-Known bugs in sudo version 1.5.1
+Known bugs in sudo version 1.5.2
================================
1) "make install-man" should substitute correct paths into the
-Installation instructions for CU sudo 1.5.1
+Installation instructions for CU sudo 1.5.2
===========================================
Sudo uses a `configure' script to probe the capabilities and type
Notes on upgrading from an older release
========================================
-Sudo 1.5.1 expects the sudoers file to have different permissions
+Sudo 1.5.2 expects the sudoers file to have different permissions
(mode 0440) and be owned by user and group 0. This differs from
version 1.4 and below which expected the sudoers file to be owned
by root and mode 0400. Doing a `make install' will set the sudoers
-file to the new mode and group. If sudo 1.5.1 encounters a sudoers
+file to the new mode and group. If sudo 1.5.2 encounters a sudoers
file with the old permissions it will attempt to update it to the
new scheme. You cannot, however, use a sudoers file with the new
permissions with an old sudo binary. It is suggested that if have
means that you either need to have purchased the unbundled Sun
C compiler or have a copy of the GNU C compiler (gcc).
The SunSoft Catalyst CD should contain gcc binaries for
- Solaris.
+ Solaris. You can also get them from various places on the
+ net, including http://smc.vnet.net/solaris_2.5.html.
NOTE: sudo will *not* build with the sun C compiler in BSD
compatibility mode (/usr/ucb/cc). Sudo is designed
to compile with the standard C compiler (or gcc) and
will not build correctly with /usr/ucb/cc. You can
use the `--with-CC' option to point `configure' to the
non-ucb compiler if it is not the first cc in your path.
+ Also: Many versions of Solaris come with a broken syslogd.
+ If you have having problems with sudo logging you should
+ make sure you have the latest syslogd patch installed.
+ This is a problem for Solaris 2.4 and 2.5 at least.
AIX 3.2.x:
I've had various problems with the AIX C compiler producing
the --with-getpass flag to get a working sudo. Other people
haven't had that problem so it may only affect certain
distributions.
+ NOTE: Reportedly, Linux's execvp(3) doesn't always execute
+ scripts that lack the "#!/some/shell" header correctly.
+ The workaround is to give all your scripts a proper
+ header.
SCO ODT:
You'll probably need libcrypt_i.a available via anonymous ftp
#*
-#* CU sudo version 1.5.1 (based on Root Group sudo version 1.1)
+#* CU sudo version 1.5.2 (based on Root Group sudo version 1.1)
#*
#* This software comes with no waranty whatsoever, use at your own risk.
#*
HDRS = sudo.h pathnames.h options.h compat.h version.h insults.h \
ins_2001.h ins_classic.h ins_goons.h ins_csops.h
-VERSION = 1.5.1
+VERSION = 1.5.2
DISTFILES = $(SRCS) $(HDRS) BUGS CHANGES COPYING HISTORY INSTALL OPTIONS TODO \
PORTING README RUNSON FAQ TROUBLESHOOTING Makefile.in acsite.m4 \
SHELL_SETS_HOME
If sudo is invoked with the "-s" flag the HOME environmental variable
will be set to the home directory of the target user (which is root
- unless the "-u" option is used).
+ unless the "-u" option is used). This option effectively makes the
+ "-s" flag imply "-H".
This is off by default.
USE_TTY_TICKETS
-This is the CU version of sudo, release 1.5.1
+This is the CU version of sudo, release 1.5.2
The sudo philosophy
===================
/*
- * CU sudo version 1.5.1
+ * CU sudo version 1.5.2
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
/*
- * CU sudo version 1.5.1 (based on Root Group sudo version 1.1)
+ * CU sudo version 1.5.2 (based on Root Group sudo version 1.1)
*
* This software comes with no waranty whatsoever, use at your own risk.
*
#if (LOGGING & SLOG_FILE)
/* become root */
- set_perms(PERM_ROOT);
+ set_perms(PERM_ROOT, 0);
oldmask = umask(077);
fp = fopen(_PATH_SUDO_LOGFILE, "a");
}
/* relinquish root */
- set_perms(PERM_USER);
+ set_perms(PERM_USER, 0);
#endif /* LOGGING & SLOG_FILE */
/* send mail if appropriate */
/*
* we don't want any security problems ...
*/
- set_perms(PERM_FULL_USER);
+ set_perms(PERM_FULL_USER, 0);
#ifdef POSIX_SIGNALS
action.sa_handler = SIG_IGN;
/*
- * CU sudo version 1.5.1
+ * CU sudo version 1.5.2
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
#ifdef HAVE_STRINGS_H
# include <strings.h>
#endif /* HAVE_STRINGS_H */
-#ifdef HAVE_FNMATCH_H
+#if defined(HAVE_FNMATCH) && defined(HAVE_FNMATCH_H)
# include <fnmatch.h>
#else
# ifndef HAVE_FNMATCH
int return_code;
/* become sudoers file owner */
- set_perms(PERM_SUDOERS);
+ set_perms(PERM_SUDOERS, 0);
if ((sudoers_fp = fopen(_PATH_SUDO_SUDOERS, "r")) == NULL) {
perror(_PATH_SUDO_SUDOERS);
/*
* Need to be root while stat'ing things in the parser.
*/
- set_perms(PERM_ROOT);
+ set_perms(PERM_ROOT, 0);
return_code = yyparse();
/*
(void) fclose(sudoers_fp);
/* relinquish extra privs */
- set_perms(PERM_USER);
+ set_perms(PERM_USER, 0);
if (return_code || parse_error)
return(VALIDATE_ERROR);
%{
/*
- * CU sudo version 1.5.1
+ * CU sudo version 1.5.2
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
%{
/*
- * CU sudo version 1.5.1
+ * CU sudo version 1.5.2
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
/*
- * CU sudo version 1.5.1
+ * CU sudo version 1.5.2
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
/*
- * CU sudo version 1.5.1 (based on Root Group sudo version 1.1)
+ * CU sudo version 1.5.2 (based on Root Group sudo version 1.1)
*
* This software comes with no waranty whatsoever, use at your own risk.
*
/*
- * CU sudo version 1.5.1
+ * CU sudo version 1.5.2
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
/*
- * CU sudo version 1.5.1
+ * CU sudo version 1.5.2
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
#ifdef HAVE_STRINGS_H
# include <strings.h>
#endif /* HAVE_STRINGS_H */
-#ifdef HAVE_FNMATCH_H
+#if defined(HAVE_FNMATCH) && defined(HAVE_FNMATCH_H)
# include <fnmatch.h>
#else
# ifndef HAVE_FNMATCH
}
-void set_perms(i)
- int i;
+void set_perms(i, j)
+ int i, j;
{
return;
}
/*
- * CU sudo version 1.5.1
+ * CU sudo version 1.5.2
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
/*
- * CU sudo version 1.5.1
+ * CU sudo version 1.5.2
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
/*
- * CU sudo version 1.5.1
+ * CU sudo version 1.5.2
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
projects / sudo / commitdiff