#
# Format:
# Plugin plugin_name plugin_path
- # Path askpass path/to/askpass
+ # Path askpass /path/to/askpass
+ # Path noexec /path/to/noexec.so
+ # Debug sudo /var/log/sudo_debug all@warn
++ # Set disable_coredump true
#
# The plugin_path is relative to /usr/local/libexec unless
# fully qualified.
information, please see the PREVENTING SHELL ESCAPES section in
_\bs_\bu_\bd_\bo_\be_\br_\bs(4).
++ To prevent the disclosure of potentially sensitive information, s\bsu\bud\bdo\bo
++ disables core dumps by default while it is executing (they are re-
++ enabled for the command that is run). To aid in debugging s\bsu\bud\bdo\bo
++ crashes, you may wish to re-enable core dumps by setting
++ "disable_coredump" to false in the _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf file.
++
++ Set disable_coredump false
++
++ Note that by default, most operating systems disable core dumps from
++ setuid programs, which includes s\bsu\bud\bdo\bo. To actually get a s\bsu\bud\bdo\bo core file
++ you may need to enable core dumps for setuid processes. On BSD and
++ Linux systems this is accomplished via the sysctl command, on Solaris
++ the coreadm command can be used.
++
E\bEN\bNV\bVI\bIR\bRO\bON\bNM\bME\bEN\bNT\bT
s\bsu\bud\bdo\bo utilizes the following environment variables. The security policy
has control over the content of the command's environment.
- 1.8.4 January 6, 2012 SUDO(1m)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-1.8.0rc1 February 21, 2011 10
-
-
++1.8.4 February 3, 2012 SUDO(1m)
.\" ========================================================================
.\"
.IX Title "SUDO @mansectsu@"
- .TH SUDO @mansectsu@ "January 6, 2012" "1.8.4" "MAINTENANCE COMMANDS"
-.TH SUDO @mansectsu@ "February 21, 2011" "1.8.0rc1" "MAINTENANCE COMMANDS"
++.TH SUDO @mansectsu@ "February 3, 2012" "1.8.4" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
\& #
\& # Format:
\& # Plugin plugin_name plugin_path
-\& # Path askpass path/to/askpass
+\& # Path askpass /path/to/askpass
+\& # Path noexec /path/to/noexec.so
+\& # Debug sudo /var/log/sudo_debug all@warn
++\& # Set disable_coredump true
\& #
\& # The plugin_path is relative to @prefix@/libexec unless
\& # fully qualified.
commands via \fBsudo\fR to verify that the command does not inadvertently
give the user an effective root shell. For more information, please
see the \f(CW\*(C`PREVENTING SHELL ESCAPES\*(C'\fR section in \fIsudoers\fR\|(@mansectform@).
++.PP
++To prevent the disclosure of potentially sensitive information,
++\&\fBsudo\fR disables core dumps by default while it is executing (they
++are re-enabled for the command that is run). To aid in debugging
++\&\fBsudo\fR crashes, you may wish to re-enable core dumps by setting
++\&\*(L"disable_coredump\*(R" to false in the \fI@sysconfdir@/sudo.conf\fR file.
++.PP
++.Vb 1
++\& Set disable_coredump false
++.Ve
++.PP
++Note that by default, most operating systems disable core dumps
++from setuid programs, which includes \fBsudo\fR. To actually get a
++\&\fBsudo\fR core file you may need to enable core dumps for setuid
++processes. On \s-1BSD\s0 and Linux systems this is accomplished via the
++sysctl command, on Solaris the coreadm command can be used.
.SH "ENVIRONMENT"
.IX Header "ENVIRONMENT"
\&\fBsudo\fR utilizes the following environment variables. The security
projects / sudo / commitdiff