and ! commands. For example:
millert ALL=(daemon) /usr/bin/whoami,!/bin/ls
would allow millert to run whoami as root as well as daemon when it should
just allow daemon. The problem was that comma-separated commands in
a list shared the same entry on the matching stack. Now they get
their own entry iff there is a full match. It may be better to just make
the runas spec persistent across all commands in a list like the user
and host entries of the matching stack. However, since that is a
fairly major change it should gets its own minor rev increase.
323) Fixed a segv if HOST_IN_LOG defined and gethostbyname() fails.
Reported by Gero Treuner <gero@faveve.uni-stuttgart.de>.
+
+324) Fixed a parse bug wrt the ! operator and runas specs. Noted by
+ David A Beck <BKD@payserv.telekurs.com>.
on the machine.
--with-pam
- Enable PAM support. Tested on Redhat Linux 5.x but should work on
- earlier versions too. Does *not* work on Solaris.
+ Enable PAM support. Tested on Redhat Linux 5.x and Solaris 2.6.
--with-AFS
Enable AFS support with kerberos authentication. Should work under
runas_matches = TRUE;
if ($2 == TRUE)
no_passwd = TRUE;
+ push;
} else if (printmatches == TRUE) {
cm_list[cm_list_len].runas_len = 0;
cm_list[cm_list_len].cmnd_len = 0;
cm_list[cm_list_len].nopasswd = FALSE;
+ } else {
+ cmnd_matches = -1;
+ runas_matches = -1;
+ no_passwd = -1;
}
}
;
projects / sudo / commitdiff