect it at build time.
+
+ --disable-setresuid
+
+ Linux 2.2 kernels don't support setresgid.
--- /dev/null
+The version of sudo that ships with Debian by default resets the
+environment, as described by the "env_reset" flag in the sudoers file.
+
+This implies that all environment variables are removed, except for
+HOME, LOGNAME, PATH, SHELL, TERM, DISPLAY, XAUTHORITY, XAUTHORIZATION,
+XAPPLRESDIR, XFILESEARCHPATH, XUSERFILESEARCHPATH, LANG, LANGUAGE, LC_*,
+and USER.
+
+In case you want sudo to preserve more environment variables, you must
+specify the env_keep variable in the sudoers file. You should edit the
+sudoers file using the visudo tool.
+
+Examples:
+Preserve the default variables plus the EDITOR variable:
+
+ Defaults env_keep+="EDITOR"
+
+Preserve the default variables plus all variables starting with LC_:
+
+ Defaults env_keep+="LC_*"
+
+ - - - - -
+
+If you're using the sudo-ldap package, note that it is now configured to
+look for /etc/sudo-ldap.conf. Depending on your system configuration, it
+probably makes sense for this to be a symlink to /etc/ldap.conf, or perhaps
+to /etc/libnss-ldap.conf or /etc/pam_ldap.conf. By default, no symlink or
+file is provided, you'll need to decide what to do and create a suitable
+file before sudo-ldap will work.
+
+ - - - - -
+
+See the file OPTIONS in this directory for more information on the sudo
+build options used in building the Debian package.
+
+ - - - - -
+
+If you're having trouble grasping the fundamental idea of what sudo is all
+about, here's a succinct and humorous take on it...
+
+ http://www.xkcd.com/c149.html
+
--- /dev/null
+sudo (1.6.9p15-3) UNRELEASED; urgency=low
+
+ * deliver schemas to doc directory in sudo-ldap package, closes: #474331
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 17 Apr 2008 13:18:45 -0600
+
+sudo (1.6.9p15-2) unstable; urgency=low
+
+ * revert the fix for 388659 such that visudo once again defaults to using
+ /usr/bin/editor. I was always ambivalent about this change, it has caused
+ more confusion and frustration than it cured, and I find Justin's line of
+ reasoning persuasive. Update the man page source to reflect this choice
+ and the related use of --with-env-editor. Closes: #474197.
+ * patch from Petter Reinholdtsen to improve init.d, closes: #475821
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 16 Apr 2008 00:38:56 -0600
+
+sudo (1.6.9p15-1) unstable; urgency=low
+
+ * new upstream version, closes: #467126, #473337
+ * remove pointless postrm scripts, leaving debhelper do its thing if needed,
+ thanks to Justin Pryzby for pointing this out
+ * reinstate the init.d, since bootclean doesn't quite do what we want. This
+ also means we don't need the preinst scripts any more. Update the lintian
+ overrides since postinst is a Perl script lintian apparently isn't parsing
+ well. closes: #330868
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 03 Apr 2008 14:25:56 -0600
+
+sudo (1.6.9p12-1) unstable; urgency=low
+
+ * new upstream version, closes: #464890
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 19 Feb 2008 11:19:54 +0900
+
+sudo (1.6.9p11-3) unstable; urgency=low
+
+ * patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956
+
+ -- Bdale Garbee <bdale@gag.com> Fri, 15 Feb 2008 10:54:21 -0700
+
+sudo (1.6.9p11-2) unstable; urgency=low
+
+ * update version compared in preinst when removing obsolete init.d,
+ closes: #459681
+ * implement pam session config suggestions from Elizabeth Fong,
+ closes: #452457, #402329
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 04 Feb 2008 21:26:23 -0700
+
+sudo (1.6.9p11-1) unstable; urgency=low
+
+ * new upstream version
+
+ -- Bdale Garbee <bdale@gag.com> Fri, 11 Jan 2008 01:54:35 -0700
+
+sudo (1.6.9p10-1) unstable; urgency=low
+
+ * new upstream version
+ * tweak default password prompt as %u doesn't make sense. Accept patch from
+ Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and
+ uses it by default, closes: #454409
+ * accept patch from Martin Pitt that adds a prerm making it difficult to
+ "accidentally" remove sudo when there is no root password set on the
+ system, closes: #451241
+
+ -- Bdale Garbee <bdale@gag.com> Fri, 28 Dec 2007 11:44:30 -0700
+
+sudo (1.6.9p9-1) unstable; urgency=low
+
+ * new upstream version
+ * debian/rules: configure a more informative default password prompt to
+ reduce confusion when using sudo to invoke commands which also ask for
+ passwords, closes: #343268
+ * auth/pam.c: don't use the PAM prompt if the user explicitly requested
+ a custom prompt, closes: #448628.
+ * fix configure's ability to discover that libc has dirfd, closes: #451324
+ * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that
+ the command 'visudo' invokes a vi variant by default as documented,
+ closes: #388659
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 03 Dec 2007 10:26:51 -0700
+
+sudo (1.6.9p6-1) unstable; urgency=low
+
+ * new upstream version, closes: #442815, #446146, #438699, #435768, #435314
+ closes: #434832, #434608, #430382
+ * eliminate the now-redundant init.d scripts, closes: #397090
+ * fix typo in TROUBLESHOOTING file, closes: #439624
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 24 Oct 2007 21:13:41 -0600
+
+sudo (1.6.8p12-6) unstable; urgency=low
+
+ * fix typos in visudo.pod relating to env_editor variable, closes: #418886
+ * have init.d touch directories in /var/run/sudo, not just files, as a
+ followup to #330868.
+ * fix various typos in sudoers.pod, closes: #419749
+ * don't let Makefile strip binaries, closes: #438073
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 05 Sep 2007 11:26:58 +0100
+
+sudo (1.6.8p12-5) unstable; urgency=low
+
+ * update debian/copyright to reflect new upstream URL, closes: #368746
+ * add sandwich cartoon URL to the README.Debian
+ * don't remove sudoers on purge. can cause problems when moving between
+ sudo and sudo-ldap. leaving sudoers around on purge seems like the least
+ evil choice for now, closes: #401366
+ * also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH,
+ closes: #374509
+ * accept patch that improves debian/rules from Ted Percival, closes: #382122
+ * no longer build with --with-exempt=sudo, provide an example entry in the
+ default sudoers file instead, closes: #296605
+ * add --with-devel to configure and augment build dependencies so that flex
+ and yacc files get re-generated on every build, closes: #316249
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 3 Apr 2007 21:48:45 -0600
+
+sudo (1.6.8p12-4) unstable; urgency=low
+
+ * patch from Petter Reinholdtsen for the LSB info block in the init.d
+ script, closes: #361055
+ * deliver sudoers sample again, closes: #361593
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 15 Apr 2006 01:38:04 -0600
+
+sudo (1.6.8p12-3) unstable; urgency=low
+
+ * force-feed configure knowledge of nroff's path so we get unformatted man
+ pages installed without build-depending on groff-base, closes: #360894
+ * add a reference to OPTIONS in the man page, closes: #186226
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 5 Apr 2006 17:53:13 -0700
+
+sudo (1.6.8p12-2) unstable; urgency=low
+
+ * fix typos in init scripts, closes: #346325
+ * update to debhelper compat level 5
+ * build depend on autotools-dev to ensure config.sub/guess are fresh
+ * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and
+ use it here as well. Thanks to Martin and the debian-security team.
+ closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085
+ closes: #315115, #315718, #203874
+ * Non-maintainer upload by the Security Team
+ * Reworked the former patch to limit environment variables from being
+ passed through, set env_reset as default instead [sudo.c, env.c,
+ sudoers.pod, Bug#342948, CVE-2005-4158]
+ * env_reset is now set by default
+ * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
+ DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
+ (in addition to the SUDO_* variables)
+ * Rebuild sudoers.man.in from the POD file
+ * Added README.Debian
+ * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431
+ * simplify rules file by using more of Makefile, despite having to override
+ default directories with more arguments to configure, closes: #292833
+ * update sudo man page to reflect use of SECURE_PATH, closes: #228551
+ * inconsistencies in sudoers man page resolved, closes: #220808, #161012
+ * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are
+ unresolveable (requires adding bison as build dep), closes: #314949
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 2 Apr 2006 14:26:20 -0700
+
+sudo (1.6.8p12-1) unstable; urgency=low
+
+ * new upstream version, closes: #342948 (CVE-2005-4158)
+ * add env_reset to the sudoers file we create if none already exists,
+ as a further precaution in response to discussion about CVS-2005-4158
+ * split ldap support into a new sudo-ldap package. I was trying to avoid
+ doing this, but the impact of going from 4 to 17 linked shlibs on the
+ autobuilder chroots is sufficient motivation for me.
+ closes: #344034
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
+
+sudo (1.6.8p9-4) unstable; urgency=low
+
+ * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
+ * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
+ timestamps in the init.d script, closes: #330868
+ * add dependency header to init.d script, closes: #332849
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
+
+sudo (1.6.8p9-3) unstable; urgency=high
+
+ * update debhelper compatibility level from 2 to 4
+ * add man page symlink for sudoedit
+ * Clean SHELLOPTS and PS4 from the environment before executing programs
+ with sudo permissions [env.c, CAN-2005-2959]
+ * fix typo in manpage pointed out by Moray Allen, closes: #285995
+ * fix paths in sample complex sudoers file, closes: #303542
+ * fix type in sudoers man page, closes: #311244
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
+
+sudo (1.6.8p9-2) unstable; urgency=high
+
+ * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
+ closes: #305735
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
+
+sudo (1.6.8p9-1) unstable; urgency=high
+
+ * new upstream version, fixes a race condition in sudo's pathname
+ validation, which is a security issue (CAN-2005-1993),
+ closes: #315115, #315718
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
+
+sudo (1.6.8p7-1) unstable; urgency=low
+
+ * new upstream version, closes: #299585
+ * update lintian overrides to squelch the postinst warning
+ * change sudoedit from a hard to a soft link, closes: #296896
+ * fix regex doc in sudoers man page, closes: #300361
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
+
+sudo (1.6.8p5-1) unstable; urgency=high
+
+ * new upstream version
+ * restores ability to use config tuples without a value, which was causing
+ problems on upgrade closes: #283306
+ * deliver sudoedit, closes: #283078
+ * marking urgency high since 283306 is a serious upgrade incompatibility
+
+ -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
+
+sudo (1.6.8p3-2) unstable; urgency=high
+
+ * update pam.d deliverable so ldap works again, closes: #282191
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
+
+sudo (1.6.8p3-1) unstable; urgency=high
+
+ * new upstream version, fixes a flaw in sudo's environment sanitizing that
+ could allow a malicious user with permission to run a shell script that
+ utilized the bash shell to run arbitrary commands, closes: #281665
+ * patch the sample sudoers to have the proper path for kill on Debian
+ systems, closes: #263486
+ * patch the sudo manpage to reflect Debian's choice of exempt_group
+ default setting, closes: #236465
+ * patch the sudo manpage to reflect Debian's choice of no timeout on the
+ password prompt, closes: #271194
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
+
+sudo (1.6.7p5-2) unstable; urgency=low
+
+ * Jeff Bailey reports that seteuid works on current sparc systems, so we
+ no longer need the "grosshack" stuff in the sudo rules file
+ * add a postrm that removes /etc/sudoers on purge. don't do this with the
+ normal conffile mechanism since it would generate noise on every upgrade,
+ closes: #245405
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
+
+sudo (1.6.7p5-1) unstable; urgency=low
+
+ * new upstream version, closes: #190265, #193222, #197244
+ * change from '.' to ':' in postinst chown call, closes: #208369
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
+
+sudo (1.6.7p3-2) unstable; urgency=low
+
+ * add --disable-setresuid to configure call since 2.2 kernels don't support
+ setresgid, closes: #189044
+ * cosmetic cleanups to debian/rules as long as I'm there
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
+
+sudo (1.6.7p3-1) unstable; urgency=low
+
+ * new upstream version
+ * add overrides to quiet lintian about things it doesn't understand,
+ except the source one that can't be overridden until 129510 is fixed
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
+
+sudo (1.6.6-3) unstable; urgency=low
+
+ * add code to rules file to update config.sub/guess, closes: #164501
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
+
+sudo (1.6.6-2) unstable; urgency=low
+
+ * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
+ configure, and lose the build dependency on mail-transport-agent
+ * incorporate changes from LaMont's NMU, closes: #144665, #144737
+ * update init.d to not try and set time on nonexistent timestamp files,
+ closes: #132616
+ * build with --with-all-insults, admin must edit sudoers to turn insults
+ on at runtime if desired, closes: #135374
+ * stop setting /usr/doc symlink in postinst
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
+
+sudo (1.6.6-1.1) unstable; urgency=high
+
+ * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
+ * Revert patch to auth/pam.c that left pass uninitialized, causing a
+ segfault (Closes: #144665).
+
+ -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
+
+sudo (1.6.6-1) unstable; urgency=high
+
+ * new upstream version, fixes security problem with crafty prompts,
+ closes: #144540
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
+
+sudo (1.6.5p1-4) unstable; urgency=high
+
+ * apply patch for auth/pam.c to fix yet another way to make sudo segfault
+ if ctrl/C'ed at password prompt, closes: #131235
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
+
+sudo (1.6.5p1-3) unstable; urgency=high
+
+ * ugly hack to add --disable-saved-ids when building on sparc in response
+ to 131592, which will be reassigned to glibc for a real fix
+ * urgency high since the sudo currently in testing for sparc is worthless
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
+
+sudo (1.6.5p1-2) unstable; urgency=high
+
+ * patch from upstream to fix seg faults caused by versions of pam that
+ follow a NULL pointer, closes: #129512
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
+
+sudo (1.6.5p1-1) unstable; urgency=high
+
+ * new upstream version
+ * add --disable-root-mailer option supported by new version to configure
+ call in rules file, closes: #129648
+
+ -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
+
+sudo (1.6.4p1-1) unstable; urgency=high
+
+ * new upstream version, with fix for segfaulting problem in 1.6.4
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
+
+sudo (1.6.4-1) unstable; urgency=high
+
+ * new upstream version, includes an important security fix, closes: #127576
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
+
+sudo (1.6.3p7-5) unstable; urgency=low
+
+ * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
+ * fix spelling error in init.d, closes: #126847
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
+
+sudo (1.6.3p7-4) unstable; urgency=medium
+
+ * use touch to set status files to an ancient date instead of removing them
+ outright on reboot. this achieves the desired effect of keeping elevated
+ privs from living across reboots, without forcing everyone to see the
+ new-sudo-user lecture after every reboot. pick a time that's 'old enough'
+ for systems with good clocks, and 'recent enough' that broken PC hardware
+ setting the clock to commonly-seen bogus dates trips over the "don't trust
+ future timestamps" rule. closes: #76529, #123559
+ * apply patch from Steve Langasek to fix seg faults due to interaction with
+ PAM code. upstream confirms the problem, and says they're fixing this
+ differently for their next release... but this should be useful in the
+ meantime, and would be good to get into woody. closes: #119147
+ * only run the init.d at boot, not on each runlevel change... and don't run
+ it during package configure. closes: #125935
+ * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
+
+sudo (1.6.3p7-3) unstable; urgency=low
+
+ * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
+ resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
+ * fix a typo in the manpage, closes: #97368
+ * apply patch to configure.in and run autoconf to fix problem building on
+ the hurd, closes: #96325
+ * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
+ to not last across reboots, closes: #76529
+ * clean up lintian-noticed cosmetic packaging issues
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
+
+sudo (1.6.3p7-2) unstable; urgency=low
+
+ * update config.sub/guess for hppa support
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
+
+sudo (1.6.3p7-1) unstable; urgency=low
+
+ * new upstream version
+ * add build dependency on mail-transport-agent, closes: #90685
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
+
+sudo (1.6.3p6-1) unstable; urgency=high
+
+ * new upstream version, fixes buffer overflow problem,
+ closes: #87259, #87278, #87263
+ * revert to using --with-secure-path option at build time, since the option
+ available in sudoers is parsed too late to be useful, and upstream says
+ it won't get fixed quickly. This reopens 85123, which I will mark as
+ forwarded. Closes: #86199, #86117, #85676
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
+
+sudo (1.6.3p5-2) unstable; urgency=low
+
+ * lose the dh_suidregister call since it's obsolete
+ * stop using the --with-secure-path option at build time, and instead show
+ how to set it in sudoers. Closes: #85123
+ * freshen config.sub and config.guess for ia64 and hppa
+ * update sudoers man page to indicate exempt_group is on by default,
+ closes: #70847
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
+
+sudo (1.6.3p5-1) unstable; urgency=low
+
+ * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
+ * this version restores core dumps before the exec, while leaving them
+ disabled during sudo's internal execution, closes: #58289
+ * update debhelper calls in rules file
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
+
+sudo (1.6.2p2-1) frozen unstable; urgency=medium
+
+ * new upstream source resulting from direct collaboration with the upstream
+ author to fix ugly pam-related problems on Debian in 1.6.1 and later.
+ Closes: #56129, #55978, #55979, #56550, #56772
+ * include more upstream documentation, closes: #55054
+ * pam.d fragment update, closes: #56129
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
+
+sudo (1.6.1-1) unstable; urgency=low
+
+ * new upstream source, closes: #52750
+
+ -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
+
+sudo (1.6-2) unstable; urgency=low
+
+ * drop suidregister support for this package. The sudo executable is
+ essentially worthless unless it is setuid root, and making suidregister
+ work involves shipping a non-setuid executable in the .deb and setting the
+ perms in the postinst. On a long upgrade run, this can leave the sudo
+ executable 'broken' for a long time, which is unacceptable. With this
+ version, we ship the executable setuid root in the .deb. Closes: #51742
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
+
+sudo (1.6-1) unstable; urgency=low
+
+ * new upstream version, many options previously set at compile-time are now
+ configurable at runtime.
+ Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
+ * FHS support
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
+
+sudo (1.5.9p4-1) unstable; urgency=low
+
+ * new upstream version, closes: #43464
+ * empty password handling was fixed in 1.5.8, closes: #31863
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
+
+sudo (1.5.9p1-1) unstable; urgency=low
+
+ * new upstream version
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
+
+sudo (1.5.8p1-1) unstable; urgency=medium
+
+ * new upstream version, closes 33690
+ * add dependency on libpam-modules, closes 34215, 33432
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
+
+sudo (1.5.7p4-2) unstable; urgency=medium
+
+ * update the pam fragment provided so that sudo works with latest pam bits,
+ closes 33432
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
+
+sudo (1.5.7p4-1) unstable; urgency=low
+
+ * new upstream release
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
+
+sudo (1.5.6p5-1) unstable; urgency=low
+
+ * new upstream patch release
+ * add PAM support, closes 28594
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
+
+sudo (1.5.6p2-2) unstable; urgency=low
+
+ * update copyright file, closes 24136
+ * review and close forwarded bugs believed fixed in this upstream version,
+ closes 17606, 15786.
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
+
+sudo (1.5.6p2-1) unstable; urgency=low
+
+ * new upstream release
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
+
+sudo (1.5.4-4) frozen unstable; urgency=low
+
+ * update postinst to use groupadd, closes 21403
+ * move the suidregister stuff earlier in postinst to ensure it always runs
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
+
+sudo (1.5.4-3) frozen unstable; urgency=low
+
+ * change /etc/sudoers from a conffile to being handled in postinst,
+ closes 18219
+ * add suidmanager support, closes 15711
+ * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
+ unlikely to ever fix, and which just don't matter. closes 17146
+ * fix FSF address in copyright file, and submit exception for lintian
+ warning about sudo being setuid root
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
+
+sudo (1.5.4-2) unstable; urgency=high
+
+ * patch from upstream author correcting/improving security fix
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
+
+sudo (1.5.4-1) unstable; urgency=high
+
+ * new upstream version, includes a security fix
+ * change default editor from /bin/ae to /usr/bin/editor
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
+
+sudo (1.5.3-1) unstable; urgency=medium
+
+ * new upstream version, closes bug 15911.
+ * rules file reworked to use debhelper
+ * implement a really gross hack to force use of the sudo-provided
+ lsearch(), since the one in libc6 is broken! This closes bugs
+ 12552, 12557, 14881, 15259, 15916.
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
+
+sudo (1.5.2-6) unstable; urgency=LOW
+
+ * don't install INSTALL in the doc directory, closes bug 13195.
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
+
+sudo (1.5.2-5) unstable; urgency=LOW
+
+ * libc6
+
+ -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
+
+sudo (1.5.2-4) unstable; urgency=LOW
+
+ * change TIMEOUT (how long before you have to type your password again)
+ to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
+ packages on slower machines much more tolerable. Closes bug 9076.
+ * touch debian/suid before debstd. Closes bug 8709.
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
+
+sudo (1.5.2-3) frozen unstable; urgency=LOW
+
+ * patch from upstream maintainer to close Bug 6828
+ * add a debian/suid file to get debstd to leave my perl postinst alone
+
+ -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
+
+sudo (1.5.2-2) frozen unstable; urgency=LOW
+
+ * change rules to use -O2 -Wall as per standards
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
+
+sudo (1.5.2-1) unstable; urgency=LOW
+
+ * new upstream version
+ * cosmetic changes to debian package control files
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
+
+sudo (1.5-2) unstable; urgency=LOW
+
+ * add /usr/X11R6/bin to the end of the secure path... this makes it
+ much easier to run xmkmf, etc., during package builds. To the extent
+ that /usr/local/sbin and /usr/local/bin were already included, I see
+ no security reasons not to add this.
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
+
+sudo (1.5-1) unstable; urgency=LOW
+
+ * New upstream version
+ * New maintainer
+ * New packaging format
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
+
+Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
+
+ sudo (1.4.1-1):
+
+ * hard code SECURE_PATH to:
+ "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
+ * enable ENV_EDITOR
+
+ * enabled EXEMPTGROUP "sudo"
+
+ * moved timestamp dir to /var/log/sudo
+
+ * changed parser to check for long and short filenames (Bug#1162)
+
+Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
+
+ sudo (1.4.2-1):
+
+ * New upstream source
+
+ * Fixed postinst script
+ (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
+
+ * Removed special shadow binary. This version works with and without
+ shadow password file.
+
+Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
+
+ sudo (1.4.2-2):
+
+ * Corrected editor path to /bin/ae (Bug#3062)
+
+ * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
+
+Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
+
+ sudo (1.4.3-1):
+
+ * New upstream version
+
+ * Changed sudoers permission to 440 (owner root, group root) to make
+ sudo usable via NFS
+
+Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
+
+ sudo (1.4.3-2):
+
+ * Applied upstream patch 1
+
+Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
+
+ sudo (1.4.3-3):
+
+ * Applied upstream patch 2
+
+Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
+
+ sudo (1.4.3-4):
+
+ * Applied upstream patch 3 (fixes problems with an NFS-mounted
+ sudoers file)
+
+
+Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
+
+ sudo (1.4.3-5):
+
+ * Corrected postinst to use /usr/bin/perl instead of /bin/perl
+ [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
+
+Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
+
+ sudo (1.4.3-6):
+
+ * Applied upstream patch 4 (fixes several bugs)
+
+ * Changed priority to optional
+
+Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
+
+ sudo (1.4.3-7):
+
+ * Corrected postinst to create correct permission for /etc/sudoers
+ (Bug#3749)
+
+Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
+
+ sudo (1.4.4-1):
+
+ * New upstream version
+
+
+sudo (1.4.4-2) admin; urgency=HIGH
+
+ * Fixed major security bug reported by Peter Tobias
+ <tobias@et-inf.fho-emden.de>
+ * Added dchanges support to debian.rules
+
+sudo (1.4.5-1) admin; urgency=LOW
+
+ * New upstream version
+ * Minor changes to debian.rules
--- /dev/null
+Source: sudo
+Section: admin
+Priority: optional
+Maintainer: Bdale Garbee <bdale@gag.com>
+Build-Depends: debhelper (>= 5), libpam0g-dev, libldap2-dev, autotools-dev, bison, flex
+Standards-Version: 3.7.3
+
+Package: sudo
+Architecture: any
+Depends: ${shlibs:Depends}, libpam-modules
+Conflicts: sudo-ldap
+Replaces: sudo-ldap
+Description: Provide limited super user privileges to specific users
+ Sudo is a program designed to allow a sysadmin to give limited root
+ privileges to users and log root activity. The basic philosophy is to give
+ as few privileges as possible but still allow people to get their work done.
+ .
+ This version is built with minimal shared library dependencies, use the
+ sudo-ldap package instead if you need LDAP support.
+
+Package: sudo-ldap
+Architecture: any
+Depends: ${shlibs:Depends}, libpam-modules
+Conflicts: sudo
+Replaces: sudo
+Provides: sudo
+Description: Provide limited super user privileges to specific users
+ Sudo is a program designed to allow a sysadmin to give limited root
+ privileges to users and log root activity. The basic philosophy is to give
+ as few privileges as possible but still allow people to get their work done.
+ .
+ This version is built with LDAP support.
--- /dev/null
+This is the Debian GNU/Linux prepackaged version of sudo. sudo is
+used to provide limited super user privileges to specific users.
+
+Bdale Garbee <bdale@gag.com> maintains this package using sources from
+
+ http://www.sudo.ws/
+
+Sudo is distributed under the following BSD-style license:
+
+ Copyright (c) 1994-1996,1998-2005,2007 Todd C. Miller <Todd.Miller@courtesan.com>
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. The name of the author may not be used to endorse or promote products
+ derived from this software without specific prior written permission
+ from the author.
+
+ 4. Products derived from this software may not be called "Sudo" nor
+ may "Sudo" appear in their names without specific prior written
+ permission from the author.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+ THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+Additionally, lsearch.c, fnmatch.c, getcwd.c, snprintf.c, strcasecmp.c
+and fnmatch.3 bear the following UCB license:
+
+ Copyright (c) 1987, 1989, 1990, 1991, 1993, 1994
+ The Regents of the University of California. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ 3. Neither the name of the University nor the names of its contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ SUCH DAMAGE.
--- /dev/null
+etc/pam.d
+usr/bin
+usr/share/man/man8
+usr/share/man/man5
+usr/sbin
+usr/share/doc/sudo/examples
+usr/share/lintian/overrides
--- /dev/null
+debian/OPTIONS
+BUGS
+UPGRADE
+PORTING
+HISTORY
+README
+TROUBLESHOOTING
--- /dev/null
+#! /bin/sh
+
+### BEGIN INIT INFO
+# Provides: sudo
+# Required-Start: $local_fs $remote_fs
+# Required-Stop:
+# Default-Start: S 2 3 4 5
+# Default-Stop: 0 1 6
+### END INIT INFO
+
+N=/etc/init.d/sudo
+
+set -e
+
+case "$1" in
+ start)
+ # make sure privileges don't persist across reboots
+ if [ -d /var/run/sudo ]
+ then
+ find /var/run/sudo -exec touch -t 198501010000 '{}' \;
+ fi
+ ;;
+ stop|reload|restart|force-reload)
+ ;;
+ *)
+ echo "Usage: $N {start|stop|restart|force-reload}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
--- /dev/null
+#!/usr/bin/perl
+
+# remove old link
+
+unlink ("/etc/alternatives/sudo") if ( -l "/etc/alternatives/sudo");
+
+# make sure we have a sudoers file
+if ( ! -f "/etc/sudoers") {
+
+ print "No /etc/sudoers found... creating one for you.\n";
+
+ open (SUDOERS, "> /etc/sudoers");
+ print SUDOERS "# /etc/sudoers\n",
+ "#\n",
+ "# This file MUST be edited with the 'visudo' command as root.\n",
+ "#\n",
+ "# See the man page for details on how to write a sudoers file.\n",
+ "#\n\nDefaults\tenv_reset\n\n",
+ "# Host alias specification\n\n",
+ "# User alias specification\n\n",
+ "# Cmnd alias specification\n\n",
+ "# User privilege specification\nroot\tALL=(ALL) ALL\n\n",
+ "# Uncomment to allow members of group sudo to not need a password\n",
+ "# (Note that later entries override this, so you might need to move\n",
+ "# it further down)\n",
+ "# %sudo ALL=NOPASSWD: ALL\n";
+ close SUDOERS;
+
+}
+
+# make sure sudoers has the correct permissions and owner/group
+system ('chown root:root /etc/sudoers');
+system ('chmod 440 /etc/sudoers');
+
+# must do a remove first to un-do the "bad" links created by previous version
+system ('update-rc.d -f sudo remove >/dev/null 2>&1');
+
+system ('update-rc.d sudo start 75 S . >/dev/null');
+
+# make sure we have a sudo group
+
+exit 0 if getgrnam("sudo"); # we're finished if there is a group sudo
+
+$gid = 27; # start searcg with gid 27
+setgrent;
+while (getgrgid($gid)) {
+ ++$gid;
+}
+endgrent;
+
+if ($gid != 27) {
+ print "On Debian we normally use gid 27 for 'sudo'.\n";
+ $gname = getgrgid(27);
+ print "However, on your system gid 27 is group '$gname'.\n\n";
+ print "Would you like me to stop configuring sudo so that you can change this? [n] ";
+ $ans = <STDIN>;
+ if ($ans =~ m/^[yY].*/) {
+ print "'dpkg --pending --configure' will restart the configuration.\n\n\n";
+ exit 1;
+ }
+}
+
+print "Creating group 'sudo' with gid = $gid\n";
+system("groupadd -g $gid sudo");
+
+print "";
--- /dev/null
+#!/bin/sh
+
+set -e
+
+check_password() {
+ if [ ! "$SUDO_FORCE_REMOVE" = "yes" ]; then
+ # let's check whether the root account is locked.
+ # if it is, we're not going another step. No Sirreee!
+ passwd=$(getent shadow root|cut -f2 -d:)
+ passwd1=$(echo "$passwd" |cut -c1)
+ # Note: we do need the 'xfoo' syntax here, since POSIX special-cases
+ # the $passwd value '!' as negation.
+ if [ "x$passwd" = "x*" ] || [ "x$passwd1" = "x!" ]; then
+ # yup, password is locked
+ echo "You have asked that the sudo package be removed,"
+ echo "but no root password has been set."
+ echo "Without sudo, you may not be able to gain administrative privileges."
+ echo
+ echo "If you would prefer to access the root account with su(1)"
+ echo "or by logging in directly,"
+ echo "you must set a root password with \"sudo passwd\"."
+ echo
+ echo "If you have arranged other means to access the root account,"
+ echo "and you are sure this is what you want,"
+ echo "you may bypass this check by setting an environment variable "
+ echo "(export SUDO_FORCE_REMOVE=yes)."
+ echo
+ echo "Refusing to remove sudo."
+ exit 1
+ fi
+ fi
+}
+
+case $1 in
+ remove)
+ check_password;
+ ;;
+ *)
+ ;;
+esac
+
+#DEBHELPER#
+
+exit 0
+
--- /dev/null
+#!/usr/bin/make -f
+
+export DH_VERBOSE=1
+
+CFLAGS = -O2 -Wall -Wno-comment
+ifneq (,$(findstring debug,$(DEB_BUILD_OPTIONS)))
+CFLAGS += -g
+endif
+export CFLAGS
+
+config: config-stamp
+config-stamp:
+ dh_testdir
+
+ # simple version
+ mkdir -p build-simple
+ cd build-simple && NROFFPROG=/usr/bin/nroff ../configure \
+ --prefix=/usr -v \
+ --with-all-insults \
+ --with-devel --with-pam --with-fqdn \
+ --with-logging=syslog --with-logfac=authpriv \
+ --with-env-editor --with-editor=/usr/bin/editor \
+ --with-timeout=15 --with-password-timeout=0 \
+ --with-passprompt="[sudo] password for %p: " \
+ --disable-root-mailer --disable-setresuid \
+ --with-sendmail=/usr/sbin/sendmail \
+ --mandir=/usr/share/man --libexecdir=/usr/lib/sudo \
+ --with-ldap-conf-file=/etc/sudo-ldap.conf \
+ --with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin"
+
+ # LDAP version
+ mkdir -p build-ldap
+ cd build-ldap && NROFFPROG=/usr/bin/nroff ../configure \
+ --prefix=/usr -v \
+ --with-all-insults \
+ --with-exempt=sudo --with-pam --with-ldap --with-fqdn \
+ --with-logging=syslog --with-logfac=authpriv \
+ --with-env-editor --with-editor=/usr/bin/vi \
+ --with-timeout=15 --with-password-timeout=0 \
+ --with-passprompt="[sudo] password for %p: " \
+ --disable-root-mailer --disable-setresuid \
+ --with-sendmail=/usr/sbin/sendmail \
+ --with-ldap-conf-file=/etc/ldap/ldap.conf \
+ --mandir=/usr/share/man --libexecdir=/usr/lib/sudo \
+ --with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin"
+
+ touch config-stamp
+
+build: build-stamp
+build-stamp: config-stamp
+ dh_testdir
+
+ # ensure our pod changes get picked up
+ $(MAKE) -C build-simple sudoers.man.in sudo.man.in visudo.man.in
+
+ $(MAKE) -C build-simple
+ $(MAKE) -C build-ldap
+
+ touch build-stamp
+
+clean:
+ dh_testdir
+ dh_testroot
+ rm -f config-stamp build-stamp
+ rm -rf build-simple build-ldap
+ rm -f config.cache
+
+ -test -r /usr/share/misc/config.sub && \
+ cp -f /usr/share/misc/config.sub config.sub
+ -test -r /usr/share/misc/config.guess && \
+ cp -f /usr/share/misc/config.guess config.guess
+
+ dh_clean
+
+install: build-stamp
+ dh_testdir
+ dh_testroot
+ dh_clean -k
+ dh_installdirs
+
+ $(MAKE) -C build-simple install DESTDIR=$(CURDIR)/debian/sudo
+ $(MAKE) -C build-ldap install DESTDIR=$(CURDIR)/debian/sudo-ldap
+
+ # remove stuff we don't want
+ rm -f $(CURDIR)/debian/sudo/etc/sudoers \
+ $(CURDIR)/debian/sudo-ldap/etc/sudoers
+
+ # and install things we do want that make install doesn't know about
+ install -o root -g root -m 0644 $(CURDIR)/debian/sudo.pam \
+ debian/sudo/etc/pam.d/sudo
+ install -o root -g root -m 0644 $(CURDIR)/debian/sudo.pam \
+ debian/sudo-ldap/etc/pam.d/sudo
+
+ install -o root -g root -m 0644 $(CURDIR)/debian/sudo.lintian \
+ debian/sudo/usr/share/lintian/overrides/sudo
+ install -o root -g root -m 0644 $(CURDIR)/debian/sudo-ldap.lintian \
+ debian/sudo-ldap/usr/share/lintian/overrides/sudo-ldap
+
+binary-indep: build install
+
+binary-arch: build install
+ dh_testdir
+ dh_testroot
+ dh_installdocs
+ dh_installexamples -A sudoers
+ dh_installinit -psudo -psudo-ldap
+ dh_installmanpages fnmatch.3
+ dh_installinfo -A
+ dh_installchangelogs CHANGES
+ dh_strip
+ dh_compress
+ dh_fixperms
+ chown root.root debian/sudo/usr/bin/sudo debian/sudo-ldap/usr/bin/sudo
+ chmod 4755 debian/sudo/usr/bin/sudo debian/sudo-ldap/usr/bin/sudo
+ dh_installdeb
+ dh_shlibdeps
+ dh_gencontrol
+ dh_md5sums
+ dh_builddeb
+
+binary: binary-indep binary-arch
+.PHONY: build clean binary-indep binary-arch binary install
--- /dev/null
+sudo source: maintainer-script-lacks-debhelper-token debian/postinst
+sudo source: maintainer-script-lacks-debhelper-token debian/sudo-ldap.postinst
--- /dev/null
+etc/pam.d
+usr/bin
+usr/share/man/man8
+usr/share/man/man5
+usr/sbin
+usr/share/doc/sudo-ldap/examples
+usr/share/lintian/overrides
--- /dev/null
+debian/OPTIONS
+BUGS
+UPGRADE
+PORTING
+HISTORY
+README
+README.LDAP
+TROUBLESHOOTING
+sudoers2ldif
+schema.iPlanet
+schema.OpenLDAP
--- /dev/null
+sudo-ldap: setuid-binary usr/bin/sudo 4755 root/root
+sudo-ldap: setuid-binary usr/bin/sudoedit 4755 root/root
--- /dev/null
+#!/usr/bin/perl
+
+# remove old link
+
+unlink ("/etc/alternatives/sudo") if ( -l "/etc/alternatives/sudo");
+
+# make sure we have a sudoers file
+if ( ! -f "/etc/sudoers") {
+
+ print "No /etc/sudoers found... creating one for you.\n";
+
+ open (SUDOERS, "> /etc/sudoers");
+ print SUDOERS "# /etc/sudoers\n",
+ "#\n",
+ "# This file MUST be edited with the 'visudo' command as root.\n",
+ "#\n",
+ "# See the man page for details on how to write a sudoers file.\n",
+ "#\n\nDefaults\tenv_reset\n\n",
+ "# Uncomment to allow members of group sudo to not need a password\n",
+ "# %sudo ALL=NOPASSWD: ALL\n\n",
+ "# Host alias specification\n\n",
+ "# User alias specification\n\n",
+ "# Cmnd alias specification\n\n",
+ "# User privilege specification\nroot\tALL=(ALL) ALL\n";
+ close SUDOERS;
+
+}
+
+# make sure sudoers has the correct permissions and owner/group
+system ('chown root:root /etc/sudoers');
+system ('chmod 440 /etc/sudoers');
+
+# must do a remove first to un-do the "bad" links created by previous version
+system ('update-rc.d -f sudo remove >/dev/null 2>&1');
+
+system ('update-rc.d sudo start 75 S . >/dev/null');
+
+# make sure we have a sudo group
+
+exit 0 if getgrnam("sudo"); # we're finished if there is a group sudo
+
+$gid = 27; # start searcg with gid 27
+setgrent;
+while (getgrgid($gid)) {
+ ++$gid;
+}
+endgrent;
+
+if ($gid != 27) {
+ print "On Debian we normally use gid 27 for 'sudo'.\n";
+ $gname = getgrgid(27);
+ print "However, on your system gid 27 is group '$gname'.\n\n";
+ print "Would you like me to stop configuring sudo so that you can change this? [n] ";
+ $ans = <STDIN>;
+ if ($ans =~ m/^[yY].*/) {
+ print "'dpkg --pending --configure' will restart the configuration.\n\n\n";
+ exit 1;
+ }
+}
+
+print "Creating group 'sudo' with gid = $gid\n";
+system("groupadd -g $gid sudo");
+
+print "";
--- /dev/null
+sudo: setuid-binary usr/bin/sudo 4755 root/root
+sudo: setuid-binary usr/bin/sudoedit 4755 root/root
+sudo: postrm-contains-additional-updaterc.d-calls /etc/init.d/sudo
+sudo: script-in-etc-init.d-not-registered-via-update-rc.d /etc/init.d/sudo
--- /dev/null
+#%PAM-1.0
+
+@include common-auth
+@include common-account
+
+session required pam_permit.so
+session required pam_limits.so
static const char *initial_badenv_table[] = {
"IFS",
"CDPATH",
+ "SHELLOPTS",
+ "PS4",
"LOCALDOMAIN",
"RES_OPTIONS",
"HOSTALIASES",
if (keepit == -1)
keepit = matches_env_keep(*ep);
+ if (!strncmp (*ep, "DISPLAY=",8)
+ || !strncmp (*ep, "XAUTHORITY=", 11)
+ || !strncmp (*ep, "XAUTHORIZATION=", 15)
+ || !strncmp (*ep, "XAPPLRESDIR=", 12)
+ || !strncmp (*ep, "XFILESEARCHPATH=", 16)
+ || !strncmp (*ep, "XUSERFILESEARCHPATH=", 20)
+ || !strncmp (*ep, "LANG=", 5)
+ || !strncmp (*ep, "LANGUAGE=", 9)
+ || !strncmp (*ep, "LC_", 3))
+ keepit = 1;
+
/* For SUDO_PS1 -> PS1 conversion. */
if (strncmp(*ep, "SUDO_PS1=", 8) == 0)
ps1 = *ep + 5;
"Where did you learn to type?",
"Are you on drugs?",
"My pet ferret can type better than you!",
- "You type like i drive.",
+ "You type like I drive.",
"Do you think like you type?",
"Your mind just hasn't been the same since the electro-shock, has it?",
efree($1);
}
| NETGROUP {
+ set_fqdn();
if (netgr_matches($1, user_host, user_shost, NULL))
$$ = TRUE;
else
efree($1);
}
| WORD {
+ set_fqdn();
if (hostname_matches(user_shost, user_host, $1) == 0)
$$ = TRUE;
else
| ALIAS {
aliasinfo *aip = find_alias($1, HOST_ALIAS);
+ set_fqdn();
/* could be an all-caps hostname */
if (aip)
$$ = aip->val;
# Cmnd alias specification
##
Cmnd_Alias DUMPS = /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, \
- /usr/sbin/rrestore, /usr/bin/mt
-Cmnd_Alias KILL = /usr/bin/kill
+ /usr/sbin/rrestore, /bin/mt
+Cmnd_Alias KILL = /bin/kill
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
Cmnd_Alias HALT = /usr/sbin/halt
sudoedit /etc/printcap, /usr/oper/bin/
# joe may su only to operator
-joe ALL = /usr/bin/su operator
+joe ALL = /bin/su operator
# pete may change passwords for anyone but root on the hp snakes
pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root
# users in the secretaries netgroup need to help manage the printers
# as well as add and remove users
-+secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser
++secretaries ALL = PRINTING, /usr/sbin/adduser, /usr/bin/rmuser
# fred can run commands as oracle or sybase without a password
fred ALL = (DB) NOPASSWD: ALL
# on the alphas, john may su to anyone but root and flags are not allowed
-john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
+john ALPHA = /bin/su [!-]*, !/bin/su *root*
# jen can run anything on all machines except the ones
# in the "SERVERS" Host_Alias
* "host" is the (possibly fully-qualified) hostname and
* "shost" is the unqualified form of the hostname.
*/
+ sudo_user.host_fqdn_queried = FALSE;
nohostname = gethostname(thost, sizeof(thost));
if (nohostname)
user_host = user_shost = "localhost";
/* Defer call to set_fqdn() until log_error() is safe. */
user_shost = user_host;
} else {
- if ((p = strchr(user_host, '.'))) {
- *p = '\0';
- user_shost = estrdup(user_host);
- *p = '.';
- } else {
- user_shost = user_host;
- }
+ user_shost = user_host;
}
}
} else {
user_shost = user_host;
}
+ sudo_user.host_fqdn_queried = TRUE;
+}
+
+/*
+ * Get passwd entry for the user we are going to run commands as.
+ * By default, this is "root". Updates runas_pw as a side effect.
+ */
+int
+set_runaspw(user)
+ char *user;
+{
+ if (runas_pw != NULL) {
+ if (user_runas != &def_runas_default)
+ return(TRUE); /* don't override -u option */
+ efree(runas_pw);
+ }
+ if (*user == '#') {
+ runas_pw = sudo_getpwuid(atoi(user + 1));
+ if (runas_pw == NULL) {
+ runas_pw = emalloc(sizeof(struct passwd));
+ (void) memset((VOID *)runas_pw, 0, sizeof(struct passwd));
+ runas_pw->pw_uid = atoi(user + 1);
+ }
+ } else {
+ runas_pw = sudo_getpwnam(user);
+ if (runas_pw == NULL)
+ log_error(NO_MAIL|MSG_ONLY, "no passwd entry for %s!", user);
+ }
+ return(TRUE);
}
/*
+<<<<<<< HEAD:sudo.cat
+1.6.9p15 March 23, 2008 1
+=======
1.6.9p16 May 8, 2008 1
+>>>>>>> 17fe41bae8a65fb88683c9795414556ed9b636e9:sudo.cat
+<<<<<<< HEAD:sudo.cat
+1.6.9p15 March 23, 2008 2
+=======
1.6.9p16 May 8, 2008 2
+>>>>>>> 17fe41bae8a65fb88683c9795414556ed9b636e9:sudo.cat
+<<<<<<< HEAD:sudo.cat
+1.6.9p15 March 23, 2008 3
+=======
1.6.9p16 May 8, 2008 3
+>>>>>>> 17fe41bae8a65fb88683c9795414556ed9b636e9:sudo.cat
+<<<<<<< HEAD:sudo.cat
+1.6.9p15 March 23, 2008 4
+=======
1.6.9p16 May 8, 2008 4
+>>>>>>> 17fe41bae8a65fb88683c9795414556ed9b636e9:sudo.cat
+<<<<<<< HEAD:sudo.cat
+1.6.9p15 March 23, 2008 5
+=======
1.6.9p16 May 8, 2008 5
+>>>>>>> 17fe41bae8a65fb88683c9795414556ed9b636e9:sudo.cat
+<<<<<<< HEAD:sudo.cat
+1.6.9p15 March 23, 2008 6
+=======
1.6.9p16 May 8, 2008 6
+>>>>>>> 17fe41bae8a65fb88683c9795414556ed9b636e9:sudo.cat
+<<<<<<< HEAD:sudo.cat
+1.6.9p15 March 23, 2008 7
+=======
1.6.9p16 May 8, 2008 7
+>>>>>>> 17fe41bae8a65fb88683c9795414556ed9b636e9:sudo.cat
+<<<<<<< HEAD:sudo.cat
+1.6.9p15 March 23, 2008 8
+=======
1.6.9p16 May 8, 2008 8
+>>>>>>> 17fe41bae8a65fb88683c9795414556ed9b636e9:sudo.cat
+<<<<<<< HEAD:sudo.cat
+1.6.9p15 March 23, 2008 9
+=======
1.6.9p16 May 8, 2008 9
+>>>>>>> 17fe41bae8a65fb88683c9795414556ed9b636e9:sudo.cat
char cwd[PATH_MAX];
char *host;
char *shost;
+ int host_fqdn_queried;
char **runas;
char *prompt;
char *cmnd;
To prevent command spoofing, \fBsudo\fR checks \*(L".\*(R" and "" (both denoting
current directory) last when searching for a command in the user's
\&\s-1PATH\s0 (if one or both are in the \s-1PATH\s0). Note, however, that the
-actual \f(CW\*(C`PATH\*(C'\fR environment variable is \fInot\fR modified and is passed
-unchanged to the program that \fBsudo\fR executes.
+\&\f(CW\*(C`PATH\*(C'\fR environment variable is further modified in Debian because of
+the use of the \fI\s-1SECURE_PATH\s0\fR build option.
.PP
\&\fBsudo\fR will check the ownership of its timestamp directory
(\fI@timedir@\fR by default) and ignore the directory's contents if
file system holding ~yazza is not exported as root:
.PP
.Vb 1
-\& $ sudo -u yazza ls ~yazza
+\& $ sudo \-u yazza ls ~yazza
.Ve
.PP
To edit the \fIindex.html\fR file as user www:
.PP
.Vb 1
-\& $ sudo -u www vi ~www/htdocs/index.html
+\& $ sudo \-u www vi ~www/htdocs/index.html
.Ve
.PP
To shutdown a machine:
.PP
.Vb 1
-\& $ sudo shutdown -r +15 "quick reboot"
+\& $ sudo shutdown \-r +15 "quick reboot"
.Ve
.PP
To make a usage listing of the directories in the /home
to make the \f(CW\*(C`cd\*(C'\fR and file redirection work.
.PP
.Vb 1
-\& $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
+\& $ sudo sh \-c "cd /home ; du \-s * | sort \-rn > USAGE"
.Ve
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIgrep\fR\|(1), \fIsu\fR\|(1), \fIstat\fR\|(2),
@LCMAN@\&\fIlogin_cap\fR\|(3),
\&\fIpasswd\fR\|(@mansectform@), \fIsudoers\fR\|(5), \fIvisudo\fR\|(@mansectsu@)
+.PP
+The file /usr/share/doc/sudo/OPTIONS describes the options used for building
+the Debian version of sudo, some of which change default behaviors documented
+elsewhere in this document.
.SH "AUTHORS"
.IX Header "AUTHORS"
Many people have worked on \fBsudo\fR over the years; this
To prevent command spoofing, B<sudo> checks "." and "" (both denoting
current directory) last when searching for a command in the user's
PATH (if one or both are in the PATH). Note, however, that the
-actual C<PATH> environment variable is I<not> modified and is passed
-unchanged to the program that B<sudo> executes.
+C<PATH> environment variable is further modified in Debian because of
+the use of the I<SECURE_PATH> build option.
B<sudo> will check the ownership of its timestamp directory
(F<@timedir@> by default) and ignore the directory's contents if
L<login_cap(3)>,
L<passwd(5)>, L<sudoers(5)>, L<visudo(8)>
+The file /usr/share/doc/sudo/OPTIONS describes the options used for building
+the Debian version of sudo, some of which change default behaviors documented
+elsewhere in this document.
+
=head1 AUTHORS
Many people have worked on B<sudo> over the years; this
# See the sudoers man page for the details on how to write a sudoers file.
#
+# Defaults syslog=auth, secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin"
+
# Host alias specification
# User alias specification
.el .IP "\f(CW%u\fR" 4
.IX Item "%u"
expanded to the invoking user's login name
+.ie n .IP "%p" 4
+.el .IP "\f(CW%p\fR" 4
+.IX Item "%p"
+expanded to the user whose password is asked for (respects the presence of the
+rootpw, targetpw or runaspw options in the configuration)
+
.ie n .IP "\*(C`%%\*(C'" 4
.el .IP "\f(CW\*(C`%%\*(C'\fR" 4
.IX Item "%%"
Address to send warning and error mail to. The address should
be enclosed in double quotes (\f(CW\*(C`"\*(C'\fR) to protect against \fBsudo\fR
interpreting the \f(CW\*(C`@\*(C'\fR sign. Defaults to \f(CW\*(C`@mailto@\*(C'\fR.
+.IP "exempt_group" 12
+.IX Item "exempt_group"
+Users in this group are exempt from password and \s-1PATH\s0 requirements.
+On Debian systems, this is set to the group 'sudo' by default.
+.IP "syslog" 12
+.IX Item "syslog"
+Syslog facility if syslog is being used for logging (negate to
+disable syslog logging). Defaults to \f(CW\*(C`@logfac@\*(C'\fR.
+.IP "verifypw" 12
+.IX Item "verifypw"
+This option controls when a password will be required when a user runs
+\&\fBsudo\fR with the \fB\-v\fR flag. It has the following possible values:
+.RS 12
+.IP "all" 8
+.IX Item "all"
+All the user's \fIsudoers\fR entries for the current host must have
+the \f(CW\*(C`NOPASSWD\*(C'\fR flag set to avoid entering a password.
+.IP "always" 8
+.IX Item "always"
+The user must always enter a password to use the \fB\-l\fR flag.
+.IP "any" 8
+.IX Item "any"
+At least one of the user's \fIsudoers\fR entries for the current host
+must have the \f(CW\*(C`NOPASSWD\*(C'\fR flag set to avoid entering a password.
+.IP "never" 8
+.IX Item "never"
+The user need never enter a password to use the \fB\-l\fR flag.
+.RE
+.RS 12
+.Sp
+If no value is specified, a value of \fIany\fR is implied.
+Negating the option results in a value of \fInever\fR being used.
+The default value is \fIany\fR.
+.RE
+.IP "logfile" 12
+.IX Item "logfile"
+Path to the \fBsudo\fR log file (not the syslog log file). Setting a path
+turns on logging to a file; negating this option turns it off.
+By default, \fBsudo\fR logs via syslog.
+.IP "mailerflags" 12
+.IX Item "mailerflags"
+Flags to use when invoking mailer. Defaults to \fB\-t\fR.
+.IP "mailerpath" 12
+.IX Item "mailerpath"
+Path to mail program used to send warning mail.
+Defaults to the path to sendmail found at configure time.
+.IP "mailto" 12
+.IX Item "mailto"
+Address to send warning and error mail to. The address should
+be enclosed in double quotes (\f(CW\*(C`"\*(C'\fR) to protect against \fBsudo\fR
+interpreting the \f(CW\*(C`@\*(C'\fR sign. Defaults to \f(CW\*(C`@mailto@\*(C'\fR.
.IP "syslog" 12
.IX Item "syslog"
Syslog facility if syslog is being used for logging (negate to
Cmnd_Alias ::= NAME '=' Cmnd_List
- NAME ::= [A-Z]([A-Z][0-9]_)*
+ NAME ::= [A-Z]([a-z][A-Z][0-9]_)*
Each I<alias> definition is of the form
=over 16
-=item always_set_home
+=item mail_badpass
-If set, B<sudo> will set the C<HOME> environment variable to the home
-directory of the target user (which is root unless the B<-u> option is used).
-This effectively means that the B<-H> flag is always implied.
-This flag is I<off> by default.
+Send mail to the I<mailto> user if the user running B<sudo> does not
+enter the correct password. This flag is I<off> by default.
+
+=item mail_no_host
+
+If set, mail will be sent to the I<mailto> user if the invoking
+user exists in the I<sudoers> file, but is not allowed to run
+commands on the current host. This flag is I<@mail_no_host@> by default.
+
+=item mail_no_perms
+
+If set, mail will be sent to the I<mailto> user if the invoking
+user is allowed to use B<sudo> but the command they are trying is not
+listed in their I<sudoers> file entry or is explicitly denied.
+This flag is I<@mail_no_perms@> by default.
+
+=item mail_no_user
+
+If set, mail will be sent to the I<mailto> user if the invoking
+user is not in the I<sudoers> file. This flag is I<@mail_no_user@>
+by default.
+
+=item noexec
+
+If set, all commands run via B<sudo> will behave as if the C<NOEXEC>
+tag has been set, unless overridden by a C<EXEC> tag. See the
+description of I<NOEXEC and EXEC> below as well as the L<PREVENTING SHELL
+ESCAPES> section at the end of this manual. This flag is I<off> by default.
=item authenticate
=item env_delete
-Environment variables to be removed from the user's environment.
+
+Not effective due to security issues: only variables listed in
+I<env_keep> or I<env_check> can be passed through B<sudo>!
+
The argument may be a double-quoted, space-separated list or a
single value without double-quotes. The list can be replaced, added
to, deleted from, or disabled by using the C<=>, C<+=>, C<-=>, and
=item env_keep
-Environment variables to be preserved in the user's environment
-when the I<env_reset> option is in effect. This allows fine-grained
+Environment variables to be preserved in the user's environment.
+This allows fine-grained
control over the environment B<sudo>-spawned processes will receive.
The argument may be a double-quoted, space-separated list or a
single value without double-quotes. The list can be replaced, added
Below are example I<sudoers> entries. Admittedly, some of
these are a bit contrived. First, we define our I<aliases>:
+Below are example I<sudoers> entries. Admittedly, some of
+these are a bit contrived. First, we allow a few environment
+variables to pass and then define our I<aliases>:
+
+ # Run X applications through sudo; HOME is used to find .Xauthority file
+ # Note that some programs may use HOME for other purposes too and
+ # this may lead to privilege escalation!
+ Defaults env_keep = "DISPLAY HOME"
+
# User alias specification
User_Alias FULLTIMERS = millert, mikef, dowdy
User_Alias PARTTIMERS = bostley, jwfox, crawl
.PP
There is a hard-coded list of editors that \fBvisudo\fR will use set
at compile-time that may be overridden via the \fIeditor\fR \fIsudoers\fR
-\&\f(CW\*(C`Default\*(C'\fR variable. This list defaults to the path to \fIvi\fR\|(1) on
-your system, as determined by the \fIconfigure\fR script. Normally,
-\&\fBvisudo\fR does not honor the \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR environment
+\&\f(CW\*(C`Default\*(C'\fR variable.
+On Debian systems, this list defaults to /usr/bin/editor, which is meant to
+be a system-wide default editor chosen through the alternatives system.
+Normally, \&\fBvisudo\fR does not honor the \f(CW\*(C`VISUAL\*(C'\fR or
+\f(CW\*(C`EDITOR\*(C'\fR environment
variables unless they contain an editor in the aforementioned editors
list. However, if \fBvisudo\fR is configured with the \fI\-\-with\-enveditor\fR
flag or the \fIenv_editor\fR \f(CW\*(C`Default\*(C'\fR variable is set in \fIsudoers\fR,
\&\fBvisudo\fR will use any the editor defines by \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR.
Note that this can be a security hole since it allows the user to
execute any program they wish simply by setting \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR.
+Despite this potential risk, sudo on Debian is compiled with the
+\fI\-\-with\-enveditor\fR flag.
.PP
\&\fBvisudo\fR parses the \fIsudoers\fR file after the edit and will
not save the changes if there is a syntax error. Upon finding
projects / debian / sudo / commitdiff