version 1.9.2.1, 2002/01/18 17:20:22 |
version 1.10, 2002/01/03 03:49:16 |
|
|
|
|
419) Visudo now does its own fork/exec instead of calling system(3). |
419) Visudo now does its own fork/exec instead of calling system(3). |
|
|
420) Allow special characters (including '#') to be embedded in pathnames |
420) Call clean_env very early in main() for paranoia's sake. Idea from |
|
Marc Esipovich. |
|
|
|
421) Allow special characters (including '#') to be embedded in pathnames |
if quoted by a '\\'. The quoted chars will be dealt with by fnmatch(). |
if quoted by a '\\'. The quoted chars will be dealt with by fnmatch(). |
Unfortunately, 'sudo -l' still prints the '\\'. |
Unfortunately, 'sudo -l' still prints the '\\'. |
|
|
421) Added the always_set_home option. |
422) Added always_set_home option. |
|
|
422) Strip NLSPATH and PATH_LOCALE out from the environment to prevent |
423) Strip NLSPATH and PATH_LOCALE out from the environment to prevent |
reading of protected files by a less privileged user. |
reading of protected files by a less priviledged user. |
|
|
423) Added support for BSD authentication and associated -a flag. |
424) Add support for BSD authentication and associated -a flag. |
|
|
424) Added check for _innetgr(3) since NCR systems have this instead |
425) Added check for _innetgr(3) since NCR systems have this instead |
of innetgr(3). |
of innetgr(3). |
|
|
425) Added stay_setuid option for systems that have libraries that perform |
426) Added stay_setuid option for systems that have libraries that perform |
extra paranoia checks in system libraries for setuid programs. |
extra paranoia checks in system libraries for setuid programs. |
|
|
426) Environment munging is now done by hand. The environment is zeroed |
427) Environment munging is now done by hand. We build up a new environment |
upon sudo startup and a new environment is built before the command |
and assign it to "environ". This means we don't rely on getenv(3), |
is executed. This means we don't rely on getenv(3), putenv(3), |
putenv(3), or setenv(3). |
or setenv(3). |
|
|
|
427) Added a class of environment variables that are only cleared if they |
428) Added a class of environment variables that are only cleared if they |
contain '/' or '%' characters. |
contain '/' or '%' characters. |
|
|
428) Use stashed user_gid when checking against exempt gid since sudo |
429) Use stashed user_gid when checking against exempt gid since sudo |
sets its gid to SUDOERS_GID, making getgid() return that, not the |
sets its gid to SUDOERS_GID, making getgid() return that, not the |
real gid. Fixes problem with setting exempt group == SUDOERS_GID. |
real gid. Fixes problem with setting exempt group == SUDOERS_GID. |
Fix from Paul Kranenburg. |
Fix from Paul Kranenburg. |
|
|
429) Fixed file locking in visudo on NeXT which has a broken lockf(). |
430) Fixed file locking in visudo on NeXT which has a broken lockf(). |
Patch from twetzel@gwdg.de. |
Patch from twetzel@gwdg.de. |
|
|
430) Regenerated configure script with autoconf-2.52 (required some |
431) Regenerated configure script with autoconf-2.52 (required some |
tweaking of configure.in and friends). |
tweaking of configure.in and friends). |
|
|
431) Added mail_badpass option to send mail when the user does not |
432) Added mail_badpass option to send mail when the user does not |
authenticate successfully. |
authenticate successfully. |
|
|
432) Added env_reset Defaults option to reset the environment to |
433) Added env_reset Defaults option to reset the environment to |
a clean slate. Also implemented env_keep Defaults option |
a clean slate. Also implemented env_keep Defaults option |
to specify variables to be preserved when resetting the |
to specify variables to be preserved when resetting the |
environment. |
environment. |
|
|
433) Added env_check and env_delete Defaults options to allow the admin |
434) Added env_check and env_delete Defaults options to allow the admin |
to modify the builtin list of environment variables to remove. |
to modify the builtin list of environment variables to remove. |
|
|
434) If timestamp_timeout < 0 then the timestamp never expires. This |
435) If timestamp_timeout < 0 then the timestamp never expires. This |
allows users to manage their own timestamps and create or delete |
allows users to manage their own timestamps and create or delete |
them via 'sudo -v' and 'sudo -k' respectively. |
them via 'sudo -v' and 'sudo -k' respectively. |
|
|
435) Authentication routines that use sudo's tgetpass() now accept |
436) Authentication routines that use sudo's tgetpass() can now use |
^C or ^Z at the password prompt and sudo will act appropriately. |
^C or ^Z at the password prompt and sudo will act appropriately. |
|
|
436) Added a check-only mode to visudo to check an existing sudoers |
437) Added a check-only mode to visudo to check an existing sudoers |
file for sanity. |
file for sanity. |
|
|
437) Visudo can now edit an alternate sudoers file. |
438) Visudo can now edit an alternate sudoers file. |
|
|
438) If sudo is configured with S/Key support and the system has |
439) If sudo is configured with S/Key support and the system has |
skeyaccess(3) use that to determine whether or not to allow |
skeyaccess(3) use that to determine whether or not to allow |
a normal Unix password or just S/Key. |
a normal Unix password or just S/Key. |
|
|
439) Fixed CIDR handling in sudoers. |
440) Fixed CIDR handling in sudoers. |
|
|
440) Fixed a segv if the local hostname is not resolvable and |
441) Fixed a segv if the local hostname is not resolvable and |
the 'fqdn' option is set. |
the 'fqdn' option is set. |
|
|
441) "listpw=never" was not having an effect for users who did not |
442) "listpw=never" was not having an effect for users who did not |
appear in sudoers--now it does. |
appear in sudoers--now it does. |
|
|
442) The --without-sendmail option now works on systems with |
443) The --without-sendmail option now works on systems with |
a /usr/include/paths.h file that defines _PATH_SENDMAIL. |
a /usr/include/paths.h file that defines _PATH_SENDMAIL. |
|
|
443) Removed the "secure_path" Defaults option as it does not work and |
444) Removed the "secure_path" Defaults option as it does not work and |
cannot work until the parser is overhauled. |
cannot work until the parser is overhauled. |
|
|
444) Added new -P flag and "preserve_groups" sudoers option to cause |
445) Added new -P flag and "preserve_groups" sudoers option to cause |
sudo to preserve the group vector instead of setting it to that |
sudo to preserve the group vector instead of setting it to that |
of the target user. Previously, if the target user was root |
of the target user. Previously, if the target user was root |
the group vector was not changed. Now it is always changed unless |
the group vector was not changed. Now it is always changed unless |
the -P flag or "preserve_groups" option was given. |
the -P flag or "preserve_groups" option was given. |
|
|
445) If find_path() fails as root, try again as the invoking user (useful |
446) If find_path() fails as root, try again as the invoking user (useful |
for NFS). Idea from Chip Capelik. |
for NFS). Idea from Chip Capelik. |
|
|
446) Use setpwent()/endpwent() and its shadow equivalents to be sure |
447) Use setpwent()/endpwent() and its shadow equivalents to be sure |
the passwd/shadow file gets closed. |
the passwd/shadow file gets closed. |
|
|
447) Use getifaddrs(3) to get the list of network interfaces if it is |
448) Use getifaddrs(3) to get the list of network interfaces if it is |
available. |
available. |
|
|
448) Dump list of local IP addresses and environment variables to clear |
449) Dump list of local IP addresses and environment variables to clear |
when 'sudo -V' is run as root. |
when 'sudo -V' is run as root. |
|
|
449) Reorganized the lexer a bit and added more states. Sudo now does a |
450) Reorganized the lexer a bit and added more states. Sudo now does a |
better job of parsing command arguments in the sudoers file. |
better job of parsing command arguments in the sudoers file. |
|
|
450) Wrap each call to syslog() with openlog()/closelog() since some |
451) Wrap each call to syslog() with openlog()/closelog() since some |
things (such as PAM) may call closelog(3) behind sudo's back. |
things (such as PAM) may call closelog(3) behind sudo's back. |
|
|
451) The LOGNAME and USER environment variables are now set if the user |
452) The LOGNAME and USER environment variables are now set if the user |
specified a target uid and that uid exists in the password database. |
specified a target uid and that uid exists in the password database. |
|
|
452) configure will no longer add the -g flag to CFLAGS by default. |
453) configure will no longer add the -g flag to CFLAGS by default. |
|
|
453) Now call pam_setcreds() to setup creds for the target user when |
454) Now call pam_setcreds() to setup creds for the target user when |
PAM is in use. On Linux this often sets resource limits. |
PAM is in use. On Linux this often sets resource limits. |
|
|
454) If "make install" is run by non-root and the destination dir |
455) If "make install" is run by non-root and the destination dir |
is writable, install things normally but don't set owner and mode. |
is writable, install things normally but don't set owner and mode. |
|
|
455) The Makefile now supports installing in a shadow hierarchy |
456) The Makefile now supports installing in a shadow hierarchy |
specified via the DESTDIR variable. |
specified via the DESTDIR variable. |
|
|
456) config.h.in is now generated by autoheader. |
457) config.h.in is now generated by autoheader. |
|
|
Sudo 1.6.4 released. |
|
|
|
457) Move the call to rebuild_env() until after MODE_RESET_HOME is set. |
|
Otherwise, the set_home option has no effect. |
|
|
|
458) Fix use of freed memory when the "fqdn" flag is set. This was |
|
introduced by the fix for the "segv when gethostbynam() fails" bug. |
|
|
|
459) Add 'continue' statements to optimize the switch statement. |
|
From Solar Designer. |
|
|
|
Sudo 1.6.4p1 released. |
|
|
|
460) Some special characters were not being escaped properly (e..g '\,') |
|
in command line arguments and would cause a syntax error instead. |
|
|
|
461) "sudo -l" would not work if the always_set_home option was set. |
|
|
|
462) Added a configure option to disable use of POSIX saved IDs for |
|
operating systems where these are broken. |
|
|
|
463) The SHELL environment variable was preserved from the user's environment |
|
instead of being reset based on the passwd database even when the |
|
"env_reset" option was set. |
|
|
|
Sudo 1.6.4p2 released. |
|
|
|
464) Added a configure option to cause mail sent by sudo to be run as |
|
the invoking user instead of root. Some people consider this to |
|
be safer. |
|
|
|
465) If the mailer is being run as root, use a hard-coded environment |
|
that is not influenced in any way by the invoking user's environment. |
|
|
|
466) Fixed the call to skeyaccess(). Patch from Phillip E. Lobbes. |
|
|
|
Sudo 1.6.5 released. |
|
|
|
467) Visudo could access memory that was already freed. |
|
|
|
468) If the skey.access file denied use of plaintext passwords sudo |
|
would exit instead of allowing the user to enter an S/Key. |
|
|
|
Sudo 1.6.5p1 released. |
|