From: Todd C. Miller Date: Mon, 18 Dec 1995 03:09:49 +0000 (+0000) Subject: ++version X-Git-Tag: SUDO_1_4_0~44 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6846377706b8e7a40081d3059ddbe2c5797c2f14;p=sudo ++version --- diff --git a/BUGS b/BUGS index 21edd4e21..31fe3aa53 100644 --- a/BUGS +++ b/BUGS @@ -1,4 +1,4 @@ -Known bugs in sudo version 1.3.6 +Known bugs in sudo version 1.3.7 ================================ 1) Sudo -l does not expand Command Aliases. @@ -9,3 +9,6 @@ Known bugs in sudo version 1.3.6 directories if necesary. 4) Sudo should log when removing "dangerous" envariables. + +5) Stuff in interfaces.c dumps core on Interactive UN*X. + This needs to be fixed before 1.4.0 can be released. diff --git a/CHANGES b/CHANGES index 32d04d663..03ab391fe 100644 --- a/CHANGES +++ b/CHANGES @@ -401,3 +401,151 @@ CHANGES from sudo 1.3.3 there (may be a library problem). 130) Updated man page to reflect two more security issues. + +131) Cleaned up shadow password support in check.c. It should now + be readable. + +132) Added SCO support. + +133) Added check to configure to find the max length of a uid_t + in characters. + +134) Removed uid2str() since we now know how big a uid_t/gid_t + can be. This elminates a few malloc()'s. + +135) Added support for multiple insult types. Based on code and + a suggestion from Dieter Dworkin Muller . + +136) Replaced clean_env() and rmenv() with a rewritten clean_env() + that should be a little faster. This also makes it easier to + add to the list of "dangerous" envariables. + +137) Added netgroup support. Netgroups must start with a leading + "+" to that sudo knows it is a netgroup. + +138) Split out sudoers file format into its own man page. + As suggested by Andy Smith . + +139) Updated testsudoers.c to grok netgroups. + +CHANGES from sudo 1.3.4 + +140) Added SecurID support from Giles Todd . + +141) Added -s flag to start a root shell and -- to signify end of args. + +142) Sped up logging routines by replacing strncpy()'s with strcat()'s. + This is safe because we dyanically allocate logline to be big enough. + +143) Now support command line arguments in the sudoers file. + +144) Sped up the loading on command line arguments. This fixes the + "commands with large argc's take forever to run" bug. + +145) Expanded MAXCOMMANDLEN to 8K since we now have to deal with + command line arguments. Added bounds checking in fill() and + append() so we don't drop core. + XXX - 8k makes sudo *SLOW* + +146) Added support in the lexer for "termination characters" to be + escaped. Ie: you can now use [\,:=] in command line args + as long as you escape with a \. + +147) Testsudoers can now deal with commands that have arguments. + +148) If a file is not executable or not a regular file sudo will + now give the appropriate error message instead of just + "command not found" which is misleading. + +149) Fixed a bug where if FQDN is set, load_interfaces() was never + called. + +150) tty is now a global so it can be used in the ticket file + at a later date. + +151) Strings in the parser are now allocated dynamically. This results + in a large speedup as compared to a 1K array on the stack. I + have freed the strings in the parser where appropriate but that + may not catch all instances. Even so, the average sudo now + takes up less memory than the 1K array version. + +152) Fixed a bug in tgetpass() and configure that broke termio/termios + support for some OS's. + +153) Added cheapo implementation of tty-based timestamps. The correct + way is to have username be a directory with the tty tickets + inside. However, the current code does not take to that very + well, and it does not allow the two systems to coexist. Therefore, + instead of timestampdir/user/tty it is timestampdir/user.tty. + +154) Added support for building in other than the source directory. + Based on changes from "Simon J. Gerraty" + +155) options.h and pathnames.h are now included via angle brackets + (<>) so as to use the -I include path. This way, those using + a shadow build tree may have local copies of these headers + w/o clobbering the distribution ones. + +156) EXEMPTGROUP is now a string (group name) and user_is_exempt() + is now less of a hack. It uses getgrnam(EXEMPTGROUP) to + get a list of users in the exempted group. + +157) --prefix and --exe_prefix are now honored in the Makefile. + +158) Sudo will now behave reasonably in the case where the sudoers + file location is mounted via NFS and the client does not + have "root" NFS privs. + +159) _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP, and SUDOERS_OWNER are + now set via the Makefile since that appears to be what + most people expect... + +160) Now include a pre-generated version of parse.lex since so many + versions of lex are brain damaged. If parse.lex is changed + a new lex.yy.c will be generated. The distribution copy is + sudo-lex.yy.c. + +161) Upgraded to GNU autoconf version 1.5. There are now even + *more* options. + +CHANGES from sudo 1.3.5 + +162) Fixed S/Key support. + +163) Cleaned up shadow password support further by moving much of + it to sudo_getpwuid.c. + +164) First cut at DCE support. [needs work to be functional] + +165) New Digital UNIX C2 support based on code from + "Randy M. Hayman" + +166) S/key support now works with the generic bellcore s/key + as well as the s/key from Wietse Venema's logdaemon. + (Previously only worked with the logdaemon s/key). + As an added bonus the s/key challenge is now embedded + in the password prompt for a cleaner look. + +167) lsearch.c will now compile on a strict ANSI C compiler. + ANSI doesn't allow pointer arithmetic on a "void *" + but gcc does. + +168) Bought back latest HP-UX DCE support from Jeff Earickson + . + +169) configure now comletely groks $SUDO_LIBS and $VISUDO_LIBS. + Plain old $LIBS is no longer used. LDFLAGS has also been + split up into $SUDO_LDFLAGS and $VISUDO_LDFLAGS. + The reason for this is that sudo often needs extra libs + for alternate authentication schemes but visudo rarely does. + +170) The code to copy command arguments flaied for large values of + argc due to realloc() lossage. We now cheat and treat argv[] + as a flat string (since that's what it is) and use pointer + arithmetic to compute the length. Kind of sneaky but it + works (and is relatively fast). + +CHANGES from sudo 1.3.6 + +171) Added support for UN*X groups in sudoers based on code from + Dougal Scott . diff --git a/INSTALL b/INSTALL index e955e876e..1c634f448 100644 --- a/INSTALL +++ b/INSTALL @@ -1,4 +1,4 @@ -Installation instructions for CU sudo 1.3.6 +Installation instructions for CU sudo 1.3.7 =========================================== Sudo uses a `configure' script to probe the capabilities and type diff --git a/Makefile.in b/Makefile.in index e35983a73..a51f5ce70 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,5 +1,5 @@ #* -#* CU sudo version 1.3.6 (based on Root Group sudo version 1.1) +#* CU sudo version 1.3.7 (based on Root Group sudo version 1.1) #* #* This software comes with no waranty whatsoever, use at your own risk. #* @@ -112,7 +112,7 @@ LIBOBJS = @TGETPASS@ @LIBOBJS@ HDRS = sudo.h pathnames.h options.h compat.h version.h insults.h \ ins_2001.h ins_classic.h ins_goons.h ins_csops.h -VERSION = 1.3.6 +VERSION = 1.3.7 DISTFILES = $(SRCS) $(HDRS) BUGS CHANGES COPYING HISTORY INSTALL OPTIONS TODO \ PORTING README RUNSON TROUBLESHOOTING Makefile.in acsite.m4 \ diff --git a/OPTIONS b/OPTIONS index 7c26875ad..38b75db5b 100644 --- a/OPTIONS +++ b/OPTIONS @@ -1,4 +1,4 @@ -The following options may be used to configure sudo 1.3.6 +The following options may be used to configure sudo 1.3.7 FQDN Define this if you want to put fully qualified hostnames in the sudoers diff --git a/README b/README index ce5b3b278..8a81e2cb1 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -This is the CU version of sudo, release 1.3.6 (BETA) +This is the CU version of sudo, release 1.3.7 (BETA) The sudo philosophy =================== @@ -26,7 +26,7 @@ Group's sudo 1.1, the code has been changed significantly, so please do not bother them with bugs in CU sudo. Bug reports for this sudo should be sent to sudo-bugs@cs.colorado.edu. -CU sudo 1.3.6 represents a huge change from the 1.3.1 code base. +CU sudo 1.3.7 represents a huge change from the 1.3.1 code base. It includes a completely rewritten parser contributed by Chris Jepeway, a smarter and easier to use visudo, an updated configure script along with the usual bug fixes and portability changes. See the CHANGES file diff --git a/check.c b/check.c index d7c6df15b..8d646810a 100644 --- a/check.c +++ b/check.c @@ -1,5 +1,5 @@ /* - * CU sudo version 1.3.6 (based on Root Group sudo version 1.1) + * CU sudo version 1.3.7 (based on Root Group sudo version 1.1) * * This software comes with no waranty whatsoever, use at your own risk. * @@ -724,7 +724,7 @@ static void reminder() (void) fprintf(stderr, "\n%s\n%s\n\n%s\n%s\n\n", #else (void) fprintf(stderr, "\n%s\n%s\n%s\n%s\n\n%s\n%s\n\n%s\n%s\n\n", - " CU sudo version 1.3.6, based on Root Group sudo version 1.1", + " CU sudo version 1.3.7, based on Root Group sudo version 1.1", " sudo version 1.1, Copyright (C) 1991 The Root Group, Inc.", " sudo comes with ABSOLUTELY NO WARRANTY. This is free software,", " and you are welcome to redistribute it under certain conditions.", diff --git a/compat.h b/compat.h index cd98acb03..b4b74188e 100644 --- a/compat.h +++ b/compat.h @@ -1,5 +1,5 @@ /* - * CU sudo version 1.3.6 + * CU sudo version 1.3.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/config.h.in b/config.h.in index f586496c8..6ac9de76e 100644 --- a/config.h.in +++ b/config.h.in @@ -1,5 +1,5 @@ /* - * CU sudo version 1.3.6 + * CU sudo version 1.3.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/configure.in b/configure.in index 9589c2601..71dcc1cb5 100644 --- a/configure.in +++ b/configure.in @@ -1,5 +1,5 @@ dnl Process this file with autoconf to produce a configure script. -echo Configuring CU Sudo version 1.3.6 +echo Configuring CU Sudo version 1.3.7 AC_INIT(sudo.h) AC_CONFIG_HEADER(config.h) dnl diff --git a/find_path.c b/find_path.c index f7a1db07f..f37755e22 100644 --- a/find_path.c +++ b/find_path.c @@ -1,5 +1,5 @@ /* - * CU sudo version 1.3.6 + * CU sudo version 1.3.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/getspwuid.c b/getspwuid.c index 64a830537..0aa729b9a 100644 --- a/getspwuid.c +++ b/getspwuid.c @@ -1,5 +1,5 @@ /* - * CU sudo version 1.3.6 + * CU sudo version 1.3.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/getwd.c b/getwd.c index 340892a8d..8069fa610 100644 --- a/getwd.c +++ b/getwd.c @@ -1,5 +1,5 @@ /* - * CU sudo version 1.3.6 + * CU sudo version 1.3.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/goodpath.c b/goodpath.c index cce33a6a9..ccc5e2fc7 100644 --- a/goodpath.c +++ b/goodpath.c @@ -1,5 +1,5 @@ /* - * CU sudo version 1.3.6 + * CU sudo version 1.3.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/ins_2001.h b/ins_2001.h index 52f539c09..f9344091e 100644 --- a/ins_2001.h +++ b/ins_2001.h @@ -1,5 +1,5 @@ /* - * CU sudo version 1.3.6 + * CU sudo version 1.3.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/ins_classic.h b/ins_classic.h index fd5e45fed..c22818aa3 100644 --- a/ins_classic.h +++ b/ins_classic.h @@ -1,5 +1,5 @@ /* - * CU sudo version 1.3.6 + * CU sudo version 1.3.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/ins_csops.h b/ins_csops.h index 855459208..89e85266a 100644 --- a/ins_csops.h +++ b/ins_csops.h @@ -1,5 +1,5 @@ /* - * CU sudo version 1.3.6 + * CU sudo version 1.3.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/ins_goons.h b/ins_goons.h index d3d504e07..62384aba7 100644 --- a/ins_goons.h +++ b/ins_goons.h @@ -1,5 +1,5 @@ /* - * CU sudo version 1.3.6 + * CU sudo version 1.3.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/insults.h b/insults.h index a6d5280f2..cc9c37b7d 100644 --- a/insults.h +++ b/insults.h @@ -1,5 +1,5 @@ /* - * CU sudo version 1.3.6 + * CU sudo version 1.3.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/interfaces.c b/interfaces.c index ae71e4e43..ebf0eb50a 100644 --- a/interfaces.c +++ b/interfaces.c @@ -1,5 +1,5 @@ /* - * CU sudo version 1.3.6 + * CU sudo version 1.3.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/logging.c b/logging.c index 6f5513eab..0f3bef777 100644 --- a/logging.c +++ b/logging.c @@ -1,5 +1,5 @@ /* - * CU sudo version 1.3.6 (based on Root Group sudo version 1.1) + * CU sudo version 1.3.7 (based on Root Group sudo version 1.1) * * This software comes with no waranty whatsoever, use at your own risk. * diff --git a/options.h b/options.h index 3ff3b9694..467e6a8a7 100644 --- a/options.h +++ b/options.h @@ -1,5 +1,5 @@ /* - * CU sudo version 1.3.6 + * CU sudo version 1.3.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/parse.c b/parse.c index f41242f3d..d300e2630 100644 --- a/parse.c +++ b/parse.c @@ -1,5 +1,5 @@ /* - * CU sudo version 1.3.6 + * CU sudo version 1.3.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/parse.lex b/parse.lex index 83affac2c..b8ffb1b43 100644 --- a/parse.lex +++ b/parse.lex @@ -1,6 +1,6 @@ %{ /* - * CU sudo version 1.3.6 + * CU sudo version 1.3.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/parse.yacc b/parse.yacc index ccc9ea93c..08bb009d5 100644 --- a/parse.yacc +++ b/parse.yacc @@ -1,6 +1,6 @@ %{ /* - * CU sudo version 1.3.6 + * CU sudo version 1.3.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/pathnames.h.in b/pathnames.h.in index 920726f58..a7f8b3433 100644 --- a/pathnames.h.in +++ b/pathnames.h.in @@ -1,5 +1,5 @@ /* - * CU sudo version 1.3.6 + * CU sudo version 1.3.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/putenv.c b/putenv.c index f6583ae1f..70a8a47c8 100644 --- a/putenv.c +++ b/putenv.c @@ -1,5 +1,5 @@ /* - * CU sudo version 1.3.6 + * CU sudo version 1.3.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/strdup.c b/strdup.c index 83f6995fb..7e1a52721 100644 --- a/strdup.c +++ b/strdup.c @@ -1,5 +1,5 @@ /* - * CU sudo version 1.3.6 (based on Root Group sudo version 1.1) + * CU sudo version 1.3.7 (based on Root Group sudo version 1.1) * * This software comes with no waranty whatsoever, use at your own risk. * diff --git a/sudo.c b/sudo.c index 16ce00687..3bb48114a 100644 --- a/sudo.c +++ b/sudo.c @@ -1,5 +1,5 @@ /* - * CU sudo version 1.3.6 (based on Root Group sudo version 1.1) + * CU sudo version 1.3.7 (based on Root Group sudo version 1.1) * * This software comes with no waranty whatsoever, use at your own risk. * diff --git a/sudo.h b/sudo.h index 10b8ec068..6d7033a88 100644 --- a/sudo.h +++ b/sudo.h @@ -1,5 +1,5 @@ /* - * CU sudo version 1.3.6 (based on Root Group sudo version 1.1) + * CU sudo version 1.3.7 (based on Root Group sudo version 1.1) * * This software comes with no waranty whatsoever, use at your own risk. * diff --git a/sudo_setenv.c b/sudo_setenv.c index 2e0b711ad..ede2a781c 100644 --- a/sudo_setenv.c +++ b/sudo_setenv.c @@ -1,5 +1,5 @@ /* - * CU sudo version 1.3.6 + * CU sudo version 1.3.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/testsudoers.c b/testsudoers.c index 356e10022..853ab9aa6 100644 --- a/testsudoers.c +++ b/testsudoers.c @@ -1,5 +1,5 @@ /* - * CU sudo version 1.3.6 + * CU sudo version 1.3.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/tgetpass.c b/tgetpass.c index 4965c9076..998307fed 100644 --- a/tgetpass.c +++ b/tgetpass.c @@ -1,5 +1,5 @@ /* - * CU sudo version 1.3.6 + * CU sudo version 1.3.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/utime.c b/utime.c index 534937993..3edb1d2d1 100644 --- a/utime.c +++ b/utime.c @@ -1,5 +1,5 @@ /* - * CU sudo version 1.3.6 + * CU sudo version 1.3.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/version.h b/version.h index f6cbe8e76..c0252fe26 100644 --- a/version.h +++ b/version.h @@ -1,5 +1,5 @@ /* - * CU sudo version 1.3.6 + * CU sudo version 1.3.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -23,6 +23,6 @@ #ifndef _SUDO_VERSION_H #define _SUDO_VERSION_H -static char version[] = "1.3.6"; +static char version[] = "1.3.7"; #endif /* _SUDO_VERSION_H */ diff --git a/visudo.c b/visudo.c index bf43afa88..2525c147e 100644 --- a/visudo.c +++ b/visudo.c @@ -1,5 +1,5 @@ /* - * CU sudo version 1.3.6 + * CU sudo version 1.3.7 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by