security hole as most editors allow a user to get a shell (which would
be a root shell and hence, no logging).
- --enable-noargs-shell
- If sudo is invoked with no arguments it acts as if the "-s" flag had
- been given. That is, it runs a shell as root (the shell is determined
- by the SHELL environment variable, falling back on the shell listed
- in the invoking user's /etc/passwd entry).
-
The following options are also configurable at runtime:
--with-otp-only
--enable-log-host
Log the hostname in the log file.
+ --enable-noargs-shell
+ If sudo is invoked with no arguments it acts as if the "-s" flag had
+ been given. That is, it runs a shell as root (the shell is determined
+ by the SHELL environment variable, falling back on the shell listed
+ in the invoking user's /etc/passwd entry).
+
--enable-shell-sets-home
If sudo is invoked with the "-s" flag the HOME environment variable
will be set to the home directory of the target user (which is root
}, {
"log_year", T_FLAG,
"Log the year in the (non-syslog) log file"
+ }, {
+ "shell_noargs", T_FLAG,
+ "If sudo is invoked with no arguments, start a shell"
}, {
"set_home", T_FLAG,
"Set $HOME to the target user when starting a shell with -s"
#ifdef HOST_IN_LOG
def_flag(I_LOG_HOST) = TRUE;
#endif
+#ifdef SHELL_IF_NO_ARGS
+ def_flag(I_SHELL_NOARGS) = TRUE;
+#endif
#ifdef SHELL_SETS_HOME
def_flag(I_SET_HOME) = TRUE;
#endif
#define I_ROOT_SUDO 15
#define I_LOG_HOST 16
#define I_LOG_YEAR 17
-#define I_SET_HOME 18
-#define I_PATH_INFO 19
-#define I_FQDN 20
-#define I_INSULTS 21
-#define I_REQUIRETTY 22
+#define I_SHELL_NOARGS 18
+#define I_SET_HOME 19
+#define I_PATH_INFO 20
+#define I_FQDN 21
+#define I_INSULTS 22
+#define I_REQUIRETTY 23
/* Integer values */
-#define I_LOGLEN 23 /* wrap log file line after N chars */
-#define I_TS_TIMEOUT 24 /* timestamp stale after N minutes */
-#define I_PW_TIMEOUT 25 /* exit if pass not entered in N minutes */
-#define I_PW_TRIES 26 /* exit after N bad password tries */
-#define I_UMASK 27 /* umask to use or 0777 to use user's */
+#define I_LOGLEN 24 /* wrap log file line after N chars */
+#define I_TS_TIMEOUT 25 /* timestamp stale after N minutes */
+#define I_PW_TIMEOUT 26 /* exit if pass not entered in N minutes */
+#define I_PW_TRIES 27 /* exit after N bad password tries */
+#define I_UMASK 28 /* umask to use or 0777 to use user's */
/* Strings */
-#define I_LOGFILE 28 /* path to logfile (or NULL for none) */
-#define I_MAILERPATH 29 /* path to sendmail or other mailer */
-#define I_MAILERFLAGS 30 /* flags to pass to the mailer */
-#define I_MAILTO 31 /* who to send bitch mail to */
-#define I_MAILSUB 32 /* subject line of mail msg */
-#define I_BADPASS_MSG 33 /* what to say when passwd is wrong */
-#define I_TIMESTAMPDIR 34 /* path to timestamp dir */
-#define I_EXEMPT_GRP 35 /* no password or PATH override for these */
-#define I_PASSPROMPT 36 /* password prompt */
-#define I_RUNAS_DEF 37 /* default user to run commands as */
-#define I_SECURE_PATH 38 /* set $PATH to this if not NULL */
+#define I_LOGFILE 29 /* path to logfile (or NULL for none) */
+#define I_MAILERPATH 30 /* path to sendmail or other mailer */
+#define I_MAILERFLAGS 31 /* flags to pass to the mailer */
+#define I_MAILTO 32 /* who to send bitch mail to */
+#define I_MAILSUB 33 /* subject line of mail msg */
+#define I_BADPASS_MSG 34 /* what to say when passwd is wrong */
+#define I_TIMESTAMPDIR 35 /* path to timestamp dir */
+#define I_EXEMPT_GRP 36 /* no password or PATH override for these */
+#define I_PASSPROMPT 37 /* password prompt */
+#define I_RUNAS_DEF 38 /* default user to run commands as */
+#define I_SECURE_PATH 39 /* set $PATH to this if not NULL */
/* Integer versions of list/verify options */
-#define I_LISTPW 39
-#define I_VERIFYPW 40
+#define I_LISTPW 40
+#define I_VERIFYPW 41
/* String versions of list/verify options */
-#define I_LISTPWSTR 41
-#define I_VERIFYPWSTR 42
+#define I_LISTPWSTR 42
+#define I_VERIFYPWSTR 43
/*
* Macros for accessing sudo_defs_table.
exit(1);
}
+ /* If no command line args and "set_home" is not set, error out. */
+ if ((sudo_mode & MODE_IMPLIED_SHELL) && !def_flag(I_SHELL_NOARGS))
+ usage(1);
+
/* May need to set $HOME to target user. */
if ((sudo_mode & MODE_SHELL) && def_flag(I_SET_HOME))
sudo_mode |= MODE_RESET_HOME;
NewArgv = Argv + 1;
NewArgc = Argc - 1;
-#ifdef SHELL_IF_NO_ARGS
if (NewArgc == 0) { /* no options and no command */
- rval |= MODE_SHELL;
+ rval |= (MODE_IMPLIED_SHELL | MODE_SHELL);
return(rval);
}
-#endif
while (NewArgc > 0 && NewArgv[0][0] == '-') {
if (NewArgv[0][1] != '\0' && NewArgv[0][2] != '\0') {
case '-':
NewArgc--;
NewArgv++;
-#ifdef SHELL_IF_NO_ARGS
if (rval == MODE_RUN)
- rval |= MODE_SHELL;
-#endif
+ rval |= (MODE_IMPLIED_SHELL | MODE_SHELL);
return(rval);
case '\0':
(void) fprintf(stderr, "%s: '-' requires an argument\n",
#define MODE_LISTDEFS 00200
#define MODE_BACKGROUND 00400
#define MODE_SHELL 01000
-#define MODE_RESET_HOME 02000
+#define MODE_IMPLIED_SHELL 02000
+#define MODE_RESET_HOME 04000
/*
* Used with set_perms()
Log the year in the (non-syslog) log file
+=item shell_noargs
+
+If sudo is invoked with no arguments, start a shell
+
=item set_home
Set $HOME to the target user when starting a shell with C<-s>
projects / sudo / commitdiff