diff --git a/.sudo.metadata b/.sudo.metadata new file mode 100644 index 0000000..5a18089 --- /dev/null +++ b/.sudo.metadata @@ -0,0 +1 @@ +5dec7216d8d70c5ead869479729fba924c7d3818 SOURCES/sudo-1.8.6p7.tar.gz diff --git a/README.md b/README.md deleted file mode 100644 index 0e7897f..0000000 --- a/README.md +++ /dev/null @@ -1,5 +0,0 @@ -The master branch has no content - -Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6 - -If you find this file in a distro specific branch, it means that no content has been checked in yet diff --git a/SOURCES/sudo-1.6.7p5-strip.patch b/SOURCES/sudo-1.6.7p5-strip.patch new file mode 100644 index 0000000..f9e2faa --- /dev/null +++ b/SOURCES/sudo-1.6.7p5-strip.patch @@ -0,0 +1,11 @@ +--- sudo-1.6.7p5/install-sh.strip 2005-07-21 14:28:25.000000000 +0200 ++++ sudo-1.6.7p5/install-sh 2005-07-21 14:29:18.000000000 +0200 +@@ -138,7 +138,7 @@ + fi + ;; + X-s) +- STRIPIT=true ++ #STRIPIT=true + ;; + X--) + shift diff --git a/SOURCES/sudo-1.7.2p1-envdebug.patch b/SOURCES/sudo-1.7.2p1-envdebug.patch new file mode 100644 index 0000000..e189c98 --- /dev/null +++ b/SOURCES/sudo-1.7.2p1-envdebug.patch @@ -0,0 +1,12 @@ +diff -up sudo-1.7.2p1/configure.in.envdebug sudo-1.7.2p1/configure.in +--- sudo-1.7.2p1/configure.in.envdebug 2009-10-30 12:18:09.000000000 +0100 ++++ sudo-1.7.2p1/configure.in 2009-10-30 12:19:01.000000000 +0100 +@@ -1214,7 +1214,7 @@ AC_ARG_ENABLE(env_debug, + [AS_HELP_STRING([--enable-env-debug], [Whether to enable environment debugging.])], + [ case "$enableval" in + yes) AC_MSG_RESULT(yes) +- AC_DEFINE(ENV_DEBUG) ++ AC_DEFINE(ENV_DEBUG, [], [Environment debugging.]) + ;; + no) AC_MSG_RESULT(no) + ;; diff --git a/SOURCES/sudo-1.7.4p5-sudo-ldap.conf b/SOURCES/sudo-1.7.4p5-sudo-ldap.conf new file mode 100644 index 0000000..d8f8e4d --- /dev/null +++ b/SOURCES/sudo-1.7.4p5-sudo-ldap.conf @@ -0,0 +1,86 @@ +## BINDDN DN +## The BINDDN parameter specifies the identity, in the form of a Dis‐ +## tinguished Name (DN), to use when performing LDAP operations. If +## not specified, LDAP operations are performed with an anonymous +## identity. By default, most LDAP servers will allow anonymous +## access. +## +#binddn uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com + +## BINDPW secret +## The BINDPW parameter specifies the password to use when performing +## LDAP operations. This is typically used in conjunction with the +## BINDDN parameter. +## +#bindpw secret + +## SSL start_tls +## If the SSL parameter is set to start_tls, the LDAP server connec‐ +## tion is initiated normally and TLS encryption is begun before the +## bind credentials are sent. This has the advantage of not requiring +## a dedicated port for encrypted communications. This parameter is +## only supported by LDAP servers that honor the start_tls extension, +## such as the OpenLDAP and Tivoli Directory servers. +## +#ssl start_tls + +## TLS_CACERTFILE file name +## The path to a certificate authority bundle which contains the cer‐ +## tificates for all the Certificate Authorities the client knows to +## be valid, e.g. /etc/ssl/ca-bundle.pem. This option is only sup‐ +## ported by the OpenLDAP libraries. Netscape-derived LDAP libraries +## use the same certificate database for CA and client certificates +## (see TLS_CERT). +## +#tls_cacertfile /path/to/CA.crt + +## TLS_CHECKPEER on/true/yes/off/false/no +## If enabled, TLS_CHECKPEER will cause the LDAP server's TLS certifi‐ +## cated to be verified. If the server's TLS certificate cannot be +## verified (usually because it is signed by an unknown certificate +## authority), sudo will be unable to connect to it. If TLS_CHECKPEER +## is disabled, no check is made. Note that disabling the check cre‐ +## ates an opportunity for man-in-the-middle attacks since the +## server's identity will not be authenticated. If possible, the CA's +## certificate should be installed locally so it can be verified. +## This option is not supported by the Tivoli Directory Server LDAP +## libraries. +#tls_checkpeer yes + +## +## URI ldap[s]://[hostname[:port]] ... +## Specifies a whitespace-delimited list of one or more +## URIs describing the LDAP server(s) to connect to. +## +#uri ldap://ldapserver + +## +## SUDOERS_BASE base +## The base DN to use when performing sudo LDAP queries. +## Multiple SUDOERS_BASE lines may be specified, in which +## case they are queried in the order specified. +## +#sudoers_base ou=SUDOers,dc=example,dc=com + +## +## BIND_TIMELIMIT seconds +## The BIND_TIMELIMIT parameter specifies the amount of +## time to wait while trying to connect to an LDAP server. +## +#bind_timelimit 30 + +## +## TIMELIMIT seconds +## The TIMELIMIT parameter specifies the amount of time +## to wait for a response to an LDAP query. +## +#timelimit 30 + +## +## SUDOERS_DEBUG debug_level +## This sets the debug level for sudo LDAP queries. Debugging +## information is printed to the standard error. A value of 1 +## results in a moderate amount of debugging information. +## A value of 2 shows the results of the matches themselves. +## +#sudoers_debug 1 diff --git a/SOURCES/sudo-1.7.4p5-sudoers b/SOURCES/sudo-1.7.4p5-sudoers new file mode 100644 index 0000000..414fc5f --- /dev/null +++ b/SOURCES/sudo-1.7.4p5-sudoers @@ -0,0 +1,118 @@ +## Sudoers allows particular users to run various commands as +## the root user, without needing the root password. +## +## Examples are provided at the bottom of the file for collections +## of related commands, which can then be delegated out to particular +## users or groups. +## +## This file must be edited with the 'visudo' command. + +## Host Aliases +## Groups of machines. You may prefer to use hostnames (perhaps using +## wildcards for entire domains) or IP addresses instead. +# Host_Alias FILESERVERS = fs1, fs2 +# Host_Alias MAILSERVERS = smtp, smtp2 + +## User Aliases +## These aren't often necessary, as you can use regular groups +## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname +## rather than USERALIAS +# User_Alias ADMINS = jsmith, mikem + + +## Command Aliases +## These are groups of related commands... + +## Networking +# Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool + +## Installation and management of software +# Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum + +## Services +# Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig + +## Updating the locate database +# Cmnd_Alias LOCATE = /usr/bin/updatedb + +## Storage +# Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount + +## Delegating permissions +# Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp + +## Processes +# Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall + +## Drivers +# Cmnd_Alias DRIVERS = /sbin/modprobe + +# Defaults specification + +# +# Disable "ssh hostname sudo ", because it will show the password in clear. +# You have to run "ssh -t hostname sudo ". +# +Defaults requiretty + +# +# Refuse to run if unable to disable echo on the tty. This setting should also be +# changed in order to be able to use sudo without a tty. See requiretty above. +# +Defaults !visiblepw + +# +# Preserving HOME has security implications since many programs +# use it when searching for configuration files. Note that HOME +# is already set when the the env_reset option is enabled, so +# this option is only effective for configurations where either +# env_reset is disabled or HOME is present in the env_keep list. +# +Defaults always_set_home + +Defaults env_reset +Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS" +Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE" +Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES" +Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE" +Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY" + +# +# Adding HOME to env_keep may enable a user to run unrestricted +# commands via sudo. +# +# Defaults env_keep += "HOME" + +Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin + +## Next comes the main part: which users can run what software on +## which machines (the sudoers file can be shared between multiple +## systems). +## Syntax: +## +## user MACHINE=COMMANDS +## +## The COMMANDS section may have other options added to it. +## +## Allow root to run any commands anywhere +root ALL=(ALL) ALL + +## Allows members of the 'sys' group to run networking, software, +## service management apps and more. +# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS + +## Allows people in group wheel to run all commands +# %wheel ALL=(ALL) ALL + +## Same thing without a password +# %wheel ALL=(ALL) NOPASSWD: ALL + +## Allows members of the users group to mount and unmount the +## cdrom as root +# %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom + +## Allows members of the users group to shutdown this system +# %users localhost=/sbin/shutdown -h now + +## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment) +#includedir /etc/sudoers.d diff --git a/SOURCES/sudo-1.8.6p3-ALL-with-negation-manupdate.patch b/SOURCES/sudo-1.8.6p3-ALL-with-negation-manupdate.patch new file mode 100644 index 0000000..ef468e3 --- /dev/null +++ b/SOURCES/sudo-1.8.6p3-ALL-with-negation-manupdate.patch @@ -0,0 +1,113 @@ +diff -up sudo-1.8.6p3/doc/sudoers.cat.orig sudo-1.8.6p3/doc/sudoers.cat +--- sudo-1.8.6p3/doc/sudoers.cat.orig 2012-09-18 15:57:43.000000000 +0200 ++++ sudo-1.8.6p3/doc/sudoers.cat 2013-07-10 14:57:53.791093835 +0200 +@@ -668,11 +668,24 @@ SSUUDDOOEERRSS FFIILLEE FFO + since in a command context, it allows the user to run aannyy command on the + system. + +- An exclamation point (`!') can be used as a logical _n_o_t operator both in +- an _a_l_i_a_s and in front of a Cmnd. This allows one to exclude certain +- values. Note, however, that using a `!' in conjunction with the built-in +- AALLLL alias to allow a user to run ``all but a few'' commands rarely works +- as intended (see _S_E_C_U_R_I_T_Y _N_O_T_E_S below). ++ An exclamation point (`!') can be used as a logical _n_o_t operator in a ++ list or _a_l_i_a_s as well as in front of a Cmnd. This allows one to exclude ++ certain values. For the `!' operator to be effective, there must be ++ something for it to exclude. For example, to match all users except for ++ root one would use: ++ ++ ALL,!root ++ ++ If the AALLLL, is omitted, as in: ++ ++ !root ++ ++ it would explicitly deny root but not match any other users. This is ++ different from a true ``negation'' operator. ++ ++ Note, however, that using a `!' in conjunction with the built-in AALLLL ++ alias to allow a user to run ``all but a few'' commands rarely works as ++ intended (see _S_E_C_U_R_I_T_Y _N_O_T_E_S below). + + Long lines can be continued with a backslash (`\') as the last character + on the line. +diff -up sudo-1.8.6p3/doc/sudoers.man.in.orig sudo-1.8.6p3/doc/sudoers.man.in +--- sudo-1.8.6p3/doc/sudoers.man.in.orig 2013-07-10 13:00:20.987336061 +0200 ++++ sudo-1.8.6p3/doc/sudoers.man.in 2013-07-10 14:57:53.792093837 +0200 +@@ -1490,11 +1490,37 @@ An exclamation point + (`\&!') + can be used as a logical + \fInot\fR +-operator both in an ++operator in a list or + \fIalias\fR +-and in front of a ++as well as in front of a + \fRCmnd\fR. + This allows one to exclude certain values. ++For the ++`\&!' ++operator to be effective, there must be something for it to exclude. ++For example, to match all users except for root one would use: ++.nf ++.sp ++.RS 4n ++ALL,!root ++.RE ++.fi ++.PP ++If the ++\fBALL\fR, ++is omitted, as in: ++.nf ++.sp ++.RS 4n ++!root ++.RE ++.fi ++.PP ++it would explicitly deny root but not match any other users. ++This is different from a true ++``negation'' ++operator. ++.PP + Note, however, that using a + `\&!' + in conjunction with the built-in +diff -up sudo-1.8.6p3/doc/sudoers.mdoc.in.orig sudo-1.8.6p3/doc/sudoers.mdoc.in +--- sudo-1.8.6p3/doc/sudoers.mdoc.in.orig 2012-09-18 15:57:43.000000000 +0200 ++++ sudo-1.8.6p3/doc/sudoers.mdoc.in 2013-07-10 14:57:53.793093839 +0200 +@@ -1393,11 +1393,31 @@ An exclamation point + .Pq Ql \&! + can be used as a logical + .Em not +-operator both in an ++operator in a list or + .Em alias +-and in front of a ++as well as in front of a + .Li Cmnd . + This allows one to exclude certain values. ++For the ++.Ql \&! ++operator to be effective, there must be something for it to exclude. ++For example, to match all users except for root one would use: ++.Bd -literal -offset 4n ++ALL,!root ++.Ed ++.Pp ++If the ++.Sy ALL , ++is omitted, as in: ++.Bd -literal -offset 4n ++!root ++.Ed ++.Pp ++it would explicitly deny root but not match any other users. ++This is different from a true ++.Dq negation ++operator. ++.Pp + Note, however, that using a + .Ql \&! + in conjunction with the built-in diff --git a/SOURCES/sudo-1.8.6p3-aliaswarnonly.patch b/SOURCES/sudo-1.8.6p3-aliaswarnonly.patch new file mode 100644 index 0000000..4f2a13b --- /dev/null +++ b/SOURCES/sudo-1.8.6p3-aliaswarnonly.patch @@ -0,0 +1,12 @@ +diff -up sudo-1.8.6p3/plugins/sudoers/visudo.c.aliaswarnonly sudo-1.8.6p3/plugins/sudoers/visudo.c +--- sudo-1.8.6p3/plugins/sudoers/visudo.c.aliaswarnonly 2012-09-25 16:19:04.995831784 +0200 ++++ sudo-1.8.6p3/plugins/sudoers/visudo.c 2012-09-25 16:20:15.768964400 +0200 +@@ -1238,7 +1238,7 @@ check_aliases(bool strict, bool quiet) + + /* If all aliases were referenced we will have an empty tree. */ + if (!no_aliases() && !quiet) +- alias_apply(print_unused, strict ? "Error" : "Warning"); ++ alias_apply(print_unused, "Warning"); + + debug_return_int(strict ? errors : 0); + } diff --git a/SOURCES/sudo-1.8.6p3-auditeditor.patch b/SOURCES/sudo-1.8.6p3-auditeditor.patch new file mode 100644 index 0000000..db2c96f --- /dev/null +++ b/SOURCES/sudo-1.8.6p3-auditeditor.patch @@ -0,0 +1,29 @@ +diff -up sudo-1.8.6p3/plugins/sudoers/sudoers.c.auditeditor sudo-1.8.6p3/plugins/sudoers/sudoers.c +--- sudo-1.8.6p3/plugins/sudoers/sudoers.c.auditeditor 2012-09-24 16:16:07.577331344 +0200 ++++ sudo-1.8.6p3/plugins/sudoers/sudoers.c 2012-09-24 16:30:16.738174293 +0200 +@@ -709,7 +709,24 @@ sudoers_policy_main(int argc, char * con + #endif /* HAVE_SELINUX */ + + /* Must audit before uid change. */ +- audit_success(NewArgv); ++ if (ISSET(sudo_mode, MODE_EDIT)) { ++ /* ++ * Build a new argv, argc for the audit system ++ * so that the editor being invoked is visible ++ * in audit messages. ++ */ ++ char *editor = NULL; ++ char **editor_argv = NULL; ++ ++ editor = find_editor(NewArgc - 1, NewArgv + 1, &editor_argv); ++ ++ if (editor) { ++ audit_success(editor_argv); ++ efree(editor_argv); ++ } else ++ errorx(1, _("Can't find an editor")); ++ } else ++ audit_success(NewArgv); + + *command_infop = command_info; + diff --git a/SOURCES/sudo-1.8.6p3-auditrolechange.patch b/SOURCES/sudo-1.8.6p3-auditrolechange.patch new file mode 100644 index 0000000..90e7331 --- /dev/null +++ b/SOURCES/sudo-1.8.6p3-auditrolechange.patch @@ -0,0 +1,45 @@ +diff -up sudo-1.8.6p3/src/selinux.c.auditrolechange sudo-1.8.6p3/src/selinux.c +--- sudo-1.8.6p3/src/selinux.c.auditrolechange 2012-09-25 16:29:58.090826474 +0200 ++++ sudo-1.8.6p3/src/selinux.c 2012-09-25 16:33:53.953084178 +0200 +@@ -63,7 +63,7 @@ static struct selinux_state { + #ifdef HAVE_LINUX_AUDIT + static int + audit_role_change(const security_context_t old_context, +- const security_context_t new_context, const char *ttyn) ++ const security_context_t new_context, const char *ttyn, int result) + { + int au_fd, rc = -1; + char *message; +@@ -80,7 +80,7 @@ audit_role_change(const security_context + easprintf(&message, "newrole: old-context=%s new-context=%s", + old_context, new_context); + rc = audit_log_user_message(au_fd, AUDIT_USER_ROLE_CHANGE, +- message, NULL, NULL, ttyn, 1); ++ message, NULL, NULL, ttyn, result); + if (rc <= 0) + warning(_("unable to send audit message")); + efree(message); +@@ -335,8 +335,13 @@ selinux_setup(const char *role, const ch + warningx("your old context was %s", se_state.old_context); + #endif + se_state.new_context = get_exec_context(se_state.old_context, role, type); +- if (!se_state.new_context) ++ if (!se_state.new_context) { ++#ifdef HAVE_LINUX_AUDIT ++ audit_role_change(se_state.old_context, "?", ++ se_state.ttyn, 0); ++#endif + goto done; ++ } + + if (relabel_tty(ttyn, ptyfd) < 0) { + warning(_("unable to setup tty context for %s"), se_state.new_context); +@@ -352,7 +357,7 @@ selinux_setup(const char *role, const ch + + #ifdef HAVE_LINUX_AUDIT + audit_role_change(se_state.old_context, se_state.new_context, +- se_state.ttyn); ++ se_state.ttyn, 1); + #endif + + rval = 0; diff --git a/SOURCES/sudo-1.8.6p3-cycledetect.patch b/SOURCES/sudo-1.8.6p3-cycledetect.patch new file mode 100644 index 0000000..e2c9b87 --- /dev/null +++ b/SOURCES/sudo-1.8.6p3-cycledetect.patch @@ -0,0 +1,477 @@ +diff -up sudo-1.8.6p3/plugins/sudoers/alias.c.cycledetect sudo-1.8.6p3/plugins/sudoers/alias.c +--- sudo-1.8.6p3/plugins/sudoers/alias.c.cycledetect 2012-09-18 15:56:29.000000000 +0200 ++++ sudo-1.8.6p3/plugins/sudoers/alias.c 2013-08-09 10:52:04.785860905 +0200 +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2004-2005, 2007-2011 ++ * Copyright (c) 2004-2005, 2007-2013 + * Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any +@@ -50,7 +50,6 @@ + * Globals + */ + struct rbtree *aliases; +-unsigned int alias_seqno; + + /* + * Comparison function for the red-black tree. +@@ -76,29 +75,31 @@ alias_compare(const void *v1, const void + /* + * Search the tree for an alias with the specified name and type. + * Returns a pointer to the alias structure or NULL if not found. ++ * Caller is responsible for calling alias_put() on the returned ++ * alias to mark it as unused. + */ + struct alias * +-alias_find(char *name, int type) ++alias_get(char *name, int type) + { + struct alias key; + struct rbnode *node; + struct alias *a = NULL; +- debug_decl(alias_find, SUDO_DEBUG_ALIAS) ++ debug_decl(alias_get, SUDO_DEBUG_ALIAS) + + key.name = name; + key.type = type; + if ((node = rbfind(aliases, &key)) != NULL) { + /* +- * Compare the global sequence number with the one stored +- * in the alias. If they match then we've seen this alias +- * before and found a loop. ++ * Check whether this alias is already in use. ++ * If so, we've detected a loop. If not, set the flag, ++ * which the caller should clear with a call to alias_put(). + */ + a = node->data; +- if (a->seqno == alias_seqno) { ++ if (a->used) { + errno = ELOOP; + debug_return_ptr(NULL); + } +- a->seqno = alias_seqno; ++ a->used = true; + } else { + errno = ENOENT; + } +@@ -106,6 +107,17 @@ alias_find(char *name, int type) + } + + /* ++ * Clear the "used" flag in an alias once the caller is done with it. ++ */ ++void ++alias_put(struct alias *a) ++{ ++ debug_decl(alias_put, SUDO_DEBUG_ALIAS) ++ a->used = false; ++ debug_return; ++} ++ ++/* + * Add an alias to the aliases redblack tree. + * Returns NULL on success and an error string on failure. + */ +@@ -119,7 +131,7 @@ alias_add(char *name, int type, struct m + a = ecalloc(1, sizeof(*a)); + a->name = name; + a->type = type; +- /* a->seqno = 0; */ ++ /* a->used = false; */ + list2tq(&a->members, members); + if (rbinsert(aliases, a)) { + snprintf(errbuf, sizeof(errbuf), _("Alias `%s' already defined"), name); +diff -up sudo-1.8.6p3/plugins/sudoers/match.c.cycledetect sudo-1.8.6p3/plugins/sudoers/match.c +--- sudo-1.8.6p3/plugins/sudoers/match.c.cycledetect 2013-08-09 10:52:04.783860895 +0200 ++++ sudo-1.8.6p3/plugins/sudoers/match.c 2013-08-09 10:52:04.785860905 +0200 +@@ -101,13 +101,13 @@ static bool command_matches_normal(char + * Check for user described by pw in a list of members. + * Returns ALLOW, DENY or UNSPEC. + */ +-static int +-_userlist_matches(struct passwd *pw, struct member_list *list) ++int ++userlist_matches(struct passwd *pw, struct member_list *list) + { + struct member *m; + struct alias *a; + int rval, matched = UNSPEC; +- debug_decl(_userlist_matches, SUDO_DEBUG_MATCH) ++ debug_decl(userlist_matches, SUDO_DEBUG_MATCH) + + tq_foreach_rev(list, m) { + switch (m->type) { +@@ -123,10 +123,11 @@ _userlist_matches(struct passwd *pw, str + matched = !m->negated; + break; + case ALIAS: +- if ((a = alias_find(m->name, USERALIAS)) != NULL) { +- rval = _userlist_matches(pw, &a->members); ++ if ((a = alias_get(m->name, USERALIAS)) != NULL) { ++ rval = userlist_matches(pw, &a->members); + if (rval != UNSPEC) + matched = m->negated ? !rval : rval; ++ alias_put(a); + break; + } + /* FALLTHROUGH */ +@@ -141,20 +142,13 @@ _userlist_matches(struct passwd *pw, str + debug_return_bool(matched); + } + +-int +-userlist_matches(struct passwd *pw, struct member_list *list) +-{ +- alias_seqno++; +- return _userlist_matches(pw, list); +-} +- + /* + * Check for user described by pw in a list of members. + * If both lists are empty compare against def_runas_default. + * Returns ALLOW, DENY or UNSPEC. + */ +-static int +-_runaslist_matches(struct member_list *user_list, ++int ++runaslist_matches(struct member_list *user_list, + struct member_list *group_list, struct member **matching_user, + struct member **matching_group) + { +@@ -163,7 +157,7 @@ _runaslist_matches(struct member_list *u + int rval; + int user_matched = UNSPEC; + int group_matched = UNSPEC; +- debug_decl(_runaslist_matches, SUDO_DEBUG_MATCH) ++ debug_decl(runaslist_matches, SUDO_DEBUG_MATCH) + + if (runas_pw != NULL) { + /* If no runas user or runas group listed in sudoers, use default. */ +@@ -184,11 +178,12 @@ _runaslist_matches(struct member_list *u + user_matched = !m->negated; + break; + case ALIAS: +- if ((a = alias_find(m->name, RUNASALIAS)) != NULL) { +- rval = _runaslist_matches(&a->members, &empty, ++ if ((a = alias_get(m->name, RUNASALIAS)) != NULL) { ++ rval = runaslist_matches(&a->members, &empty, + matching_user, NULL); + if (rval != UNSPEC) + user_matched = m->negated ? !rval : rval; ++ alias_put(a); + break; + } + /* FALLTHROUGH */ +@@ -221,11 +216,12 @@ _runaslist_matches(struct member_list *u + group_matched = !m->negated; + break; + case ALIAS: +- if ((a = alias_find(m->name, RUNASALIAS)) != NULL) { +- rval = _runaslist_matches(&empty, &a->members, ++ if ((a = alias_get(m->name, RUNASALIAS)) != NULL) { ++ rval = runaslist_matches(&empty, &a->members, + NULL, matching_group); + if (rval != UNSPEC) + group_matched = m->negated ? !rval : rval; ++ alias_put(a); + break; + } + /* FALLTHROUGH */ +@@ -253,27 +249,17 @@ _runaslist_matches(struct member_list *u + debug_return_int(UNSPEC); + } + +-int +-runaslist_matches(struct member_list *user_list, +- struct member_list *group_list, struct member **matching_user, +- struct member **matching_group) +-{ +- alias_seqno++; +- return _runaslist_matches(user_list ? user_list : &empty, +- group_list ? group_list : &empty, matching_user, matching_group); +-} +- + /* + * Check for host and shost in a list of members. + * Returns ALLOW, DENY or UNSPEC. + */ +-static int +-_hostlist_matches(struct member_list *list) ++int ++hostlist_matches(struct member_list *list) + { + struct member *m; + struct alias *a; + int rval, matched = UNSPEC; +- debug_decl(_hostlist_matches, SUDO_DEBUG_MATCH) ++ debug_decl(hostlist_matches, SUDO_DEBUG_MATCH) + + tq_foreach_rev(list, m) { + switch (m->type) { +@@ -289,10 +275,11 @@ _hostlist_matches(struct member_list *li + matched = !m->negated; + break; + case ALIAS: +- if ((a = alias_find(m->name, HOSTALIAS)) != NULL) { +- rval = _hostlist_matches(&a->members); ++ if ((a = alias_get(m->name, HOSTALIAS)) != NULL) { ++ rval = hostlist_matches(&a->members); + if (rval != UNSPEC) + matched = m->negated ? !rval : rval; ++ alias_put(a); + break; + } + /* FALLTHROUGH */ +@@ -307,23 +294,16 @@ _hostlist_matches(struct member_list *li + debug_return_bool(matched); + } + +-int +-hostlist_matches(struct member_list *list) +-{ +- alias_seqno++; +- return _hostlist_matches(list); +-} +- + /* + * Check for cmnd and args in a list of members. + * Returns ALLOW, DENY or UNSPEC. + */ +-static int +-_cmndlist_matches(struct member_list *list) ++int ++cmndlist_matches(struct member_list *list) + { + struct member *m; + int matched = UNSPEC; +- debug_decl(_cmndlist_matches, SUDO_DEBUG_MATCH) ++ debug_decl(cmndlist_matches, SUDO_DEBUG_MATCH) + + tq_foreach_rev(list, m) { + matched = cmnd_matches(m); +@@ -333,13 +313,6 @@ _cmndlist_matches(struct member_list *li + debug_return_bool(matched); + } + +-int +-cmndlist_matches(struct member_list *list) +-{ +- alias_seqno++; +- return _cmndlist_matches(list); +-} +- + /* + * Check cmnd and args. + * Returns ALLOW, DENY or UNSPEC. +@@ -357,11 +330,11 @@ cmnd_matches(struct member *m) + matched = !m->negated; + break; + case ALIAS: +- alias_seqno++; +- if ((a = alias_find(m->name, CMNDALIAS)) != NULL) { +- rval = _cmndlist_matches(&a->members); ++ if ((a = alias_get(m->name, CMNDALIAS)) != NULL) { ++ rval = cmndlist_matches(&a->members); + if (rval != UNSPEC) + matched = m->negated ? !rval : rval; ++ alias_put(a); + } + break; + case COMMAND: +diff -up sudo-1.8.6p3/plugins/sudoers/parse.c.cycledetect sudo-1.8.6p3/plugins/sudoers/parse.c +--- sudo-1.8.6p3/plugins/sudoers/parse.c.cycledetect 2012-09-18 15:57:43.000000000 +0200 ++++ sudo-1.8.6p3/plugins/sudoers/parse.c 2013-08-09 10:52:04.785860905 +0200 +@@ -676,13 +676,14 @@ _print_member(struct lbuf *lbuf, char *n + } + break; + case ALIAS: +- if ((a = alias_find(name, alias_type)) != NULL) { ++ if ((a = alias_get(name, alias_type)) != NULL) { + tq_foreach_fwd(&a->members, m) { + if (m != tq_first(&a->members)) + lbuf_append(lbuf, ", "); + _print_member(lbuf, m->name, m->type, + negated ? !m->negated : m->negated, alias_type); + } ++ alias_put(a); + break; + } + /* FALLTHROUGH */ +@@ -697,6 +698,5 @@ static void + print_member(struct lbuf *lbuf, char *name, int type, int negated, + int alias_type) + { +- alias_seqno++; + _print_member(lbuf, name, type, negated, alias_type); + } +diff -up sudo-1.8.6p3/plugins/sudoers/parse.h.cycledetect sudo-1.8.6p3/plugins/sudoers/parse.h +--- sudo-1.8.6p3/plugins/sudoers/parse.h.cycledetect 2012-09-18 15:56:29.000000000 +0200 ++++ sudo-1.8.6p3/plugins/sudoers/parse.h 2013-08-09 10:54:30.984565529 +0200 +@@ -148,7 +148,7 @@ struct runascontainer { + struct alias { + char *name; /* alias name */ + unsigned short type; /* {USER,HOST,RUNAS,CMND}ALIAS */ +- unsigned short seqno; /* sequence number */ ++ bool used; /* "used" flag for cycle detection */ + struct member_list members; /* list of alias members */ + }; + +@@ -170,35 +170,39 @@ struct defaults { + extern struct userspec_list userspecs; + extern struct defaults_list defaults; + +-/* +- * Alias sequence number to avoid loops. +- */ +-extern unsigned int alias_seqno; +- +-/* +- * Prototypes +- */ +-char *alias_add(char *, int, struct member *); +-bool addr_matches(char *); +-int cmnd_matches(struct member *); +-int cmndlist_matches(struct member_list *); +-bool command_matches(char *, char *); +-int hostlist_matches(struct member_list *); +-bool hostname_matches(char *, char *, char *); +-bool netgr_matches(char *, char *, char *, char *); ++/* alias.c */ + bool no_aliases(void); +-int runaslist_matches(struct member_list *, struct member_list *, struct member **, struct member **); +-int userlist_matches(struct passwd *, struct member_list *); +-bool usergr_matches(char *, char *, struct passwd *); +-bool userpw_matches(char *, char *, struct passwd *); +-bool group_matches(char *, struct group *); +-struct alias *alias_find(char *, int); +-struct alias *alias_remove(char *, int); +-void alias_free(void *); +-void alias_apply(int (*)(void *, void *), void *); ++char *alias_add(char *name, int type, struct member *members); ++int alias_compare(const void *a1, const void *a2); ++struct alias *alias_get(char *name, int type); ++struct alias *alias_remove(char *name, int type); ++void alias_apply(int (*func)(void *, void *), void *cookie); ++void alias_free(void *a); ++void alias_put(struct alias *a); + void init_aliases(void); +-void init_lexer(void); ++/* gram.c */ + void init_parser(const char *, bool); +-int alias_compare(const void *, const void *); ++ ++/* match_addr.c */ ++bool addr_matches(char *n); ++ ++/* match.c */ ++bool command_matches(char *sudoers_cmnd, char *sudoers_args); ++bool group_matches(char *sudoers_group, struct group *gr); ++bool hostname_matches(char *shost, char *lhost, char *pattern); ++bool netgr_matches(char *netgr, char *lhost, char *shost, char *user); ++bool usergr_matches(char *group, char *user, struct passwd *pw); ++bool userpw_matches(char *sudoers_user, char *user, struct passwd *pw); ++int cmnd_matches(struct member *m); ++int cmndlist_matches(struct member_list *list); ++int hostlist_matches(struct member_list *list); ++int runaslist_matches(struct member_list *user_list, struct member_list *group_list, struct member **matching_user, struct member **matching_group); ++int userlist_matches(struct passwd *pw, struct member_list *list); ++ ++/* toke.c */ ++ void init_lexer(void); ++ ++/* base64.c */ ++ size_t base64_decode(const char *str, unsigned char *dst, size_t dsize); + + #endif /* _SUDO_PARSE_H */ +diff -up sudo-1.8.6p3/plugins/sudoers/visudo.c.cycledetect sudo-1.8.6p3/plugins/sudoers/visudo.c +--- sudo-1.8.6p3/plugins/sudoers/visudo.c.cycledetect 2013-08-09 10:52:04.759860779 +0200 ++++ sudo-1.8.6p3/plugins/sudoers/visudo.c 2013-08-09 10:52:04.786860910 +0200 +@@ -1084,7 +1084,6 @@ alias_remove_recursive(char *name, int t + } + rbinsert(alias_freelist, a); + } +- alias_seqno++; + debug_return_bool(rval); + } + +@@ -1096,12 +1095,13 @@ check_alias(char *name, int type, int st + int errors = 0; + debug_decl(check_alias, SUDO_DEBUG_ALIAS) + +- if ((a = alias_find(name, type)) != NULL) { ++ if ((a = alias_get(name, type)) != NULL) { + /* check alias contents */ + tq_foreach_fwd(&a->members, m) { + if (m->type == ALIAS) + errors += check_alias(m->name, type, strict, quiet); + } ++ alias_put(a); + } else { + if (!quiet) { + char *fmt; +@@ -1146,26 +1146,22 @@ check_aliases(bool strict, bool quiet) + tq_foreach_fwd(&userspecs, us) { + tq_foreach_fwd(&us->users, m) { + if (m->type == ALIAS) { +- alias_seqno++; + errors += check_alias(m->name, USERALIAS, strict, quiet); + } + } + tq_foreach_fwd(&us->privileges, priv) { + tq_foreach_fwd(&priv->hostlist, m) { + if (m->type == ALIAS) { +- alias_seqno++; + errors += check_alias(m->name, HOSTALIAS, strict, quiet); + } + } + tq_foreach_fwd(&priv->cmndlist, cs) { + tq_foreach_fwd(&cs->runasuserlist, m) { + if (m->type == ALIAS) { +- alias_seqno++; + errors += check_alias(m->name, RUNASALIAS, strict, quiet); + } + } + if ((m = cs->cmnd)->type == ALIAS) { +- alias_seqno++; + errors += check_alias(m->name, CMNDALIAS, strict, quiet); + } + } +@@ -1176,7 +1172,6 @@ check_aliases(bool strict, bool quiet) + tq_foreach_fwd(&userspecs, us) { + tq_foreach_fwd(&us->users, m) { + if (m->type == ALIAS) { +- alias_seqno++; + if (!alias_remove_recursive(m->name, USERALIAS)) + errors++; + } +@@ -1184,7 +1179,6 @@ check_aliases(bool strict, bool quiet) + tq_foreach_fwd(&us->privileges, priv) { + tq_foreach_fwd(&priv->hostlist, m) { + if (m->type == ALIAS) { +- alias_seqno++; + if (!alias_remove_recursive(m->name, HOSTALIAS)) + errors++; + } +@@ -1192,13 +1186,11 @@ check_aliases(bool strict, bool quiet) + tq_foreach_fwd(&priv->cmndlist, cs) { + tq_foreach_fwd(&cs->runasuserlist, m) { + if (m->type == ALIAS) { +- alias_seqno++; + if (!alias_remove_recursive(m->name, RUNASALIAS)) + errors++; + } + } + if ((m = cs->cmnd)->type == ALIAS) { +- alias_seqno++; + if (!alias_remove_recursive(m->name, CMNDALIAS)) + errors++; + } +@@ -1225,7 +1217,6 @@ check_aliases(bool strict, bool quiet) + tq_foreach_fwd(&d->binding, binding) { + for (m = binding; m != NULL; m = m->next) { + if (m->type == ALIAS) { +- alias_seqno++; + if (!alias_remove_recursive(m->name, atype)) + errors++; + } diff --git a/SOURCES/sudo-1.8.6p3-emallocfail.patch b/SOURCES/sudo-1.8.6p3-emallocfail.patch new file mode 100644 index 0000000..91792df --- /dev/null +++ b/SOURCES/sudo-1.8.6p3-emallocfail.patch @@ -0,0 +1,17 @@ +diff -up sudo-1.8.6p3/plugins/sudoers/sssd.c.emallocfail sudo-1.8.6p3/plugins/sudoers/sssd.c +--- sudo-1.8.6p3/plugins/sudoers/sssd.c.emallocfail 2012-11-23 15:58:20.139417659 +0100 ++++ sudo-1.8.6p3/plugins/sudoers/sssd.c 2012-11-23 15:58:26.732437421 +0100 +@@ -212,7 +212,12 @@ sudo_sss_filter_result(struct sudo_sss_h + sudo_debug_printf(SUDO_DEBUG_DEBUG, + "reallocating result: %p (count: %u -> %u)", out_res->rules, + in_res->num_rules, l); +- out_res->rules = erealloc3(out_res->rules, l, sizeof(struct sss_sudo_rule)); ++ if (l > 0) ++ out_res->rules = erealloc3(out_res->rules, l, sizeof(struct sss_sudo_rule)); ++ else { ++ efree(out_res->rules); ++ out_res->rules = NULL; ++ } + } + + out_res->num_rules = l; diff --git a/SOURCES/sudo-1.8.6p3-lbufexpandcode.patch b/SOURCES/sudo-1.8.6p3-lbufexpandcode.patch new file mode 100644 index 0000000..70a4c13 --- /dev/null +++ b/SOURCES/sudo-1.8.6p3-lbufexpandcode.patch @@ -0,0 +1,138 @@ +diff -up sudo-1.8.6p3/common/lbuf.c.lbufexpandcode sudo-1.8.6p3/common/lbuf.c +--- sudo-1.8.6p3/common/lbuf.c.lbufexpandcode 2013-08-12 17:28:52.429562473 +0200 ++++ sudo-1.8.6p3/common/lbuf.c 2013-08-12 17:29:21.486668465 +0200 +@@ -77,6 +77,17 @@ lbuf_destroy(struct lbuf *lbuf) + debug_return; + } + ++static void ++lbuf_expand(struct lbuf *lbuf, size_t extra) ++{ ++ if (lbuf->len + extra + 1 >= lbuf->size) { ++ do { ++ lbuf->size += 256; ++ } while (lbuf->len + extra + 1 >= lbuf->size); ++ lbuf->buf = erealloc(lbuf->buf, lbuf->size); ++ } ++} ++ + /* + * Parse the format and append strings, only %s and %% escapes are supported. + * Any characters in set are quoted with a backslash. +@@ -86,47 +97,40 @@ lbuf_append_quoted(struct lbuf *lbuf, co + { + va_list ap; + int len; +- char *cp, *s = NULL; ++ char *cp, *s; + debug_decl(lbuf_append_quoted, SUDO_DEBUG_UTIL) + + va_start(ap, fmt); + while (*fmt != '\0') { +- len = 1; + if (fmt[0] == '%' && fmt[1] == 's') { +- s = va_arg(ap, char *); +- len = strlen(s); +- } +- /* Assume worst case that all chars must be escaped. */ +- if (lbuf->len + (len * 2) + 1 >= lbuf->size) { +- do { +- lbuf->size += 256; +- } while (lbuf->len + len + 1 >= lbuf->size); +- lbuf->buf = erealloc(lbuf->buf, lbuf->size); +- } +- if (*fmt == '%') { +- if (*(++fmt) == 's') { +- while ((cp = strpbrk(s, set)) != NULL) { +- len = (int)(cp - s); +- memcpy(lbuf->buf + lbuf->len, s, len); +- lbuf->len += len; +- lbuf->buf[lbuf->len++] = '\\'; +- lbuf->buf[lbuf->len++] = *cp; +- s = cp + 1; +- } +- if (*s != '\0') { +- len = strlen(s); +- memcpy(lbuf->buf + lbuf->len, s, len); +- lbuf->len += len; +- } +- fmt++; +- continue; ++ if ((s = va_arg(ap, char *)) == NULL) ++ goto done; ++ while ((cp = strpbrk(s, set)) != NULL) { ++ len = (int)(cp - s); ++ lbuf_expand(lbuf, len + 2); ++ memcpy(lbuf->buf + lbuf->len, s, len); ++ lbuf->len += len; ++ lbuf->buf[lbuf->len++] = '\\'; ++ lbuf->buf[lbuf->len++] = *cp; ++ s = cp + 1; + } ++ if (*s != '\0') { ++ len = strlen(s); ++ lbuf_expand(lbuf, len); ++ memcpy(lbuf->buf + lbuf->len, s, len); ++ lbuf->len += len; ++ } ++ fmt += 2; ++ continue; + } ++ lbuf_expand(lbuf, 2); + if (strchr(set, *fmt) != NULL) + lbuf->buf[lbuf->len++] = '\\'; + lbuf->buf[lbuf->len++] = *fmt++; + } +- lbuf->buf[lbuf->len] = '\0'; ++done: ++ if (lbuf->size != 0) ++ lbuf->buf[lbuf->len] = '\0'; + va_end(ap); + + debug_return; +@@ -140,33 +144,27 @@ lbuf_append(struct lbuf *lbuf, const cha + { + va_list ap; + int len; +- char *s = NULL; ++ char *s; + debug_decl(lbuf_append, SUDO_DEBUG_UTIL) + + va_start(ap, fmt); + while (*fmt != '\0') { +- len = 1; + if (fmt[0] == '%' && fmt[1] == 's') { +- s = va_arg(ap, char *); ++ if ((s = va_arg(ap, char *)) == NULL) ++ goto done; + len = strlen(s); ++ lbuf_expand(lbuf, len); ++ memcpy(lbuf->buf + lbuf->len, s, len); ++ lbuf->len += len; ++ fmt += 2; ++ continue; + } +- if (lbuf->len + len + 1 >= lbuf->size) { +- do { +- lbuf->size += 256; +- } while (lbuf->len + len + 1 >= lbuf->size); +- lbuf->buf = erealloc(lbuf->buf, lbuf->size); +- } +- if (*fmt == '%') { +- if (*(++fmt) == 's') { +- memcpy(lbuf->buf + lbuf->len, s, len); +- lbuf->len += len; +- fmt++; +- continue; +- } +- } ++ lbuf_expand(lbuf, 1); + lbuf->buf[lbuf->len++] = *fmt++; + } +- lbuf->buf[lbuf->len] = '\0'; ++done: ++ if (lbuf->size != 0) ++ lbuf->buf[lbuf->len] = '\0'; + va_end(ap); + + debug_return; diff --git a/SOURCES/sudo-1.8.6p3-ldap-sssd-usermatch.patch b/SOURCES/sudo-1.8.6p3-ldap-sssd-usermatch.patch new file mode 100644 index 0000000..1058cd2 --- /dev/null +++ b/SOURCES/sudo-1.8.6p3-ldap-sssd-usermatch.patch @@ -0,0 +1,24 @@ +diff -up sudo-1.8.6p3/plugins/sudoers/ldap.c.usermatch sudo-1.8.6p3/plugins/sudoers/ldap.c +--- sudo-1.8.6p3/plugins/sudoers/ldap.c.usermatch 2012-11-23 15:57:00.084176086 +0100 ++++ sudo-1.8.6p3/plugins/sudoers/ldap.c 2012-11-23 15:57:21.491239877 +0100 +@@ -742,7 +742,7 @@ sudo_ldap_check_runas_user(LDAP *ld, LDA + } + /* FALLTHROUGH */ + default: +- if (strcasecmp(val, runas_pw->pw_name) == 0) ++ if (userpw_matches(val, runas_pw->pw_name, runas_pw)) + ret = true; + break; + } +diff -up sudo-1.8.6p3/plugins/sudoers/sssd.c.usermatch sudo-1.8.6p3/plugins/sudoers/sssd.c +--- sudo-1.8.6p3/plugins/sudoers/sssd.c.usermatch 2012-11-23 15:57:12.234211662 +0100 ++++ sudo-1.8.6p3/plugins/sudoers/sssd.c 2012-11-23 15:57:21.492239881 +0100 +@@ -466,7 +466,7 @@ sudo_sss_check_runas_user(struct sudo_ss + /* FALLTHROUGH */ + sudo_debug_printf(SUDO_DEBUG_DEBUG, "FALLTHROUGH"); + default: +- if (strcasecmp(val, runas_pw->pw_name) == 0) { ++ if (userpw_matches(val, runas_pw->pw_name, runas_pw)) { + sudo_debug_printf(SUDO_DEBUG_DEBUG, + "%s == %s (pw_name) => match", val, runas_pw->pw_name); + ret = true; diff --git a/SOURCES/sudo-1.8.6p3-ldapconfparse.patch b/SOURCES/sudo-1.8.6p3-ldapconfparse.patch new file mode 100644 index 0000000..b73ae0f --- /dev/null +++ b/SOURCES/sudo-1.8.6p3-ldapconfparse.patch @@ -0,0 +1,45 @@ +diff -up sudo-1.8.6p3/plugins/sudoers/ldap.c.confparse sudo-1.8.6p3/plugins/sudoers/ldap.c +--- sudo-1.8.6p3/plugins/sudoers/ldap.c.confparse 2012-11-23 15:46:41.801008370 +0100 ++++ sudo-1.8.6p3/plugins/sudoers/ldap.c 2012-11-23 15:46:07.903885738 +0100 +@@ -1343,6 +1343,32 @@ sudo_ldap_parse_keyword(const char *keyw + debug_return_bool(false); + } + ++/* ++ * Read a line of input, remove whole line comments and strip off leading ++ * and trailing spaces. Returns static storage that is reused. ++ */ ++static char * ++sudo_ldap_parseln(FILE *fp) ++{ ++ size_t len; ++ char *cp = NULL; ++ static char buf[LINE_MAX]; ++ ++ if (fgets(buf, sizeof(buf), fp) != NULL) { ++ /* Remove comments */ ++ if (*buf == '#') ++ *buf = '\0'; ++ ++ /* Trim leading and trailing whitespace/newline */ ++ len = strlen(buf); ++ while (len > 0 && isspace((unsigned char)buf[len - 1])) ++ buf[--len] = '\0'; ++ for (cp = buf; isblank(*cp); cp++) ++ continue; ++ } ++ return(cp); ++} ++ + static bool + sudo_ldap_read_config(void) + { +@@ -1364,7 +1390,7 @@ sudo_ldap_read_config(void) + if ((fp = fopen(_PATH_LDAP_CONF, "r")) == NULL) + debug_return_bool(false); + +- while ((cp = sudo_parseln(fp)) != NULL) { ++ while ((cp = sudo_ldap_parseln(fp)) != NULL) { + if (*cp == '\0') + continue; /* skip empty line */ + diff --git a/SOURCES/sudo-1.8.6p3-mantypo.patch b/SOURCES/sudo-1.8.6p3-mantypo.patch new file mode 100644 index 0000000..8b79d91 --- /dev/null +++ b/SOURCES/sudo-1.8.6p3-mantypo.patch @@ -0,0 +1,12 @@ +diff -up sudo-1.8.6p3/doc/sudoers.man.in.mantypo sudo-1.8.6p3/doc/sudoers.man.in +--- sudo-1.8.6p3/doc/sudoers.man.in.mantypo 2012-09-24 16:38:33.946465411 +0200 ++++ sudo-1.8.6p3/doc/sudoers.man.in 2012-09-24 16:39:01.400941691 +0200 +@@ -1408,7 +1408,7 @@ to include the file + The + \fR#includedir\fR + directive can be used to create a +-\fIsudo.d\fR ++\fIsudoers.d\fR + directory that the system package manager can drop + \fIsudoers\fR + rules diff --git a/SOURCES/sudo-1.8.6p3-netgrmatchtrace.patch b/SOURCES/sudo-1.8.6p3-netgrmatchtrace.patch new file mode 100644 index 0000000..010699d --- /dev/null +++ b/SOURCES/sudo-1.8.6p3-netgrmatchtrace.patch @@ -0,0 +1,56 @@ +diff -up sudo-1.8.6p3/plugins/sudoers/match.c.netgrmatchtrace sudo-1.8.6p3/plugins/sudoers/match.c +--- sudo-1.8.6p3/plugins/sudoers/match.c.netgrmatchtrace 2013-08-12 14:42:56.498247674 +0200 ++++ sudo-1.8.6p3/plugins/sudoers/match.c 2013-08-12 14:43:01.009264127 +0200 +@@ -713,6 +713,10 @@ netgr_matches(char *netgr, char *lhost, + #ifdef HAVE_GETDOMAINNAME + static int initialized; + #endif ++#ifdef HAVE_INNETGR ++ bool innetgr_lhost = false; ++ bool innetgr_shost = false; ++#endif + debug_decl(netgr_matches, SUDO_DEBUG_MATCH) + + /* make sure we have a valid netgroup, sudo style */ +@@ -733,9 +737,39 @@ netgr_matches(char *netgr, char *lhost, + + #ifdef HAVE_INNETGR + if (innetgr(netgr, lhost, user, domain)) +- debug_return_bool(true); ++ innetgr_lhost = true; + else if (lhost != shost && innetgr(netgr, shost, user, domain)) +- debug_return_bool(true); ++ innetgr_shost = true; ++ ++ if (innetgr_lhost) { ++ sudo_debug_printf(SUDO_DEBUG_TRACE, ++ "(%s, %s, %s) found in netgroup %s\n", ++ shost ? shost : "*", ++ user ? user : "*", ++ domain ? domain : "*", ++ netgr); ++ } else if (innetgr_shost) { ++ sudo_debug_printf(SUDO_DEBUG_TRACE, ++ "(%s, %s, %s) found in netgroup %s\n", ++ lhost ? lhost : "*", ++ user ? user : "*", ++ domain ? domain : "*", ++ netgr); ++ } else { ++ sudo_debug_printf(SUDO_DEBUG_TRACE, ++ "(%s, %s, %s) NOT found in netgroup %s\n", ++ shost ? shost : "*", ++ user ? user : "*", ++ domain ? domain : "*", ++ netgr); ++ sudo_debug_printf(SUDO_DEBUG_TRACE, ++ "(%s, %s, %s) NOT found in netgroup %s\n", ++ lhost ? lhost : "*", ++ user ? user : "*", ++ domain ? domain : "*", ++ netgr); ++ } ++ debug_return_bool(innetgr_lhost || innetgr_shost); + #endif /* HAVE_INNETGR */ + + debug_return_bool(false); diff --git a/SOURCES/sudo-1.8.6p3-nowaitopt.patch b/SOURCES/sudo-1.8.6p3-nowaitopt.patch new file mode 100644 index 0000000..db4146c --- /dev/null +++ b/SOURCES/sudo-1.8.6p3-nowaitopt.patch @@ -0,0 +1,113 @@ +diff -up sudo-1.8.6p3/plugins/sudoers/def_data.c.nowaitopt sudo-1.8.6p3/plugins/sudoers/def_data.c +--- sudo-1.8.6p3/plugins/sudoers/def_data.c.nowaitopt 2012-09-26 14:05:10.088862635 +0200 ++++ sudo-1.8.6p3/plugins/sudoers/def_data.c 2012-09-26 13:36:07.750215749 +0200 +@@ -351,6 +351,10 @@ struct sudo_defs_types sudo_defs_table[] + N_("Set of limit privileges"), + NULL, + }, { ++ "cmnd_no_wait", T_FLAG, ++ N_("Don't fork and wait for the command to finish, just exec it"), ++ NULL, ++ }, { + NULL, 0, NULL + } + }; +diff -up sudo-1.8.6p3/plugins/sudoers/def_data.h.nowaitopt sudo-1.8.6p3/plugins/sudoers/def_data.h +--- sudo-1.8.6p3/plugins/sudoers/def_data.h.nowaitopt 2012-09-26 14:05:03.280859958 +0200 ++++ sudo-1.8.6p3/plugins/sudoers/def_data.h 2012-09-26 13:37:05.320329089 +0200 +@@ -162,6 +162,8 @@ + #define I_PRIVS 80 + #define def_limitprivs (sudo_defs_table[81].sd_un.str) + #define I_LIMITPRIVS 81 ++#define def_cmnd_no_wait (sudo_defs_table[82].sd_un.flag) ++#define I_CMND_NO_WAIT 82 + + enum def_tuple { + never, +diff -up sudo-1.8.6p3/plugins/sudoers/sudoers.c.nowaitopt sudo-1.8.6p3/plugins/sudoers/sudoers.c +--- sudo-1.8.6p3/plugins/sudoers/sudoers.c.nowaitopt 2012-09-26 14:04:47.223854171 +0200 ++++ sudo-1.8.6p3/plugins/sudoers/sudoers.c 2012-09-26 13:39:05.590552887 +0200 +@@ -689,6 +689,8 @@ sudoers_policy_main(int argc, char * con + command_info[info_len++] = estrdup("set_utmp=true"); + if (def_use_pty) + command_info[info_len++] = estrdup("use_pty=true"); ++ if (def_cmnd_no_wait) ++ command_info[info_len++] = estrdup("cmnd_no_wait=true"); + if (def_utmp_runas) + command_info[info_len++] = fmt_string("utmp_user", runas_pw->pw_name); + #ifdef HAVE_LOGIN_CAP_H +diff -up sudo-1.8.6p3/src/exec.c.nowaitopt sudo-1.8.6p3/src/exec.c +--- sudo-1.8.6p3/src/exec.c.nowaitopt 2012-09-26 14:06:08.505887008 +0200 ++++ sudo-1.8.6p3/src/exec.c 2012-09-26 13:29:19.786240447 +0200 +@@ -281,6 +281,45 @@ sudo_execute(struct command_details *det + } + + /* ++ * If we don't want to wait for the command to exit, then just exec it. ++ * THIS WILL BREAK SEVERAL THINGS including SELinux, PAM sessions and I/O ++ * logging. Implemented because of rhbz#840980 (backwards compatibility). ++ * In 1.8.x branch this is even harder to get back, since the nowait code ++ * was completely removed. ++ */ ++ if (details->flags & CD_DONTWAIT) { ++ if (exec_setup(details, NULL, -1) == true) { ++ /* headed for execve() */ ++ sudo_debug_execve(SUDO_DEBUG_INFO, details->command, ++ details->argv, details->envp); ++ if (details->closefrom >= 0) { ++ int maxfd = details->closefrom; ++ dup2(sv[1], maxfd); ++ (void)fcntl(maxfd, F_SETFD, FD_CLOEXEC); ++ sv[1] = maxfd++; ++ if (sudo_debug_fd_set(maxfd) != -1) ++ maxfd++; ++ closefrom(maxfd); ++ } ++#ifdef HAVE_SELINUX ++ if (ISSET(details->flags, CD_RBAC_ENABLED)) { ++ selinux_execve(details->command, details->argv, details->envp, ++ ISSET(details->flags, CD_NOEXEC)); ++ } else ++#endif ++ { ++ sudo_execve(details->command, details->argv, details->envp, ++ ISSET(details->flags, CD_NOEXEC)); ++ } ++ sudo_debug_printf(SUDO_DEBUG_ERROR, "unable to exec %s: %s", ++ details->command, strerror(errno)); ++ } ++ cstat->type = CMD_ERRNO; ++ cstat->val = errno; ++ return 127; ++ } ++ ++ /* + * We communicate with the child over a bi-directional pair of sockets. + * Parent sends signal info to child and child sends back wait status. + */ +diff -up sudo-1.8.6p3/src/sudo.c.nowaitopt sudo-1.8.6p3/src/sudo.c +--- sudo-1.8.6p3/src/sudo.c.nowaitopt 2012-09-26 14:06:25.504894811 +0200 ++++ sudo-1.8.6p3/src/sudo.c 2012-09-26 13:33:34.306889223 +0200 +@@ -552,6 +552,11 @@ command_info_to_details(char * const inf + } + break; + } ++ if (strncmp("cmnd_no_wait=", info[i], sizeof("cmnd_no_wait=") - 1) == 0) { ++ if (atobool(info[i] + sizeof("cmnd_no_wait=") - 1) == true) ++ SET(details->flags, CD_DONTWAIT); ++ break; ++ } + break; + case 'l': + SET_STRING("login_class=", login_class) +diff -up sudo-1.8.6p3/src/sudo.h.nowaitopt sudo-1.8.6p3/src/sudo.h +--- sudo-1.8.6p3/src/sudo.h.nowaitopt 2012-09-26 14:06:20.856892631 +0200 ++++ sudo-1.8.6p3/src/sudo.h 2012-09-26 13:19:11.697482212 +0200 +@@ -131,6 +131,7 @@ struct user_details { + #define CD_USE_PTY 0x1000 + #define CD_SET_UTMP 0x2000 + #define CD_SUDOEDIT_COPY 0x4000 ++#define CD_DONTWAIT 0x8000 + + struct command_details { + uid_t uid; diff --git a/SOURCES/sudo-1.8.6p3-nprocfix.patch b/SOURCES/sudo-1.8.6p3-nprocfix.patch new file mode 100644 index 0000000..5ffd56b --- /dev/null +++ b/SOURCES/sudo-1.8.6p3-nprocfix.patch @@ -0,0 +1,117 @@ +diff -up sudo-1.8.6p3/src/exec.c.nprocfix sudo-1.8.6p3/src/exec.c +--- sudo-1.8.6p3/src/exec.c.nprocfix 2013-07-11 12:55:10.686308050 +0200 ++++ sudo-1.8.6p3/src/exec.c 2013-07-11 12:54:21.159160553 +0200 +@@ -132,6 +132,15 @@ static int fork_cmnd(struct command_deta + if (policy_init_session(details) != true) + errorx(1, _("policy plugin failed session initialization")); + ++ /* ++ * See the comment in unlimit_nproc. It is important to call ++ * this function AFTER policy_init_session, because the PAM ++ * subsystem, if used, may change the RLIMIT_NPROC limit to ++ * unlimited (infinity) and we would not be able to distinguish ++ * between our temporary change and the change done by PAM. ++ */ ++ unlimit_nproc(); ++ + cmnd_pid = sudo_debug_fork(); + switch (cmnd_pid) { + case -1: +diff -up sudo-1.8.6p3/src/exec_pty.c.nprocfix sudo-1.8.6p3/src/exec_pty.c +--- sudo-1.8.6p3/src/exec_pty.c.nprocfix 2012-09-18 15:57:43.000000000 +0200 ++++ sudo-1.8.6p3/src/exec_pty.c 2013-07-11 12:37:41.811202301 +0200 +@@ -678,6 +678,15 @@ fork_pty(struct command_details *details + errorx(1, _("policy plugin failed session initialization")); + + /* ++ * See the comment in unlimit_nproc. It is important to call ++ * this function AFTER policy_init_session, because the PAM ++ * subsystem, if used, may change the RLIMIT_NPROC limit to ++ * unlimited (infinity) and we would not be able to distinguish ++ * between our temporary change and the change done by PAM. ++ */ ++ unlimit_nproc(); ++ ++ /* + * Block some signals until cmnd_pid is set in the parent to avoid a + * race between exec of the command and receipt of a fatal signal from it. + */ +diff -up sudo-1.8.6p3/src/sudo.c.nprocfix sudo-1.8.6p3/src/sudo.c +--- sudo-1.8.6p3/src/sudo.c.nprocfix 2013-07-11 12:37:41.767202170 +0200 ++++ sudo-1.8.6p3/src/sudo.c 2013-07-11 12:37:41.811202301 +0200 +@@ -808,25 +808,11 @@ sudo_check_suid(const char *path) + static void + disable_coredumps(void) + { +-#if defined(__linux__) || defined(RLIMIT_CORE) +- struct rlimit rl; ++#if defined(RLIMIT_CORE) ++ struct rlimit rl; + #endif + debug_decl(disable_coredumps, SUDO_DEBUG_UTIL) + +-#if defined(__linux__) +- /* +- * Unlimit the number of processes since Linux's setuid() will +- * apply resource limits when changing uid and return EAGAIN if +- * nproc would be violated by the uid switch. +- */ +- (void) getrlimit(RLIMIT_NPROC, &nproclimit); +- rl.rlim_cur = rl.rlim_max = RLIM_INFINITY; +- if (setrlimit(RLIMIT_NPROC, &rl)) { +- memcpy(&rl, &nproclimit, sizeof(struct rlimit)); +- rl.rlim_cur = rl.rlim_max; +- (void)setrlimit(RLIMIT_NPROC, &rl); +- } +-#endif /* __linux__ */ + #ifdef RLIMIT_CORE + /* + * Turn off core dumps? +@@ -841,6 +827,28 @@ disable_coredumps(void) + debug_return; + } + ++void ++unlimit_nproc(void) ++{ ++ debug_decl(unlimit_nproc, SUDO_DEBUG_UTIL) ++#if defined(__linux__) ++ struct rlimit rl; ++ /* ++ * Unlimit the number of processes since Linux's setuid() will ++ * apply resource limits when changing uid and return EAGAIN if ++ * nproc would be violated by the uid switch. ++ */ ++ (void) getrlimit(RLIMIT_NPROC, &nproclimit); ++ rl.rlim_cur = rl.rlim_max = RLIM_INFINITY; ++ if (setrlimit(RLIMIT_NPROC, &rl)) { ++ memcpy(&rl, &nproclimit, sizeof(struct rlimit)); ++ rl.rlim_cur = rl.rlim_max; ++ (void)setrlimit(RLIMIT_NPROC, &rl); ++ } ++#endif /* __linux__ */ ++ debug_return; ++} ++ + #ifdef HAVE_PROJECT_H + static void + set_project(struct passwd *pw) +@@ -1082,7 +1090,6 @@ exec_setup(struct command_details *detai + errno = 0; + l = sysconf(_SC_CHILD_MAX); + if (l == -1 && errno == 0 && getrlimit(RLIMIT_NPROC, &rl) == 0) { +- if (rl.rlim_cur == RLIM_INFINITY && rl.rlim_max == RLIM_INFINITY) + (void) setrlimit(RLIMIT_NPROC, &nproclimit); + } + } +diff -up sudo-1.8.6p3/src/sudo.h.nprocfix sudo-1.8.6p3/src/sudo.h +--- sudo-1.8.6p3/src/sudo.h.nprocfix 2013-07-11 12:37:41.768202173 +0200 ++++ sudo-1.8.6p3/src/sudo.h 2013-07-11 12:37:41.811202301 +0200 +@@ -219,6 +219,7 @@ int policy_init_session(struct command_d + int run_command(struct command_details *details); + extern const char *list_user, *runas_user, *runas_group; + extern struct user_details user_details; ++void unlimit_nproc(void); + + /* sudo_edit.c */ + int sudo_edit(struct command_details *details); diff --git a/SOURCES/sudo-1.8.6p3-sssd-noise.patch b/SOURCES/sudo-1.8.6p3-sssd-noise.patch new file mode 100644 index 0000000..dd7bed0 --- /dev/null +++ b/SOURCES/sudo-1.8.6p3-sssd-noise.patch @@ -0,0 +1,12 @@ +diff -up sudo-1.8.6p3/plugins/sudoers/sssd.c.sssd-noise sudo-1.8.6p3/plugins/sudoers/sssd.c +--- sudo-1.8.6p3/plugins/sudoers/sssd.c.sssd-noise 2012-11-29 13:23:43.332760956 +0100 ++++ sudo-1.8.6p3/plugins/sudoers/sssd.c 2012-11-29 13:23:57.548816054 +0100 +@@ -350,7 +350,7 @@ static int sudo_sss_setdefs(struct sudo_ + + if (sss_error == ENOENT) { + sudo_debug_printf(SUDO_DEBUG_INFO, "The user was not found in SSSD."); +- debug_return_int(-1); ++ debug_return_int(0); + } else if(sss_error != 0) { + sudo_debug_printf(SUDO_DEBUG_INFO, "sss_error=%u\n", sss_error); + debug_return_int(-1); diff --git a/SOURCES/sudo-1.8.6p3-sssdfixes.patch b/SOURCES/sudo-1.8.6p3-sssdfixes.patch new file mode 100644 index 0000000..07062e3 --- /dev/null +++ b/SOURCES/sudo-1.8.6p3-sssdfixes.patch @@ -0,0 +1,119 @@ +diff -up sudo-1.8.6p3/plugins/sudoers/sssd.c.sssdfixes sudo-1.8.6p3/plugins/sudoers/sssd.c +--- sudo-1.8.6p3/plugins/sudoers/sssd.c.sssdfixes 2013-08-13 15:20:39.558187669 +0200 ++++ sudo-1.8.6p3/plugins/sudoers/sssd.c 2013-08-13 16:24:27.209064162 +0200 +@@ -534,30 +534,31 @@ sudo_sss_check_runas_group(struct sudo_s + * Walk through search results and return true if we have a runas match, + * else false. RunAs info is optional. + */ +-static int ++static bool + sudo_sss_check_runas(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule) + { +- int ret; ++ bool ret; + debug_decl(sudo_sss_check_runas, SUDO_DEBUG_SSSD); + + if (rule == NULL) +- debug_return_int(false); ++ debug_return_bool(false); + + ret = sudo_sss_check_runas_user(handle, rule) != false && + sudo_sss_check_runas_group(handle, rule) != false; + +- debug_return_int(ret); ++ debug_return_bool(ret); + } + +-static int ++static bool + sudo_sss_check_host(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule) + { + char **val_array, *val; +- int ret = false, i; ++ bool ret = false; ++ int i; + debug_decl(sudo_sss_check_host, SUDO_DEBUG_SSSD); + + if (rule == NULL) +- debug_return_int(ret); ++ debug_return_bool(ret); + + /* get the values from the rule */ + switch (handle->fn_get_values(rule, "sudoHost", &val_array)) +@@ -566,10 +567,10 @@ sudo_sss_check_host(struct sudo_sss_hand + break; + case ENOENT: + sudo_debug_printf(SUDO_DEBUG_INFO, "No result."); +- debug_return_int(false); ++ debug_return_bool(false); + default: + sudo_debug_printf(SUDO_DEBUG_INFO, "handle->fn_get_values(sudoHost): != 0"); +- debug_return_int(ret); ++ debug_return_bool(ret); + } + + /* walk through values */ +@@ -589,7 +590,52 @@ sudo_sss_check_host(struct sudo_sss_hand + + handle->fn_free_values(val_array); + +- debug_return_int(ret); ++ debug_return_bool(ret); ++} ++ ++/* ++ * Look for netgroup specifcations in the sudoUser attribute and ++ * if found, filter according to netgroup membership. ++ * returns: ++ * true -> netgroup spec found && negroup member ++ * false -> netgroup spec found && not a meber of netgroup ++ * true -> netgroup spec not found (filtered by SSSD already, netgroups are an exception) ++ */ ++bool sudo_sss_filter_user_netgroup(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule) ++{ ++ bool ret = false, netgroup_spec_found = false; ++ char **val_array, *val; ++ int i; ++ debug_decl(sudo_sss_check_user_netgroup, SUDO_DEBUG_SSSD); ++ ++ if (!handle || !rule) ++ debug_return_bool(ret); ++ ++ switch (handle->fn_get_values(rule, "sudoUser", &val_array)) { ++ case 0: ++ break; ++ case ENOENT: ++ sudo_debug_printf(SUDO_DEBUG_INFO, "No result."); ++ debug_return_bool(ret); ++ default: ++ sudo_debug_printf(SUDO_DEBUG_INFO, "handle->fn_get_values(sudoUser): != 0"); ++ debug_return_bool(ret); ++ } ++ ++ for (i = 0; val_array[i] != NULL && !ret; ++i) { ++ val = val_array[i]; ++ if (*val == '+') { ++ netgroup_spec_found = true; ++ } ++ sudo_debug_printf(SUDO_DEBUG_DEBUG, "val[%d]=%s", i, val); ++ if (strcmp(val, "ALL") == 0 || netgr_matches(val, NULL, NULL, user_name)) { ++ ret = true; ++ sudo_debug_printf(SUDO_DEBUG_DIAG, ++ "sssd/ldap sudoUser '%s' ... MATCH! (%s)", val, user_name); ++ } ++ } ++ handle->fn_free_values(val_array); ++ debug_return_bool(netgroup_spec_found ? ret : true); + } + + static int +@@ -599,7 +645,8 @@ sudo_sss_result_filterp(struct sudo_sss_ + (void)unused; + debug_decl(sudo_sss_result_filterp, SUDO_DEBUG_SSSD); + +- if (sudo_sss_check_host(handle, rule)) ++ if (sudo_sss_check_host(handle, rule) && ++ sudo_sss_filter_user_netgroup(handle, rule)) + debug_return_int(1); + else + debug_return_int(0); diff --git a/SOURCES/sudo-1.8.6p3-strictuidgid.patch b/SOURCES/sudo-1.8.6p3-strictuidgid.patch new file mode 100644 index 0000000..0553cd7 --- /dev/null +++ b/SOURCES/sudo-1.8.6p3-strictuidgid.patch @@ -0,0 +1,53 @@ +diff -up sudo-1.8.6p3/plugins/sudoers/match.c.strictuidgid sudo-1.8.6p3/plugins/sudoers/match.c +--- sudo-1.8.6p3/plugins/sudoers/match.c.strictuidgid 2012-09-18 15:56:29.000000000 +0200 ++++ sudo-1.8.6p3/plugins/sudoers/match.c 2013-08-08 16:22:00.413281960 +0200 +@@ -650,14 +650,16 @@ hostname_matches(char *shost, char *lhos + bool + userpw_matches(char *sudoers_user, char *user, struct passwd *pw) + { +- debug_decl(userpw_matches, SUDO_DEBUG_MATCH) +- +- if (pw != NULL && *sudoers_user == '#') { +- uid_t uid = (uid_t) atoi(sudoers_user + 1); +- if (uid == pw->pw_uid) +- debug_return_bool(true); +- } +- debug_return_bool(strcmp(sudoers_user, user) == 0); ++ debug_decl(userpw_matches, SUDO_DEBUG_MATCH) ++ if (pw != NULL && *sudoers_user == '#') { ++ char *end = NULL; ++ uid_t uid = (uid_t) strtol(sudoers_user + 1, &end, 10); ++ if (end != NULL && (sudoers_user[1] != '\0' && *end == '\0')) { ++ if (uid == pw->pw_uid) ++ debug_return_bool(true); ++ } ++ } ++ debug_return_bool(strcmp(sudoers_user, user) == 0); + } + + /* +@@ -667,14 +669,16 @@ userpw_matches(char *sudoers_user, char + bool + group_matches(char *sudoers_group, struct group *gr) + { +- debug_decl(group_matches, SUDO_DEBUG_MATCH) +- +- if (*sudoers_group == '#') { +- gid_t gid = (gid_t) atoi(sudoers_group + 1); +- if (gid == gr->gr_gid) +- debug_return_bool(true); +- } +- debug_return_bool(strcmp(gr->gr_name, sudoers_group) == 0); ++ debug_decl(group_matches, SUDO_DEBUG_MATCH) ++ if (*sudoers_group == '#') { ++ char *end = NULL; ++ gid_t gid = (gid_t) strtol(sudoers_group + 1, &end, 10); ++ if (end != NULL && (sudoers_group[1] != '\0' && *end == '\0')) { ++ if (gid == gr->gr_gid) ++ debug_return_bool(true); ++ } ++ } ++ debug_return_bool(strcmp(gr->gr_name, sudoers_group) == 0); + } + + /* diff --git a/SOURCES/sudo-1.8.6p3-sudo.conf b/SOURCES/sudo-1.8.6p3-sudo.conf new file mode 100644 index 0000000..3047842 --- /dev/null +++ b/SOURCES/sudo-1.8.6p3-sudo.conf @@ -0,0 +1,57 @@ +# +# Default /etc/sudo.conf file +# +# Format: +# Plugin plugin_name plugin_path plugin_options ... +# Path askpass /path/to/askpass +# Path noexec /path/to/sudo_noexec.so +# Debug sudo /var/log/sudo_debug all@warn +# Set disable_coredump true +# +# Sudo plugins: +# +# The plugin_path is relative to ${prefix}/libexec unless fully qualified. +# The plugin_name corresponds to a global symbol in the plugin +# that contains the plugin interface structure. +# The plugin_options are optional. +# +# The sudoers plugin is used by default if no Plugin lines are present. +Plugin sudoers_policy sudoers.so +Plugin sudoers_io sudoers.so + +# +# Sudo askpass: +# +# An askpass helper program may be specified to provide a graphical +# password prompt for "sudo -A" support. Sudo does not ship with its +# own passpass program but can use the OpenSSH askpass. +# +# Use the OpenSSH askpass +#Path askpass /usr/X11R6/bin/ssh-askpass +# +# Use the Gnome OpenSSH askpass +#Path askpass /usr/libexec/openssh/gnome-ssh-askpass + +# +# Sudo noexec: +# +# Path to a shared library containing dummy versions of the execv(), +# execve() and fexecve() library functions that just return an error. +# This is used to implement the "noexec" functionality on systems that +# support C or its equivalent. +# The compiled-in value is usually sufficient and should only be changed +# if you rename or move the sudo_noexec.so file. +# +#Path noexec /usr/libexec/sudo_noexec.so + +# +# Core dumps: +# +# By default, sudo disables core dumps while it is executing (they +# are re-enabled for the command that is run). +# To aid in debugging sudo problems, you may wish to enable core +# dumps by setting "disable_coredump" to false. +# +# Set to false here so as not to interfere with /proc/sys/fs/suid_dumpable +# +Set disable_coredump false diff --git a/SOURCES/sudo-1.8.6p3-sudoedit-selinux.patch b/SOURCES/sudo-1.8.6p3-sudoedit-selinux.patch new file mode 100644 index 0000000..e816fdb --- /dev/null +++ b/SOURCES/sudo-1.8.6p3-sudoedit-selinux.patch @@ -0,0 +1,747 @@ +diff -up sudo-1.8.6p3/src/sesh.c.sudoedit-selinux sudo-1.8.6p3/src/sesh.c +--- sudo-1.8.6p3/src/sesh.c.sudoedit-selinux 2012-09-18 15:56:30.000000000 +0200 ++++ sudo-1.8.6p3/src/sesh.c 2012-09-25 16:06:33.408584649 +0200 +@@ -34,6 +34,10 @@ + # include "compat/stdbool.h" + #endif /* HAVE_STDBOOL_H */ + ++#include ++#include ++#include ++ + #include "missing.h" + #include "alloc.h" + #include "error.h" +@@ -43,6 +47,16 @@ + #include "sudo_exec.h" + #include "sudo_plugin.h" + ++/* ++ * Return codes: ++ * EXIT_FAILURE ... unspecified error ++ * 0 ... everything ok ++ * 30 ... invalid -e arg value ++ * 31 ... odd number of paths ++ * 32 ... copy operation failed, no files copied ++ * 33 ... copy operation failed, some files copied ++ */ ++ + sudo_conv_t sudo_conv; /* NULL in non-plugin */ + + /* +@@ -77,19 +91,134 @@ main(int argc, char *argv[], char *envp[ + if ((cp = strrchr(argv[0], '-')) != NULL && cp != argv[0]) + noexec = strcmp(cp, "-noexec") == 0; + +- /* Shift argv and make a copy of the command to execute. */ +- argv++; +- argc--; +- cmnd = estrdup(argv[0]); +- +- /* If invoked as a login shell, modify argv[0] accordingly. */ +- if (argv[-1][0] == '-') { +- if ((cp = strrchr(argv[0], '/')) == NULL) +- cp = argv[0]; +- *cp = '-'; ++ /* check the first argument, if it's `-e' then we are in sudoedit mode */ ++ if (strncmp(argv[1], "-e", 3) == 0) { ++ int fd_src, fd_dst, post, n, ret = -1; ++ ssize_t nread, nwritten; ++ char *path_src, *path_dst, buf[BUFSIZ]; ++ ++ if (argc < 3) ++ return EXIT_FAILURE; ++ ++ /* ++ * We need to know whether we are performing the copy operation ++ * before or after the editing. Without this we would not know ++ * which files are temporary and which are the originals. ++ * post = 0 ... before ++ * post = 1 ... after ++ */ ++ if (strncmp(argv[2], "0", 2) == 0) ++ post = 0; ++ else if (strncmp(argv[2], "1", 2) == 0) ++ post = 1; ++ else /* invalid value */ ++ return 30; ++ ++ /* align argv & argc to the beggining of the file list */ ++ argv += 3; ++ argc -= 3; ++ ++ /* no files specified, nothing to do */ ++ if (argc == 0) ++ return 0; ++ /* odd number of paths specified */ ++ if (argc % 2 == 1) ++ return 31; ++ ++ for (n = 0; n < argc - 1; n += 2) { ++ path_src = argv[n]; ++ path_dst = argv[n+1]; ++ /* ++ * Try to open the source file for reading. If it ++ * doesn't exist, it's ok, we'll create an empty ++ * destination file. ++ */ ++ if ((fd_src = open(path_src, O_RDONLY, 0600)) < 0) { ++ if (errno == ENOENT) { ++ /* new file */ ++ } else { ++ warning(_("open(%s)"), path_src); ++ if (post) { ++ ret = 33; ++ goto nocleanup; ++ } else ++ goto cleanup_0; ++ } ++ } ++ ++ /* ++ * Use O_EXCL if we are not in the post editing stage ++ * so that it's ensured that the temporary files are ++ * created by us and that we are not opening any sym- ++ * links. ++ */ ++ if ((fd_dst = open(path_dst, (post ? 0 : O_EXCL) | ++ O_WRONLY|O_TRUNC|O_CREAT, post ? 0644 : 0600)) < 0) ++ { ++ /* error - cleanup */ ++ warning(_("open(%s%s)"), path_dst, post ? "" : ", O_EXCL"); ++ if (post) { ++ ret = 33; ++ goto nocleanup; ++ } else ++ goto cleanup_0; ++ } ++ ++ if (fd_src != -1) { ++ while ((nread = read(fd_src, buf, sizeof(buf))) > 0) { ++ if ((nwritten = write(fd_dst, buf, nread)) != nread) { ++ warning(_("write")); ++ if (post) { ++ ret = 33; ++ goto nocleanup; ++ } else ++ goto cleanup_0; ++ } ++ } ++ } ++ ++ if (fd_dst != -1) ++ close(fd_dst); ++ if (fd_src != -1) ++ close(fd_src); ++ fd_dst = fd_src = -1; ++ } ++ ++ ret = 0; ++ /* remove temporary files (post=1) */ ++ for (n = 0; n < argc - 1; n += 2) ++ unlink(argv[n]); ++nocleanup: ++ if (fd_dst != -1) ++ close(fd_dst); ++ if (fd_src != -1) ++ close(fd_src); ++ _exit(ret); ++cleanup_0: ++ /* remove temporary files (post=0) */ ++ for (n = 0; n < argc - 1; n += 2) ++ unlink(argv[n+1]); ++ if (fd_dst != -1) ++ close(fd_dst); ++ if (fd_src != -1) ++ close(fd_src); ++ _exit(32); ++ } else { ++ ++ /* Shift argv and make a copy of the command to execute. */ ++ argv++; ++ argc--; ++ cmnd = estrdup(argv[0]); ++ ++ /* If invoked as a login shell, modify argv[0] accordingly. */ ++ if (argv[-1][0] == '-') { ++ if ((cp = strrchr(argv[0], '/')) == NULL) ++ cp = argv[0]; ++ *cp = '-'; ++ } ++ sudo_execve(cmnd, argv, envp, noexec); ++ warning(_("unable to execute %s"), argv[0]); ++ sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, EXIT_FAILURE); + } +- sudo_execve(cmnd, argv, envp, noexec); +- warning(_("unable to execute %s"), argv[0]); +- sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, EXIT_FAILURE); + _exit(EXIT_FAILURE); + } +diff -up sudo-1.8.6p3/src/sudo.c.sudoedit-selinux sudo-1.8.6p3/src/sudo.c +--- sudo-1.8.6p3/src/sudo.c.sudoedit-selinux 2012-09-18 15:57:43.000000000 +0200 ++++ sudo-1.8.6p3/src/sudo.c 2012-09-25 16:04:36.687422997 +0200 +@@ -915,6 +915,10 @@ exec_setup(struct command_details *detai + if (selinux_setup(details->selinux_role, details->selinux_type, + ptyname ? ptyname : user_details.tty, ptyfd) == -1) + goto done; ++ if (details->flags & CD_SUDOEDIT_COPY) { ++ rval = true; ++ goto done; ++ } + } + #endif + +@@ -1116,6 +1120,8 @@ run_command(struct command_details *deta + break; + case CMD_WSTATUS: + /* Command ran, exited or was killed. */ ++ if (details->flags & CD_SUDOEDIT_COPY) ++ break; + sudo_debug_printf(SUDO_DEBUG_DEBUG, + "calling policy close with wait status %d", cstat.val); + policy_close(&policy_plugin, cstat.val, 0); +diff -up sudo-1.8.6p3/src/sudo_edit.c.sudoedit-selinux sudo-1.8.6p3/src/sudo_edit.c +--- sudo-1.8.6p3/src/sudo_edit.c.sudoedit-selinux 2012-09-18 15:56:30.000000000 +0200 ++++ sudo-1.8.6p3/src/sudo_edit.c 2012-09-25 16:06:19.108564255 +0200 +@@ -49,11 +49,284 @@ + #if TIME_WITH_SYS_TIME + # include + #endif ++#ifdef HAVE_SELINUX ++# include ++#endif + + #include "sudo.h" + + #if defined(HAVE_SETRESUID) || defined(HAVE_SETREUID) || defined(HAVE_SETEUID) + ++struct tempfile { ++ char *tfile; ++ char *ofile; ++ struct timeval omtim; ++ off_t osize; ++}; ++ ++static int ++selinux_edit_copy(struct command_details *command_details, struct tempfile *tf, char **files, int nfiles, const char *tmpdir, int tmplen, int tval_isset) ++{ ++ char **sesh_args; ++ int i, sesh_nargs, ret; ++ struct command_details sesh_details; ++ debug_decl(selinux_edit_copy, SUDO_DEBUG_EDIT); ++ ++ /* Prepare selinux stuff (setexeccon) */ ++ if (selinux_setup(command_details->selinux_role, ++ command_details->selinux_type, NULL, -1) != 0) ++ return -1; ++ ++ if (nfiles < 1) ++ return 1; ++ ++ /* Construct common args for sesh */ ++ memcpy(&sesh_details, command_details, sizeof(sesh_details)); ++ sesh_details.command = _PATH_SUDO_SESH; ++ sesh_details.flags |= CD_SUDOEDIT_COPY; ++ ++ sesh_nargs = (nfiles * 2) + 4 + 1; ++ sesh_args = (char **)emalloc2(sesh_nargs, sizeof(char *)); ++ sesh_args++; ++ sesh_args[0] = "sesh"; ++ sesh_args[1] = "-e"; ++ ++ if (files != NULL) { ++ sesh_args[2] = "0"; ++ ++ for (i = 2; i < nfiles+2; ++i) { ++ sesh_args[2*i-1] = files[i-2]; ++ tf[i-2].ofile = files[i-2]; ++ /* ++ * O_CREAT | O_EXCL is used in the sesh helper, so the ++ * usage of the tempnam function here is safe. ++ */ ++ sesh_args[2*i] = tempnam(tmpdir, "sudo."); ++ tf[i-2].tfile = sesh_args[2*i]; ++ //tf[i-2].omtim = 0; ++ tf[i-2].osize = 0; ++ } ++ ++ sesh_args[2*i-1] = NULL; ++ ++ /* Run sesh -e 0 ... */ ++ sesh_details.argv = sesh_args; ++ switch(run_command(&sesh_details)) { ++ case 0: ++ break; ++ case 31: ++ error(1, _("sesh: internal error: odd number of paths")); ++ case 32: ++ error(1, _("sesh: unable to create temporary files")); ++ } ++ ++ /* Chown to user's UID so he can edit the temporary files */ ++ for (i = 2; i < nfiles+2; ++i) { ++ if (chown(tf[i-2].tfile, user_details.uid, user_details.gid) != 0) { ++ warning("Unable to chown(%s) to %d:%d for editing", ++ tf[i-2].tfile, user_details.uid, user_details.gid); ++ } ++ } ++ } else { ++ sesh_args[2] = "1"; ++ ++ /* Construct args for sesh -e 1 */ ++ for (i = 2; i < nfiles+2; ++i) { ++ sesh_args[2*i-1] = tf[i-2].tfile; ++ sesh_args[2*i] = tf[i-2].ofile; ++ ++ if (chown(tf[i-2].tfile, sesh_details.uid, sesh_details.gid) != 0) { ++ warning("Unable to chown(%s) back to %d:%d", ++ tf[i-2].tfile, sesh_details.uid, sesh_details.gid); ++ } ++ } ++ ++ sesh_args[2*i-1] = NULL; ++ ++ /* Run sesh -e 1 ... */ ++ sesh_details.argv = sesh_args; ++ switch(run_command(&sesh_details)) { ++ case 0: ++ break; ++ case 32: ++ warning(_("Copying the temporary files back to its original place failed. The files were left in %s"), tmpdir); ++ break; ++ case 33: ++ warning(_("Copying of some of the temporary files back to its original place failed and they were left in %s"), ++ tmpdir); ++ break; ++ } ++ } ++ ++ return (nfiles); ++} ++ ++static void switch_user(uid_t euid, gid_t egid, int ngroups, GETGROUPS_T *groups); ++ ++static int sudo_edit_copy(struct command_details *command_details, struct tempfile *tf, char **files, int nfiles, const char *tmpdir, int tmplen, int tval_isset) ++{ ++ int i, j, tfd, ofd, rc; ++ char *cp, *suff, buf[BUFSIZ]; ++ ssize_t nwritten, nread; ++ struct stat sb; ++ struct timeval tv; ++ debug_decl(sudo_edit_copy, SUDO_DEBUG_EDIT); ++ ++ if (files != NULL) { ++ /* Create temporary copies */ ++ for (i = 0, j = 0; i < nfiles; i++) { ++ rc = -1; ++ switch_user(command_details->euid, command_details->egid, ++ command_details->ngroups, command_details->groups); ++ if ((ofd = open(files[i], O_RDONLY, 0644)) != -1 || errno == ENOENT) { ++ if (ofd == -1) { ++ zero_bytes(&sb, sizeof(sb)); /* new file */ ++ rc = 0; ++ } else { ++ rc = fstat(ofd, &sb); ++ } ++ } ++ switch_user(ROOT_UID, user_details.egid, ++ user_details.ngroups, user_details.groups); ++ if (rc || (ofd != -1 && !S_ISREG(sb.st_mode))) { ++ if (rc) ++ warning("%s", files[i]); ++ else ++ warningx(_("%s: not a regular file"), files[i]); ++ if (ofd != -1) ++ close(ofd); ++ continue; ++ } ++ tf[j].ofile = files[i]; ++ tf[j].osize = sb.st_size; ++ mtim_get(&sb, &tf[j].omtim); ++ if ((cp = strrchr(tf[j].ofile, '/')) != NULL) ++ cp++; ++ else ++ cp = tf[j].ofile; ++ suff = strrchr(cp, '.'); ++ if (suff != NULL) { ++ easprintf(&tf[j].tfile, "%.*s/%.*sXXXXXXXX%s", tmplen, tmpdir, ++ (int)(size_t)(suff - cp), cp, suff); ++ } else { ++ easprintf(&tf[j].tfile, "%.*s/%s.XXXXXXXX", tmplen, tmpdir, cp); ++ } ++ if (seteuid(user_details.uid) != 0) ++ error(1, "seteuid(%d)", (int)user_details.uid); ++ tfd = mkstemps(tf[j].tfile, suff ? strlen(suff) : 0); ++ if (seteuid(ROOT_UID) != 0) ++ error(1, "seteuid(ROOT_UID)"); ++ if (tfd == -1) { ++ warning("mkstemps"); ++ goto cleanup; ++ } ++ if (ofd != -1) { ++ while ((nread = read(ofd, buf, sizeof(buf))) != 0) { ++ if ((nwritten = write(tfd, buf, nread)) != nread) { ++ if (nwritten == -1) ++ warning("%s", tf[j].tfile); ++ else ++ warningx(_("%s: short write"), tf[j].tfile); ++ goto cleanup; ++ } ++ } ++ close(ofd); ++ } ++ /* ++ * We always update the stashed mtime because the time ++ * resolution of the filesystem the temporary file is on may ++ * not match that of the filesystem where the file to be edited ++ * resides. It is OK if touch() fails since we only use the info ++ * to determine whether or not a file has been modified. ++ */ ++ (void) touch(tfd, NULL, &tf[j].omtim); ++ rc = fstat(tfd, &sb); ++ if (!rc) ++ mtim_get(&sb, &tf[j].omtim); ++ close(tfd); ++ j++; ++ } ++ if ((nfiles = j) == 0) ++ goto cleanup; /* no files readable, you lose */ ++ } else { ++ /* Copy contents of temp files to real ones */ ++ for (i = 0; i < nfiles; i++) { ++ rc = -1; ++ if (seteuid(user_details.uid) != 0) ++ error(1, "seteuid(%d)", (int)user_details.uid); ++ if ((tfd = open(tf[i].tfile, O_RDONLY, 0644)) != -1) { ++ rc = fstat(tfd, &sb); ++ } ++ if (seteuid(ROOT_UID) != 0) ++ error(1, "seteuid(ROOT_UID)"); ++ if (rc || !S_ISREG(sb.st_mode)) { ++ if (rc) ++ warning("%s", tf[i].tfile); ++ else ++ warningx(_("%s: not a regular file"), tf[i].tfile); ++ warningx(_("%s left unmodified"), tf[i].ofile); ++ if (tfd != -1) ++ close(tfd); ++ continue; ++ } ++ mtim_get(&sb, &tv); ++ if (tf[i].osize == sb.st_size && timevalcmp(&tf[i].omtim, &tv, ==)) { ++ /* ++ * If mtime and size match but the user spent no measurable ++ * time in the editor we can't tell if the file was changed. ++ */ ++ if (tval_isset) { ++ warningx(_("%s unchanged"), tf[i].ofile); ++ unlink(tf[i].tfile); ++ close(tfd); ++ continue; ++ } ++ } ++ switch_user(command_details->euid, command_details->egid, ++ command_details->ngroups, command_details->groups); ++ ofd = open(tf[i].ofile, O_WRONLY|O_TRUNC|O_CREAT, 0644); ++ switch_user(ROOT_UID, user_details.egid, ++ user_details.ngroups, user_details.groups); ++ if (ofd == -1) { ++ warning(_("unable to write to %s"), tf[i].ofile); ++ warningx(_("contents of edit session left in %s"), tf[i].tfile); ++ close(tfd); ++ continue; ++ } ++ while ((nread = read(tfd, buf, sizeof(buf))) > 0) { ++ if ((nwritten = write(ofd, buf, nread)) != nread) { ++ if (nwritten == -1) ++ warning("%s", tf[i].ofile); ++ else ++ warningx(_("%s: short write"), tf[i].ofile); ++ break; ++ } ++ } ++ if (nread == 0) { ++ /* success, got EOF */ ++ unlink(tf[i].tfile); ++ } else if (nread < 0) { ++ warning(_("unable to read temporary file")); ++ warningx(_("contents of edit session left in %s"), tf[i].tfile); ++ } else { ++ warning(_("unable to write to %s"), tf[i].ofile); ++ warningx(_("contents of edit session left in %s"), tf[i].tfile); ++ } ++ close(ofd); ++ } ++ j = 0; ++ } ++ ++ debug_return_int(j); ++cleanup: ++ for (i = 0; i < nfiles; i++) { ++ if (tf[i].tfile != NULL) ++ unlink(tf[i].tfile); ++ } ++ ++ debug_return_int(-1); ++} ++ + static void + switch_user(uid_t euid, gid_t egid, int ngroups, GETGROUPS_T *groups) + { +@@ -87,20 +360,17 @@ int + sudo_edit(struct command_details *command_details) + { + struct command_details editor_details; +- ssize_t nread, nwritten; + const char *tmpdir; +- char *cp, *suff, **nargv, **ap, **files = NULL; +- char buf[BUFSIZ]; +- int rc, i, j, ac, ofd, tfd, nargc, rval, tmplen; +- int editor_argc = 0, nfiles = 0; ++ char **ap; ++ char **nargv, **files = NULL; ++ int editor_argc = 0; ++ int i, ac, nargc, rval, nfiles = 0, tmplen; + struct stat sb; +- struct timeval tv, tv1, tv2; +- struct tempfile { +- char *tfile; +- char *ofile; +- struct timeval omtim; +- off_t osize; +- } *tf = NULL; ++ struct timeval tv1, tv2; ++ struct tempfile *tf; ++#ifdef HAVE_SELINUX ++ int rbac_enabled; ++#endif + debug_decl(sudo_edit, SUDO_DEBUG_EDIT) + + /* +@@ -109,7 +379,7 @@ sudo_edit(struct command_details *comman + */ + if (setuid(ROOT_UID) != 0) { + warning(_("unable to change uid to root (%u)"), ROOT_UID); +- goto cleanup; ++ return 1; + } + + /* +@@ -127,6 +397,9 @@ sudo_edit(struct command_details *comman + while (tmplen > 0 && tmpdir[tmplen - 1] == '/') + tmplen--; + ++#ifdef HAVE_SELINUX ++ rbac_enabled = is_selinux_enabled() > 0 && command_details->selinux_role != NULL; ++#endif + /* + * The user's editor must be separated from the files to be + * edited by a "--" option. +@@ -141,7 +414,7 @@ sudo_edit(struct command_details *comman + } + if (nfiles == 0) { + warningx(_("plugin error: missing file list for sudoedit")); +- goto cleanup; ++ return 1; + } + + /* +@@ -150,81 +423,18 @@ sudo_edit(struct command_details *comman + */ + tf = emalloc2(nfiles, sizeof(*tf)); + zero_bytes(tf, nfiles * sizeof(*tf)); +- for (i = 0, j = 0; i < nfiles; i++) { +- rc = -1; +- switch_user(command_details->euid, command_details->egid, +- command_details->ngroups, command_details->groups); +- if ((ofd = open(files[i], O_RDONLY, 0644)) != -1 || errno == ENOENT) { +- if (ofd == -1) { +- zero_bytes(&sb, sizeof(sb)); /* new file */ +- rc = 0; +- } else { +- rc = fstat(ofd, &sb); +- } +- } +- switch_user(ROOT_UID, user_details.egid, +- user_details.ngroups, user_details.groups); +- if (rc || (ofd != -1 && !S_ISREG(sb.st_mode))) { +- if (rc) +- warning("%s", files[i]); +- else +- warningx(_("%s: not a regular file"), files[i]); +- if (ofd != -1) +- close(ofd); +- continue; +- } +- tf[j].ofile = files[i]; +- tf[j].osize = sb.st_size; +- mtim_get(&sb, &tf[j].omtim); +- if ((cp = strrchr(tf[j].ofile, '/')) != NULL) +- cp++; +- else +- cp = tf[j].ofile; +- suff = strrchr(cp, '.'); +- if (suff != NULL) { +- easprintf(&tf[j].tfile, "%.*s/%.*sXXXXXXXX%s", tmplen, tmpdir, +- (int)(size_t)(suff - cp), cp, suff); +- } else { +- easprintf(&tf[j].tfile, "%.*s/%s.XXXXXXXX", tmplen, tmpdir, cp); +- } +- if (seteuid(user_details.uid) != 0) +- error(1, "seteuid(%d)", (int)user_details.uid); +- tfd = mkstemps(tf[j].tfile, suff ? strlen(suff) : 0); +- if (seteuid(ROOT_UID) != 0) +- error(1, "seteuid(ROOT_UID)"); +- if (tfd == -1) { +- warning("mkstemps"); +- goto cleanup; +- } +- if (ofd != -1) { +- while ((nread = read(ofd, buf, sizeof(buf))) != 0) { +- if ((nwritten = write(tfd, buf, nread)) != nread) { +- if (nwritten == -1) +- warning("%s", tf[j].tfile); +- else +- warningx(_("%s: short write"), tf[j].tfile); +- goto cleanup; +- } +- } +- close(ofd); +- } +- /* +- * We always update the stashed mtime because the time +- * resolution of the filesystem the temporary file is on may +- * not match that of the filesystem where the file to be edited +- * resides. It is OK if touch() fails since we only use the info +- * to determine whether or not a file has been modified. +- */ +- (void) touch(tfd, NULL, &tf[j].omtim); +- rc = fstat(tfd, &sb); +- if (!rc) +- mtim_get(&sb, &tf[j].omtim); +- close(tfd); +- j++; +- } +- if ((nfiles = j) == 0) +- goto cleanup; /* no files readable, you lose */ ++ ++ /* Make temporary copies of the original files */ ++ if (!rbac_enabled) ++ nfiles = sudo_edit_copy(command_details, tf, files, nfiles, tmpdir, tmplen, 0); ++ else ++ nfiles = selinux_edit_copy(command_details, tf, files, nfiles, tmpdir, tmplen, 0); + ++ if (nfiles <= 0) ++ return 1; ++ ++ switch_user(ROOT_UID, user_details.egid, ++ user_details.ngroups, user_details.groups); + /* + * Allocate space for the new argument vector and fill it in. + * We concatenate the editor with its args and the file list +@@ -253,84 +463,18 @@ sudo_edit(struct command_details *comman + editor_details.argv = nargv; + rval = run_command(&editor_details); + gettimeofday(&tv2, NULL); ++ timevalsub(&tv1, &tv2); + +- /* Copy contents of temp files to real ones */ +- for (i = 0; i < nfiles; i++) { +- rc = -1; +- if (seteuid(user_details.uid) != 0) +- error(1, "seteuid(%d)", (int)user_details.uid); +- if ((tfd = open(tf[i].tfile, O_RDONLY, 0644)) != -1) { +- rc = fstat(tfd, &sb); +- } +- if (seteuid(ROOT_UID) != 0) +- error(1, "seteuid(ROOT_UID)"); +- if (rc || !S_ISREG(sb.st_mode)) { +- if (rc) +- warning("%s", tf[i].tfile); +- else +- warningx(_("%s: not a regular file"), tf[i].tfile); +- warningx(_("%s left unmodified"), tf[i].ofile); +- if (tfd != -1) +- close(tfd); +- continue; +- } +- mtim_get(&sb, &tv); +- if (tf[i].osize == sb.st_size && timevalcmp(&tf[i].omtim, &tv, ==)) { +- /* +- * If mtime and size match but the user spent no measurable +- * time in the editor we can't tell if the file was changed. +- */ +- timevalsub(&tv1, &tv2); +- if (timevalisset(&tv2)) { +- warningx(_("%s unchanged"), tf[i].ofile); +- unlink(tf[i].tfile); +- close(tfd); +- continue; +- } +- } +- switch_user(command_details->euid, command_details->egid, +- command_details->ngroups, command_details->groups); +- ofd = open(tf[i].ofile, O_WRONLY|O_TRUNC|O_CREAT, 0644); +- switch_user(ROOT_UID, user_details.egid, +- user_details.ngroups, user_details.groups); +- if (ofd == -1) { +- warning(_("unable to write to %s"), tf[i].ofile); +- warningx(_("contents of edit session left in %s"), tf[i].tfile); +- close(tfd); +- continue; +- } +- while ((nread = read(tfd, buf, sizeof(buf))) > 0) { +- if ((nwritten = write(ofd, buf, nread)) != nread) { +- if (nwritten == -1) +- warning("%s", tf[i].ofile); +- else +- warningx(_("%s: short write"), tf[i].ofile); +- break; +- } +- } +- if (nread == 0) { +- /* success, got EOF */ +- unlink(tf[i].tfile); +- } else if (nread < 0) { +- warning(_("unable to read temporary file")); +- warningx(_("contents of edit session left in %s"), tf[i].tfile); +- } else { +- warning(_("unable to write to %s"), tf[i].ofile); +- warningx(_("contents of edit session left in %s"), tf[i].tfile); +- } +- close(ofd); +- } ++ switch_user(ROOT_UID, user_details.egid, ++ user_details.ngroups, user_details.groups); ++ ++ /* Copy the temporary files back to originals */ ++ if (!rbac_enabled) ++ nfiles = sudo_edit_copy(command_details, tf, NULL, nfiles, NULL, 0, timevalisset(&tv2)); ++ else ++ nfiles = selinux_edit_copy(command_details, tf, NULL, nfiles, NULL, 0, timevalisset(&tv2)); ++ + debug_return_int(rval); +- +-cleanup: +- /* Clean up temp files and return. */ +- if (tf != NULL) { +- for (i = 0; i < nfiles; i++) { +- if (tf[i].tfile != NULL) +- unlink(tf[i].tfile); +- } +- } +- debug_return_int(1); + } + + #else /* HAVE_SETRESUID || HAVE_SETREUID || HAVE_SETEUID */ +diff -up sudo-1.8.6p3/src/sudo.h.sudoedit-selinux sudo-1.8.6p3/src/sudo.h +--- sudo-1.8.6p3/src/sudo.h.sudoedit-selinux 2012-09-18 15:56:30.000000000 +0200 ++++ sudo-1.8.6p3/src/sudo.h 2012-09-25 16:04:36.690423001 +0200 +@@ -130,6 +130,7 @@ struct user_details { + #define CD_RBAC_ENABLED 0x0800 + #define CD_USE_PTY 0x1000 + #define CD_SET_UTMP 0x2000 ++#define CD_SUDOEDIT_COPY 0x4000 + + struct command_details { + uid_t uid; diff --git a/SOURCES/sudo-1.8.6p7-sudoconfman.patch b/SOURCES/sudo-1.8.6p7-sudoconfman.patch new file mode 100644 index 0000000..3d621ce --- /dev/null +++ b/SOURCES/sudo-1.8.6p7-sudoconfman.patch @@ -0,0 +1,1263 @@ +diff -up sudo-1.8.6p7/doc/Makefile.in.sudoconfman sudo-1.8.6p7/doc/Makefile.in +--- sudo-1.8.6p7/doc/Makefile.in.sudoconfman 2013-07-30 13:57:00.000004193 +0200 ++++ sudo-1.8.6p7/doc/Makefile.in 2013-07-30 13:58:25.732323525 +0200 +@@ -64,12 +64,13 @@ DEVEL = @DEVEL@ + + SHELL = @SHELL@ + +-DOCS = sudo.$(mantype) visudo.$(mantype) sudoers.$(mantype) \ +- sudoers.ldap.$(mantype) sudoers.$(mantype) \ ++DOCS = sudo.$(mantype) visudo.$(mantype) sudo.conf.$(mantype) \ ++ sudoers.$(mantype) sudoers.ldap.$(mantype) sudoers.$(mantype) \ + sudoreplay.$(mantype) sudo_plugin.$(mantype) + + DEVDOCS = $(srcdir)/sudo.man.in $(srcdir)/sudo.cat \ + $(srcdir)/visudo.man.in $(srcdir)/visudo.cat \ ++ $(srcdir)/sudo.conf.man.in $(srcdir)/sudo.conf.cat \ + $(srcdir)/sudoers.man.in $(srcdir)/sudoers.cat \ + $(srcdir)/sudoers.ldap.man.in $(srcdir)/sudoers.ldap.cat \ + $(srcdir)/sudoers.man.in $(srcdir)/sudoers.cat \ +@@ -158,6 +159,34 @@ $(srcdir)/visudo.cat: varsub $(srcdir)/v + + visudo.cat: $(srcdir)/visudo.cat + ++$(srcdir)/sudo.conf.man.in: $(srcdir)/sudo.conf.mdoc.in ++ @if [ -n "$(DEVEL)" ]; then \ ++ echo "Generating $@"; \ ++ mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ ++ mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ ++ printf '.\\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!\n' > $@; \ ++ printf '.\\" IT IS GENERATED AUTOMATICALLY FROM sudo.conf.mdoc.in\n' >> $@; \ ++ $(SED) -n -e '/^.Dd/q' -e '/^\.\\/p' $(srcdir)/sudo.conf.mdoc.in >> $@; \ ++ $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo.conf.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "VISUDO" \)"8"\(.*"\)OpenBSD \(.*\)/\1"'$$mansectsu'"\2\3/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" >> $@; \ ++ fi ++ ++sudo.conf.man.sed: $(srcdir)/fixman.sh ++ $(SHELL) $(srcdir)/fixman.sh $@ ++ ++sudo.conf.man: $(srcdir)/sudo.conf.man.in sudo.conf.man.sed ++ (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/$@.in | $(SED) -f $@.sed > $@ ++ ++sudo.conf.mdoc: $(srcdir)/sudo.conf.mdoc.in ++ (cd $(top_builddir) && $(SHELL) config.status --file=doc/$@) ++ ++$(srcdir)/sudo.conf.cat: varsub $(srcdir)/sudo.conf.mdoc.in ++ @if [ -n "$(DEVEL)" ]; then \ ++ echo "Generating $@"; \ ++ $(SED) -f varsub $(srcdir)/sudo.conf.mdoc.in | $(MANDOC) -mdoc | $(SED) -e 's/ OpenBSD \([^ ].* \)/ \1 /' -e 's/(5)/(4)/g' -e 's/(8)/(1m)/g' > $@; \ ++ fi ++ ++sudo.conf.cat: $(srcdir)/sudo.conf.cat ++ + $(srcdir)/sudoers.man.in: $(srcdir)/sudoers.mdoc.in + @if [ -n "$(DEVEL)" ]; then \ + echo "Generating $@"; \ +@@ -292,10 +321,11 @@ install-doc: install-dirs + $(INSTALL) -O $(install_uid) -G $(install_gid) -m 0644 @mansrcdir@/sudo_plugin.$(mantype) $(DESTDIR)$(mandirsu)/sudo_plugin.$(mansectsu) + $(INSTALL) -O $(install_uid) -G $(install_gid) -m 0644 @mansrcdir@/sudoreplay.$(mantype) $(DESTDIR)$(mandirsu)/sudoreplay.$(mansectsu) + $(INSTALL) -O $(install_uid) -G $(install_gid) -m 0644 @mansrcdir@/visudo.$(mantype) $(DESTDIR)$(mandirsu)/visudo.$(mansectsu) ++ $(INSTALL) -O $(install_uid) -G $(install_gid) -m 0644 @mansrcdir@/sudo.conf.$(mantype) $(DESTDIR)$(mandirform)/sudo.conf.$(mansectform) + $(INSTALL) -O $(install_uid) -G $(install_gid) -m 0644 @mansrcdir@/sudoers.$(mantype) $(DESTDIR)$(mandirform)/sudoers.$(mansectform) + @LDAP@$(INSTALL) -O $(install_uid) -G $(install_gid) -m 0644 @mansrcdir@/sudoers.ldap.$(mantype) $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform) + @if test -n "$(MANCOMPRESS)"; then \ +- for f in $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/sudo_plugin.$(mansectsu) $(mandirsu)/sudoreplay.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudoers.$(mansectform) $(mandirform)/sudoers.ldap.$(mansectform); do \ ++ for f in $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/sudo_plugin.$(mansectsu) $(mandirsu)/sudoreplay.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudo.conf.$(mansectform) $(mandirform)/sudoers.$(mansectform) $(mandirform)/sudoers.ldap.$(mansectform); do \ + if test -f $(DESTDIR)$$f; then \ + echo $(MANCOMPRESS) -f $(DESTDIR)$$f; \ + $(MANCOMPRESS) -f $(DESTDIR)$$f; \ +@@ -319,6 +349,7 @@ uninstall: + $(DESTDIR)$(mandirsu)/sudo_plugin.$(mansectsu) \ + $(DESTDIR)$(mandirsu)/sudoreplay.$(mansectsu) \ + $(DESTDIR)$(mandirsu)/visudo.$(mansectsu) \ ++ $(DESTDIR)$(mandirform)/sudo.conf.$(mansectform) \ + $(DESTDIR)$(mandirform)/sudoers.$(mansectform) \ + $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform) + +diff -up sudo-1.8.6p7/doc/sudo.conf.cat.sudoconfman sudo-1.8.6p7/doc/sudo.conf.cat +--- sudo-1.8.6p7/doc/sudo.conf.cat.sudoconfman 2013-07-30 13:58:15.401285217 +0200 ++++ sudo-1.8.6p7/doc/sudo.conf.cat 2013-07-30 13:58:25.733323538 +0200 +@@ -0,0 +1,263 @@ ++SUDO(4) Programmer's Manual SUDO(4) ++ ++NNAAMMEE ++ ssuuddoo..ccoonnff - configuration for sudo front end ++ ++DDEESSCCRRIIPPTTIIOONN ++ The ssuuddoo..ccoonnff file is used to configure the ssuuddoo front end. It specifies ++ the security policy and I/O logging plugins, debug flags as well as ++ plugin-agnostic path names and settings. ++ ++ The ssuuddoo..ccoonnff file supports the following directives, described in detail ++ below. ++ ++ Plugin a security policy or I/O logging plugin ++ ++ Path a plugin-agnostic path ++ ++ Set a front end setting, such as _d_i_s_a_b_l_e___c_o_r_e_d_u_m_p or _g_r_o_u_p___s_o_u_r_c_e ++ ++ Debug debug flags to aid in debugging ssuuddoo, ssuuddoorreeppllaayy, vviissuuddoo, and ++ the ssuuddooeerrss plugin. ++ ++ The pound sign (`#') is used to indicate a comment. Both the comment ++ character and any text after it, up to the end of the line, are ignored. ++ ++ Non-comment lines that don't begin with Plugin, Path, Debug, or Set are ++ silently ignored. ++ ++ The ssuuddoo..ccoonnff file is always parsed in the ``C'' locale. ++ ++ PPlluuggiinn ccoonnffiigguurraattiioonn ++ ssuuddoo supports a plugin architecture for security policies and ++ input/output logging. Third parties can develop and distribute their own ++ policy and I/O logging plugins to work seamlessly with the ssuuddoo front ++ end. Plugins are dynamically loaded based on the contents of ssuuddoo..ccoonnff. ++ ++ A Plugin line consists of the Plugin keyword, followed by the _s_y_m_b_o_l___n_a_m_e ++ and the _p_a_t_h to the shared object containing the plugin. The _s_y_m_b_o_l___n_a_m_e ++ is the name of the struct policy_plugin or struct io_plugin in the plugin ++ shared object. The _p_a_t_h may be fully qualified or relative. If not ++ fully qualified, it is relative to the _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c directory. In ++ other words: ++ ++ Plugin sudoers_policy sudoers.so ++ ++ is equivalent to: ++ ++ Plugin sudoers_policy /usr/local/libexec/sudoers.so ++ ++ Any additional parameters after the _p_a_t_h are passed as arguments to the ++ plugin's _o_p_e_n function. For example, to override the compile-time ++ default sudoers file mode: ++ ++ Plugin sudoers_policy sudoers.so sudoers_mode=0440 ++ ++ If no ssuuddoo..ccoonnff file is present, or if it contains no Plugin lines, the ++ ssuuddooeerrss plugin will be used as the default security policy and for I/O ++ logging (if enabled by the policy). This is equivalent to the following: ++ ++ Plugin policy_plugin sudoers.so ++ Plugin io_plugin sudoers.so ++ ++ For more information on the ssuuddoo plugin architecture, see the ++ sudo_plugin(1m) manual. ++ ++ PPaatthh sseettttiinnggss ++ A Path line consists of the Path keyword, followed by the name of the ++ path to set and its value. For example: ++ ++ Path noexec /usr/local/libexec/sudo_noexec.so ++ Path askpass /usr/X11R6/bin/ssh-askpass ++ ++ The following plugin-agnostic paths may be set in the _/_e_t_c_/_s_u_d_o_._c_o_n_f ++ file: ++ ++ askpass The fully qualified path to a helper program used to read the ++ user's password when no terminal is available. This may be the ++ case when ssuuddoo is executed from a graphical (as opposed to ++ text-based) application. The program specified by _a_s_k_p_a_s_s ++ should display the argument passed to it as the prompt and ++ write the user's password to the standard output. The value of ++ _a_s_k_p_a_s_s may be overridden by the SUDO_ASKPASS environment ++ variable. ++ ++ noexec The fully-qualified path to a shared library containing dummy ++ versions of the eexxeeccvv(), eexxeeccvvee() and ffeexxeeccvvee() library ++ functions that just return an error. This is used to implement ++ the _n_o_e_x_e_c functionality on systems that support LD_PRELOAD or ++ its equivalent. The default value is: ++ _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o___n_o_e_x_e_c_._s_o. ++ ++ OOtthheerr sseettttiinnggss ++ The ssuuddoo..ccoonnff file also supports the following front end settings: ++ ++ disable_coredump ++ Core dumps of ssuuddoo itself are disabled by default. To aid in ++ debugging ssuuddoo crashes, you may wish to re-enable core dumps by ++ setting ``disable_coredump'' to false in ssuuddoo..ccoonnff as follows: ++ ++ Set disable_coredump false ++ ++ Note that most operating systems disable core dumps from setuid ++ programs, including ssuuddoo. To actually get a ssuuddoo core file you ++ will likely need to enable core dumps for setuid processes. On ++ BSD and Linux systems this is accomplished via the sysctl ++ command. On Solaris, the coreadm command is used to configure ++ core dump behavior. ++ ++ This setting is only available in ssuuddoo version 1.8.4 and ++ higher. ++ ++ DDeebbuugg ffllaaggss ++ ssuuddoo versions 1.8.4 and higher support a flexible debugging framework ++ that can help track down what ssuuddoo is doing internally if there is a ++ problem. ++ ++ A Debug line consists of the Debug keyword, followed by the name of the ++ program (or plugin) to debug (ssuuddoo, vviissuuddoo, ssuuddoorreeppllaayy, ssuuddooeerrss), the ++ debug file name and a comma-separated list of debug flags. The debug ++ flag syntax used by ssuuddoo and the ssuuddooeerrss plugin is _s_u_b_s_y_s_t_e_m@_p_r_i_o_r_i_t_y but ++ a plugin is free to use a different format so long as it does not include ++ a comma (`,'). ++ ++ For example: ++ ++ Debug sudo /var/log/sudo_debug all@warn,plugin@info ++ ++ would log all debugging statements at the _w_a_r_n level and higher in ++ addition to those at the _i_n_f_o level for the plugin subsystem. ++ ++ Currently, only one Debug entry per program is supported. The ssuuddoo Debug ++ entry is shared by the ssuuddoo front end, ssuuddooeeddiitt and the plugins. A ++ future release may add support for per-plugin Debug lines and/or support ++ for multiple debugging files for a single program. ++ ++ The priorities used by the ssuuddoo front end, in order of decreasing ++ severity, are: _c_r_i_t, _e_r_r, _w_a_r_n, _n_o_t_i_c_e, _d_i_a_g, _i_n_f_o, _t_r_a_c_e and _d_e_b_u_g. ++ Each priority, when specified, also includes all priorities higher than ++ it. For example, a priority of _n_o_t_i_c_e would include debug messages ++ logged at _n_o_t_i_c_e and higher. ++ ++ The following subsystems are used by the ssuuddoo front-end: ++ ++ _a_l_l matches every subsystem ++ ++ _a_r_g_s command line argument processing ++ ++ _c_o_n_v user conversation ++ ++ _e_d_i_t sudoedit ++ ++ _e_x_e_c command execution ++ ++ _m_a_i_n ssuuddoo main function ++ ++ _n_e_t_i_f network interface handling ++ ++ _p_c_o_m_m communication with the plugin ++ ++ _p_l_u_g_i_n plugin configuration ++ ++ _p_t_y pseudo-tty related code ++ ++ _s_e_l_i_n_u_x SELinux-specific handling ++ ++ _u_t_i_l utility functions ++ ++ _u_t_m_p utmp handling ++ ++FFIILLEESS ++ _/_e_t_c_/_s_u_d_o_._c_o_n_f ssuuddoo front end configuration ++ ++EEXXAAMMPPLLEESS ++ # ++ # Default /etc/sudo.conf file ++ # ++ # Format: ++ # Plugin plugin_name plugin_path plugin_options ... ++ # Path askpass /path/to/askpass ++ # Path noexec /path/to/sudo_noexec.so ++ # Debug sudo /var/log/sudo_debug all@warn ++ # Set disable_coredump true ++ # ++ # The plugin_path is relative to /usr/local/libexec unless ++ # fully qualified. ++ # The plugin_name corresponds to a global symbol in the plugin ++ # that contains the plugin interface structure. ++ # The plugin_options are optional. ++ # ++ # The sudoers plugin is used by default if no Plugin lines are ++ # present. ++ Plugin policy_plugin sudoers.so ++ Plugin io_plugin sudoers.so ++ ++ # ++ # Sudo askpass: ++ # ++ # An askpass helper program may be specified to provide a graphical ++ # password prompt for "sudo -A" support. Sudo does not ship with ++ # its own askpass program but can use the OpenSSH askpass. ++ # ++ # Use the OpenSSH askpass ++ #Path askpass /usr/X11R6/bin/ssh-askpass ++ # ++ # Use the Gnome OpenSSH askpass ++ #Path askpass /usr/libexec/openssh/gnome-ssh-askpass ++ ++ # ++ # Sudo noexec: ++ # ++ # Path to a shared library containing dummy versions of the execv(), ++ # execve() and fexecve() library functions that just return an error. ++ # This is used to implement the "noexec" functionality on systems that ++ # support C or its equivalent. ++ # The compiled-in value is usually sufficient and should only be ++ # changed if you rename or move the sudo_noexec.so file. ++ # ++ #Path noexec /usr/local/libexec/sudo_noexec.so ++ ++ # ++ # Core dumps: ++ # ++ # By default, sudo disables core dumps while it is executing ++ # (they are re-enabled for the command that is run). ++ # To aid in debugging sudo problems, you may wish to enable core ++ # dumps by setting "disable_coredump" to false. ++ # ++ #Set disable_coredump false ++ ++SSEEEE AALLSSOO ++ sudoers(4), sudo(1m), sudo_plugin(1m), ++ ++HHIISSTTOORRYY ++ See the HISTORY file in the ssuuddoo distribution ++ (http://www.sudo.ws/sudo/history.html) for a brief history of sudo. ++ ++AAUUTTHHOORRSS ++ Many people have worked on ssuuddoo over the years; this version consists of ++ code written primarily by: ++ ++ Todd C. Miller ++ ++ See the CONTRIBUTORS file in the ssuuddoo distribution ++ (http://www.sudo.ws/sudo/contributors.html) for an exhaustive list of ++ people who have contributed to ssuuddoo. ++ ++BBUUGGSS ++ If you feel you have found a bug in ssuuddoo, please submit a bug report at ++ http://www.sudo.ws/sudo/bugs/ ++ ++SSUUPPPPOORRTT ++ Limited free support is available via the sudo-users mailing list, see ++ http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the ++ archives. ++ ++DDIISSCCLLAAIIMMEERR ++ ssuuddoo is provided ``AS IS'' and any express or implied warranties, ++ including, but not limited to, the implied warranties of merchantability ++ and fitness for a particular purpose are disclaimed. See the LICENSE ++ file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for ++ complete details. ++ ++Sudo 1.8.6p7 February 1, 2013 Sudo 1.8.6p7 +diff -up sudo-1.8.6p7/doc/sudo.conf.man.in.sudoconfman sudo-1.8.6p7/doc/sudo.conf.man.in +--- sudo-1.8.6p7/doc/sudo.conf.man.in.sudoconfman 2013-07-30 13:58:15.401285217 +0200 ++++ sudo-1.8.6p7/doc/sudo.conf.man.in 2013-07-30 13:58:25.733323538 +0200 +@@ -0,0 +1,470 @@ ++.\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER! ++.\" IT IS GENERATED AUTOMATICALLY FROM sudo.conf.mdoc.in ++.\" ++.\" Copyright (c) 2010-2013 Todd C. Miller ++.\" ++.\" Permission to use, copy, modify, and distribute this software for any ++.\" purpose with or without fee is hereby granted, provided that the above ++.\" copyright notice and this permission notice appear in all copies. ++.\" ++.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES ++.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF ++.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ++.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES ++.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ++.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF ++.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ++.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++.\" ++.TH "SUDO" "5" "February 1, 2013" "Sudo @PACKAGE_VERSION@" "OpenBSD Programmer's Manual" ++.nh ++.if n .ad l ++.SH "NAME" ++\fBsudo.conf\fR ++\- configuration for sudo front end ++.SH "DESCRIPTION" ++The ++\fBsudo.conf\fR ++file is used to configure the ++\fBsudo\fR ++front end. ++It specifies the security policy and I/O logging plugins, debug flags ++as well as plugin-agnostic path names and settings. ++.PP ++The ++\fBsudo.conf\fR ++file supports the following directives, described in detail below. ++.TP 10n ++Plugin ++a security policy or I/O logging plugin ++.TP 10n ++Path ++a plugin-agnostic path ++.TP 10n ++Set ++a front end setting, such as ++\fIdisable_coredump\fR ++or ++\fIgroup_source\fR ++.TP 10n ++Debug ++debug flags to aid in debugging ++\fBsudo\fR, ++\fBsudoreplay\fR, ++\fBvisudo\fR, ++and the ++\fBsudoers\fR ++plugin. ++.PP ++The pound sign ++(`#') ++is used to indicate a comment. ++Both the comment character and any text after it, up to the end of ++the line, are ignored. ++.PP ++Non-comment lines that don't begin with ++\fRPlugin\fR, ++\fRPath\fR, ++\fRDebug\fR, ++or ++\fRSet\fR ++are silently ignored. ++.PP ++The ++\fBsudo.conf\fR ++file is always parsed in the ++``\fRC\fR'' ++locale. ++.SS "Plugin configuration" ++\fBsudo\fR ++supports a plugin architecture for security policies and input/output ++logging. ++Third parties can develop and distribute their own policy and I/O ++logging plugins to work seamlessly with the ++\fBsudo\fR ++front end. ++Plugins are dynamically loaded based on the contents of ++\fBsudo.conf\fR. ++.PP ++A ++\fRPlugin\fR ++line consists of the ++\fRPlugin\fR ++keyword, followed by the ++\fIsymbol_name\fR ++and the ++\fIpath\fR ++to the shared object containing the plugin. ++The ++\fIsymbol_name\fR ++is the name of the ++\fRstruct policy_plugin\fR ++or ++\fRstruct io_plugin\fR ++in the plugin shared object. ++The ++\fIpath\fR ++may be fully qualified or relative. ++If not fully qualified, it is relative to the ++\fI@PLUGINDIR@\fR ++directory. ++In other words: ++.nf ++.sp ++.RS 6n ++Plugin sudoers_policy sudoers.so ++.RE ++.fi ++.PP ++is equivalent to: ++.nf ++.sp ++.RS 6n ++Plugin sudoers_policy @PLUGINDIR@/sudoers.so ++.RE ++.fi ++.PP ++Any additional parameters after the ++\fIpath\fR ++are passed as arguments to the plugin's ++\fIopen\fR ++function. ++For example, to override the compile-time default sudoers file mode: ++.nf ++.sp ++.RS 6n ++Plugin sudoers_policy sudoers.so sudoers_mode=0440 ++.RE ++.fi ++.PP ++If no ++\fBsudo.conf\fR ++file is present, or if it contains no ++\fRPlugin\fR ++lines, the ++\fBsudoers\fR ++plugin will be used as the default security policy and for I/O logging ++(if enabled by the policy). ++This is equivalent to the following: ++.nf ++.sp ++.RS 6n ++Plugin policy_plugin sudoers.so ++Plugin io_plugin sudoers.so ++.RE ++.fi ++.PP ++For more information on the ++\fBsudo\fR ++plugin architecture, see the ++sudo_plugin(@mansectsu@) ++manual. ++.SS "Path settings" ++A ++\fRPath\fR ++line consists of the ++\fRPath\fR ++keyword, followed by the name of the path to set and its value. ++For example: ++.nf ++.sp ++.RS 6n ++Path noexec @noexec_file@ ++Path askpass /usr/X11R6/bin/ssh-askpass ++.RE ++.fi ++.PP ++The following plugin-agnostic paths may be set in the ++\fI@sysconfdir@/sudo.conf\fR ++file: ++.TP 10n ++askpass ++The fully qualified path to a helper program used to read the user's ++password when no terminal is available. ++This may be the case when ++\fBsudo\fR ++is executed from a graphical (as opposed to text-based) application. ++The program specified by ++\fIaskpass\fR ++should display the argument passed to it as the prompt and write ++the user's password to the standard output. ++The value of ++\fIaskpass\fR ++may be overridden by the ++\fRSUDO_ASKPASS\fR ++environment variable. ++.TP 10n ++noexec ++The fully-qualified path to a shared library containing dummy ++versions of the ++\fBexecv\fR(), ++\fBexecve\fR() ++and ++\fBfexecve\fR() ++library functions that just return an error. ++This is used to implement the ++\fInoexec\fR ++functionality on systems that support ++\fRLD_PRELOAD\fR ++or its equivalent. ++The default value is: ++\fI@noexec_file@\fR. ++.SS "Other settings" ++The ++\fBsudo.conf\fR ++file also supports the following front end settings: ++.TP 10n ++disable_coredump ++Core dumps of ++\fBsudo\fR ++itself are disabled by default. ++To aid in debugging ++\fBsudo\fR ++crashes, you may wish to re-enable core dumps by setting ++``disable_coredump'' ++to false in ++\fBsudo.conf\fR ++as follows: ++.RS ++.nf ++.sp ++.RS 6n ++Set disable_coredump false ++.RE ++.fi ++.sp ++Note that most operating systems disable core dumps from setuid programs, ++including ++\fBsudo\fR. ++To actually get a ++\fBsudo\fR ++core file you will likely need to enable core dumps for setuid processes. ++On BSD and Linux systems this is accomplished via the ++sysctl ++command. ++On Solaris, the ++coreadm ++command is used to configure core dump behavior. ++.sp ++This setting is only available in ++\fBsudo\fR ++version 1.8.4 and higher. ++.PP ++.RE ++.SS "Debug flags" ++\fBsudo\fR ++versions 1.8.4 and higher support a flexible debugging framework ++that can help track down what ++\fBsudo\fR ++is doing internally if there is a problem. ++.PP ++A ++\fRDebug\fR ++line consists of the ++\fRDebug\fR ++keyword, followed by the name of the program (or plugin) to debug ++(\fBsudo\fR, \fBvisudo\fR, \fBsudoreplay\fR, \fBsudoers\fR), ++the debug file name and a comma-separated list of debug flags. ++The debug flag syntax used by ++\fBsudo\fR ++and the ++\fBsudoers\fR ++plugin is ++\fIsubsystem\fR@\fIpriority\fR ++but a plugin is free to use a different format so long as it does ++not include a comma ++(`\&,'). ++.PP ++For example: ++.nf ++.sp ++.RS 6n ++Debug sudo /var/log/sudo_debug all@warn,plugin@info ++.RE ++.fi ++.PP ++would log all debugging statements at the ++\fIwarn\fR ++level and higher in addition to those at the ++\fIinfo\fR ++level for the plugin subsystem. ++.PP ++Currently, only one ++\fRDebug\fR ++entry per program is supported. ++The ++\fBsudo\fR ++\fRDebug\fR ++entry is shared by the ++\fBsudo\fR ++front end, ++\fBsudoedit\fR ++and the plugins. ++A future release may add support for per-plugin ++\fRDebug\fR ++lines and/or support for multiple debugging files for a single ++program. ++.PP ++The priorities used by the ++\fBsudo\fR ++front end, in order of decreasing severity, are: ++\fIcrit\fR, \fIerr\fR, \fIwarn\fR, \fInotice\fR, \fIdiag\fR, \fIinfo\fR, \fItrace\fR ++and ++\fIdebug\fR. ++Each priority, when specified, also includes all priorities higher ++than it. ++For example, a priority of ++\fInotice\fR ++would include debug messages logged at ++\fInotice\fR ++and higher. ++.PP ++The following subsystems are used by the ++\fBsudo\fR ++front-end: ++.TP 12n ++\fIall\fR ++matches every subsystem ++.TP 12n ++\fIargs\fR ++command line argument processing ++.TP 12n ++\fIconv\fR ++user conversation ++.TP 12n ++\fIedit\fR ++sudoedit ++.TP 12n ++\fIexec\fR ++command execution ++.TP 12n ++\fImain\fR ++\fBsudo\fR ++main function ++.TP 12n ++\fInetif\fR ++network interface handling ++.TP 12n ++\fIpcomm\fR ++communication with the plugin ++.TP 12n ++\fIplugin\fR ++plugin configuration ++.TP 12n ++\fIpty\fR ++pseudo-tty related code ++.TP 12n ++\fIselinux\fR ++SELinux-specific handling ++.TP 12n ++\fIutil\fR ++utility functions ++.TP 12n ++\fIutmp\fR ++utmp handling ++.SH "FILES" ++.TP 26n ++\fI@sysconfdir@/sudo.conf\fR ++\fBsudo\fR ++front end configuration ++.SH "EXAMPLES" ++.nf ++.RS 0n ++# ++# Default @sysconfdir@/sudo.conf file ++# ++# Format: ++# Plugin plugin_name plugin_path plugin_options ... ++# Path askpass /path/to/askpass ++# Path noexec /path/to/sudo_noexec.so ++# Debug sudo /var/log/sudo_debug all@warn ++# Set disable_coredump true ++# ++# The plugin_path is relative to @PLUGINDIR@ unless ++# fully qualified. ++# The plugin_name corresponds to a global symbol in the plugin ++# that contains the plugin interface structure. ++# The plugin_options are optional. ++# ++# The sudoers plugin is used by default if no Plugin lines are ++# present. ++Plugin policy_plugin sudoers.so ++Plugin io_plugin sudoers.so ++ ++# ++# Sudo askpass: ++# ++# An askpass helper program may be specified to provide a graphical ++# password prompt for "sudo -A" support. Sudo does not ship with ++# its own askpass program but can use the OpenSSH askpass. ++# ++# Use the OpenSSH askpass ++#Path askpass /usr/X11R6/bin/ssh-askpass ++# ++# Use the Gnome OpenSSH askpass ++#Path askpass /usr/libexec/openssh/gnome-ssh-askpass ++ ++# ++# Sudo noexec: ++# ++# Path to a shared library containing dummy versions of the execv(), ++# execve() and fexecve() library functions that just return an error. ++# This is used to implement the "noexec" functionality on systems that ++# support C or its equivalent. ++# The compiled-in value is usually sufficient and should only be ++# changed if you rename or move the sudo_noexec.so file. ++# ++#Path noexec @noexec_file@ ++ ++# ++# Core dumps: ++# ++# By default, sudo disables core dumps while it is executing ++# (they are re-enabled for the command that is run). ++# To aid in debugging sudo problems, you may wish to enable core ++# dumps by setting "disable_coredump" to false. ++# ++#Set disable_coredump false ++.RE ++.fi ++.SH "SEE ALSO" ++sudoers(@mansectform@), ++sudo(@mansectsu@), ++sudo_plugin(@mansectsu@), ++.SH "HISTORY" ++See the HISTORY file in the ++\fBsudo\fR ++distribution (http://www.sudo.ws/sudo/history.html) for a brief ++history of sudo. ++.SH "AUTHORS" ++Many people have worked on ++\fBsudo\fR ++over the years; this version consists of code written primarily by: ++.sp ++.RS 6n ++Todd C. Miller ++.RE ++.PP ++See the CONTRIBUTORS file in the ++\fBsudo\fR ++distribution (http://www.sudo.ws/sudo/contributors.html) for an ++exhaustive list of people who have contributed to ++\fBsudo\fR. ++.SH "BUGS" ++If you feel you have found a bug in ++\fBsudo\fR, ++please submit a bug report at http://www.sudo.ws/sudo/bugs/ ++.SH "SUPPORT" ++Limited free support is available via the sudo-users mailing list, ++see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or ++search the archives. ++.SH "DISCLAIMER" ++\fBsudo\fR ++is provided ++``AS IS'' ++and any express or implied warranties, including, but not limited ++to, the implied warranties of merchantability and fitness for a ++particular purpose are disclaimed. ++See the LICENSE file distributed with ++\fBsudo\fR ++or http://www.sudo.ws/sudo/license.html for complete details. +diff -up sudo-1.8.6p7/doc/sudo.conf.mdoc.in.sudoconfman sudo-1.8.6p7/doc/sudo.conf.mdoc.in +--- sudo-1.8.6p7/doc/sudo.conf.mdoc.in.sudoconfman 2013-07-30 13:58:15.401285217 +0200 ++++ sudo-1.8.6p7/doc/sudo.conf.mdoc.in 2013-07-30 13:58:25.734323547 +0200 +@@ -0,0 +1,430 @@ ++.\" ++.\" Copyright (c) 2010-2013 Todd C. Miller ++.\" ++.\" Permission to use, copy, modify, and distribute this software for any ++.\" purpose with or without fee is hereby granted, provided that the above ++.\" copyright notice and this permission notice appear in all copies. ++.\" ++.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES ++.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF ++.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ++.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES ++.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ++.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF ++.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ++.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++.\" ++.Dd February 5, 2013 ++.Dt SUDO @mansectform@ ++.Os Sudo @PACKAGE_VERSION@ ++.Sh NAME ++.Nm sudo.conf ++.Nd configuration for sudo front end ++.Sh DESCRIPTION ++The ++.Nm sudo.conf ++file is used to configure the ++.Nm sudo ++front end. ++It specifies the security policy and I/O logging plugins, debug flags ++as well as plugin-agnostic path names and settings. ++.Pp ++The ++.Nm sudo.conf ++file supports the following directives, described in detail below. ++.Bl -tag -width 8n ++.It Plugin ++a security policy or I/O logging plugin ++.It Path ++a plugin-agnostic path ++.It Set ++a front end setting, such as ++.Em disable_coredump ++or ++.Em group_source ++.It Debug ++debug flags to aid in debugging ++.Nm sudo , ++.Nm sudoreplay , ++.Nm visudo , ++and the ++.Nm sudoers ++plugin. ++.El ++.Pp ++The pound sign ++.Pq Ql # ++is used to indicate a comment. ++Both the comment character and any text after it, up to the end of ++the line, are ignored. ++.Pp ++Non-comment lines that don't begin with ++.Li Plugin , ++.Li Path , ++.Li Debug , ++or ++.Li Set ++are silently ignored. ++.Pp ++The ++.Nm sudo.conf ++file is always parsed in the ++.Dq Li C ++locale. ++.Ss Plugin configuration ++.Nm sudo ++supports a plugin architecture for security policies and input/output ++logging. ++Third parties can develop and distribute their own policy and I/O ++logging plugins to work seamlessly with the ++.Nm sudo ++front end. ++Plugins are dynamically loaded based on the contents of ++.Nm sudo.conf . ++.Pp ++A ++.Li Plugin ++line consists of the ++.Li Plugin ++keyword, followed by the ++.Em symbol_name ++and the ++.Em path ++to the shared object containing the plugin. ++The ++.Em symbol_name ++is the name of the ++.Li struct policy_plugin ++or ++.Li struct io_plugin ++in the plugin shared object. ++The ++.Em path ++may be fully qualified or relative. ++If not fully qualified, it is relative to the ++.Pa @PLUGINDIR@ ++directory. ++In other words: ++.Bd -literal -offset indent ++Plugin sudoers_policy sudoers.so ++.Ed ++.Pp ++is equivalent to: ++.Bd -literal -offset indent ++Plugin sudoers_policy @PLUGINDIR@/sudoers.so ++.Ed ++.Pp ++Any additional parameters after the ++.Em path ++are passed as arguments to the plugin's ++.Em open ++function. ++For example, to override the compile-time default sudoers file mode: ++.Bd -literal -offset indent ++Plugin sudoers_policy sudoers.so sudoers_mode=0440 ++.Ed ++.Pp ++If no ++.Nm sudo.conf ++file is present, or if it contains no ++.Li Plugin ++lines, the ++.Nm sudoers ++plugin will be used as the default security policy and for I/O logging ++(if enabled by the policy). ++This is equivalent to the following: ++.Bd -literal -offset indent ++Plugin policy_plugin sudoers.so ++Plugin io_plugin sudoers.so ++.Ed ++.Pp ++For more information on the ++.Nm sudo ++plugin architecture, see the ++.Xr sudo_plugin @mansectsu@ ++manual. ++.Ss Path settings ++A ++.Li Path ++line consists of the ++.Li Path ++keyword, followed by the name of the path to set and its value. ++For example: ++.Bd -literal -offset indent ++Path noexec @noexec_file@ ++Path askpass /usr/X11R6/bin/ssh-askpass ++.Ed ++.Pp ++The following plugin-agnostic paths may be set in the ++.Pa @sysconfdir@/sudo.conf ++file: ++.Bl -tag -width 8n ++.It askpass ++The fully qualified path to a helper program used to read the user's ++password when no terminal is available. ++This may be the case when ++.Nm sudo ++is executed from a graphical (as opposed to text-based) application. ++The program specified by ++.Em askpass ++should display the argument passed to it as the prompt and write ++the user's password to the standard output. ++The value of ++.Em askpass ++may be overridden by the ++.Ev SUDO_ASKPASS ++environment variable. ++.It noexec ++The fully-qualified path to a shared library containing dummy ++versions of the ++.Fn execv , ++.Fn execve ++and ++.Fn fexecve ++library functions that just return an error. ++This is used to implement the ++.Em noexec ++functionality on systems that support ++.Ev LD_PRELOAD ++or its equivalent. ++The default value is: ++.Pa @noexec_file@ . ++.El ++.Ss Other settings ++The ++.Nm sudo.conf ++file also supports the following front end settings: ++.Bl -tag -width 8n ++.It disable_coredump ++Core dumps of ++.Nm sudo ++itself are disabled by default. ++To aid in debugging ++.Nm sudo ++crashes, you may wish to re-enable core dumps by setting ++.Dq disable_coredump ++to false in ++.Nm sudo.conf ++as follows: ++.Bd -literal -offset indent ++Set disable_coredump false ++.Ed ++.Pp ++Note that most operating systems disable core dumps from setuid programs, ++including ++.Nm sudo . ++To actually get a ++.Nm sudo ++core file you will likely need to enable core dumps for setuid processes. ++On BSD and Linux systems this is accomplished via the ++.Xr sysctl ++command. ++On Solaris, the ++.Xr coreadm ++command is used to configure core dump behavior. ++.Pp ++This setting is only available in ++.Nm sudo ++version 1.8.4 and higher. ++.El ++.Ss Debug flags ++.Nm sudo ++versions 1.8.4 and higher support a flexible debugging framework ++that can help track down what ++.Nm sudo ++is doing internally if there is a problem. ++.Pp ++A ++.Li Debug ++line consists of the ++.Li Debug ++keyword, followed by the name of the program (or plugin) to debug ++.Pq Nm sudo , Nm visudo , Nm sudoreplay , Nm sudoers , ++the debug file name and a comma-separated list of debug flags. ++The debug flag syntax used by ++.Nm sudo ++and the ++.Nm sudoers ++plugin is ++.Em subsystem Ns No @ Ns Em priority ++but a plugin is free to use a different format so long as it does ++not include a comma ++.Pq Ql \&, . ++.Pp ++For example: ++.Bd -literal -offset indent ++Debug sudo /var/log/sudo_debug all@warn,plugin@info ++.Ed ++.Pp ++would log all debugging statements at the ++.Em warn ++level and higher in addition to those at the ++.Em info ++level for the plugin subsystem. ++.Pp ++Currently, only one ++.Li Debug ++entry per program is supported. ++The ++.Nm sudo ++.Li Debug ++entry is shared by the ++.Nm sudo ++front end, ++.Nm sudoedit ++and the plugins. ++A future release may add support for per-plugin ++.Li Debug ++lines and/or support for multiple debugging files for a single ++program. ++.Pp ++The priorities used by the ++.Nm sudo ++front end, in order of decreasing severity, are: ++.Em crit , err , warn , notice , diag , info , trace ++and ++.Em debug . ++Each priority, when specified, also includes all priorities higher ++than it. ++For example, a priority of ++.Em notice ++would include debug messages logged at ++.Em notice ++and higher. ++.Pp ++The following subsystems are used by the ++.Nm sudo ++front-end: ++.Bl -tag -width Fl ++.It Em all ++matches every subsystem ++.It Em args ++command line argument processing ++.It Em conv ++user conversation ++.It Em edit ++sudoedit ++.It Em exec ++command execution ++.It Em main ++.Nm sudo ++main function ++.It Em netif ++network interface handling ++.It Em pcomm ++communication with the plugin ++.It Em plugin ++plugin configuration ++.It Em pty ++pseudo-tty related code ++.It Em selinux ++SELinux-specific handling ++.It Em util ++utility functions ++.It Em utmp ++utmp handling ++.El ++.Sh FILES ++.Bl -tag -width 24n ++.It Pa @sysconfdir@/sudo.conf ++.Nm sudo ++front end configuration ++.El ++.Sh EXAMPLES ++.Bd -literal ++# ++# Default @sysconfdir@/sudo.conf file ++# ++# Format: ++# Plugin plugin_name plugin_path plugin_options ... ++# Path askpass /path/to/askpass ++# Path noexec /path/to/sudo_noexec.so ++# Debug sudo /var/log/sudo_debug all@warn ++# Set disable_coredump true ++# ++# The plugin_path is relative to @PLUGINDIR@ unless ++# fully qualified. ++# The plugin_name corresponds to a global symbol in the plugin ++# that contains the plugin interface structure. ++# The plugin_options are optional. ++# ++# The sudoers plugin is used by default if no Plugin lines are ++# present. ++Plugin policy_plugin sudoers.so ++Plugin io_plugin sudoers.so ++ ++# ++# Sudo askpass: ++# ++# An askpass helper program may be specified to provide a graphical ++# password prompt for "sudo -A" support. Sudo does not ship with ++# its own askpass program but can use the OpenSSH askpass. ++# ++# Use the OpenSSH askpass ++#Path askpass /usr/X11R6/bin/ssh-askpass ++# ++# Use the Gnome OpenSSH askpass ++#Path askpass /usr/libexec/openssh/gnome-ssh-askpass ++ ++# ++# Sudo noexec: ++# ++# Path to a shared library containing dummy versions of the execv(), ++# execve() and fexecve() library functions that just return an error. ++# This is used to implement the "noexec" functionality on systems that ++# support C or its equivalent. ++# The compiled-in value is usually sufficient and should only be ++# changed if you rename or move the sudo_noexec.so file. ++# ++#Path noexec @noexec_file@ ++ ++# ++# Core dumps: ++# ++# By default, sudo disables core dumps while it is executing ++# (they are re-enabled for the command that is run). ++# To aid in debugging sudo problems, you may wish to enable core ++# dumps by setting "disable_coredump" to false. ++# ++#Set disable_coredump false ++.Ed ++.Sh SEE ALSO ++.Xr sudoers @mansectform@ , ++.Xr sudo @mansectsu@ , ++.Xr sudo_plugin @mansectsu@ ++.Sh HISTORY ++See the HISTORY file in the ++.Nm sudo ++distribution (http://www.sudo.ws/sudo/history.html) for a brief ++history of sudo. ++.Sh AUTHORS ++Many people have worked on ++.Nm sudo ++over the years; this version consists of code written primarily by: ++.Bd -ragged -offset indent ++Todd C. Miller ++.Ed ++.Pp ++See the CONTRIBUTORS file in the ++.Nm sudo ++distribution (http://www.sudo.ws/sudo/contributors.html) for an ++exhaustive list of people who have contributed to ++.Nm sudo . ++.Sh BUGS ++If you feel you have found a bug in ++.Nm sudo , ++please submit a bug report at http://www.sudo.ws/sudo/bugs/ ++.Sh SUPPORT ++Limited free support is available via the sudo-users mailing list, ++see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or ++search the archives. ++.Sh DISCLAIMER ++.Nm sudo ++is provided ++.Dq AS IS ++and any express or implied warranties, including, but not limited ++to, the implied warranties of merchantability and fitness for a ++particular purpose are disclaimed. ++See the LICENSE file distributed with ++.Nm sudo ++or http://www.sudo.ws/sudo/license.html for complete details. +diff -up sudo-1.8.6p7/MANIFEST.sudoconfman sudo-1.8.6p7/MANIFEST +--- sudo-1.8.6p7/MANIFEST.sudoconfman 2013-07-30 13:56:49.585965170 +0200 ++++ sudo-1.8.6p7/MANIFEST 2013-07-30 13:58:25.731323515 +0200 +@@ -348,6 +348,9 @@ src/tgetpass.c + src/ttyname.c + src/utmp.c + sudo.pp ++sudo/sudo.conf.cat ++sudo/sudo.conf.man.in ++sudo/sudo.conf.mdoc.in + zlib/Makefile.in + zlib/adler32.c + zlib/compress.c diff --git a/SOURCES/sudo-1.8.6p7-sudoldapconfman.patch b/SOURCES/sudo-1.8.6p7-sudoldapconfman.patch new file mode 100644 index 0000000..6ac4042 --- /dev/null +++ b/SOURCES/sudo-1.8.6p7-sudoldapconfman.patch @@ -0,0 +1,30 @@ +diff -up sudo-1.8.6p7/doc/Makefile.in.sudoldapconfman sudo-1.8.6p7/doc/Makefile.in +--- sudo-1.8.6p7/doc/Makefile.in.sudoldapconfman 2013-08-05 17:05:30.125020088 +0200 ++++ sudo-1.8.6p7/doc/Makefile.in 2013-08-05 17:15:29.787058494 +0200 +@@ -334,10 +334,16 @@ install-doc: install-dirs + rm -f $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)$(MANCOMPRESSEXT); \ + echo ln -s sudo.$(mansectsu)$(MANCOMPRESSEXT) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)$(MANCOMPRESSEXT); \ + ln -s sudo.$(mansectsu)$(MANCOMPRESSEXT) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)$(MANCOMPRESSEXT); \ ++ rm -f $(DESTDIR)$(mandirform)/sudo-ldap.conf.$(mansectform)$(MANCOMPRESSEXT); \ ++ echo ln -s sudoers.ldap.$(mansectform)$(MANCOMPRESSEXT) $(DESTDIR)$(mandirform)/sudo-ldap.conf.$(mansectform)$(MANCOMPRESSEXT); \ ++ ln -s sudoers.ldap.$(mansectform)$(MANCOMPRESSEXT) $(DESTDIR)$(mandirform)/sudo-ldap.conf.$(mansectform)$(MANCOMPRESSEXT); \ + else \ + rm -f $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu); \ + echo ln -s sudo.$(mansectsu) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu); \ + ln -s sudo.$(mansectsu) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu); \ ++ rm -f $(DESTDIR)$(mandirform)/sudo-ldap.conf.$(mansectform); \ ++ echo ln -s sudoers.ldap.$(mansectform) $(DESTDIR)$(mandirform)/sudo-ldap.conf.$(mansectform); \ ++ ln -s sudoers.ldap.$(mansectform) $(DESTDIR)$(mandirform)/sudo-ldap.conf.$(mansectform); \ + fi + + install-plugin: +@@ -351,7 +357,8 @@ uninstall: + $(DESTDIR)$(mandirsu)/visudo.$(mansectsu) \ + $(DESTDIR)$(mandirform)/sudo.conf.$(mansectform) \ + $(DESTDIR)$(mandirform)/sudoers.$(mansectform) \ +- $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform) ++ $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform) \ ++ $(DESTDIR)$(mandirform)/sudo-ldap.conf.$(mansectform) + + check: + diff --git a/SPECS/sudo.spec b/SPECS/sudo.spec new file mode 100644 index 0000000..b3ee71e --- /dev/null +++ b/SPECS/sudo.spec @@ -0,0 +1,770 @@ +Summary: Allows restricted root access for specified users +Name: sudo +Version: 1.8.6p7 +Release: 7%{?dist} +License: ISC +Group: Applications/System +URL: http://www.courtesan.com/sudo/ +Source0: http://www.courtesan.com/sudo/dist/sudo-%{version}.tar.gz +Source1: sudo-1.7.4p5-sudoers +Source2: sudo-1.7.4p5-sudo-ldap.conf +Source3: sudo-1.8.6p3-sudo.conf +Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +Requires: /etc/pam.d/system-auth, vim-minimal + +BuildRequires: pam-devel +BuildRequires: groff +BuildRequires: openldap-devel +BuildRequires: flex +BuildRequires: bison +BuildRequires: automake autoconf libtool +BuildRequires: audit-libs-devel libcap-devel +BuildRequires: libselinux-devel +BuildRequires: /usr/sbin/sendmail +BuildRequires: gettext +BuildRequires: zlib-devel + +# don't strip +Patch1: sudo-1.6.7p5-strip.patch +# configure.in fix +Patch2: sudo-1.7.2p1-envdebug.patch +# show the editor being executed by `sudo -e' in audit messages +Patch3: sudo-1.8.6p3-auditeditor.patch +# fix manpage typo (#726634) +Patch4: sudo-1.8.6p3-mantypo.patch +# correct SELinux handling in sudoedit mode (#697775) +Patch5: sudo-1.8.6p3-sudoedit-selinux.patch +# [RFE] Fix visudo -s to be backwards compatible (#604297) +Patch6: sudo-1.8.6p3-aliaswarnonly.patch +# log failed user role changes (#665131) +Patch7: sudo-1.8.6p3-auditrolechange.patch +# 840980 - sudo creates a new parent process +# Adds cmnd_no_wait Defaults option +Patch8: sudo-1.8.6p3-nowaitopt.patch +# 876578 - erealloc3 error on sssd sudoHost netgroup mismatch +Patch9: sudo-1.8.6p3-emallocfail.patch +# 876208 - sudoRunAsUser #uid specification doesn't work +Patch10: sudo-1.8.6p3-ldap-sssd-usermatch.patch +# 879675 - sudo parse ldap.conf incorrectly +Patch11: sudo-1.8.6p3-ldapconfparse.patch +# 879633 - sudo + sssd + local user sends e-mail to administrator +Patch12: sudo-1.8.6p3-sssd-noise.patch +# 856901 - Defauts:! syntax in sudoers doesn't seem to work as expected +Patch13: sudo-1.8.6p3-ALL-with-negation-manupdate.patch +# 947276 - Cannot set RLIMIT_NPROC to unlimited via pam_limits when running sudo +Patch14: sudo-1.8.6p3-nprocfix.patch +# 881258 - rpmdiff: added missing sudo.conf manpage +Patch15: sudo-1.8.6p7-sudoconfman.patch +# 881258 - rpmdiff: added missing sudo-ldap.conf manpage +Patch16: sudo-1.8.6p7-sudoldapconfman.patch +# 1026904 - Access granted with invalid sudoRunAsUser/sudoRunAsGroup +Patch17: sudo-1.8.6p3-strictuidgid.patch +# 1026890 - Improve error message +Patch18: sudo-1.8.6p3-netgrmatchtrace.patch +# 1007014 - sssd +netgroup sudoUser is always matched +Patch19: sudo-1.8.6p3-sssdfixes.patch +# 1026894 - sudo -u sudo -l show error: glibc detected sudo: realloc(): invalid next size +Patch20: sudo-1.8.6p3-lbufexpandcode.patch +# 994566 - Warning in visudo: cycle in Host_Alias even without cycle +Patch21: sudo-1.8.6p3-cycledetect.patch + +%description +Sudo (superuser do) allows a system administrator to give certain +users (or groups of users) the ability to run some (or all) commands +as root while logging all commands and arguments. Sudo operates on a +per-command basis. It is not a replacement for the shell. Features +include: the ability to restrict what commands a user may run on a +per-host basis, copious logging of each command (providing a clear +audit trail of who did what), a configurable timeout of the sudo +command, and the ability to use the same configuration file (sudoers) +on many different machines. + +%package devel +Summary: Development files for %{name} +Group: Development/Libraries +Requires: %{name} = %{version}-%{release} + +%description devel +The %{name}-devel package contains header files developing sudo +plugins that use %{name}. + +%prep +%setup -q + +%patch1 -p1 -b .strip +%patch2 -p1 -b .envdebug +%patch3 -p1 -b .auditeditor +%patch4 -p1 -b .mantypo +%patch5 -p1 -b .sudoedit-selinux +%patch6 -p1 -b .aliaswarnonly +%patch7 -p1 -b .auditrolechange +%patch8 -p1 -b .nowaitopt +%patch9 -p1 -b .emallocfail +%patch10 -p1 -b .ldap-sssd-usermatch +%patch11 -p1 -b .ldapconfparse +%patch12 -p1 -b .sssd-noise +%patch13 -p1 -b .ALL-with-negation-manupdate +%patch14 -p1 -b .nprocfix +%patch15 -p1 -b .sudoconfman +%patch16 -p1 -b .sudoldapconfman +%patch17 -p1 -b .strictuidgid +%patch18 -p1 -b .netgrmatchtrace +%patch19 -p1 -b .sssdfixes +%patch20 -p1 -b .lbufexpandcode +%patch21 -p1 -b .cycledetect + +%build +autoreconf -I m4 -fv --install + +%ifarch s390 s390x sparc64 +F_PIE=-fPIE +%else +F_PIE=-fpie +%endif + +export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHLIB_MODE=755 + +%configure \ + --prefix=%{_prefix} \ + --sbindir=%{_sbindir} \ + --libdir=%{_libdir} \ + --docdir=%{_datadir}/doc/%{name}-%{version} \ + --with-logging=syslog \ + --with-logfac=authpriv \ + --with-pam \ + --with-pam-login \ + --with-editor=/bin/vi \ + --with-env-editor \ + --with-ignore-dot \ + --with-tty-tickets \ + --with-ldap \ + --with-ldap-conf-file="%{_sysconfdir}/sudo-ldap.conf" \ + --with-selinux \ + --with-passprompt="[sudo] password for %p: " \ + --with-linux-audit \ + --with-sssd +# --without-kerb5 \ +# --without-kerb4 +make + +%install +rm -rf $RPM_BUILD_ROOT + +# Update README.LDAP (#736653) +sed -i 's|/etc/ldap\.conf|%{_sysconfdir}/sudo-ldap.conf|g' README.LDAP + +make install DESTDIR="$RPM_BUILD_ROOT" install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g` +chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/* +install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo +install -p -d -m 750 $RPM_BUILD_ROOT/etc/sudoers.d +install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers +install -p -c -m 0640 %{SOURCE3} $RPM_BUILD_ROOT/etc/sudo.conf +install -p -c -m 0640 %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/sudo-ldap.conf + +# Remove execute permission on this script so we don't pull in perl deps +chmod -x $RPM_BUILD_ROOT%{_docdir}/sudo-*/sudoers2ldif + +%find_lang sudo +%find_lang sudoers + +cat sudo.lang sudoers.lang > sudo_all.lang +rm sudo.lang sudoers.lang + +mkdir -p $RPM_BUILD_ROOT/etc/pam.d +cat > $RPM_BUILD_ROOT/etc/pam.d/sudo << EOF +#%%PAM-1.0 +auth include system-auth +account include system-auth +password include system-auth +session optional pam_keyinit.so revoke +session required pam_limits.so +EOF + +cat > $RPM_BUILD_ROOT/etc/pam.d/sudo-i << EOF +#%%PAM-1.0 +auth include sudo +account include sudo +password include sudo +session optional pam_keyinit.so force revoke +session required pam_limits.so +EOF + + +%clean +rm -rf $RPM_BUILD_ROOT + +%files -f sudo_all.lang +%defattr(-,root,root) +%attr(0440,root,root) %config(noreplace) /etc/sudoers +%attr(0640,root,root) %config(noreplace) /etc/sudo.conf +%attr(0640,root,root) %config(noreplace) %{_sysconfdir}/sudo-ldap.conf +%attr(0750,root,root) %dir /etc/sudoers.d/ +%config(noreplace) /etc/pam.d/sudo +%config(noreplace) /etc/pam.d/sudo-i +%dir /var/db/sudo +%attr(4111,root,root) %{_bindir}/sudo +%attr(4111,root,root) %{_bindir}/sudoedit +%attr(0111,root,root) %{_bindir}/sudoreplay +%attr(0755,root,root) %{_sbindir}/visudo +%attr(0755,root,root) %{_libexecdir}/sesh +%attr(0644,root,root) %{_libexecdir}/sudo_noexec.so +%attr(0644,root,root) %{_libexecdir}/sudoers.so +%{_mandir}/man5/sudoers.5* +%{_mandir}/man5/sudoers.ldap.5* +%{_mandir}/man5/sudo-ldap.conf.5* +%{_mandir}/man5/sudo.conf.5* +%{_mandir}/man8/sudo.8* +%{_mandir}/man8/sudoedit.8* +%{_mandir}/man8/sudoreplay.8* +%{_mandir}/man8/visudo.8* +%dir %{_docdir}/sudo-%{version} +%{_docdir}/sudo-%{version}/* + + +# Make sure permissions are ok even if we're updating +%post +/bin/chmod 0440 /etc/sudoers || : + +%files devel +%defattr(-,root,root,-) +%doc plugins/sample/sample_plugin.c +%{_includedir}/sudo_plugin.h +%{_mandir}/man8/sudo_plugin.8* + +%changelog +* Fri Nov 08 2013 Daniel Kopecek - 1.8.6p7-7 +- dropped wrong patch and fixed patch comments + Resolves: rhbz#1000389 + +* Thu Nov 07 2013 Daniel Kopecek - 1.8.6p7-6 +- fixed alias cycle detection code +- added debug messages for tracing of netgroup matching +- fixed aborting on realloc when displaying allowed commands +- sssd: filter netgroups in the sudoUser attribute +- parse uids/gids more strictly +- added debug messages to trace netgroup matching + Resolves: rhbz#1026904 + Resolves: rhbz#1026890 + Resolves: rhbz#1007014 + Resolves: rhbz#1026894 + Resolves: rhbz#1000389 + Resolves: rhbz#994566 + +* Mon Aug 05 2013 Daniel Kopecek - 1.8.6p7-5 +- added standalone manpage for sudo.conf and sudo-ldap.conf +- spec file cleanup + Resolves: rhbz#881258 + +* Mon Jul 29 2013 Daniel Kopecek - 1.8.6p7-4 +- added RHEL 6 patches + +* Wed Jul 24 2013 Daniel Kopecek - 1.8.6p7-3 +- synced sudoers, configure options & configuration files with + expected RHEL configuration + Resolves: rhbz#969373 + Resolves: rhbz#971009 + Resolves: rhbz#965124 + Resolves: rhbz#971013 + Resolves: rhbz#839705 + +* Thu Apr 11 2013 Daniel Kopecek - 1.8.6p7-2 +- depend on /usr/sbin/sendmail instead of the sendmail package + Resolves: rhbz#927842 + +* Thu Feb 28 2013 Daniel Kopecek - 1.8.6p7-1 +- update to 1.8.6p7 +- fixes CVE-2013-1775 and CVE-2013-1776 +- fixed several packaging issues (thanks to ville.skytta@iki.fi) + - build with system zlib. + - let rpmbuild strip libexecdir/*.so. + - own the %%{_docdir}/sudo-* dir. + - fix some rpmlint warnings (spaces vs tabs, unescaped macros). + - fix bogus %%changelog dates. + +* Fri Feb 15 2013 Fedora Release Engineering - 1.8.6p3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Mon Nov 12 2012 Daniel Kopecek - 1.8.6p3-2 +- added upstream patch for a regression +- don't include arch specific files in the -devel subpackage +- ship only one sample plugin in the -devel subpackage + +* Tue Sep 25 2012 Daniel Kopecek - 1.8.6p3-1 +- update to 1.8.6p3 +- drop -pipelist patch (fixed in upstream) + +* Thu Sep 6 2012 Daniel Kopecek - 1.8.6-1 +- update to 1.8.6 + +* Thu Jul 26 2012 Daniel Kopecek - 1.8.5-4 +- added patches that fix & improve SSSD support (thanks to pbrezina@redhat.com) +- re-enabled SSSD support +- removed libsss_sudo dependency + +* Tue Jul 24 2012 Bill Nottingham - 1.8.5-3 +- flip sudoers2ldif executable bit after make install, not in setup + +* Sat Jul 21 2012 Fedora Release Engineering - 1.8.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Thu May 17 2012 Daniel Kopecek - 1.8.5-1 +- update to 1.8.5 +- fixed CVE-2012-2337 +- temporarily disabled SSSD support + +* Wed Feb 29 2012 Daniel Kopecek - 1.8.3p1-6 +- fixed problems with undefined symbols (rhbz#798517) + +* Wed Feb 22 2012 Daniel Kopecek - 1.8.3p1-5 +- SSSD patch update + +* Tue Feb 7 2012 Daniel Kopecek - 1.8.3p1-4 +- added SSSD support + +* Thu Jan 26 2012 Daniel Kopecek - 1.8.3p1-3 +- added patch for CVE-2012-0809 + +* Sat Jan 14 2012 Fedora Release Engineering - 1.8.3p1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Thu Nov 10 2011 Daniel Kopecek - 1.8.3p1-1 +- update to 1.8.3p1 +- disable output word wrapping if the output is piped + +* Wed Sep 7 2011 Peter Robinson - 1.8.1p2-2 +- Remove execute bit from sample script in docs so we don't pull in perl + +* Tue Jul 12 2011 Daniel Kopecek - 1.8.1p2-1 +- rebase to 1.8.1p2 +- removed .sudoi patch +- fixed typo: RELPRO -> RELRO +- added -devel subpackage for the sudo_plugin.h header file +- use default ldap configuration files again + +* Fri Jun 3 2011 Daniel Kopecek - 1.7.4p5-4 +- build with RELRO + +* Wed Feb 09 2011 Fedora Release Engineering - 1.7.4p5-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Mon Jan 17 2011 Daniel Kopecek - 1.7.4p5-2 +- rebase to 1.7.4p5 +- fixed sudo-1.7.4p4-getgrouplist.patch +- fixes CVE-2011-0008, CVE-2011-0010 + +* Tue Nov 30 2010 Daniel Kopecek - 1.7.4p4-5 +- anybody in the wheel group has now root access (using password) (rhbz#656873) +- sync configuration paths with the nss_ldap package (rhbz#652687) + +* Wed Sep 29 2010 Daniel Kopecek - 1.7.4p4-4 +- added upstream patch to fix rhbz#638345 + +* Mon Sep 20 2010 Daniel Kopecek - 1.7.4p4-3 +- added patch for #635250 +- /var/run/sudo -> /var/db/sudo in .spec + +* Tue Sep 7 2010 Daniel Kopecek - 1.7.4p4-2 +- sudo now uses /var/db/sudo for timestamps + +* Tue Sep 7 2010 Daniel Kopecek - 1.7.4p4-1 +- update to new upstream version +- new command available: sudoreplay +- use native audit support +- corrected license field value: BSD -> ISC + +* Wed Jun 2 2010 Daniel Kopecek - 1.7.2p6-2 +- added patch that fixes insufficient environment sanitization issue (#598154) + +* Wed Apr 14 2010 Daniel Kopecek - 1.7.2p6-1 +- update to new upstream version +- merged .audit and .libaudit patch +- added sudoers.ldap.5* to files + +* Mon Mar 1 2010 Daniel Kopecek - 1.7.2p5-2 +- update to new upstream version + +* Tue Feb 16 2010 Daniel Kopecek - 1.7.2p2-5 +- fixed no valid sudoers sources found (#558875) + +* Wed Feb 10 2010 Daniel Kopecek - 1.7.2p2-4 +- audit related Makefile.in and configure.in corrections +- added --with-audit configure option +- removed call to libtoolize + +* Wed Feb 10 2010 Daniel Kopecek - 1.7.2p2-3 +- fixed segfault when #include directive is used in cycles (#561336) + +* Fri Jan 8 2010 Ville Skyttä - 1.7.2p2-2 +- Add /etc/sudoers.d dir and use it in default config (#551470). +- Drop *.pod man page duplicates from docs. + +* Thu Jan 07 2010 Daniel Kopecek - 1.7.2p2-1 +- new upstream version 1.7.2p2-1 +- commented out unused aliases in sudoers to make visudo happy (#550239) + +* Fri Aug 21 2009 Tomas Mraz - 1.7.1-7 +- rebuilt with new audit + +* Thu Aug 20 2009 Daniel Kopecek 1.7.1-6 +- moved secure_path from compile-time option to sudoers file (#517428) + +* Sun Jul 26 2009 Fedora Release Engineering - 1.7.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Thu Jul 09 2009 Daniel Kopecek 1.7.1-4 +- moved the closefrom() call before audit_help_open() (sudo-1.7.1-auditfix.patch) +- epoch number sync + +* Mon Jun 22 2009 Daniel Kopecek 1.7.1-1 +- updated sudo to version 1.7.1 +- fixed small bug in configure.in (sudo-1.7.1-conffix.patch) + +* Tue Feb 24 2009 Daniel Kopecek 1.6.9p17-6 +- fixed building with new libtool +- fix for incorrect handling of groups in Runas_User +- added /usr/local/sbin to secure-path + +* Tue Jan 13 2009 Daniel Kopecek 1.6.9p17-3 +- build with sendmail installed +- Added /usr/local/bin to secure-path + +* Tue Sep 02 2008 Peter Vrabec 1.6.9p17-2 +- adjust audit patch, do not scream when kernel is + compiled without audit netlink support (#401201) + +* Fri Jul 04 2008 Peter Vrabec 1.6.9p17-1 +- upgrade + +* Wed Jun 18 2008 Peter Vrabec 1.6.9p13-7 +- build with newer autoconf-2.62 (#449614) + +* Tue May 13 2008 Peter Vrabec 1.6.9p13-6 +- compiled with secure path (#80215) + +* Mon May 05 2008 Peter Vrabec 1.6.9p13-5 +- fix path to updatedb in /etc/sudoers (#445103) + +* Mon Mar 31 2008 Peter Vrabec 1.6.9p13-4 +- include ldap files in rpm package (#439506) + +* Thu Mar 13 2008 Peter Vrabec 1.6.9p13-3 +- include [sudo] in password prompt (#437092) + +* Tue Mar 04 2008 Peter Vrabec 1.6.9p13-2 +- audit support improvement + +* Thu Feb 21 2008 Peter Vrabec 1.6.9p13-1 +- upgrade to the latest upstream release + +* Wed Feb 06 2008 Peter Vrabec 1.6.9p12-1 +- upgrade to the latest upstream release +- add selinux support + +* Mon Feb 04 2008 Dennis Gilmore 1.6.9p4-6 +- sparc64 needs to be in the -fPIE list with s390 + +* Mon Jan 07 2008 Peter Vrabec 1.6.9p4-5 +- fix complains about audit_log_user_command(): Connection + refused (#401201) + +* Wed Dec 05 2007 Release Engineering - 1.6.9p4-4 +- Rebuild for deps + +* Wed Dec 05 2007 Release Engineering - 1.6.9p4-3 +- Rebuild for openssl bump + +* Thu Aug 30 2007 Peter Vrabec 1.6.9p4-2 +- fix autotools stuff and add audit support + +* Mon Aug 20 2007 Peter Vrabec 1.6.9p4-1 +- upgrade to upstream release + +* Thu Apr 12 2007 Peter Vrabec 1.6.8p12-14 +- also use getgrouplist() to determine group membership (#235915) + +* Mon Feb 26 2007 Peter Vrabec 1.6.8p12-13 +- fix some spec file issues + +* Thu Dec 14 2006 Peter Vrabec 1.6.8p12-12 +- fix rpmlint issue + +* Thu Oct 26 2006 Peter Vrabec 1.6.8p12-11 +- fix typo in sudoers file (#212308) + +* Sun Oct 01 2006 Jesse Keating - 1.6.8p12-10 +- rebuilt for unwind info generation, broken in gcc-4.1.1-21 + +* Thu Sep 21 2006 Peter Vrabec 1.6.8p12-9 +- fix sudoers file, X apps didn't work (#206320) + +* Tue Aug 08 2006 Peter Vrabec 1.6.8p12-8 +- use Red Hat specific default sudoers file + +* Sun Jul 16 2006 Karel Zak 1.6.8p12-7 +- fix #198755 - make login processes (sudo -i) initialise session keyring + (thanks for PAM config files to David Howells) +- add IPv6 support (patch by Milan Zazrivec) + +* Wed Jul 12 2006 Jesse Keating - 1.6.8p12-6.1 +- rebuild + +* Mon May 29 2006 Karel Zak 1.6.8p12-6 +- fix #190062 - "ssh localhost sudo su" will show the password in clear + +* Tue May 23 2006 Karel Zak 1.6.8p12-5 +- add LDAP support (#170848) + +* Fri Feb 10 2006 Jesse Keating - 1.6.8p12-4.1 +- bump again for double-long bug on ppc(64) + +* Wed Feb 8 2006 Karel Zak 1.6.8p12-4 +- reset env. by default + +* Tue Feb 07 2006 Jesse Keating - 1.6.8p12-3.1 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Mon Jan 23 2006 Dan Walsh 1.6.8p12-3 +- Remove selinux patch. It has been decided that the SELinux patch for sudo is +- no longer necessary. In tageted policy it had no effect. In strict/MLS policy +- We require the person using sudo to execute newrole before using sudo. + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Fri Nov 25 2005 Karel Zak 1.6.8p12-1 +- new upstream version 1.6.8p12 + +* Tue Nov 8 2005 Karel Zak 1.6.8p11-1 +- new upstream version 1.6.8p11 + +* Thu Oct 13 2005 Tomas Mraz 1.6.8p9-6 +- use include instead of pam_stack in pam config + +* Tue Oct 11 2005 Karel Zak 1.6.8p9-5 +- enable interfaces in selinux patch +- merge sudo-1.6.8p8-sesh-stopsig.patch to selinux patch + +* Mon Sep 19 2005 Karel Zak 1.6.8p9-4 +- fix debuginfo + +* Mon Sep 19 2005 Karel Zak 1.6.8p9-3 +- fix #162623 - sesh hangs when child suspends + +* Mon Aug 1 2005 Dan Walsh 1.6.8p9-2 +- Add back in interfaces call, SELinux has been fixed to work around + +* Tue Jun 21 2005 Karel Zak 1.6.8p9-1 +- new version 1.6.8p9 (resolve #161116 - CAN-2005-1993 sudo trusted user arbitrary command execution) + +* Tue May 24 2005 Karel Zak 1.6.8p8-2 +- fix #154511 - sudo does not use limits.conf + +* Mon Apr 4 2005 Thomas Woerner 1.6.8p8-1 +- new version 1.6.8p8: new sudoedit and sudo_noexec + +* Wed Feb 9 2005 Thomas Woerner 1.6.7p5-31 +- rebuild + +* Mon Oct 4 2004 Thomas Woerner 1.6.7p5-30.1 +- added missing BuildRequires for libselinux-devel (#132883) + +* Wed Sep 29 2004 Dan Walsh 1.6.7p5-30 +- Fix missing param error in sesh + +* Mon Sep 27 2004 Dan Walsh 1.6.7p5-29 +- Remove full patch check from sesh + +* Thu Jul 8 2004 Dan Walsh 1.6.7p5-28 +- Fix selinux patch to switch to root user + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Tue Apr 13 2004 Dan Walsh 1.6.7p5-26 +- Eliminate tty handling from selinux + +* Thu Apr 1 2004 Thomas Woerner 1.6.7p5-25 +- fixed spec file: sesh in file section with selinux flag (#119682) + +* Tue Mar 30 2004 Colin Walters 1.6.7p5-24 +- Enhance sesh.c to fork/exec children itself, to avoid + having sudo reap all domains. +- Only reinstall default signal handlers immediately before + exec of child with SELinux patch + +* Thu Mar 18 2004 Dan Walsh 1.6.7p5-23 +- change to default to sysadm_r +- Fix tty handling + +* Thu Mar 18 2004 Dan Walsh 1.6.7p5-22 +- Add /bin/sesh to run selinux code. +- replace /bin/bash -c with /bin/sesh + +* Tue Mar 16 2004 Dan Walsh 1.6.7p5-21 +- Hard code to use "/bin/bash -c" for selinux + +* Tue Mar 16 2004 Dan Walsh 1.6.7p5-20 +- Eliminate closing and reopening of terminals, to match su. + +* Mon Mar 15 2004 Dan Walsh 1.6.7p5-19 +- SELinux fixes to make transitions work properly + +* Fri Mar 5 2004 Thomas Woerner 1.6.7p5-18 +- pied sudo + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Tue Jan 27 2004 Dan Walsh 1.6.7p5-16 +- Eliminate interfaces call, since this requires big SELinux privs +- and it seems to be useless. + +* Tue Jan 27 2004 Karsten Hopp 1.6.7p5-15 +- visudo requires vim-minimal or setting EDITOR to something useful (#68605) + +* Mon Jan 26 2004 Dan Walsh 1.6.7p5-14 +- Fix is_selinux_enabled call + +* Tue Jan 13 2004 Dan Walsh 1.6.7p5-13 +- Clean up patch on failure + +* Tue Jan 6 2004 Dan Walsh 1.6.7p5-12 +- Remove sudo.te for now. + +* Fri Jan 2 2004 Dan Walsh 1.6.7p5-11 +- Fix usage message + +* Mon Dec 22 2003 Dan Walsh 1.6.7p5-10 +- Clean up sudo.te to not blow up if pam.te not present + +* Thu Dec 18 2003 Thomas Woerner +- added missing BuildRequires for groff + +* Tue Dec 16 2003 Jeremy Katz 1.6.7p5-9 +- remove left-over debugging code + +* Tue Dec 16 2003 Dan Walsh 1.6.7p5-8 +- Fix terminal handling that caused Sudo to exit on non selinux machines. + +* Mon Dec 15 2003 Dan Walsh 1.6.7p5-7 +- Remove sudo_var_run_t which is now pam_var_run_t + +* Fri Dec 12 2003 Dan Walsh 1.6.7p5-6 +- Fix terminal handling and policy + +* Thu Dec 11 2003 Dan Walsh 1.6.7p5-5 +- Fix policy + +* Thu Nov 13 2003 Dan Walsh 1.6.7p5-4.sel +- Turn on SELinux support + +* Tue Jul 29 2003 Dan Walsh 1.6.7p5-3 +- Add support for SELinux + +* Wed Jun 04 2003 Elliot Lee +- rebuilt + +* Mon May 19 2003 Thomas Woerner 1.6.7p5-1 + +* Wed Jan 22 2003 Tim Powers +- rebuilt + +* Tue Nov 12 2002 Nalin Dahyabhai 1.6.6-2 +- remove absolute path names from the PAM configuration, ensuring that the + right modules get used for whichever arch we're built for +- don't try to install the FAQ, which isn't there any more + +* Thu Jun 27 2002 Bill Nottingham 1.6.6-1 +- update to 1.6.6 + +* Fri Jun 21 2002 Tim Powers +- automated rebuild + +* Thu May 23 2002 Tim Powers +- automated rebuild + +* Thu Apr 18 2002 Bernhard Rosenkraenzer 1.6.5p2-2 +- Fix bug #63768 + +* Thu Mar 14 2002 Bernhard Rosenkraenzer 1.6.5p2-1 +- 1.6.5p2 + +* Fri Jan 18 2002 Bernhard Rosenkraenzer 1.6.5p1-1 +- 1.6.5p1 +- Hope this "a new release per day" madness stops ;) + +* Thu Jan 17 2002 Bernhard Rosenkraenzer 1.6.5-1 +- 1.6.5 + +* Tue Jan 15 2002 Bernhard Rosenkraenzer 1.6.4p1-1 +- 1.6.4p1 + +* Mon Jan 14 2002 Bernhard Rosenkraenzer 1.6.4-1 +- Update to 1.6.4 + +* Mon Jul 23 2001 Bernhard Rosenkraenzer 1.6.3p7-2 +- Add build requirements (#49706) +- s/Copyright/License/ +- bzip2 source + +* Sat Jun 16 2001 Than Ngo +- update to 1.6.3p7 +- use %%{_tmppath} + +* Fri Feb 23 2001 Bernhard Rosenkraenzer +- 1.6.3p6, fixes buffer overrun + +* Tue Oct 10 2000 Bernhard Rosenkraenzer +- 1.6.3p5 + +* Wed Jul 12 2000 Prospector +- automatic rebuild + +* Tue Jun 06 2000 Karsten Hopp +- fixed owner of sudo and visudo + +* Thu Jun 1 2000 Nalin Dahyabhai +- modify PAM setup to use system-auth +- clean up buildrooting by using the makeinstall macro + +* Tue Apr 11 2000 Bernhard Rosenkraenzer +- initial build in main distrib +- update to 1.6.3 +- deal with compressed man pages + +* Tue Dec 14 1999 Preston Brown +- updated to 1.6.1 for Powertools 6.2 +- config files are now noreplace. + +* Thu Jul 22 1999 Tim Powers +- updated to 1.5.9p2 for Powertools 6.1 + +* Wed May 12 1999 Bill Nottingham +- sudo is configured with pam. There's no pam.d file. Oops. + +* Mon Apr 26 1999 Preston Brown +- upgraded to 1.59p1 for powertools 6.0 + +* Tue Oct 27 1998 Preston Brown +- fixed so it doesn't find /usr/bin/vi first, but instead /bin/vi (always installed) + +* Thu Oct 08 1998 Michael Maher +- built package for 5.2 + +* Mon May 18 1998 Michael Maher +- updated SPEC file + +* Thu Jan 29 1998 Otto Hammersmith +- updated to 1.5.4 + +* Tue Nov 18 1997 Otto Hammersmith +- built for glibc, no problems + +* Fri Apr 25 1997 Michael Fulbright +- Fixed for 4.2 PowerTools +- Still need to be pamified +- Still need to move stmp file to /var/log + +* Mon Feb 17 1997 Michael Fulbright +- First version for PowerCD. +