From 83cad190740ab8312cf2ea953c1bf9dee2e965bf Mon Sep 17 00:00:00 2001 From: Bdale Garbee Date: Mon, 19 Apr 2010 10:43:24 -0600 Subject: [PATCH] Imported Upstream version 1.7.2p6 --- ChangeLog | 30 +++++++ Makefile.in | 15 +--- aix.c | 4 - alias.c | 4 - alloc.c | 4 - auth/afs.c | 4 - auth/aix_auth.c | 4 - auth/bsdauth.c | 4 - auth/dce.c | 4 - auth/fwtk.c | 4 - auth/kerb4.c | 4 - auth/kerb5.c | 4 - auth/pam.c | 4 - auth/passwd.c | 4 - auth/rfc1938.c | 4 - auth/secureware.c | 4 - auth/securid.c | 4 - auth/securid5.c | 4 - auth/sia.c | 4 - auth/sudo_auth.c | 4 - auth/sudo_auth.h | 2 - check.c | 4 - closefrom.c | 4 - compat.h | 2 - configure | 21 ++--- configure.in | 5 +- defaults.c | 4 - defaults.h | 2 - emul/charclass.h | 2 - emul/timespec.h | 2 - env.c | 4 - error.c | 4 - error.h | 2 - fileops.c | 4 - find_path.c | 9 +- getcwd.c | 4 - getprogname.c | 4 - getspwuid.c | 4 - gettime.c | 4 - goodpath.c | 4 - gram.c | 4 - gram.y | 4 - ins_2001.h | 2 - ins_classic.h | 2 - ins_csops.h | 2 - ins_goons.h | 2 - install-sh | 2 +- insults.h | 2 - interfaces.c | 4 - interfaces.h | 2 - isblank.c | 4 - lbuf.c | 4 - lbuf.h | 2 - ldap.c | 4 - list.c | 4 - list.h | 2 - logging.c | 4 - logging.h | 2 - match.c | 6 +- memrchr.c | 7 -- mkinstalldirs | 2 - mkstemp.c | 4 - parse.c | 4 - parse.h | 2 - pathnames.h.in | 2 - pwutil.c | 4 - redblack.c | 4 - redblack.h | 2 - sample.pam | 2 - sample.sudoers | 2 - sample.syslog.conf | 2 - selinux.c | 4 - sesh.c | 4 - set_perms.c | 4 - sigaction.c | 4 - snprintf.c | 4 - strcasecmp.c | 4 - strerror.c | 4 - strlcat.c | 4 - strlcpy.c | 4 - sudo.c | 6 +- sudo.cat | 20 ++--- sudo.h | 2 - sudo.man.in | 3 +- sudo.pod | 1 - sudo_edit.c | 4 - sudo_noexec.c | 4 - sudo_nss.c | 4 - sudo_nss.h | 2 - sudo_usage.h.in | 2 - sudoers.cat | 214 ++++++++++++++++++++++---------------------- sudoers.ldap.cat | 126 +++++++++++++------------- sudoers.ldap.man.in | 33 +++---- sudoers.ldap.pod | 1 - sudoers.man.in | 30 ++++++- sudoers.pod | 26 +++++- sudoers2ldif | 2 - term.c | 4 - testsudoers.c | 5 -- tgetpass.c | 4 - utimes.c | 4 - visudo.c | 4 - visudo.cat | 6 +- visudo.man.in | 15 +--- visudo.pod | 1 - zero_bytes.c | 4 - 106 files changed, 301 insertions(+), 565 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6ed7972..a8d71a2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,33 @@ +2010-04-09 Todd C. Miller + + * configure, configure.in: Fix installation of sudoers.ldap + in "make install" when --with-ldap was specified without a + directory. From Prof. Dr. Andreas Mueller + +2010-04-09 Todd C. Miller + + * find_path.c: Qualify the command even if it is in the + current working directory, e.g. "./foo" instead of just + returning "foo". This removes an ambiguity between real + commands and possible pseudo-commands in command matching. + +2010-04-07 Todd C. Miller + + * sudoers.cat, sudoers.man.in, sudoers.pod: Add a note about + the security implications of the fast_glob option. + + * memrchr.c: Remove duplicate includes + +2010-03-10 Todd C. Miller + + * sudo.c: Fix a bug introduced with def_closefrom. The value + of def_closefrom already includes the +1. + +2010-03-09 Todd C. Miller + + * match.c: When doing a glob match, short circuit if + gl.gl_pathc is 0. From Mark Kettenis. + 2010-02-22 Todd C. Miller * match.c: Check for pseudo-command by looking at the first diff --git a/Makefile.in b/Makefile.in index 245e77e..8d69f81 100644 --- a/Makefile.in +++ b/Makefile.in @@ -21,8 +21,6 @@ # # @configure_input@ # -# $Sudo: Makefile.in,v 1.340 2009/06/15 21:18:53 millert Exp $ -# #### Start of system configuration section. #### @@ -405,9 +403,6 @@ sudoers.ldap.cat: sudoers.ldap.man @DEV@LICENSE: license.pod @DEV@ pod2text -l -i0 $> | sed '1,2d' > $@ -ChangeLog: - cvs2cl --follow-only trunk - install: install-dirs install-binaries @INSTALL_NOEXEC@ install-sudoers install-man install-dirs: @@ -462,11 +457,9 @@ realclean: distclean cleandir: realclean dist: - rm -f ../sudo-$(VERSION).tar.gz - ( cd .. ; TF="/tmp/sudo.dist$$$$" ; rm -f $$TF ; for i in $(DISTFILES) ; \ - do echo sudo-$(VERSION)/$$i >> $$TF ; done ; \ - tar Ocf sudo-$(VERSION).tar \ - `cat $$TF` && gzip --best sudo-$(VERSION).tar && rm -f $$TF) + pax -w -x ustar -s '/^/sudo-$(VERSION)\//' -f ../sudo-$(VERSION).tar \ + $(DISTFILES) + gzip -9f ../sudo-$(VERSION).tar ls -l ../sudo-$(VERSION).tar.gz bindist: @@ -531,5 +524,3 @@ depot: gzip -f --best sudo-$(VERSION).depot; \ rm -rf tmp.depot ; \ ) - -.PHONY: ChangeLog diff --git a/aix.c b/aix.c index 0b604f5..aa61568 100644 --- a/aix.c +++ b/aix.c @@ -32,10 +32,6 @@ #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: aix.c,v 1.7 2008/11/06 00:42:37 millert Exp $"; -#endif /* lint */ - #ifdef HAVE_GETUSERATTR #ifndef HAVE_SETRLIMIT64 diff --git a/alias.c b/alias.c index e8fec56..e389c71 100644 --- a/alias.c +++ b/alias.c @@ -46,10 +46,6 @@ #include "redblack.h" #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: alias.c,v 1.18 2009/05/25 12:02:41 millert Exp $"; -#endif /* lint */ - /* * Globals */ diff --git a/alloc.c b/alloc.c index c2405bf..d8bd857 100644 --- a/alloc.c +++ b/alloc.c @@ -48,10 +48,6 @@ #include "sudo.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: alloc.c,v 1.33 2008/11/09 14:13:12 millert Exp $"; -#endif /* lint */ - /* * If there is no SIZE_MAX or SIZE_T_MAX we have to assume that size_t * could be signed (as it is on SunOS 4.x). This just means that diff --git a/auth/afs.c b/auth/afs.c index fed48ba..337cd4d 100644 --- a/auth/afs.c +++ b/auth/afs.c @@ -50,10 +50,6 @@ #include #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: afs.c,v 1.15 2008/11/09 14:13:13 millert Exp $"; -#endif /* lint */ - int afs_verify(pw, pass, auth) struct passwd *pw; diff --git a/auth/aix_auth.c b/auth/aix_auth.c index 853ceb8..919fa99 100644 --- a/auth/aix_auth.c +++ b/auth/aix_auth.c @@ -46,10 +46,6 @@ #include "sudo.h" #include "sudo_auth.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: aix_auth.c,v 1.27 2009/05/25 12:02:42 millert Exp $"; -#endif /* lint */ - /* * For a description of the AIX authentication API, see * http://publib16.boulder.ibm.com/doc_link/en_US/a_doc_lib/libs/basetrf1/authenticate.htm diff --git a/auth/bsdauth.c b/auth/bsdauth.c index aae7fd6..f70e90b 100644 --- a/auth/bsdauth.c +++ b/auth/bsdauth.c @@ -51,10 +51,6 @@ #include "sudo.h" #include "sudo_auth.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: bsdauth.c,v 1.23 2008/11/09 14:13:13 millert Exp $"; -#endif /* lint */ - extern char *login_style; /* from sudo.c */ int diff --git a/auth/dce.c b/auth/dce.c index f8ddcba..943e064 100644 --- a/auth/dce.c +++ b/auth/dce.c @@ -64,10 +64,6 @@ #include "sudo.h" #include "sudo_auth.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: dce.c,v 1.14 2005/02/12 22:56:07 millert Exp $"; -#endif /* lint */ - static int check_dce_status __P((error_status_t, char *)); int diff --git a/auth/fwtk.c b/auth/fwtk.c index d09b132..853fc3b 100644 --- a/auth/fwtk.c +++ b/auth/fwtk.c @@ -49,10 +49,6 @@ #include "sudo.h" #include "sudo_auth.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: fwtk.c,v 1.29 2008/11/09 14:13:13 millert Exp $"; -#endif /* lint */ - int fwtk_init(pw, promptp, auth) struct passwd *pw; diff --git a/auth/kerb4.c b/auth/kerb4.c index 2f6c109..4b3e381 100644 --- a/auth/kerb4.c +++ b/auth/kerb4.c @@ -47,10 +47,6 @@ #include "sudo.h" #include "sudo_auth.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: kerb4.c,v 1.16 2008/11/09 14:13:13 millert Exp $"; -#endif /* lint */ - int kerb4_init(pw, promptp, auth) struct passwd *pw; diff --git a/auth/kerb5.c b/auth/kerb5.c index fd43950..d03bd9a 100644 --- a/auth/kerb5.c +++ b/auth/kerb5.c @@ -53,10 +53,6 @@ #include "sudo.h" #include "sudo_auth.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: kerb5.c,v 1.37 2009/11/03 14:51:20 millert Exp $"; -#endif /* lint */ - #ifdef HAVE_HEIMDAL # define extract_name(c, p) krb5_principal_get_comp_string(c, p, 1) # define krb5_free_data_contents(c, d) krb5_data_free(d) diff --git a/auth/pam.c b/auth/pam.c index b03a1f7..f4269b8 100644 --- a/auth/pam.c +++ b/auth/pam.c @@ -72,10 +72,6 @@ # define PAM_CONST #endif -#ifndef lint -__unused static const char rcsid[] = "$Sudo: pam.c,v 1.69 2009/08/07 14:21:51 millert Exp $"; -#endif /* lint */ - static int sudo_conv __P((int, PAM_CONST struct pam_message **, struct pam_response **, void *)); static char *def_prompt = "Password:"; diff --git a/auth/passwd.c b/auth/passwd.c index 7746a70..e351306 100644 --- a/auth/passwd.c +++ b/auth/passwd.c @@ -46,10 +46,6 @@ #include "sudo.h" #include "sudo_auth.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: passwd.c,v 1.17 2005/02/12 22:56:07 millert Exp $"; -#endif /* lint */ - #define DESLEN 13 #define HAS_AGEINFO(p, l) (l == 18 && p[DESLEN] == ',') diff --git a/auth/rfc1938.c b/auth/rfc1938.c index 8da824b..1769e6f 100644 --- a/auth/rfc1938.c +++ b/auth/rfc1938.c @@ -63,10 +63,6 @@ #include "sudo.h" #include "sudo_auth.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: rfc1938.c,v 1.20 2005/02/12 22:56:07 millert Exp $"; -#endif /* lint */ - int rfc1938_setup(pw, promptp, auth) struct passwd *pw; diff --git a/auth/secureware.c b/auth/secureware.c index d398a60..d217127 100644 --- a/auth/secureware.c +++ b/auth/secureware.c @@ -53,10 +53,6 @@ #include "sudo.h" #include "sudo_auth.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: secureware.c,v 1.13 2005/02/12 22:56:07 millert Exp $"; -#endif /* lint */ - int secureware_init(pw, promptp, auth) struct passwd *pw; diff --git a/auth/securid.c b/auth/securid.c index 8ec7bbe..4edddb4 100644 --- a/auth/securid.c +++ b/auth/securid.c @@ -53,10 +53,6 @@ #include "sudo.h" #include "sudo_auth.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: securid.c,v 1.18 2008/11/09 14:13:13 millert Exp $"; -#endif /* lint */ - union config_record configure; int diff --git a/auth/securid5.c b/auth/securid5.c index db254c2..b59bf8f 100644 --- a/auth/securid5.c +++ b/auth/securid5.c @@ -55,10 +55,6 @@ #include "sudo.h" #include "sudo_auth.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: securid5.c,v 1.13 2008/11/09 14:13:13 millert Exp $"; -#endif /* lint */ - /* * securid_init - Initialises communications with ACE server * Arguments in: diff --git a/auth/sia.c b/auth/sia.c index 852e8c7..1f919f4 100644 --- a/auth/sia.c +++ b/auth/sia.c @@ -49,10 +49,6 @@ #include "sudo.h" #include "sudo_auth.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: sia.c,v 1.19 2008/11/09 14:13:13 millert Exp $"; -#endif /* lint */ - static int sudo_collect __P((int, int, uchar_t *, int, prompt_t *)); static char *def_prompt; diff --git a/auth/sudo_auth.c b/auth/sudo_auth.c index fa1419f..58a079b 100644 --- a/auth/sudo_auth.c +++ b/auth/sudo_auth.c @@ -52,10 +52,6 @@ #include "sudo_auth.h" #include "insults.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: sudo_auth.c,v 1.40 2009/05/25 12:02:42 millert Exp $"; -#endif /* lint */ - sudo_auth auth_switch[] = { #ifdef AUTH_STANDALONE AUTH_STANDALONE diff --git a/auth/sudo_auth.h b/auth/sudo_auth.h index 42ac49b..a4efe14 100644 --- a/auth/sudo_auth.h +++ b/auth/sudo_auth.h @@ -12,8 +12,6 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Sudo: sudo_auth.h,v 1.29 2009/05/25 12:02:42 millert Exp $ */ #ifndef SUDO_AUTH_H diff --git a/check.c b/check.c index bdce34e..817e406 100644 --- a/check.c +++ b/check.c @@ -58,10 +58,6 @@ #include "sudo.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: check.c,v 1.247 2009/05/25 12:02:41 millert Exp $"; -#endif /* lint */ - /* Status codes for timestamp_status() */ #define TS_CURRENT 0 #define TS_OLD 1 diff --git a/closefrom.c b/closefrom.c index 0f043f4..fb9958e 100644 --- a/closefrom.c +++ b/closefrom.c @@ -49,10 +49,6 @@ #include "sudo.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: closefrom.c,v 1.14 2008/11/09 14:13:12 millert Exp $"; -#endif /* lint */ - #ifndef HAVE_FCNTL_CLOSEM # ifndef HAVE_DIRFD # define closefrom_fallback closefrom diff --git a/compat.h b/compat.h index 39fcdd7..2d5f76a 100644 --- a/compat.h +++ b/compat.h @@ -17,8 +17,6 @@ * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. - * - * $Sudo: compat.h,v 1.90 2008/11/09 14:13:12 millert Exp $ */ #ifndef _SUDO_COMPAT_H diff --git a/configure b/configure index 06d55dc..95f96c4 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.61 for sudo 1.7.2p5. +# Generated by GNU Autoconf 2.61 for sudo 1.7.2p6. # # Report bugs to . # @@ -724,8 +724,8 @@ SHELL=${CONFIG_SHELL-/bin/sh} # Identity of this package. PACKAGE_NAME='sudo' PACKAGE_TARNAME='sudo' -PACKAGE_VERSION='1.7.2p5' -PACKAGE_STRING='sudo 1.7.2p5' +PACKAGE_VERSION='1.7.2p6' +PACKAGE_STRING='sudo 1.7.2p6' PACKAGE_BUGREPORT='http://www.sudo.ws/bugs/' # Factoring default headers for most tests. @@ -1417,7 +1417,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures sudo 1.7.2p5 to adapt to many kinds of systems. +\`configure' configures sudo 1.7.2p6 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1482,7 +1482,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of sudo 1.7.2p5:";; + short | recursive ) echo "Configuration of sudo 1.7.2p6:";; esac cat <<\_ACEOF @@ -1684,7 +1684,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -sudo configure 1.7.2p5 +sudo configure 1.7.2p6 generated by GNU Autoconf 2.61 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -1698,7 +1698,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by sudo $as_me 1.7.2p5, which was +It was created by sudo $as_me 1.7.2p6, which was generated by GNU Autoconf 2.61. Invocation command line was $ $0 $@ @@ -15831,6 +15831,7 @@ LIBS=$ac_save_LIBS + for ac_func in strchr strrchr memchr memcpy memset sysconf tzset \ strftime setrlimit initgroups getgroups fstat gettimeofday \ setlocale getaddrinfo setsid setenv setrlimit64 @@ -22883,9 +22884,9 @@ if test ${with_ldap-'no'} != "no"; then CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include" with_ldap=yes - LDAP="" fi SUDO_OBJS="${SUDO_OBJS} ldap.o" + LDAP="" { echo "$as_me:$LINENO: checking for LDAP libraries" >&5 echo $ECHO_N "checking for LDAP libraries... $ECHO_C" >&6; } @@ -24558,7 +24559,7 @@ exec 6>&1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by sudo $as_me 1.7.2p5, which was +This file was extended by sudo $as_me 1.7.2p6, which was generated by GNU Autoconf 2.61. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -24607,7 +24608,7 @@ Report bugs to ." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -sudo config.status 1.7.2p5 +sudo config.status 1.7.2p6 configured by $0, generated by GNU Autoconf 2.61, with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" diff --git a/configure.in b/configure.in index 81302b5..0c08180 100644 --- a/configure.in +++ b/configure.in @@ -1,10 +1,9 @@ dnl dnl Process this file with GNU autoconf to produce a configure script. -dnl $Sudo: configure.in,v 1.549 2009/06/13 20:52:50 millert Exp $ dnl dnl Copyright (c) 1994-1996,1998-2010 Todd C. Miller dnl -AC_INIT([sudo], [1.7.2p5], [http://www.sudo.ws/bugs/], [sudo]) +AC_INIT([sudo], [1.7.2p6], [http://www.sudo.ws/bugs/], [sudo]) AC_CONFIG_HEADER(config.h pathnames.h) dnl dnl This won't work before AC_INIT @@ -2445,9 +2444,9 @@ if test ${with_ldap-'no'} != "no"; then SUDO_APPEND_LIBPATH(LDFLAGS, [${with_ldap}/lib]) CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include" with_ldap=yes - LDAP="" fi SUDO_OBJS="${SUDO_OBJS} ldap.o" + LDAP="" AC_MSG_CHECKING([for LDAP libraries]) LDAP_LIBS="" diff --git a/defaults.c b/defaults.c index 376fef7..3b07661 100644 --- a/defaults.c +++ b/defaults.c @@ -49,10 +49,6 @@ #include "parse.h" #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: defaults.c,v 1.73 2008/11/09 14:13:12 millert Exp $"; -#endif /* lint */ - /* * For converting between syslog numbers and strings. */ diff --git a/defaults.h b/defaults.h index aac0136..0035e95 100644 --- a/defaults.h +++ b/defaults.h @@ -17,8 +17,6 @@ * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. - * - * $Sudo: defaults.h,v 1.33 2008/11/09 14:13:12 millert Exp $ */ #ifndef _SUDO_DEFAULTS_H diff --git a/emul/charclass.h b/emul/charclass.h index bbe1d9e..15463ff 100644 --- a/emul/charclass.h +++ b/emul/charclass.h @@ -12,8 +12,6 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Sudo: charclass.h,v 1.3 2008/12/09 20:55:50 millert Exp $ */ /* diff --git a/emul/timespec.h b/emul/timespec.h index 2951842..681c523 100644 --- a/emul/timespec.h +++ b/emul/timespec.h @@ -12,8 +12,6 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Sudo: timespec.h,v 1.1 2005/06/23 03:04:35 millert Exp $ */ #ifndef _SUDO_TIMESPEC_H diff --git a/env.c b/env.c index 3049dff..88e6553 100644 --- a/env.c +++ b/env.c @@ -49,10 +49,6 @@ #include "sudo.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: env.c,v 1.106 2009/06/23 18:24:42 millert Exp $"; -#endif /* lint */ - /* * Flags used in rebuild_env() */ diff --git a/error.c b/error.c index 6f8149b..317f105 100644 --- a/error.c +++ b/error.c @@ -23,10 +23,6 @@ #include #include "error.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: error.c,v 1.7 2005/11/18 01:39:58 millert Exp $"; -#endif /* lint */ - static void _warning __P((int, const char *, va_list)); void cleanup __P((int)); diff --git a/error.h b/error.h index e8d7b77..5ac3076 100644 --- a/error.h +++ b/error.h @@ -12,8 +12,6 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Sudo: error.h,v 1.2 2004/11/19 17:32:25 millert Exp $ */ #ifndef _SUDO_ERROR_H_ diff --git a/fileops.c b/fileops.c index 40cc860..5e9d31d 100644 --- a/fileops.c +++ b/fileops.c @@ -53,10 +53,6 @@ # define LINE_MAX 2048 #endif -#ifndef lint -__unused static const char rcsid[] = "$Sudo: fileops.c,v 1.19 2009/05/25 12:02:41 millert Exp $"; -#endif /* lint */ - /* * Update the access and modify times on an fd or file. */ diff --git a/find_path.c b/find_path.c index 673cd0d..22ff607 100644 --- a/find_path.c +++ b/find_path.c @@ -45,10 +45,6 @@ #include "sudo.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: find_path.c,v 1.115 2005/03/29 14:29:46 millert Exp $"; -#endif /* lint */ - /* * This function finds the full pathname for a command and * stores it in a statically allocated array, filling in a pointer @@ -126,7 +122,10 @@ find_path(infile, outfile, sbp, path) * Check current dir if dot was in the PATH */ if (!result && checkdot) { - result = sudo_goodpath(infile, sbp); + len = snprintf(command, sizeof(command), "./%s", infile); + if (len <= 0 || len >= sizeof(command)) + errorx(1, "%s: File name too long", infile); + result = sudo_goodpath(command, sbp); if (result && def_ignore_dot) return(NOT_FOUND_DOT); } diff --git a/getcwd.c b/getcwd.c index 6b5588a..daa6b4d 100644 --- a/getcwd.c +++ b/getcwd.c @@ -78,10 +78,6 @@ (dp->d_name[0] == '.' && (dp->d_name[1] == '\0' || \ (dp->d_name[1] == '.' && dp->d_name[2] == '\0'))) -#ifndef lint -__unused static const char rcsid[] = "$Sudo: getcwd.c,v 1.28 2005/02/08 03:55:42 millert Exp $"; -#endif /* lint */ - char * getcwd(pt, size) char *pt; diff --git a/getprogname.c b/getprogname.c index bd06d0e..f269405 100644 --- a/getprogname.c +++ b/getprogname.c @@ -24,10 +24,6 @@ #include #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: getprogname.c,v 1.7 2005/02/12 22:56:06 millert Exp $"; -#endif /* lint */ - const char * getprogname() { diff --git a/getspwuid.c b/getspwuid.c index c6848a7..8c07d15 100644 --- a/getspwuid.c +++ b/getspwuid.c @@ -70,10 +70,6 @@ #include "sudo.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: getspwuid.c,v 1.78 2005/02/12 22:56:06 millert Exp $"; -#endif /* lint */ - /* * Exported for auth/secureware.c */ diff --git a/gettime.c b/gettime.c index c864c9b..f6de475 100644 --- a/gettime.c +++ b/gettime.c @@ -28,10 +28,6 @@ #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: gettime.c,v 1.8 2008/11/09 14:13:12 millert Exp $"; -#endif /* lint */ - /* * Get the current time via gettimeofday() for systems with * timespecs in struct stat or, otherwise, using time(). diff --git a/goodpath.c b/goodpath.c index 1529404..258bc89 100644 --- a/goodpath.c +++ b/goodpath.c @@ -38,10 +38,6 @@ #include "sudo.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: goodpath.c,v 1.44 2005/02/12 22:56:06 millert Exp $"; -#endif /* lint */ - /* * Verify that path is a normal file and executable by root. */ diff --git a/gram.c b/gram.c index bcbf25e..775a358 100644 --- a/gram.c +++ b/gram.c @@ -72,10 +72,6 @@ static char yyrcsid[] #include "sudo.h" #include "parse.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: gram.c,v 1.35 2009/04/18 23:25:08 millert Exp $"; -#endif /* lint */ - /* * We must define SIZE_MAX for yacc's skeleton.c. * If there is no SIZE_MAX or SIZE_T_MAX we have to assume that size_t diff --git a/gram.y b/gram.y index 9ab395b..dce99b0 100644 --- a/gram.y +++ b/gram.y @@ -53,10 +53,6 @@ #include "sudo.h" #include "parse.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: gram.y,v 1.36 2009/05/25 12:02:41 millert Exp $"; -#endif /* lint */ - /* * We must define SIZE_MAX for yacc's skeleton.c. * If there is no SIZE_MAX or SIZE_T_MAX we have to assume that size_t diff --git a/ins_2001.h b/ins_2001.h index 8e3ff46..63a5d64 100644 --- a/ins_2001.h +++ b/ins_2001.h @@ -12,8 +12,6 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Sudo: ins_2001.h,v 1.29 2004/02/13 21:36:43 millert Exp $ */ #ifndef _SUDO_INS_2001_H diff --git a/ins_classic.h b/ins_classic.h index 4321f64..b1942bd 100644 --- a/ins_classic.h +++ b/ins_classic.h @@ -12,8 +12,6 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Sudo: ins_classic.h,v 1.30 2004/02/13 21:36:43 millert Exp $ */ #ifndef _SUDO_INS_CLASSIC_H diff --git a/ins_csops.h b/ins_csops.h index e94d8ae..20e9b02 100644 --- a/ins_csops.h +++ b/ins_csops.h @@ -13,8 +13,6 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Sudo: ins_csops.h,v 1.30 2008/11/09 14:13:12 millert Exp $ */ #ifndef _SUDO_INS_CSOPS_H diff --git a/ins_goons.h b/ins_goons.h index d938321..16a262a 100644 --- a/ins_goons.h +++ b/ins_goons.h @@ -12,8 +12,6 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Sudo: ins_goons.h,v 1.29 2004/02/13 21:36:43 millert Exp $ */ #ifndef _SUDO_INS_GOONS_H diff --git a/install-sh b/install-sh index 6dcd300..cf3081f 100755 --- a/install-sh +++ b/install-sh @@ -1,7 +1,7 @@ #! /bin/sh ## (From INN-1.4, written by Rich Salz) -## $Revision: 1.10 $ +## $Revision$ ## A script to install files and directories. PROGNAME=`basename $0` diff --git a/insults.h b/insults.h index 113fe36..bdb3fc6 100644 --- a/insults.h +++ b/insults.h @@ -13,8 +13,6 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Sudo: insults.h,v 1.47 2008/11/09 14:13:12 millert Exp $ */ #ifndef _SUDO_INSULTS_H diff --git a/interfaces.c b/interfaces.c index 6272704..eed0753 100644 --- a/interfaces.c +++ b/interfaces.c @@ -84,10 +84,6 @@ struct rtentry; #include "sudo.h" #include "interfaces.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: interfaces.c,v 1.87 2009/05/25 12:02:41 millert Exp $"; -#endif /* lint */ - /* Minix apparently lacks IFF_LOOPBACK */ #ifndef IFF_LOOPBACK # define IFF_LOOPBACK 0 diff --git a/interfaces.h b/interfaces.h index d4d4dd0..b9591af 100644 --- a/interfaces.h +++ b/interfaces.h @@ -17,8 +17,6 @@ * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. - * - * $Sudo: interfaces.h,v 1.12 2008/11/09 14:13:12 millert Exp $ */ #ifndef _SUDO_INTERFACES_H diff --git a/isblank.c b/isblank.c index 02b15fe..e6ad58d 100644 --- a/isblank.c +++ b/isblank.c @@ -17,10 +17,6 @@ #include #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: isblank.c,v 1.1 2008/11/06 00:05:24 millert Exp $"; -#endif /* lint */ - #undef isblank int isblank(ch) diff --git a/lbuf.c b/lbuf.c index 9e6bf0d..5f9d766 100644 --- a/lbuf.c +++ b/lbuf.c @@ -52,10 +52,6 @@ #include "sudo.h" #include "lbuf.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: lbuf.c,v 1.9 2009/05/25 12:02:41 millert Exp $"; -#endif /* lint */ - #if !defined(TIOCGSIZE) && defined(TIOCGWINSZ) # define TIOCGSIZE TIOCGWINSZ # define ttysize winsize diff --git a/lbuf.h b/lbuf.h index 4633dee..fbc9fdc 100644 --- a/lbuf.h +++ b/lbuf.h @@ -14,8 +14,6 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * $Sudo: lbuf.h,v 1.2 2007/08/22 22:31:07 millert Exp $" */ #ifndef _SUDO_LBUF_H diff --git a/ldap.c b/ldap.c index 33e6506..94ea4cb 100644 --- a/ldap.c +++ b/ldap.c @@ -81,10 +81,6 @@ #include "parse.h" #include "lbuf.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: ldap.c,v 1.108 2009/05/29 13:43:12 millert Exp $"; -#endif /* lint */ - #ifndef LDAP_OPT_SUCCESS # define LDAP_OPT_SUCCESS LDAP_SUCCESS #endif diff --git a/list.c b/list.c index 2e6482a..60c1138 100644 --- a/list.c +++ b/list.c @@ -31,10 +31,6 @@ #include "sudo.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: list.c,v 1.6 2008/11/09 14:13:12 millert Exp $"; -#endif /* lint */ - struct list_proto { struct list_proto *prev; struct list_proto *next; diff --git a/list.h b/list.h index ddf610a..17aab41 100644 --- a/list.h +++ b/list.h @@ -12,8 +12,6 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Sudo: list.h,v 1.3 2007/09/11 19:42:48 millert Exp $ */ #ifndef _SUDO_LIST_H diff --git a/logging.c b/logging.c index 44df374..9a651ad 100644 --- a/logging.c +++ b/logging.c @@ -57,10 +57,6 @@ #include "sudo.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: logging.c,v 1.205 2009/05/25 12:02:41 millert Exp $"; -#endif /* lint */ - static void do_syslog __P((int, char *)); static void do_logfile __P((char *)); static void send_mail __P((char *)); diff --git a/logging.h b/logging.h index d65a8ab..e8e5d8b 100644 --- a/logging.h +++ b/logging.h @@ -13,8 +13,6 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Sudo: logging.h,v 1.15 2009/05/25 12:02:41 millert Exp $ */ #ifndef _LOGGING_H diff --git a/match.c b/match.c index 7d707a4..71fa822 100644 --- a/match.c +++ b/match.c @@ -93,10 +93,6 @@ # include "nonunix.h" #endif /* USING_NONUNIX_GROUPS */ -#ifndef lint -__unused static const char rcsid[] = "$Sudo: match.c,v 1.48 2009/11/23 15:56:14 millert Exp $"; -#endif /* lint */ - static struct member_list empty; static int command_matches_dir __P((char *, size_t)); @@ -469,7 +465,7 @@ command_matches_glob(sudoers_cmnd, sudoers_args) * else return false. */ #define GLOB_FLAGS (GLOB_NOSORT | GLOB_MARK | GLOB_BRACE | GLOB_TILDE) - if (glob(sudoers_cmnd, GLOB_FLAGS, NULL, &gl) != 0) { + if (glob(sudoers_cmnd, GLOB_FLAGS, NULL, &gl) != 0 || gl.gl_pathc == 0) { globfree(&gl); return(FALSE); } diff --git a/memrchr.c b/memrchr.c index f66f8a0..35e07de 100644 --- a/memrchr.c +++ b/memrchr.c @@ -18,13 +18,6 @@ #include #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: memrchr.c,v 1.4 2007/11/27 17:13:03 millert Exp $"; -#endif /* lint */ - -#include -#include - /* * Reverse memchr() * Find the last occurrence of 'c' in the buffer 's' of size 'n'. diff --git a/mkinstalldirs b/mkinstalldirs index ce51f6e..0330343 100755 --- a/mkinstalldirs +++ b/mkinstalldirs @@ -4,8 +4,6 @@ # Created: 1993-05-16 # Public domain -# $Sudo: mkinstalldirs,v 1.5 2003/04/03 15:16:22 millert Exp $ - umask 022 errstatus=0 dirmode="" diff --git a/mkstemp.c b/mkstemp.c index 1c9b6d4..8a61087 100644 --- a/mkstemp.c +++ b/mkstemp.c @@ -31,10 +31,6 @@ #include "sudo.h" -#ifndef lint -static const char rcsid[] = "$Sudo: mkstemp.c,v 1.2 2008/08/20 11:40:15 millert Exp $"; -#endif /* not lint */ - static unsigned int get_random __P((void)); static void seed_random __P((void)); diff --git a/parse.c b/parse.c index 818641d..61a88f4 100644 --- a/parse.c +++ b/parse.c @@ -48,10 +48,6 @@ #include "lbuf.h" #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: parse.c,v 1.242 2009/05/25 12:02:41 millert Exp $"; -#endif /* lint */ - /* Characters that must be quoted in sudoers */ #define SUDOERS_QUOTED ":\\,=#\"" diff --git a/parse.h b/parse.h index 991856f..501e5f7 100644 --- a/parse.h +++ b/parse.h @@ -13,8 +13,6 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Sudo: parse.h,v 1.49 2009/05/25 12:02:41 millert Exp $ */ #ifndef _SUDO_PARSE_H diff --git a/pathnames.h.in b/pathnames.h.in index be46f90..aec34eb 100644 --- a/pathnames.h.in +++ b/pathnames.h.in @@ -17,8 +17,6 @@ * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. - * - * $Sudo: pathnames.h.in,v 1.65 2009/05/25 12:02:41 millert Exp $ */ /* diff --git a/pwutil.c b/pwutil.c index bbc3174..29471b6 100644 --- a/pwutil.c +++ b/pwutil.c @@ -52,10 +52,6 @@ #include "sudo.h" #include "redblack.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: pwutil.c,v 1.23 2009/05/25 12:02:41 millert Exp $"; -#endif /* lint */ - #ifdef MYPW extern void (*my_setgrent) __P((void)); extern void (*my_endgrent) __P((void)); diff --git a/redblack.c b/redblack.c index ac8ea2d..95ac095 100644 --- a/redblack.c +++ b/redblack.c @@ -57,10 +57,6 @@ #include "sudo.h" #include "redblack.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: redblack.c,v 1.12 2009/06/29 13:36:20 millert Exp $"; -#endif /* lint */ - static void rbrepair __P((struct rbtree *, struct rbnode *)); static void rotate_left __P((struct rbtree *, struct rbnode *)); static void rotate_right __P((struct rbtree *, struct rbnode *)); diff --git a/redblack.h b/redblack.h index 8c7ead7..b1938ca 100644 --- a/redblack.h +++ b/redblack.h @@ -12,8 +12,6 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Sudo: redblack.h,v 1.4 2008/11/09 14:13:12 millert Exp $ */ #ifndef _SUDO_REDBLACK_H diff --git a/sample.pam b/sample.pam index b603a84..d56e712 100644 --- a/sample.pam +++ b/sample.pam @@ -6,8 +6,6 @@ # There are two basic ways to configure PAM, either via pam_stack # or by explicitly specifying the various methods to use. # -# $Sudo: sample.pam,v 1.3 2004/10/01 14:58:15 millert Exp $ -# # Here we use pam_stack auth required pam_stack.so service=system-auth account required pam_stack.so service=system-auth diff --git a/sample.sudoers b/sample.sudoers index 220df7f..0ef1579 100644 --- a/sample.sudoers +++ b/sample.sudoers @@ -4,8 +4,6 @@ # This file MUST be edited with the 'visudo' command as root. # # See the sudoers man page for the details on how to write a sudoers file. -# -# $Sudo: sample.sudoers,v 1.29 2008/10/03 19:55:57 millert Exp $ ## # Override built-in defaults diff --git a/sample.syslog.conf b/sample.syslog.conf index 90e2c61..2effbab 100644 --- a/sample.syslog.conf +++ b/sample.syslog.conf @@ -16,8 +16,6 @@ # Syslogd will not create new log files for you, you must first # create the file before syslogd will log to it. Eg. # 'touch /var/log/sudo' -# -# $Sudo: sample.syslog.conf,v 1.3 2004/10/01 14:58:15 millert Exp $ # This logs successful and failed sudo attempts to the file /var/log/sudo local2.debug /var/log/sudo diff --git a/selinux.c b/selinux.c index 05ac1a0..406c74d 100644 --- a/selinux.c +++ b/selinux.c @@ -48,10 +48,6 @@ #include "sudo.h" #include "pathnames.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: selinux.c,v 1.5 2008/02/22 20:33:00 millert Exp $"; -#endif /* lint */ - /* * This function attempts to revert the relabeling done to the tty. * fd - referencing the opened ttyn diff --git a/sesh.c b/sesh.c index 715980e..3195e25 100644 --- a/sesh.c +++ b/sesh.c @@ -29,10 +29,6 @@ #include "compat.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: sesh.c,v 1.1 2008/02/09 14:30:06 millert Exp $"; -#endif /* lint */ - int main (int argc, char **argv) { diff --git a/set_perms.c b/set_perms.c index 4417330..244bc40 100644 --- a/set_perms.c +++ b/set_perms.c @@ -51,10 +51,6 @@ #include "sudo.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: set_perms.c,v 1.49 2009/06/25 12:44:33 millert Exp $"; -#endif /* lint */ - #ifdef __TANDEM # define ROOT_UID 65535 #else diff --git a/sigaction.c b/sigaction.c index 3af91c5..e34d471 100644 --- a/sigaction.c +++ b/sigaction.c @@ -23,10 +23,6 @@ #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: sigaction.c,v 1.7 2005/02/12 22:56:06 millert Exp $"; -#endif /* lint */ - int sigaction(signo, sa, osa) int signo; diff --git a/snprintf.c b/snprintf.c index e9410c0..7ad4774 100644 --- a/snprintf.c +++ b/snprintf.c @@ -78,10 +78,6 @@ #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: snprintf.c,v 1.22 2008/11/09 14:13:12 millert Exp $"; -#endif /* lint */ - static int xxxprintf __P((char **, size_t, int, const char *, va_list)); /* diff --git a/strcasecmp.c b/strcasecmp.c index fa47bd3..d14fdfb 100644 --- a/strcasecmp.c +++ b/strcasecmp.c @@ -18,10 +18,6 @@ #include #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: strcasecmp.c,v 1.7 2005/02/12 22:56:06 millert Exp $"; -#endif /* lint */ - /* * Case insensitive string compare routines, same semantics as str[n]cmp() * (assumes ASCII..). diff --git a/strerror.c b/strerror.c index 1e0267c..cacd3f6 100644 --- a/strerror.c +++ b/strerror.c @@ -24,10 +24,6 @@ #include #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: strerror.c,v 1.11 2005/02/12 22:56:06 millert Exp $"; -#endif /* lint */ - /* * Map errno -> error string. */ diff --git a/strlcat.c b/strlcat.c index 2084bdd..97a803b 100644 --- a/strlcat.c +++ b/strlcat.c @@ -22,10 +22,6 @@ #include #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: strlcat.c,v 1.7 2005/02/12 22:56:06 millert Exp $"; -#endif /* lint */ - /* * Appends src to string dst of size siz (unlike strncat, siz is the diff --git a/strlcpy.c b/strlcpy.c index b03316d..8d301c3 100644 --- a/strlcpy.c +++ b/strlcpy.c @@ -21,10 +21,6 @@ #include #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: strlcpy.c,v 1.7 2005/02/12 22:56:06 millert Exp $"; -#endif /* lint */ - /* * Copy src to string dst of size siz. At most siz-1 characters * will be copied. Always NUL terminates (unless siz == 0). diff --git a/sudo.c b/sudo.c index 27af77a..b9a7031 100644 --- a/sudo.c +++ b/sudo.c @@ -104,10 +104,6 @@ # include "nonunix.h" #endif -#ifndef lint -__unused static const char rcsid[] = "$Sudo: sudo.c,v 1.517 2009/05/27 00:49:07 millert Exp $"; -#endif /* lint */ - /* * Prototypes */ @@ -540,7 +536,7 @@ main(argc, argv, envp) sudo_endpwent(); sudo_endgrent(); - closefrom(def_closefrom + 1); + closefrom(def_closefrom); #ifndef PROFILING if (ISSET(sudo_mode, MODE_BACKGROUND) && fork() > 0) { diff --git a/sudo.cat b/sudo.cat index 8ec4445..688e09c 100644 --- a/sudo.cat +++ b/sudo.cat @@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN -1.7.2p5 February 22, 2010 1 +1.7.2p6 March 3, 2010 1 @@ -127,7 +127,7 @@ OOPPTTIIOONNSS -1.7.2p5 February 22, 2010 2 +1.7.2p6 March 3, 2010 2 @@ -193,7 +193,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -1.7.2p5 February 22, 2010 3 +1.7.2p6 March 3, 2010 3 @@ -259,7 +259,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -1.7.2p5 February 22, 2010 4 +1.7.2p6 March 3, 2010 4 @@ -325,7 +325,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -1.7.2p5 February 22, 2010 5 +1.7.2p6 March 3, 2010 5 @@ -391,7 +391,7 @@ SSEECCUURRIITTYY NNOOTTEESS -1.7.2p5 February 22, 2010 6 +1.7.2p6 March 3, 2010 6 @@ -457,7 +457,7 @@ EENNVVIIRROONNMMEENNTT -1.7.2p5 February 22, 2010 7 +1.7.2p6 March 3, 2010 7 @@ -523,7 +523,7 @@ EEXXAAMMPPLLEESS -1.7.2p5 February 22, 2010 8 +1.7.2p6 March 3, 2010 8 @@ -589,7 +589,7 @@ CCAAVVEEAATTSS -1.7.2p5 February 22, 2010 9 +1.7.2p6 March 3, 2010 9 @@ -655,6 +655,6 @@ DDIISSCCLLAAIIMMEERR -1.7.2p5 February 22, 2010 10 +1.7.2p6 March 3, 2010 10 diff --git a/sudo.h b/sudo.h index afb4e4e..20e0476 100644 --- a/sudo.h +++ b/sudo.h @@ -17,8 +17,6 @@ * Sponsored in part by the Defense Advanced Research Projects * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. - * - * $Sudo: sudo.h,v 1.273 2009/05/25 12:02:41 millert Exp $ */ #ifndef _SUDO_SUDO_H diff --git a/sudo.man.in b/sudo.man.in index c0f9f1f..b4a53ce 100644 --- a/sudo.man.in +++ b/sudo.man.in @@ -18,7 +18,6 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.\" $Sudo: sudo.pod,v 1.125 2009/09/25 00:31:35 millert Exp $ .\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: @@ -145,7 +144,7 @@ .\" ======================================================================== .\" .IX Title "SUDO @mansectsu@" -.TH SUDO @mansectsu@ "February 22, 2010" "1.7.2p5" "MAINTENANCE COMMANDS" +.TH SUDO @mansectsu@ "March 3, 2010" "1.7.2p6" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/sudo.pod b/sudo.pod index 3904992..d17ed59 100644 --- a/sudo.pod +++ b/sudo.pod @@ -18,7 +18,6 @@ Sponsored in part by the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F39502-99-1-0512. -$Sudo: sudo.pod,v 1.125 2009/09/25 00:31:35 millert Exp $ =pod =head1 NAME diff --git a/sudo_edit.c b/sudo_edit.c index d6a4da6..04d5d74 100644 --- a/sudo_edit.c +++ b/sudo_edit.c @@ -55,10 +55,6 @@ #include "sudo.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: sudo_edit.c,v 1.39 2009/09/30 13:50:58 millert Exp $"; -#endif /* lint */ - extern sigaction_t saved_sa_int, saved_sa_quit, saved_sa_tstp; extern char **environ; diff --git a/sudo_noexec.c b/sudo_noexec.c index 084000a..eff07b9 100644 --- a/sudo_noexec.c +++ b/sudo_noexec.c @@ -28,10 +28,6 @@ #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: sudo_noexec.c,v 1.12 2005/03/12 23:43:40 millert Exp $"; -#endif /* lint */ - /* * Dummy versions of the execve() family of syscalls. We don't need * to stub out all of them, just the ones that correspond to actual diff --git a/sudo_nss.c b/sudo_nss.c index 138c0e2..4dcdf2c 100644 --- a/sudo_nss.c +++ b/sudo_nss.c @@ -44,10 +44,6 @@ #include "sudo.h" #include "lbuf.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: sudo_nss.c,v 1.8 2009/05/25 12:02:41 millert Exp $"; -#endif /* lint */ - extern struct sudo_nss sudo_nss_file; #ifdef HAVE_LDAP extern struct sudo_nss sudo_nss_ldap; diff --git a/sudo_nss.h b/sudo_nss.h index 1822465..f036add 100644 --- a/sudo_nss.h +++ b/sudo_nss.h @@ -12,8 +12,6 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Sudo: sudo_nss.h,v 1.7 2009/05/25 12:02:42 millert Exp $ */ struct lbuf; diff --git a/sudo_usage.h.in b/sudo_usage.h.in index e310b0c..4c0e8f2 100644 --- a/sudo_usage.h.in +++ b/sudo_usage.h.in @@ -14,8 +14,6 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * $Sudo: sudo_usage.h.in,v 1.10 2009/05/25 12:02:42 millert Exp $ */ #ifndef _SUDO_USAGE_H diff --git a/sudoers.cat b/sudoers.cat index 1187fb4..97ad5ad 100644 --- a/sudoers.cat +++ b/sudoers.cat @@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN -1.7.2p5 February 22, 2010 1 +1.7.2p6 April 7, 2010 1 @@ -127,7 +127,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p5 February 22, 2010 2 +1.7.2p6 April 7, 2010 2 @@ -193,7 +193,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p5 February 22, 2010 3 +1.7.2p6 April 7, 2010 3 @@ -259,7 +259,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p5 February 22, 2010 4 +1.7.2p6 April 7, 2010 4 @@ -325,7 +325,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p5 February 22, 2010 5 +1.7.2p6 April 7, 2010 5 @@ -391,7 +391,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p5 February 22, 2010 6 +1.7.2p6 April 7, 2010 6 @@ -457,7 +457,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p5 February 22, 2010 7 +1.7.2p6 April 7, 2010 7 @@ -523,7 +523,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p5 February 22, 2010 8 +1.7.2p6 April 7, 2010 8 @@ -589,7 +589,7 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS -1.7.2p5 February 22, 2010 9 +1.7.2p6 April 7, 2010 9 @@ -655,7 +655,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p5 February 22, 2010 10 +1.7.2p6 April 7, 2010 10 @@ -721,7 +721,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p5 February 22, 2010 11 +1.7.2p6 April 7, 2010 11 @@ -787,7 +787,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.2p5 February 22, 2010 12 +1.7.2p6 April 7, 2010 12 @@ -828,8 +828,14 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) causes ssuuddoo to use the _f_n_m_a_t_c_h(3) function, which does not access the file system to do its matching. The disadvantage of _f_a_s_t___g_l_o_b is that it is unable to match - relative pathnames such as _._/_l_s or _._._/_b_i_n_/_l_s. This - flag is _o_f_f by default. + relative pathnames such as _._/_l_s or _._._/_b_i_n_/_l_s. This has + security implications when path names that include + globbing characters are used with the negation + operator, '!', as such rules can be trivially bypassed. + As such, this option should not be used when _s_u_d_o_e_r_s + contains rules that contain negated path names which + include globbing characters. This flag is _o_f_f by + default. stay_setuid Normally, when ssuuddoo executes a command the real and effective UIDs are set to the target user (root by @@ -844,16 +850,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) targetpw If set, ssuuddoo will prompt for the password of the user specified by the --uu option (defaults to root) instead - of the password of the invoking user. Note that this - precludes the use of a uid not listed in the passwd - database as an argument to the --uu option. This flag is - _o_f_f by default. - - tty_tickets If set, users must authenticate on a per-tty basis. -1.7.2p5 February 22, 2010 13 +1.7.2p6 April 7, 2010 13 @@ -862,6 +862,12 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + of the password of the invoking user. Note that this + precludes the use of a uid not listed in the passwd + database as an argument to the --uu option. This flag is + _o_f_f by default. + + tty_tickets If set, users must authenticate on a per-tty basis. Normally, ssuuddoo uses a directory in the ticket dir with the same name as the user running it. With this flag enabled, ssuuddoo will use a file named for the tty the @@ -910,16 +916,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) only the file log. The default is 80 (use 0 or negate the option to disable word wrap). - passwd_timeout Number of minutes before the ssuuddoo password prompt times - out. The default is 5; set this to 0 for no password - timeout. - timestamp_timeout - Number of minutes that can elapse before ssuuddoo will ask - -1.7.2p5 February 22, 2010 14 +1.7.2p6 April 7, 2010 14 @@ -928,6 +928,12 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + passwd_timeout Number of minutes before the ssuuddoo password prompt times + out. The default is 5; set this to 0 for no password + timeout. + + timestamp_timeout + Number of minutes that can elapse before ssuuddoo will ask for a passwd again. The default is 5. Set this to 0 to always prompt for a password. If set to a value less than 0 the user's timestamp will never expire. @@ -977,15 +983,9 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) name (on if the machine's hostname is fully qualified or the _f_q_d_n option is set) - %h expanded to the local hostname without the domain - name - - %p expanded to the user whose password is being asked - for (respects the _r_o_o_t_p_w, _t_a_r_g_e_t_p_w and _r_u_n_a_s_p_w - -1.7.2p5 February 22, 2010 15 +1.7.2p6 April 7, 2010 15 @@ -994,6 +994,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + %h expanded to the local hostname without the domain + name + + %p expanded to the user whose password is being asked + for (respects the _r_o_o_t_p_w, _t_a_r_g_e_t_p_w and _r_u_n_a_s_p_w flags in _s_u_d_o_e_r_s) %U expanded to the login name of the user the command @@ -1043,15 +1048,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) a file containing variables to be set in the environment of the program being run. Entries in this file should either be of the form VARIABLE=value or export VARIABLE=value. - The value may optionally be surrounded by single or double - quotes. Variables in this file are subject to other ssuuddoo - environment settings such as _e_n_v___k_e_e_p and _e_n_v___c_h_e_c_k. - - -1.7.2p5 February 22, 2010 16 +1.7.2p6 April 7, 2010 16 @@ -1060,6 +1060,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + The value may optionally be surrounded by single or double + quotes. Variables in this file are subject to other ssuuddoo + environment settings such as _e_n_v___k_e_e_p and _e_n_v___c_h_e_c_k. + exempt_group Users in this group are exempt from password and PATH requirements. This is not set by default. @@ -1111,13 +1115,9 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) mailerflags Flags to use when invoking mailer. Defaults to --tt. - mailerpath Path to mail program used to send warning mail. Defaults - to the path to sendmail found at configure time. - - -1.7.2p5 February 22, 2010 17 +1.7.2p6 April 7, 2010 17 @@ -1126,6 +1126,9 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + mailerpath Path to mail program used to send warning mail. Defaults + to the path to sendmail found at configure time. + mailfrom Address to use for the "from" address when sending warning and error mail. The address should be enclosed in double quotes (") to protect against ssuuddoo interpreting the @ sign. @@ -1177,13 +1180,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) programs. The argument may be a double-quoted, space- separated list or a single value without double-quotes. The list can be replaced, added to, deleted from, or - disabled by using the =, +=, -=, and ! operators - respectively. Regardless of whether the env_reset - option is enabled or disabled, variables specified by -1.7.2p5 February 22, 2010 18 +1.7.2p6 April 7, 2010 18 @@ -1192,6 +1192,9 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + disabled by using the =, +=, -=, and ! operators + respectively. Regardless of whether the env_reset + option is enabled or disabled, variables specified by env_check will be preserved in the environment if they pass the aforementioned check. The default list of environment variables to check is displayed when ssuuddoo @@ -1243,13 +1246,10 @@ EEXXAAMMPPLLEESS User_Alias PARTTIMERS = bostley, jwfox, crawl User_Alias WEBMASTERS = will, wendy, wim - # Runas alias specification - Runas_Alias OP = root, operator - Runas_Alias DB = oracle, sybase -1.7.2p5 February 22, 2010 19 +1.7.2p6 April 7, 2010 19 @@ -1258,6 +1258,9 @@ EEXXAAMMPPLLEESS SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + # Runas alias specification + Runas_Alias OP = root, operator + Runas_Alias DB = oracle, sybase Runas_Alias ADMINGRP = adm, oper # Host alias specification @@ -1309,13 +1312,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) root ALL = (ALL) ALL %wheel ALL = (ALL) ALL - We let rroooott and any user in group wwhheeeell run any command on any host as - any user. - -1.7.2p5 February 22, 2010 20 +1.7.2p6 April 7, 2010 20 @@ -1324,6 +1324,9 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + We let rroooott and any user in group wwhheeeell run any command on any host as + any user. + FULLTIMERS ALL = NOPASSWD: ALL Full time sysadmins (mmiilllleerrtt, mmiikkeeff, and ddoowwddyy) may run any command on @@ -1376,12 +1379,9 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) The user bboobb may run anything on the _S_P_A_R_C and _S_G_I machines as any user listed in the _O_P Runas_Alias (rroooott and ooppeerraattoorr). - jim +biglab = ALL - - -1.7.2p5 February 22, 2010 21 +1.7.2p6 April 7, 2010 21 @@ -1390,6 +1390,8 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + jim +biglab = ALL + The user jjiimm may run any command on machines in the _b_i_g_l_a_b netgroup. ssuuddoo knows that "biglab" is a netgroup due to the '+' prefix. @@ -1442,12 +1444,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) Any user may mount or unmount a CD-ROM on the machines in the CDROM Host_Alias (orion, perseus, hercules) without entering a password. This is a bit tedious for users to type, so it is a prime candidate for - encapsulating in a shell script. - -1.7.2p5 February 22, 2010 22 +1.7.2p6 April 7, 2010 22 @@ -1456,6 +1456,8 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + encapsulating in a shell script. + SSEECCUURRIITTYY NNOOTTEESS It is generally not effective to "subtract" commands from ALL using the '!' operator. A user can trivially circumvent this by copying the @@ -1470,6 +1472,21 @@ SSEECCUURRIITTYY NNOOTTEESS kind of restrictions should be considered advisory at best (and reinforced by policy). + Furthermore, if the _f_a_s_t___g_l_o_b option is in use, it is not possible to + reliably negate commands where the path name includes globbing (aka + wildcard) characters. This is because the C library's _f_n_m_a_t_c_h(3) + function cannot resolve relative paths. While this is typically only + an inconvenience for rules that grant privileges, it can result in a + security issue for rules that subtract or revoke privileges. + + For example, given the following _s_u_d_o_e_r_s entry: + + john ALL = /usr/bin/passwd [a-zA-Z0-9]*, /usr/bin/chsh [a-zA-Z0-9]*, + /usr/bin/chfn [a-zA-Z0-9]*, !/usr/bin/* root + + User jjoohhnn can still run /usr/bin/passwd root if _f_a_s_t___g_l_o_b is enabled by + changing to _/_u_s_r_/_b_i_n and running ./passwd root instead. + PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS Once ssuuddoo executes a program, that program is free to do whatever it pleases, including run other programs. This can be a security issue @@ -1493,6 +1510,18 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS shared library. On such systems, ssuuddoo's _n_o_e_x_e_c functionality can be used to prevent a program run by ssuuddoo from executing any other programs. Note, however, that this applies only to + + + +1.7.2p6 April 7, 2010 23 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + native dynamically-linked executables. Statically-linked executables and foreign executables running under binary emulation are not affected. @@ -1510,18 +1539,6 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS in the standard library with its own that simply return an error. Unfortunately, there is no foolproof way to know whether or not _n_o_e_x_e_c will work at compile-time. _n_o_e_x_e_c - - - -1.7.2p5 February 22, 2010 23 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - should work on SunOS, Solaris, *BSD, Linux, IRIX, Tru64 UNIX, MacOS X, and HP-UX 11.x. It is known nnoott to work on AIX and UnixWare. _n_o_e_x_e_c is expected to work on most operating @@ -1559,6 +1576,18 @@ CCAAVVEEAATTSS When using netgroups of machines (as opposed to users), if you store fully qualified hostnames in the netgroup (as is usually the case), you + + + +1.7.2p6 April 7, 2010 24 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + either need to have the machine's hostname be fully qualified as returned by the hostname command or use the _f_q_d_n option in _s_u_d_o_e_r_s. @@ -1576,18 +1605,6 @@ DDIISSCCLLAAIIMMEERR including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. See the LICENSE file distributed with ssuuddoo or - - - -1.7.2p5 February 22, 2010 24 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - http://www.sudo.ws/sudo/license.html for complete details. @@ -1628,23 +1645,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - - - - - - - - - - - - - - - - -1.7.2p5 February 22, 2010 25 +1.7.2p6 April 7, 2010 25 diff --git a/sudoers.ldap.cat b/sudoers.ldap.cat index 16955c5..38f21ef 100644 --- a/sudoers.ldap.cat +++ b/sudoers.ldap.cat @@ -52,16 +52,16 @@ DDEESSCCRRIIPPTTIIOONN Cmnd_Alias that is referenced by multiple users, one can create a sudoRole that contains the commands and assign multiple users to it. - SSUUDDOOeerrss LLDDAAPP ccoonnttaaiinneerr - + SSUUDDOOeerrss LLDDAAPP ccoonnttaaiinneerr The _s_u_d_o_e_r_s configuration is contained in the ou=SUDOers LDAP container. Sudo first looks for the cn=default entry in the SUDOers container. If + found, the multi-valued sudoOption attribute is parsed in the same -1.7.2p5 February 22, 2010 1 +1.7.2p6 March 3, 2010 1 @@ -70,7 +70,6 @@ DDEESSCCRRIIPPTTIIOONN SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) - found, the multi-valued sudoOption attribute is parsed in the same manner as a global Defaults line in _/_e_t_c_/_s_u_d_o_e_r_s. In the following example, the SSH_AUTH_SOCK variable will be preserved in the environment for all users. @@ -127,7 +126,8 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) -1.7.2p5 February 22, 2010 2 + +1.7.2p6 March 3, 2010 2 @@ -144,8 +144,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) sudoHost: ALL sudoCommand: ALL - AAnnaattoommyy ooff LLDDAAPP ssuuddooeerrss llooookkuupp - + AAnnaattoommyy ooff LLDDAAPP ssuuddooeerrss llooookkuupp When looking up a sudoer using LDAP there are only two or three LDAP queries per invocation. The first query is to parse the global options. The second is to match against the user's name and the groups @@ -154,8 +153,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) third query returns all entries containing user netgroups and checks to see if the user belongs to any of them. - DDiiffffeerreenncceess bbeettwweeeenn LLDDAAPP aanndd nnoonn--LLDDAAPP ssuuddooeerrss - + DDiiffffeerreenncceess bbeettwweeeenn LLDDAAPP aanndd nnoonn--LLDDAAPP ssuuddooeerrss There are some subtle differences in the way sudoers is handled once in LDAP. Probably the biggest is that according to the RFC, LDAP ordering is arbitrary and you cannot expect that Attributes and Entries are @@ -190,10 +188,12 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) objectClass: top cn: role2 sudoUser: puddles + sudoHost: ALL + sudoCommand: !/bin/sh -1.7.2p5 February 22, 2010 3 +1.7.2p6 March 3, 2010 3 @@ -202,8 +202,6 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) - sudoHost: ALL - sudoCommand: !/bin/sh sudoCommand: ALL Another difference is that negations on the Host, User or Runas are @@ -224,8 +222,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) sudoHost: ALL sudoHost: !web01 - SSuuddooeerrss SScchheemmaa - + SSuuddooeerrss SScchheemmaa In order to use ssuuddoo's LDAP support, the ssuuddoo schema must be installed on your LDAP server. In addition, be sure to index the 'sudoUser' attribute. @@ -238,8 +235,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) The schema for ssuuddoo in OpenLDAP form is included in the EXAMPLES section. - CCoonnffiigguurriinngg llddaapp..ccoonnff - + CCoonnffiigguurriinngg llddaapp..ccoonnff Sudo reads the _/_e_t_c_/_l_d_a_p_._c_o_n_f file for LDAP-specific configuration. Typically, this file is shared amongst different LDAP-aware clients. As such, most of the settings are not ssuuddoo-specific. Note that ssuuddoo @@ -256,10 +252,14 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) UURRII ldap[s]://[hostname[:port]] ... Specifies a whitespace-delimited list of one or more URIs + describing the LDAP server(s) to connect to. The _p_r_o_t_o_c_o_l may be + either llddaapp or llddaappss, the latter being for servers that support TLS + (SSL) encryption. If no _p_o_r_t is specified, the default is port 389 + for ldap:// or port 636 for ldaps://. If no _h_o_s_t_n_a_m_e is specified, -1.7.2p5 February 22, 2010 4 +1.7.2p6 March 3, 2010 4 @@ -268,10 +268,6 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) - describing the LDAP server(s) to connect to. The _p_r_o_t_o_c_o_l may be - either llddaapp or llddaappss, the latter being for servers that support TLS - (SSL) encryption. If no _p_o_r_t is specified, the default is port 389 - for ldap:// or port 636 for ldaps://. If no _h_o_s_t_n_a_m_e is specified, ssuuddoo will connect to llooccaallhhoosstt. Only systems using the OpenSSL libraries support the mixing of ldap:// and ldaps:// URIs. The Netscape-derived libraries used on most commercial versions of Unix @@ -322,10 +318,14 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) identity. By default, most LDAP servers will allow anonymous access. + BBIINNDDPPWW secret + The BBIINNDDPPWW parameter specifies the password to use when performing + LDAP operations. This is typically used in conjunction with the + BBIINNDDDDNN parameter. -1.7.2p5 February 22, 2010 5 +1.7.2p6 March 3, 2010 5 @@ -334,11 +334,6 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) - BBIINNDDPPWW secret - The BBIINNDDPPWW parameter specifies the password to use when performing - LDAP operations. This is typically used in conjunction with the - BBIINNDDDDNN parameter. - RROOOOTTBBIINNDDDDNN DN The RROOOOTTBBIINNDDDDNN parameter specifies the identity, in the form of a Distinguished Name (DN), to use when performing privileged LDAP @@ -389,21 +384,22 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) used to authenticate the client to the LDAP server. The certificate type depends on the LDAP libraries used. + OpenLDAP: + tls_cert /etc/ssl/client_cert.pem + Netscape-derived: -1.7.2p5 February 22, 2010 6 +1.7.2p6 March 3, 2010 6 -SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) - OpenLDAP: - tls_cert /etc/ssl/client_cert.pem +SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) + - Netscape-derived: tls_cert /var/ldap/cert7.db When using Netscape-derived libraries, this file may also contain @@ -455,21 +451,22 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) The path to the Kerberos 5 credential cache to use when authenticating with the remote server. + See the ldap.conf entry in the EXAMPLES section. -1.7.2p5 February 22, 2010 7 +1.7.2p6 March 3, 2010 7 -SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) - See the ldap.conf entry in the EXAMPLES section. - CCoonnffiigguurriinngg nnsssswwiittcchh..ccoonnff +SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) + + CCoonnffiigguurriinngg nnsssswwiittcchh..ccoonnff Unless it is disabled at build time, ssuuddoo consults the Name Service Switch file, _/_e_t_c_/_n_s_s_w_i_t_c_h_._c_o_n_f, to specify the _s_u_d_o_e_r_s search order. Sudo looks for a line beginning with sudoers: and uses this to @@ -502,8 +499,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) Note that _/_e_t_c_/_n_s_s_w_i_t_c_h_._c_o_n_f is supported even when the underlying operating system does not use an nsswitch.conf file. - CCoonnffiigguurriinngg nneettssvvcc..ccoonnff - + CCoonnffiigguurriinngg nneettssvvcc..ccoonnff On AIX systems, the _/_e_t_c_/_n_e_t_s_v_c_._c_o_n_f file is consulted instead of _/_e_t_c_/_n_s_s_w_i_t_c_h_._c_o_n_f. ssuuddoo simply treats _n_e_t_s_v_c_._c_o_n_f as a variant of _n_s_s_w_i_t_c_h_._c_o_n_f; information in the previous section unrelated to the @@ -521,20 +517,21 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) To treat LDAP as authoratative and only use the local sudoers file if the user is not present in LDAP, use: + sudoers = ldap = auth, files + Note that in the above example, the auth qualfier only affects user -1.7.2p5 February 22, 2010 8 +1.7.2p6 March 3, 2010 8 -SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) - sudoers = ldap = auth, files +SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) + - Note that in the above example, the auth qualfier only affects user lookups; both LDAP and _s_u_d_o_e_r_s will be queried for Defaults entries. If the _/_e_t_c_/_n_e_t_s_v_c_._c_o_n_f file is not present or there is no sudoers @@ -550,8 +547,7 @@ FFIILLEESS _/_e_t_c_/_n_e_t_s_v_c_._c_o_n_f determines sudoers source order on AIX EEXXAAMMPPLLEESS - EExxaammppllee llddaapp..ccoonnff - + EExxaammppllee llddaapp..ccoonnff # Either specify one or more URIs or one or more host:port pairs. # If neither is specified sudo will default to localhost, port 389. # @@ -586,10 +582,14 @@ EEXXAAMMPPLLEESS # # LDAP protocol version, defaults to 3 #ldap_version 3 + # + # Define if you want to use an encrypted LDAP connection. + # Typically, you must also set the port to 636 (ldaps). + #ssl on -1.7.2p5 February 22, 2010 9 +1.7.2p6 March 3, 2010 9 @@ -598,10 +598,6 @@ EEXXAAMMPPLLEESS SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) - # - # Define if you want to use an encrypted LDAP connection. - # Typically, you must also set the port to 636 (ldaps). - #ssl on # # Define if you want to use port 389 and switch to # encryption before the bind credentials are sent. @@ -652,10 +648,14 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) # SDK will prevent specific file names from working. For this reason # it is suggested that tls_cert and tls_key be set to a directory, # not a file name. + # + # The certificate database specified by tls_cert may contain CA certs + # and/or the client's cert. If the client's cert is included, tls_key + # should be specified as well. -1.7.2p5 February 22, 2010 10 +1.7.2p6 March 3, 2010 10 @@ -664,10 +664,6 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) - # - # The certificate database specified by tls_cert may contain CA certs - # and/or the client's cert. If the client's cert is included, tls_key - # should be specified as well. # For backward compatibility, "sslpath" may be used in place of tls_cert. #tls_cert /var/ldap #tls_key /var/ldap @@ -680,8 +676,7 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) # sasl_secprops none # krb5_ccname /etc/.ldapcache - SSuuddoo sscchheemmaa ffoorr OOppeennLLDDAAPP - + SSuuddoo sscchheemmaa ffoorr OOppeennLLDDAAPP The following schema is in OpenLDAP format. Simply copy it to the schema directory (e.g. _/_e_t_c_/_o_p_e_n_l_d_a_p_/_s_c_h_e_m_a), add the proper include line in slapd.conf and restart ssllaappdd. @@ -718,10 +713,15 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + attributetype ( 1.3.6.1.4.1.15953.9.1.6 + NAME 'sudoRunAsUser' + DESC 'User(s) impersonated by sudo' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -1.7.2p5 February 22, 2010 11 +1.7.2p6 March 3, 2010 11 @@ -730,11 +730,6 @@ SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) SUDOERS.LDAP(4) MAINTENANCE COMMANDS SUDOERS.LDAP(4) - attributetype ( 1.3.6.1.4.1.15953.9.1.6 - NAME 'sudoRunAsUser' - DESC 'User(s) impersonated by sudo' - EQUALITY caseExactIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.15953.9.1.7 NAME 'sudoRunAsGroup' @@ -787,6 +782,11 @@ DDIISSCCLLAAIIMMEERR -1.7.2p5 February 22, 2010 12 + + + + + +1.7.2p6 March 3, 2010 12 diff --git a/sudoers.ldap.man.in b/sudoers.ldap.man.in index f182c4a..828b4cb 100644 --- a/sudoers.ldap.man.in +++ b/sudoers.ldap.man.in @@ -14,19 +14,10 @@ .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $Sudo: sudoers.ldap.man.in,v 1.13 2009/06/11 20:29:12 millert Exp $ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -70,7 +61,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -149,7 +140,7 @@ .\" ======================================================================== .\" .IX Title "SUDOERS.LDAP @mansectform@" -.TH SUDOERS.LDAP @mansectform@ "February 22, 2010" "1.7.2p5" "MAINTENANCE COMMANDS" +.TH SUDOERS.LDAP @mansectform@ "March 3, 2010" "1.7.2p6" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -201,7 +192,7 @@ to have multiple users listed in a sudoRole. Instead of defining a Cmnd_Alias that is referenced by multiple users, one can create a sudoRole that contains the commands and assign multiple users to it. -.Sh "SUDOers \s-1LDAP\s0 container" +.SS "SUDOers \s-1LDAP\s0 container" .IX Subsection "SUDOers LDAP container" The \fIsudoers\fR configuration is contained in the \f(CW\*(C`ou=SUDOers\*(C'\fR \s-1LDAP\s0 container. @@ -271,7 +262,7 @@ on any host via \fBsudo\fR: \& sudoHost: ALL \& sudoCommand: ALL .Ve -.Sh "Anatomy of \s-1LDAP\s0 sudoers lookup" +.SS "Anatomy of \s-1LDAP\s0 sudoers lookup" .IX Subsection "Anatomy of LDAP sudoers lookup" When looking up a sudoer using \s-1LDAP\s0 there are only two or three \&\s-1LDAP\s0 queries per invocation. The first query is to parse the global @@ -280,7 +271,7 @@ groups that the user belongs to. (The special \s-1ALL\s0 tag is matched in this query too.) If no match is returned for the user's name and groups, a third query returns all entries containing user netgroups and checks to see if the user belongs to any of them. -.Sh "Differences between \s-1LDAP\s0 and non-LDAP sudoers" +.SS "Differences between \s-1LDAP\s0 and non-LDAP sudoers" .IX Subsection "Differences between LDAP and non-LDAP sudoers" There are some subtle differences in the way sudoers is handled once in \s-1LDAP\s0. Probably the biggest is that according to the \s-1RFC\s0, @@ -342,7 +333,7 @@ behave the way one might expect. \& sudoHost: ALL \& sudoHost: !web01 .Ve -.Sh "Sudoers Schema" +.SS "Sudoers Schema" .IX Subsection "Sudoers Schema" In order to use \fBsudo\fR's \s-1LDAP\s0 support, the \fBsudo\fR schema must be installed on your \s-1LDAP\s0 server. In addition, be sure to index the @@ -355,7 +346,7 @@ be found in the \fBsudo\fR distribution. .PP The schema for \fBsudo\fR in OpenLDAP form is included in the \s-1EXAMPLES\s0 section. -.Sh "Configuring ldap.conf" +.SS "Configuring ldap.conf" .IX Subsection "Configuring ldap.conf" Sudo reads the \fI@ldap_conf@\fR file for LDAP-specific configuration. Typically, this file is shared amongst different LDAP-aware clients. @@ -538,7 +529,7 @@ The path to the Kerberos 5 credential cache to use when authenticating with the remote server. .PP See the \f(CW\*(C`ldap.conf\*(C'\fR entry in the \s-1EXAMPLES\s0 section. -.Sh "Configuring nsswitch.conf" +.SS "Configuring nsswitch.conf" .IX Subsection "Configuring nsswitch.conf" Unless it is disabled at build time, \fBsudo\fR consults the Name Service Switch file, \fI@nsswitch_conf@\fR, to specify the \fIsudoers\fR @@ -579,7 +570,7 @@ sudoers line, the following default is assumed: .PP Note that \fI@nsswitch_conf@\fR is supported even when the underlying operating system does not use an nsswitch.conf file. -.Sh "Configuring netsvc.conf" +.SS "Configuring netsvc.conf" .IX Subsection "Configuring netsvc.conf" On \s-1AIX\s0 systems, the \fI@netsvc_conf@\fR file is consulted instead of \&\fI@nsswitch_conf@\fR. \fBsudo\fR simply treats \fInetsvc.conf\fR as a @@ -632,7 +623,7 @@ determines sudoers source order determines sudoers source order on \s-1AIX\s0 .SH "EXAMPLES" .IX Header "EXAMPLES" -.Sh "Example ldap.conf" +.SS "Example ldap.conf" .IX Subsection "Example ldap.conf" .Vb 10 \& # Either specify one or more URIs or one or more host:port pairs. @@ -739,7 +730,7 @@ determines sudoers source order on \s-1AIX\s0 \& # sasl_secprops none \& # krb5_ccname /etc/.ldapcache .Ve -.Sh "Sudo schema for OpenLDAP" +.SS "Sudo schema for OpenLDAP" .IX Subsection "Sudo schema for OpenLDAP" The following schema is in OpenLDAP format. Simply copy it to the schema directory (e.g. \fI/etc/openldap/schema\fR), add the proper diff --git a/sudoers.ldap.pod b/sudoers.ldap.pod index 7d59cb2..a194651 100644 --- a/sudoers.ldap.pod +++ b/sudoers.ldap.pod @@ -14,7 +14,6 @@ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -$Sudo: sudoers.ldap.pod,v 1.14 2009/05/29 13:43:12 millert Exp $ =pod =head1 NAME diff --git a/sudoers.man.in b/sudoers.man.in index b56b1c4..d892ed3 100644 --- a/sudoers.man.in +++ b/sudoers.man.in @@ -1,4 +1,4 @@ -.\" Copyright (c) 1994-1996, 1998-2005, 2007-2009 +.\" Copyright (c) 1994-1996, 1998-2005, 2007-2010 .\" Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -18,7 +18,6 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.\" $Sudo: sudoers.pod,v 1.173 2009/06/30 12:41:09 millert Exp $ .\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: @@ -145,7 +144,7 @@ .\" ======================================================================== .\" .IX Title "SUDOERS @mansectform@" -.TH SUDOERS @mansectform@ "February 22, 2010" "1.7.2p5" "MAINTENANCE COMMANDS" +.TH SUDOERS @mansectform@ "April 7, 2010" "1.7.2p6" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -911,7 +910,12 @@ system that is mounted on demand (automounted). The \fIfast_glob\fR option causes \fBsudo\fR to use the \fIfnmatch\fR\|(3) function, which does not access the file system to do its matching. The disadvantage of \fIfast_glob\fR is that it is unable to match relative pathnames -such as \fI./ls\fR or \fI../bin/ls\fR. This flag is \fIoff\fR by default. +such as \fI./ls\fR or \fI../bin/ls\fR. This has security implications +when path names that include globbing characters are used with the +negation operator, \f(CW\*(Aq!\*(Aq\fR, as such rules can be trivially bypassed. +As such, this option should not be used when \fIsudoers\fR contains rules +that contain negated path names which include globbing characters. +This flag is \fIoff\fR by default. .IP "stay_setuid" 16 .IX Item "stay_setuid" Normally, when \fBsudo\fR executes a command the real and effective @@ -1532,6 +1536,24 @@ Doesn't really prevent \fBbill\fR from running the commands listed in different name, or use a shell escape from an editor or other program. Therefore, these kind of restrictions should be considered advisory at best (and reinforced by policy). +.PP +Furthermore, if the \fIfast_glob\fR option is in use, it is not possible +to reliably negate commands where the path name includes globbing +(aka wildcard) characters. This is because the C library's +\&\fIfnmatch\fR\|(3) function cannot resolve relative paths. While this +is typically only an inconvenience for rules that grant privileges, +it can result in a security issue for rules that subtract or revoke +privileges. +.PP +For example, given the following \fIsudoers\fR entry: +.PP +.Vb 2 +\& john ALL = /usr/bin/passwd [a\-zA\-Z0\-9]*, /usr/bin/chsh [a\-zA\-Z0\-9]*, +\& /usr/bin/chfn [a\-zA\-Z0\-9]*, !/usr/bin/* root +.Ve +.PP +User \fBjohn\fR can still run \f(CW\*(C`/usr/bin/passwd root\*(C'\fR if \fIfast_glob\fR is +enabled by changing to \fI/usr/bin\fR and running \f(CW\*(C`./passwd root\*(C'\fR instead. .SH "PREVENTING SHELL ESCAPES" .IX Header "PREVENTING SHELL ESCAPES" Once \fBsudo\fR executes a program, that program is free to do whatever diff --git a/sudoers.pod b/sudoers.pod index bbc2264..5dda705 100644 --- a/sudoers.pod +++ b/sudoers.pod @@ -1,4 +1,4 @@ -Copyright (c) 1994-1996, 1998-2005, 2007-2009 +Copyright (c) 1994-1996, 1998-2005, 2007-2010 Todd C. Miller Permission to use, copy, modify, and distribute this software for any @@ -18,7 +18,6 @@ Sponsored in part by the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F39502-99-1-0512. -$Sudo: sudoers.pod,v 1.173 2009/06/30 12:41:09 millert Exp $ =pod =head1 NAME @@ -809,7 +808,12 @@ system that is mounted on demand (automounted). The I option causes B to use the L function, which does not access the file system to do its matching. The disadvantage of I is that it is unable to match relative pathnames -such as F<./ls> or F<../bin/ls>. This flag is I by default. +such as F<./ls> or F<../bin/ls>. This has security implications +when path names that include globbing characters are used with the +negation operator, C<'!'>, as such rules can be trivially bypassed. +As such, this option should not be used when I contains rules +that contain negated path names which include globbing characters. +This flag is I by default. =item stay_setuid @@ -1470,6 +1474,22 @@ different name, or use a shell escape from an editor or other program. Therefore, these kind of restrictions should be considered advisory at best (and reinforced by policy). +Furthermore, if the I option is in use, it is not possible +to reliably negate commands where the path name includes globbing +(aka wildcard) characters. This is because the C library's +L function cannot resolve relative paths. While this +is typically only an inconvenience for rules that grant privileges, +it can result in a security issue for rules that subtract or revoke +privileges. + +For example, given the following I entry: + + john ALL = /usr/bin/passwd [a-zA-Z0-9]*, /usr/bin/chsh [a-zA-Z0-9]*, + /usr/bin/chfn [a-zA-Z0-9]*, !/usr/bin/* root + +User B can still run C if I is +enabled by changing to F and running C<./passwd root> instead. + =head1 PREVENTING SHELL ESCAPES Once B executes a program, that program is free to do whatever diff --git a/sudoers2ldif b/sudoers2ldif index df51b9f..0fe0ad1 100644 --- a/sudoers2ldif +++ b/sudoers2ldif @@ -5,8 +5,6 @@ use strict; # Converts a sudoers file to LDIF format in prepration for loading into # the LDAP server. # -# $Sudo: sudoers2ldif,v 1.5 2007/12/08 00:09:28 millert Exp $ -# # BUGS: # Does not yet handle multiple lines with : in them diff --git a/term.c b/term.c index d962fe6..f3d0302 100644 --- a/term.c +++ b/term.c @@ -50,10 +50,6 @@ #include "sudo.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: term.c,v 1.4 2009/02/25 10:47:12 millert Exp $"; -#endif /* lint */ - #ifndef TCSASOFT # define TCSASOFT 0 #endif diff --git a/testsudoers.c b/testsudoers.c index c961432..5dce63c 100644 --- a/testsudoers.c +++ b/testsudoers.c @@ -70,11 +70,6 @@ # include "emul/fnmatch.h" #endif /* HAVE_FNMATCH */ -#ifndef lint -__unused static const char rcsid[] = "$Sudo: testsudoers.c,v 1.131 2009/05/25 12:02:42 millert Exp $"; -#endif /* lint */ - - /* * Globals */ diff --git a/tgetpass.c b/tgetpass.c index 503cb97..5d1e898 100644 --- a/tgetpass.c +++ b/tgetpass.c @@ -56,10 +56,6 @@ #include "sudo.h" -#ifndef lint -__unused static const char rcsid[] = "$Sudo: tgetpass.c,v 1.131 2009/05/25 12:02:42 millert Exp $"; -#endif /* lint */ - static volatile sig_atomic_t signo; static void handler __P((int)); diff --git a/utimes.c b/utimes.c index 6d260c4..84f4c43 100644 --- a/utimes.c +++ b/utimes.c @@ -31,10 +31,6 @@ #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: utimes.c,v 1.10 2008/11/09 14:13:12 millert Exp $"; -#endif /* lint */ - #ifndef HAVE_UTIMES /* * Emulate utimes() via utime() diff --git a/visudo.c b/visudo.c index b48fc24..ae2028a 100644 --- a/visudo.c +++ b/visudo.c @@ -86,10 +86,6 @@ #include "redblack.h" #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: visudo.c,v 1.234 2009/05/25 12:02:42 millert Exp $"; -#endif /* lint */ - struct sudoersfile { char *path; char *tpath; diff --git a/visudo.cat b/visudo.cat index c33296e..d46fb54 100644 --- a/visudo.cat +++ b/visudo.cat @@ -61,7 +61,7 @@ OOPPTTIIOONNSS -1.7.2p5 February 22, 2010 1 +1.7.2p6 March 3, 2010 1 @@ -127,7 +127,7 @@ AAUUTTHHOORR -1.7.2p5 February 22, 2010 2 +1.7.2p6 March 3, 2010 2 @@ -193,6 +193,6 @@ DDIISSCCLLAAIIMMEERR -1.7.2p5 February 22, 2010 3 +1.7.2p6 March 3, 2010 3 diff --git a/visudo.man.in b/visudo.man.in index 0125e2c..e5d59b0 100644 --- a/visudo.man.in +++ b/visudo.man.in @@ -18,19 +18,10 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.\" $Sudo: visudo.man.in,v 1.34 2009/06/11 20:29:12 millert Exp $ -.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -74,7 +65,7 @@ .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ @@ -153,7 +144,7 @@ .\" ======================================================================== .\" .IX Title "VISUDO @mansectsu@" -.TH VISUDO @mansectsu@ "February 22, 2010" "1.7.2p5" "MAINTENANCE COMMANDS" +.TH VISUDO @mansectsu@ "March 3, 2010" "1.7.2p6" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/visudo.pod b/visudo.pod index 63cb113..d5da5f7 100644 --- a/visudo.pod +++ b/visudo.pod @@ -18,7 +18,6 @@ Sponsored in part by the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F39502-99-1-0512. -$Sudo: visudo.pod,v 1.55 2008/11/15 18:34:01 millert Exp $ =pod =head1 NAME diff --git a/zero_bytes.c b/zero_bytes.c index 8ce2eb5..7391780 100644 --- a/zero_bytes.c +++ b/zero_bytes.c @@ -19,10 +19,6 @@ #include #include -#ifndef lint -__unused static const char rcsid[] = "$Sudo: zero_bytes.c,v 1.7 2008/11/09 14:13:12 millert Exp $"; -#endif /* lint */ - /* * Like bzero(3) but with a volatile pointer. The hope is that * the compiler will not be able to optimize away this function. -- 2.30.2