From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Wed, 20 Jan 2016 17:56:47 +0000 (-0700)
Subject: Document sudoedit_checkdir
X-Git-Tag: SUDO_1_8_16^2~56
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=42671f6b95f17afca87457d91763ff10f44f90f1;p=sudo

Document sudoedit_checkdir
---

diff --git a/doc/sudo_plugin.cat b/doc/sudo_plugin.cat
index d04e4171d..c20fae152 100644
--- a/doc/sudo_plugin.cat
+++ b/doc/sudo_plugin.cat
@@ -611,6 +611,19 @@ DDEESSCCRRIIPPTTIIOONN
                        substitution and transparently enable _s_u_d_o_e_d_i_t when the
                        user attempts to run an editor.
 
+                 sudoedit_checkdir=bool
+                       Set to false to disable directory writability checks in
+                       ssuuddooeeddiitt.  By default, ssuuddooeeddiitt 1.8.16 and higher will
+                       check all directory components of the path to be edited
+                       for writability by the invoking user.  Symbolic links
+                       will not be followed in writable directories and
+                       ssuuddooeeddiitt will refuse to edit a file located in a
+                       writable directory.  These restrictions are not
+                       enforced when ssuuddooeeddiitt is run by root.  The
+                       _s_u_d_o_e_d_i_t___f_o_l_l_o_w option can be set to false to disable
+                       this check.  Only available starting with API version
+                       1.8.
+
                  sudoedit_follow=bool
                        Set to true to allow ssuuddooeeddiitt to edit files that are
                        symbolic links.  By default, ssuuddooeeddiitt 1.8.15 and higher
@@ -1502,7 +1515,9 @@ PPLLUUGGIINN AAPPII CCHHAANNGGEELLOOGG
            Debug lines in the sudo.conf(4) file.
 
      Version 1.8 (sudo 1.8.15)
-           The _s_u_d_o_e_d_i_t___f_o_l_l_o_w entry was added to the command_info list.
+           The _s_u_d_o_e_d_i_t___c_h_e_c_k_d_i_r and _s_u_d_o_e_d_i_t___f_o_l_l_o_w entries were added to the
+           command_info list.  The default value of _s_u_d_o_e_d_i_t___c_h_e_c_k_d_i_r was
+           changed to true in sudo 1.8.16.
 
            The sudo _c_o_n_v_e_r_s_a_t_i_o_n function now takes a pointer to a struct
            sudo_conv_callback as its fourth argument.  The sudo_conv_t
@@ -1542,4 +1557,4 @@ DDIISSCCLLAAIIMMEERR
      file distributed with ssuuddoo or https://www.sudo.ws/license.html for
      complete details.
 
-Sudo 1.8.16                     January 4, 2016                    Sudo 1.8.16
+Sudo 1.8.16                    January 20, 2016                    Sudo 1.8.16
diff --git a/doc/sudo_plugin.man.in b/doc/sudo_plugin.man.in
index bf14f56f1..67e5c16da 100644
--- a/doc/sudo_plugin.man.in
+++ b/doc/sudo_plugin.man.in
@@ -16,7 +16,7 @@
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.TH "SUDO_PLUGIN" "5" "January 4, 2016" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDO_PLUGIN" "5" "January 20, 2016" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -1010,6 +1010,24 @@ enable
 \fIsudoedit\fR
 when the user attempts to run an editor.
 .TP 6n
+sudoedit_checkdir=bool
+Set to false to disable directory writability checks in
+\fBsudoedit\fR.
+By default,
+\fBsudoedit\fR
+1.8.16 and higher will check all directory components of the path to be
+edited for writability by the invoking user.
+Symbolic links will not be followed in writable directories and
+\fBsudoedit\fR
+will refuse to edit a file located in a writable directory.
+These restrictions are not enforced when
+\fBsudoedit\fR
+is run by root.
+The
+\fIsudoedit_follow\fR
+option can be set to false to disable this check.
+Only available starting with API version 1.8.
+.TP 6n
 sudoedit_follow=bool
 Set to true to allow
 \fBsudoedit\fR
@@ -2699,10 +2717,15 @@ sudo.conf(@mansectform@) file.
 .TP 6n
 Version 1.8 (sudo 1.8.15)
 The
+\fIsudoedit_checkdir\fR
+and
 \fIsudoedit_follow\fR
-entry was added to the
+entries were added to the
 \fRcommand_info\fR
 list.
+The default value of
+\fIsudoedit_checkdir\fR
+was changed to true in sudo 1.8.16.
 .sp
 The sudo
 \fIconversation\fR
diff --git a/doc/sudo_plugin.mdoc.in b/doc/sudo_plugin.mdoc.in
index 9f9250d0c..87c933324 100644
--- a/doc/sudo_plugin.mdoc.in
+++ b/doc/sudo_plugin.mdoc.in
@@ -14,7 +14,7 @@
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd January 4, 2016
+.Dd January 20, 2016
 .Dt SUDO_PLUGIN @mansectform@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -891,6 +891,23 @@ This allows the plugin to perform command substitution and transparently
 enable
 .Em sudoedit
 when the user attempts to run an editor.
+.It sudoedit_checkdir=bool
+Set to false to disable directory writability checks in
+.Nm sudoedit .
+By default,
+.Nm sudoedit
+1.8.16 and higher will check all directory components of the path to be
+edited for writability by the invoking user.
+Symbolic links will not be followed in writable directories and
+.Nm sudoedit
+will refuse to edit a file located in a writable directory.
+These restrictions are not enforced when
+.Nm sudoedit
+is run by root.
+The
+.Em sudoedit_follow
+option can be set to false to disable this check.
+Only available starting with API version 1.8.
 .It sudoedit_follow=bool
 Set to true to allow
 .Nm sudoedit
@@ -2362,10 +2379,15 @@ times if there are multiple plugin-specific Debug lines in the
 .Xr sudo.conf @mansectform@ file.
 .It Version 1.8 (sudo 1.8.15)
 The
+.Em sudoedit_checkdir
+and
 .Em sudoedit_follow
-entry was added to the
+entries were added to the
 .Li command_info
 list.
+The default value of
+.Em sudoedit_checkdir
+was changed to true in sudo 1.8.16.
 .Pp
 The sudo
 .Em conversation