From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Thu, 12 Jan 2012 20:29:45 +0000 (-0500)
Subject: regen
X-Git-Tag: SUDO_1_7_9~28
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=3b49860039ac7c8fefdc14f579bb39cf54a60c50;p=sudo

regen

--HG--
branch : 1.7
---

diff --git a/sudo.cat b/sudo.cat
index 61df527db..15c76e0a5 100644
--- a/sudo.cat
+++ b/sudo.cat
@@ -324,10 +324,11 @@ SSEECCUURRIITTYY NNOOTTEESS
 
        There are two distinct ways to deal with environment variables.  By
        default, the _e_n_v___r_e_s_e_t _s_u_d_o_e_r_s option is enabled.  This causes commands
-       to be executed with a minimal environment containing TERM, PATH, HOME,
-       SHELL, LOGNAME, USER and USERNAME in addition to variables from the
-       invoking process permitted by the _e_n_v___c_h_e_c_k and _e_n_v___k_e_e_p _s_u_d_o_e_r_s
-       options.  There is effectively a whitelist for environment variables.
+       to be executed with a minimal environment containing the TERM, PATH,
+       HOME, MAIL, SHELL, LOGNAME, USER, USERNAME and SUDO_* variables in
+       addition to variables from the invoking process permitted by the
+       _e_n_v___c_h_e_c_k and _e_n_v___k_e_e_p _s_u_d_o_e_r_s options.  This is effectively a
+       whitelist for environment variables.
 
        If, however, the _e_n_v___r_e_s_e_t option is disabled in _s_u_d_o_e_r_s, any variables
        not explicitly denied by the _e_n_v___c_h_e_c_k and _e_n_v___d_e_l_e_t_e options are
@@ -546,4 +547,4 @@ DDIISSCCLLAAIIMMEERR
 
 
 
-1.7.8                         September 16, 2011                      SUDO(1m)
+1.7.9                          January 12, 2012                       SUDO(1m)
diff --git a/sudo.man.in b/sudo.man.in
index d0eef9905..bfd9e6bec 100644
--- a/sudo.man.in
+++ b/sudo.man.in
@@ -149,7 +149,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SUDO @mansectsu@"
-.TH SUDO @mansectsu@ "September 16, 2011" "1.7.8" "MAINTENANCE COMMANDS"
+.TH SUDO @mansectsu@ "January 12, 2012" "1.7.9" "MAINTENANCE COMMANDS"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -526,13 +526,14 @@ unreachable.
 .IX Header "SECURITY NOTES"
 \&\fBsudo\fR tries to be safe when executing external commands.
 .PP
-There are two distinct ways to deal with environment variables.
-By default, the \fIenv_reset\fR \fIsudoers\fR option is enabled.
-This causes commands to be executed with a minimal environment
-containing \f(CW\*(C`TERM\*(C'\fR, \f(CW\*(C`PATH\*(C'\fR, \f(CW\*(C`HOME\*(C'\fR, \f(CW\*(C`SHELL\*(C'\fR, \f(CW\*(C`LOGNAME\*(C'\fR, \f(CW\*(C`USER\*(C'\fR
-and \f(CW\*(C`USERNAME\*(C'\fR in addition to variables from the invoking process
-permitted by the \fIenv_check\fR and \fIenv_keep\fR \fIsudoers\fR options.
-There is effectively a whitelist for environment variables.
+There are two distinct ways to deal with environment variables.  By
+default, the \fIenv_reset\fR \fIsudoers\fR option is enabled.  This causes
+commands to be executed with a minimal environment containing the
+\&\f(CW\*(C`TERM\*(C'\fR, \f(CW\*(C`PATH\*(C'\fR, \f(CW\*(C`HOME\*(C'\fR, \f(CW\*(C`MAIL\*(C'\fR, \f(CW\*(C`SHELL\*(C'\fR, \f(CW\*(C`LOGNAME\*(C'\fR, \f(CW\*(C`USER\*(C'\fR,
+\&\f(CW\*(C`USERNAME\*(C'\fR and \f(CW\*(C`SUDO_*\*(C'\fR variables in addition to variables from
+the invoking process permitted by the \fIenv_check\fR and \fIenv_keep\fR
+\&\fIsudoers\fR options.  This is effectively a whitelist for environment
+variables.
 .PP
 If, however, the \fIenv_reset\fR option is disabled in \fIsudoers\fR, any
 variables not explicitly denied by the \fIenv_check\fR and \fIenv_delete\fR
diff --git a/sudoers.cat b/sudoers.cat
index 3cdb2eed1..6e46dae8f 100644
--- a/sudoers.cat
+++ b/sudoers.cat
@@ -467,8 +467,16 @@ DDEESSCCRRIIPPTTIIOONN
        A hard limit of 128 nested include files is enforced to prevent include
        file loops.
 
-       The file name may include the %h escape, signifying the short form of
-       the host name.  I.e., if the machine's host name is "xerxes", then
+       If the path to the include file is not fully-qualified (does not begin
+       with a _/), it must be located in the same directory as the sudoers file
+       it was included from.  For example, if _/_e_t_c_/_s_u_d_o_e_r_s contains the line:
+
+           #include sudoers.local
+
+       the file that will be included is _/_e_t_c_/_s_u_d_o_e_r_s_._l_o_c_a_l.
+
+       The file name may also include the %h escape, signifying the short form
+       of the host name.  I.e., if the machine's host name is "xerxes", then
 
        #include /etc/sudoers.%h
 
@@ -569,15 +577,18 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
                        use the EDITOR or VISUAL if they match a value
                        specified in editor.  This flag is _o_f_f by default.
 
-       env_reset       If set, ssuuddoo will reset the environment to only contain
-                       the LOGNAME, MAIL, SHELL, USER, USERNAME and the SUDO_*
-                       variables.  Any variables in the caller's environment
-                       that match the env_keep and env_check lists are then
-                       added.  The default contents of the env_keep and
-                       env_check lists are displayed when ssuuddoo is run by root
-                       with the _-_V option.  If the _s_e_c_u_r_e___p_a_t_h option is set,
-                       its value will be used for the PATH environment
-                       variable.  This flag is _o_n by default.
+       env_reset       If set, ssuuddoo will run the command in a minimal
+                       environment containing the TERM, PATH, HOME, MAIL,
+                       SHELL, LOGNAME, USER, USERNAME and SUDO_* variables.
+                       Any variables in the caller's environment that match
+                       the env_keep and env_check lists are then added,
+                       followed by any variables present in the file specified
+                       by the _e_n_v___f_i_l_e option (if any).  The default contents
+                       of the env_keep and env_check lists are displayed when
+                       ssuuddoo is run by root with the _-_V option.  If the
+                       _s_e_c_u_r_e___p_a_t_h option is set, its value will be used for
+                       the PATH environment variable.  This flag is _o_n by
+                       default.
 
        fast_glob       Normally, ssuuddoo uses the _g_l_o_b(3) function to do shell-
                        style globbing when matching path names.  However,
@@ -1007,8 +1018,8 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
                    _a_s_k_p_a_s_s may be overridden by the SUDO_ASKPASS environment
                    variable.
 
-       env_file    The _e_n_v___f_i_l_e options specifies the fully qualified path to
-                   a file containing variables to be set in the environment of
+       env_file    The _e_n_v___f_i_l_e option specifies the fully qualified path to a
+                   file containing variables to be set in the environment of
                    the program being run.  Entries in this file should either
                    be of the form VARIABLE=value or export VARIABLE=value.
                    The value may optionally be surrounded by single or double
@@ -1472,4 +1483,4 @@ DDIISSCCLLAAIIMMEERR
 
 
 
-1.7.8                         September 16, 2011                    SUDOERS(4)
+1.7.9                          January 12, 2012                     SUDOERS(4)
diff --git a/sudoers.ldap.cat b/sudoers.ldap.cat
index befa4d0bd..17a61cabc 100644
--- a/sudoers.ldap.cat
+++ b/sudoers.ldap.cat
@@ -746,4 +746,4 @@ DDIISSCCLLAAIIMMEERR
 
 
 
-1.7.8                         September 16, 2011               SUDOERS.LDAP(4)
+1.7.9                          January 12, 2012                SUDOERS.LDAP(4)
diff --git a/sudoers.ldap.man.in b/sudoers.ldap.man.in
index 88c459800..7bea97f7d 100644
--- a/sudoers.ldap.man.in
+++ b/sudoers.ldap.man.in
@@ -140,7 +140,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SUDOERS.LDAP @mansectform@"
-.TH SUDOERS.LDAP @mansectform@ "September 16, 2011" "1.7.8" "MAINTENANCE COMMANDS"
+.TH SUDOERS.LDAP @mansectform@ "January 12, 2012" "1.7.9" "MAINTENANCE COMMANDS"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/sudoers.man.in b/sudoers.man.in
index b350f70af..1247c0c2f 100644
--- a/sudoers.man.in
+++ b/sudoers.man.in
@@ -148,7 +148,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SUDOERS @mansectform@"
-.TH SUDOERS @mansectform@ "September 16, 2011" "1.7.8" "MAINTENANCE COMMANDS"
+.TH SUDOERS @mansectform@ "January 12, 2012" "1.7.9" "MAINTENANCE COMMANDS"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -708,7 +708,18 @@ Upon reaching the end of \fI/etc/sudoers.local\fR, the rest of
 themselves include other files.  A hard limit of 128 nested include
 files is enforced to prevent include file loops.
 .PP
-The file name may include the \f(CW%h\fR escape, signifying the short form
+If the path to the include file is not fully-qualified (does not
+begin with a \fI/\fR), it must be located in the same directory as the
+sudoers file it was included from.  For example, if \fI/etc/sudoers\fR
+contains the line:
+.Sp
+.RS 4
+\&\f(CW\*(C`#include sudoers.local\*(C'\fR
+.RE
+.PP
+the file that will be included is \fI/etc/sudoers.local\fR.
+.PP
+The file name may also include the \f(CW%h\fR escape, signifying the short form
 of the host name.  I.e., if the machine's host name is \*(L"xerxes\*(R", then
 .PP
 \&\f(CW\*(C`#include /etc/sudoers.%h\*(C'\fR
@@ -813,14 +824,17 @@ they match a value specified in \f(CW\*(C`editor\*(C'\fR.  This flag is \fI@env_
 default.
 .IP "env_reset" 16
 .IX Item "env_reset"
-If set, \fBsudo\fR will reset the environment to only contain the
-\&\s-1LOGNAME\s0, \s-1MAIL\s0, \s-1SHELL\s0, \s-1USER\s0, \s-1USERNAME\s0 and the \f(CW\*(C`SUDO_*\*(C'\fR variables.  Any
+If set, \fBsudo\fR will run the command in a minimal environment
+containing the \f(CW\*(C`TERM\*(C'\fR, \f(CW\*(C`PATH\*(C'\fR, \f(CW\*(C`HOME\*(C'\fR, \f(CW\*(C`MAIL\*(C'\fR, \f(CW\*(C`SHELL\*(C'\fR,
+\&\f(CW\*(C`LOGNAME\*(C'\fR, \f(CW\*(C`USER\*(C'\fR, \f(CW\*(C`USERNAME\*(C'\fR and \f(CW\*(C`SUDO_*\*(C'\fR variables.  Any
 variables in the caller's environment that match the \f(CW\*(C`env_keep\*(C'\fR
-and \f(CW\*(C`env_check\*(C'\fR lists are then added.  The default contents of the
-\&\f(CW\*(C`env_keep\*(C'\fR and \f(CW\*(C`env_check\*(C'\fR lists are displayed when \fBsudo\fR is
-run by root with the \fI\-V\fR option.  If the \fIsecure_path\fR option
-is set, its value will be used for the \f(CW\*(C`PATH\*(C'\fR environment variable.
-This flag is \fI@env_reset@\fR by default.
+and \f(CW\*(C`env_check\*(C'\fR lists are then added, followed by any variables
+present in the file specified by the \fIenv_file\fR option (if any).
+The default contents of the \f(CW\*(C`env_keep\*(C'\fR and \f(CW\*(C`env_check\*(C'\fR lists are
+displayed when \fBsudo\fR is run by root with the \fI\-V\fR option.  If
+the \fIsecure_path\fR option is set, its value will be used for the
+\&\f(CW\*(C`PATH\*(C'\fR environment variable.  This flag is \fI@env_reset@\fR by
+default.
 .IP "fast_glob" 16
 .IX Item "fast_glob"
 Normally, \fBsudo\fR uses the \fIglob\fR\|(3) function to do shell-style
@@ -1267,7 +1281,7 @@ The value of \fIaskpass\fR may be overridden by the \f(CW\*(C`SUDO_ASKPASS\*(C'\
 environment variable.
 .IP "env_file" 12
 .IX Item "env_file"
-The \fIenv_file\fR options specifies the fully qualified path to a
+The \fIenv_file\fR option specifies the fully qualified path to a
 file containing variables to be set in the environment of the program
 being run.  Entries in this file should either be of the form
 \&\f(CW\*(C`VARIABLE=value\*(C'\fR or \f(CW\*(C`export VARIABLE=value\*(C'\fR.  The value may
diff --git a/sudoreplay.cat b/sudoreplay.cat
index 4ed66bcd9..be7a1e8dd 100644
--- a/sudoreplay.cat
+++ b/sudoreplay.cat
@@ -255,4 +255,4 @@ DDIISSCCLLAAIIMMEERR
 
 
 
-1.7.8                         September 16, 2011                SUDOREPLAY(1m)
+1.7.9                          January 12, 2012                 SUDOREPLAY(1m)
diff --git a/sudoreplay.man.in b/sudoreplay.man.in
index 9ba0b02da..649e7d161 100644
--- a/sudoreplay.man.in
+++ b/sudoreplay.man.in
@@ -139,7 +139,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SUDOREPLAY @mansectsu@"
-.TH SUDOREPLAY @mansectsu@ "September 16, 2011" "1.7.8" "MAINTENANCE COMMANDS"
+.TH SUDOREPLAY @mansectsu@ "January 12, 2012" "1.7.9" "MAINTENANCE COMMANDS"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/visudo.cat b/visudo.cat
index 8c75bcb3b..15541706d 100644
--- a/visudo.cat
+++ b/visudo.cat
@@ -143,4 +143,4 @@ DDIISSCCLLAAIIMMEERR
 
 
 
-1.7.8                         September 16, 2011                    VISUDO(1m)
+1.7.9                          January 12, 2012                     VISUDO(1m)
diff --git a/visudo.man.in b/visudo.man.in
index c948f2e0e..a1cc1db5f 100644
--- a/visudo.man.in
+++ b/visudo.man.in
@@ -144,7 +144,7 @@
 .\" ========================================================================
 .\"
 .IX Title "VISUDO @mansectsu@"
-.TH VISUDO @mansectsu@ "September 16, 2011" "1.7.8" "MAINTENANCE COMMANDS"
+.TH VISUDO @mansectsu@ "January 12, 2012" "1.7.9" "MAINTENANCE COMMANDS"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l