From: Todd C. Miller Date: Fri, 28 May 2010 21:37:36 +0000 (-0400) Subject: Completely remove the -L flag from the sudo front end. X-Git-Tag: SUDO_1_8_0~560 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=73b630fa9778602ecfdb49a3c22fb4538620b2dc;p=sudo Completely remove the -L flag from the sudo front end. --- diff --git a/doc/sudo.cat b/doc/sudo.cat index 1a2c6f756..46ff9e011 100644 --- a/doc/sudo.cat +++ b/doc/sudo.cat @@ -8,7 +8,7 @@ NNAAMMEE sudo, sudoedit - execute a command as another user SSYYNNOOPPSSIISS - ssuuddoo [--DD _l_e_v_e_l] --hh | --KK | --kk | --LL | --VV + ssuuddoo [--DD _l_e_v_e_l] --hh | --KK | --kk | --VV ssuuddoo --vv [--AAkknnSS] [--aa _a_u_t_h___t_y_p_e] [--DD _l_e_v_e_l] [--gg _g_r_o_u_p _n_a_m_e|_#_g_i_d] [--pp _p_r_o_m_p_t] [--uu _u_s_e_r_n_a_m_e|_#_u_i_d] @@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN -1.8.0a1 May 11, 2010 1 +1.8.0a2 May 28, 2010 1 @@ -127,7 +127,7 @@ OOPPTTIIOONNSS -1.8.0a1 May 11, 2010 2 +1.8.0a2 May 28, 2010 2 @@ -193,7 +193,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -1.8.0a1 May 11, 2010 3 +1.8.0a2 May 28, 2010 3 @@ -230,11 +230,6 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) prompt for a password (if one is required by _s_u_d_o_e_r_s) and will not update the user's time stamp file. - -L The --LL (_l_i_s_t defaults) option will list the parameters that - may be set in a _D_e_f_a_u_l_t_s line along with a short - description for each. This option will be removed from a - future version of ssuuddoo. - -l[l] [_c_o_m_m_a_n_d] If no _c_o_m_m_a_n_d is specified, the --ll (_l_i_s_t) option will list the allowed (and forbidden) commands for the invoking user @@ -256,23 +251,22 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) preserve the invoking user's group vector unaltered. By default, ssuuddoo will initialize the group vector to the list of groups the target user is in. The real and effective + group IDs, however, are still set to match the target user. + -p _p_r_o_m_p_t The --pp (_p_r_o_m_p_t) option allows you to override the default + password prompt and use a custom one. The following + percent (`%') escapes are supported: -1.8.0a1 May 11, 2010 4 +1.8.0a2 May 28, 2010 4 -SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) +SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) - group IDs, however, are still set to match the target user. - - -p _p_r_o_m_p_t The --pp (_p_r_o_m_p_t) option allows you to override the default - password prompt and use a custom one. The following - percent (`%') escapes are supported: %H expanded to the local host name including the domain name (on if the machine's host name is fully qualified @@ -322,24 +316,24 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -V The --VV (_v_e_r_s_i_o_n) option causes ssuuddoo to print the version number and exit. If the invoking user is already root the + --VV option will print out a list of the defaults ssuuddoo was + compiled with as well as the machine's local network + addresses. + -v If given the --vv (_v_a_l_i_d_a_t_e) option, ssuuddoo will update the + user's time stamp, prompting for the user's password if -1.8.0a1 May 11, 2010 5 +1.8.0a2 May 28, 2010 5 -SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) +SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) - --VV option will print out a list of the defaults ssuuddoo was - compiled with as well as the machine's local network - addresses. - -v If given the --vv (_v_a_l_i_d_a_t_e) option, ssuuddoo will update the - user's time stamp, prompting for the user's password if necessary. This extends the ssuuddoo timeout for another 5 minutes (or whatever the timeout is set to in _s_u_d_o_e_r_s) but does not run a command. @@ -389,21 +383,22 @@ SSEECCUURRIITTYY NNOOTTEESS blacklist all potentially dangerous environment variables, use of the default _e_n_v___r_e_s_e_t behavior is encouraged. + In all cases, environment variables with a value beginning with () are + removed as they could be interpreted as bbaasshh functions. The list of + environment variables that ssuuddoo allows or denies is contained in the + output of sudo -V when run as root. -1.8.0a1 May 11, 2010 6 +1.8.0a2 May 28, 2010 6 -SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) - In all cases, environment variables with a value beginning with () are - removed as they could be interpreted as bbaasshh functions. The list of - environment variables that ssuuddoo allows or denies is contained in the - output of sudo -V when run as root. +SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) + Note that the dynamic linker on most operating systems will remove variables that can control dynamic linking from the environment of @@ -454,10 +449,15 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) time stamp has per-tty granularity but still may outlive the user's session. On Linux systems where the devpts filesystem is used, as well as other systems that utilize a devfs filesystem that monotonically + increase the inode number of devices as they are created (such as Mac + OS X), ssuuddoo is able to determine when a tty-based time stamp file is + stale and will ignore it. Administrators should not rely on this + feature as it is not universally available. + -1.8.0a1 May 11, 2010 7 +1.8.0a2 May 28, 2010 7 @@ -466,11 +466,6 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) - increase the inode number of devices as they are created (such as Mac - OS X), ssuuddoo is able to determine when a tty-based time stamp file is - stale and will ignore it. Administrators should not rely on this - feature as it is not universally available. - Please note that ssuuddoo will normally only log the command it explicitly runs. If a user runs a command such as sudo su or sudo sh, subsequent commands run from that shell will _n_o_t be logged, nor will ssuuddoo's access @@ -521,21 +516,21 @@ EENNVVIIRROONNMMEENNTT VISUAL Default editor to use in --ee (sudoedit) mode if SUDO_EDITOR is not set +FFIILLEESS + _/_e_t_c_/_s_u_d_o_e_r_s List of who can run what + _/_v_a_r_/_r_u_n_/_s_u_d_o Directory containing time stamps -1.8.0a1 May 11, 2010 8 +1.8.0a2 May 28, 2010 8 -SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -FFIILLEESS - _/_e_t_c_/_s_u_d_o_e_r_s List of who can run what +SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) - _/_v_a_r_/_r_u_n_/_s_u_d_o Directory containing time stamps _/_e_t_c_/_e_n_v_i_r_o_n_m_e_n_t Initial environment for --ii mode on Linux and AIX @@ -587,9 +582,14 @@ AAUUTTHHOORRSS See the HISTORY file in the ssuuddoo distribution or visit http://www.sudo.ws/sudo/history.html for a short history of ssuuddoo. +CCAAVVEEAATTSS + There is no easy way to prevent a user from gaining a root shell if + that user is allowed to run arbitrary commands via ssuuddoo. Also, many + programs (such as editors) allow the user to run commands via shell + -1.8.0a1 May 11, 2010 9 +1.8.0a2 May 28, 2010 9 @@ -598,10 +598,6 @@ AAUUTTHHOORRSS SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -CCAAVVEEAATTSS - There is no easy way to prevent a user from gaining a root shell if - that user is allowed to run arbitrary commands via ssuuddoo. Also, many - programs (such as editors) allow the user to run commands via shell escapes, thus avoiding ssuuddoo's checks. However, on most systems it is possible to prevent shell escapes with ssuuddoo's _n_o_e_x_e_c functionality. See the _s_u_d_o_e_r_s(4) manual for details. @@ -655,6 +651,10 @@ DDIISSCCLLAAIIMMEERR -1.8.0a1 May 11, 2010 10 + + + + +1.8.0a2 May 28, 2010 10 diff --git a/doc/sudo.man.in b/doc/sudo.man.in index 8d7c350ba..bcfad7b8b 100644 --- a/doc/sudo.man.in +++ b/doc/sudo.man.in @@ -148,7 +148,7 @@ .\" ======================================================================== .\" .IX Title "SUDO @mansectsu@" -.TH SUDO @mansectsu@ "May 25, 2010" "1.8.0a1" "MAINTENANCE COMMANDS" +.TH SUDO @mansectsu@ "May 28, 2010" "1.8.0a2" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -157,7 +157,7 @@ sudo, sudoedit \- execute a command as another user .SH "SYNOPSIS" .IX Header "SYNOPSIS" -\&\fBsudo\fR [\fB\-D\fR\ \fIlevel\fR] \fB\-h\fR | \fB\-K\fR | \fB\-k\fR | \fB\-L\fR | \fB\-V\fR +\&\fBsudo\fR [\fB\-D\fR\ \fIlevel\fR] \fB\-h\fR | \fB\-K\fR | \fB\-k\fR | \fB\-V\fR .PP \&\fBsudo\fR \fB\-v\fR [\fB\-AknS\fR] .if \n(BA [\fB\-a\fR\ \fIauth_type\fR] @@ -374,11 +374,6 @@ a password, the \fB\-k\fR option will cause \fBsudo\fR to ignore the user's time stamp file. As a result, \fBsudo\fR will prompt for a password (if one is required by \fIsudoers\fR) and will not update the user's time stamp file. -.IP "\-L" 12 -.IX Item "-L" -The \fB\-L\fR (\fIlist\fR defaults) option will list the parameters that -may be set in a \fIDefaults\fR line along with a short description for -each. This option will be removed from a future version of \fBsudo\fR. .IP "\-l[l] [\fIcommand\fR]" 12 .IX Item "-l[l] [command]" If no \fIcommand\fR is specified, the \fB\-l\fR (\fIlist\fR) option will list diff --git a/doc/sudo.pod b/doc/sudo.pod index 8610d55cd..54bb854a3 100644 --- a/doc/sudo.pod +++ b/doc/sudo.pod @@ -26,7 +26,7 @@ sudo, sudoedit - execute a command as another user =head1 SYNOPSIS -B S<[B<-D> I]> B<-h> | B<-K> | B<-k> | B<-L> | B<-V> +B S<[B<-D> I]> B<-h> | B<-K> | B<-k> | B<-V> B B<-v> [B<-AknS>] S<[B<-a> I]> @@ -264,12 +264,6 @@ time stamp file. As a result, B will prompt for a password (if one is required by I) and will not update the user's time stamp file. -=item -L - -The B<-L> (I defaults) option will list the parameters that -may be set in a I line along with a short description for -each. This option will be removed from a future version of B. - =item -l[l] [I] If no I is specified, the B<-l> (I) option will list diff --git a/src/parse_args.c b/src/parse_args.c index f6e490cd9..8c0e05974 100644 --- a/src/parse_args.c +++ b/src/parse_args.c @@ -161,7 +161,7 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp, * Some trickiness is required to allow environment variables * to be interspersed with command line options. */ - if ((ch = getopt(argc, argv, "+Aa:bC:c:D:Eeg:HhiKkLlnPp:r:Sst:U:u:Vv")) != -1) { + if ((ch = getopt(argc, argv, "+Aa:bC:c:D:Eeg:HhiKklnPp:r:Sst:U:u:Vv")) != -1) { switch (ch) { case 'A': SET(tgetpass_flags, TGP_ASKPASS); diff --git a/src/sudo_usage.h.in b/src/sudo_usage.h.in index f11990c88..7d8e1e92f 100644 --- a/src/sudo_usage.h.in +++ b/src/sudo_usage.h.in @@ -23,7 +23,7 @@ * Usage strings for sudo. These are here because we * need to be able to substitute values from configure. */ -#define SUDO_USAGE1 " [-D level] -h | -K | -k | -L | -V" +#define SUDO_USAGE1 " [-D level] -h | -K | -k | -V" #define SUDO_USAGE2 " -v [-AknS] @BSDAUTH_USAGE@[-D level] [-g groupname|#gid] [-p prompt] [-u user name|#uid]" #define SUDO_USAGE3 " -l[l] [-AknS] @BSDAUTH_USAGE@[-D level] [-g groupname|#gid] [-p prompt] [-U user name] [-u user name|#uid] [-g groupname|#gid] [command]" #define SUDO_USAGE4 " [-AbEHknPS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C fd] [-D level] @LOGINCAP_USAGE@[-g groupname|#gid] [-p prompt] [-u user name|#uid] [-g groupname|#gid] [VAR=value] [-i|-s] []"