From: Bdale Garbee Date: Sat, 28 Mar 2009 12:37:47 +0000 (-0600) Subject: Merge commit 'upstream/1.7.0' X-Git-Tag: debian/1.7.0-1~16 X-Git-Url: https://git.gag.com/?a=commitdiff_plain;h=812709a155f4e8ca2a6b6070bad027a372835857;p=debian%2Fsudo Merge commit 'upstream/1.7.0' Conflicts: Makefile.in parse.c parse.yacc sudo.h sudoers.man.in sudoers.pod --- 812709a155f4e8ca2a6b6070bad027a372835857 diff --cc Makefile.in index 3922f69,c097af7..551fb01 --- a/Makefile.in +++ b/Makefile.in @@@ -394,7 -484,43 +484,41 @@@ bindist fi ; \ cp $(srcdir)/INSTALL.binary $$tdir/INSTALL ; \ sh ./config.status --file=Makefile.binary && cp Makefile.binary $$tdir/Makefile ; \ - strip $$tdir/sudo ; \ - strip $$tdir/visudo ; \ cd tmp.$$ARCH && tar Ocf ../sudo-$(VERSION)-$$ARCH.tar sudo-$(VERSION) && cd .. ; \ - gzip --best sudo-$(VERSION)-$$ARCH.tar ; \ + gzip -f --best sudo-$(VERSION)-$$ARCH.tar ; \ rm -rf tmp.$$ARCH ; \ ) + + depot: + ( \ + tdir=tmp.depot ; \ + mkdir $$tdir ; \ + for i in sudo visudo sudo.man visudo.man sudoers.man sudoers ChangeLog HISTORY LICENSE README TROUBLESHOOTING UPGRADE sample.syslog.conf sample.sudoers; do \ + if [ -f $$i ]; then \ + cp $$i $$tdir ; \ + elif [ -f $(srcdir)/$$i ]; then \ + cp $(srcdir)/$$i $$tdir ; \ + else \ + echo cannot find $$i ; \ + exit 1 ; \ + fi ; \ + done ; \ + if [ -f sudo_noexec.la ]; then \ + cp libtool $$tdir ; \ + $(LIBTOOL) --mode=install $(INSTALL) sudo_noexec.la `pwd`/$$tdir ; \ + fi ; \ + sed 's/@VERSION@/$(VERSION)/g' <$(srcdir)/sudo.psf >$$tdir/sudo.psf ; \ + printf '#!/sbin/sh\nrm -f /usr/local/bin/sudoedit\nln /usr/local/bin/sudo /usr/local/bin/sudoedit\n' > $$tdir/sudo-exec.postinstall ; \ + printf '#!/sbin/sh\nrm -f /usr/local/man/man1m/sudoedit.1m\nln /usr/local/man/man1m/sudo.1m /usr/local/man/man1m/sudoedit.1m\n' > $$tdir/sudo-man.postinstall ; \ + printf '#!/sbin/sh\nif [ ! -s /etc/sudoers ]; then\n\techo installing /usr/local/doc/sudo/sudoers as /etc/sudoers\n\techo use /usr/local/sbin/visudo to configure sudo\n\tcp /usr/local/doc/sudo/sudoers /etc/sudoers\n\tchmod 440 /etc/sudoers\n\tchown root:root /etc/sudoers\nfi\n' > $$tdir/sudo-config.postinstall ; \ + chmod 755 $$tdir/sudo-exec.postinstall $$tdir/sudo-man.postinstall $$tdir/sudo-config.postinstall ; \ + strip $$tdir/sudo ; \ + strip $$tdir/visudo ; \ + cd $$tdir ; \ + swpackage -x target_type=tape -d ../sudo-$(VERSION).depot -s sudo.psf ; \ + cd .. ; \ + gzip -f --best sudo-$(VERSION).depot; \ + rm -rf tmp.depot ; \ + ) + + .PHONY: ChangeLog diff --cc sample.sudoers index 29d88c9,220df7f..cc35506 --- a/sample.sudoers +++ b/sample.sudoers @@@ -82,10 -85,10 +85,10 @@@ operator ALL = DUMPS, KILL, SHUTDOWN, H sudoedit /etc/printcap, /usr/oper/bin/ # joe may su only to operator -joe ALL = /usr/bin/su operator +joe ALL = /bin/su operator # pete may change passwords for anyone but root on the hp snakes - pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root + pete HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd root # bob may run anything on the sparc and sgi machines as any user # listed in the Runas_Alias "OP" (ie: root and operator) diff --cc sudoers.pod index 5f25ce3,63c49cf..4d1149c --- a/sudoers.pod +++ b/sudoers.pod @@@ -437,36 -500,12 +500,12 @@@ B =over 16 -=item always_set_home +=item mail_badpass - Send mail to the I user if the user running B does not - enter the correct password. This flag is I by default. - - =item mail_no_host - - If set, mail will be sent to the I user if the invoking - user exists in the I file, but is not allowed to run - commands on the current host. This flag is I<@mail_no_host@> by default. - - =item mail_no_perms - - If set, mail will be sent to the I user if the invoking - user is allowed to use B but the command they are trying is not - listed in their I file entry or is explicitly denied. - This flag is I<@mail_no_perms@> by default. - - =item mail_no_user - - If set, mail will be sent to the I user if the invoking - user is not in the I file. This flag is I<@mail_no_user@> - by default. - - =item noexec - - If set, all commands run via B will behave as if the C - tag has been set, unless overridden by a C tag. See the - description of I below as well as the L section at the end of this manual. This flag is I by default. + If set, B will set the C environment variable to the home + directory of the target user (which is root unless the B<-u> option is used). + This effectively means that the B<-H> option is always implied. + This flag is I by default. =item authenticate diff --cc visudo.man.in index bb94e3b,7aa576b..eca8d90 --- a/visudo.man.in +++ b/visudo.man.in @@@ -165,14 -173,12 +173,14 @@@ edited you will receive a message to tr .PP There is a hard-coded list of editors that \fBvisudo\fR will use set at compile-time that may be overridden via the \fIeditor\fR \fIsudoers\fR -\&\f(CW\*(C`Default\*(C'\fR variable. This list defaults to the path to \fIvi\fR\|(1) on -your system, as determined by the \fIconfigure\fR script. Normally, -\&\fBvisudo\fR does not honor the \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR environment +\&\f(CW\*(C`Default\*(C'\fR variable. +On Debian systems, this list defaults to /usr/bin/editor, which is meant to +be a system-wide default editor chosen through the alternatives system. +Normally, \&\fBvisudo\fR does not honor the \f(CW\*(C`VISUAL\*(C'\fR or +\f(CW\*(C`EDITOR\*(C'\fR environment variables unless they contain an editor in the aforementioned editors list. However, if \fBvisudo\fR is configured with the \fI\-\-with\-enveditor\fR - flag or the \fIenv_editor\fR \f(CW\*(C`Default\*(C'\fR variable is set in \fIsudoers\fR, + option or the \fIenv_editor\fR \f(CW\*(C`Default\*(C'\fR variable is set in \fIsudoers\fR, \&\fBvisudo\fR will use any the editor defines by \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR. Note that this can be a security hole since it allows the user to execute any program they wish simply by setting \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR.