From: Todd C. Miller Date: Wed, 16 Jan 2002 21:26:13 +0000 (+0000) Subject: Add --disable-root-mailer option to run the mailer as the user and not root. X-Git-Tag: SUDO_1_6_5~10 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0aac4f03b7defa061981410a9173a6a99645ba04;p=sudo Add --disable-root-mailer option to run the mailer as the user and not root. --- diff --git a/INSTALL b/INSTALL index 42db5fdef..3017edb16 100644 --- a/INSTALL +++ b/INSTALL @@ -204,6 +204,12 @@ Special features/options: If you don't have /usr/include/bsd_auth.h then you cannot use this. + --disable-root-mailer + By default sudo will run the mailer as root when tattling + on a user so as to prevent that user from killing the mailer. + With this option, sudo will run the mailer as the invoking + user which some people consider to be safer. + --disable-saved-ids Disable use of POSIX saved IDs. Normally, sudo will try to use POSIX saved IDs if they are supported. However, some diff --git a/config.h.in b/config.h.in index 9bc70c59d..cb873359b 100644 --- a/config.h.in +++ b/config.h.in @@ -355,6 +355,9 @@ */ #undef NO_LECTURE +/* Define to avoid runing the mailer as root. */ +#undef NO_ROOT_MAILER + /* Define if root should not be allowed to use sudo. */ #undef NO_ROOT_SUDO diff --git a/configure.in b/configure.in index 7d73a70bd..7bf7d5b30 100644 --- a/configure.in +++ b/configure.in @@ -964,9 +964,24 @@ AC_ARG_ENABLE(authentication, esac ], AC_MSG_RESULT(yes)) +AC_MSG_CHECKING(whether to disable running the mailer as root) +AC_ARG_ENABLE(root-mailer, +[ --disable-root-mailer Don't run the mailer as root, run as the user], +[ case "$enableval" in + yes) AC_MSG_RESULT(no) + ;; + no) AC_MSG_RESULT(yes) + AC_DEFINE(NO_ROOT_MAILER, 1, [Define to avoid runing the mailer as root.]) + ;; + *) AC_MSG_RESULT(no) + echo "Ignoring unknown argument to --enable-root-mailer: $enableval" + ;; + esac +], AC_MSG_RESULT(no)) + AC_MSG_CHECKING(whether to disable use of POSIX saved ids) AC_ARG_ENABLE(saved-ids, -[ --saved-ids Don't try to use POSIX saved ids], +[ --disable-saved-ids Don't try to use POSIX saved ids], [ case "$enableval" in yes) AC_MSG_RESULT(no) ;; @@ -996,7 +1011,7 @@ AC_ARG_ENABLE(shadow, AC_MSG_CHECKING(whether root should be allowed to use sudo) AC_ARG_ENABLE(root-sudo, -[ --disable-root-sudo don't allow root to run sudo], +[ --disable-root-sudo Don't allow root to run sudo], [ case "$enableval" in yes) AC_MSG_RESULT(yes) ;;