From: Todd C. Miller Date: Sat, 16 Nov 1996 19:42:46 +0000 (+0000) Subject: sudo 1.5.3. X-Git-Tag: SUDO_1_5_4~32 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a36ba7b5cc68ee6513880cf9cc295ebef97a1d4a;p=sudo sudo 1.5.3. --- diff --git a/CHANGES b/CHANGES index 82a728545..25d4d0779 100644 --- a/CHANGES +++ b/CHANGES @@ -826,3 +826,23 @@ Sudo 1.5.1 released. 255) Attempt at sequent support. Sudo 1.5.2 released. + +256) visudo acts sanely when there is no sudoers file. + +257) Added Runas_Alias support. + +258) Sudo will now work with SUDOERS_MODE == 400 and SUDO_UID = 0. + +259) Alias's in a runas list are now expanded. + +260) Fixed bug with > 32 saved aliases. Reported by BHH@capgroup.com. + +261) Code that uses sprintf() is now more paraniod about buffer + overflows. + +262) Whitespace is now allowed after a line continuation character before + a newline in sudoers. + +263) %h in MAILSUBJECT expands to local hostname. + +Sudo 1.5.3 released. diff --git a/RUNSON b/RUNSON index dccc2352f..8a577e5bd 100644 --- a/RUNSON +++ b/RUNSON @@ -5,43 +5,43 @@ Name Rev Arch Used Version By Options ======= ======= ======= =============== ======= =============== =============== Auspex 1.6.1 sun4 bundled cc 1.3.4 Alek Komarnitsky none SunOS 4.1.3 sun4 bundled cc 1.4 Todd Miller none -SunOS 4.1.3 sun4 gcc2.7.2.1 1.5.2 Todd Miller none -SunOS 4.1.3 sun4 gcc2.7.2.1 1.5.2 Todd Miller --with-kerb4 -SunOS 4.1.3 sun4 gcc2.7.2.1 1.5.2 Todd Miller --with-skey +SunOS 4.1.3 sun4 gcc2.7.2.1 1.5.3 Todd Miller none +SunOS 4.1.3 sun4 gcc2.7.2.1 1.5.3 Todd Miller --with-kerb4 +SunOS 4.1.3 sun4 gcc2.7.2.1 1.5.3 Todd Miller --with-skey SunOS 4.1.3 sun4 bundled cc 1.5 Alek Komarnitsky --with-C2 -Solaris 2.5 sun4 gcc2.7.2.1 1.5.2 Todd Miller none +Solaris 2.5 sun4 gcc2.7.2.1 1.5.3 Todd Miller none Solaris 2.[45] sun4 SC4.0 1.5 Alek Komarnitsky none -Solaris 2.5 x86 gcc2.7.2.1 1.5.2 Todd Miller none +Solaris 2.5 x86 gcc2.7.2.1 1.5.3 Todd Miller none ISC 4.0 i386 bundled cc 1.4 Andy Smith none ISC 4.0 i386 gcc2.7.0 1.4 Andy Smith none ISC 4.1 i386 bundled cc 1.4 Andy Smith none ISC 4.1 i386 gcc2.7.0 1.4 Andy Smith none RISCos 4_52 mips bundled cc 1.3.7 Andy Smith --with-getpass SCO 3.2.2 i386 bundled cc 1.3.4 David Meleedy --with-getpass -HP-UX 9.05 hp700 gcc2.7.2.1 1.5.2 Todd Miller none -HP-UX 9.05 hp700 gcc2.7.2.1 1.5.2 Todd Miller --with-kerb4 +HP-UX 9.05 hp700 gcc2.7.2.1 1.5.3 Todd Miller none +HP-UX 9.05 hp700 gcc2.7.2.1 1.5.3 Todd Miller --with-kerb4 HP-UX 9.07 hp700 unbundled cc 1.5 Alek Komarnitsky --with-C2 HP-UX 9.05 hp700 unbundled cc 1.4 Todd Miller none -HP-UX 10.10 hp700 gcc2.7.2.1 1.5.2 Todd Miller --with-skey +HP-UX 10.10 hp700 gcc2.7.2.1 1.5.3 Todd Miller --with-skey HP-UX 10.01 hp700 gcc 1.3.7 Jeff Earickson --with-DCE HP-UX 10.01 hp700 cc 1.4.4 David Dill --with-C2 Ultrix 4.3 mips bundled cc 1.5 Maria Magnusson none -Ultrix 4.3 mips gcc2.7.2.1 1.5.2 Todd Miller none -Ultrix 4.3 mips gcc2.7.2.1 1.5.2 Todd Miller --with-kerb4 -IRIX 4.05H mips gcc2.6.3 1.5.2 Todd Miller none +Ultrix 4.3 mips gcc2.7.2.1 1.5.3 Todd Miller none +Ultrix 4.3 mips gcc2.7.2.1 1.5.3 Todd Miller --with-kerb4 +IRIX 4.05H mips gcc2.6.3 1.5.3 Todd Miller none IRIX 4.05H mips unbundled cc 1.4 Todd Miller none IRIX 5.3 mips unbundled cc 1.4 Todd Miller none -IRIX 5.3 mips gcc2.7.2.1 1.5.2 Todd Miller none -IRIX 5.3 mips gcc2.7.2.1 1.5.2 Todd Miller --with-kerb4 +IRIX 5.3 mips gcc2.7.2.1 1.5.3 Todd Miller none +IRIX 5.3 mips gcc2.7.2.1 1.5.3 Todd Miller --with-kerb4 IRIX 5.3 mips unbundled cc 1.4 Wallace Winfrey --with-C2 IRIX 6.2 mips unbundled cc 1.5 Alek Komarnitsky --with-C2 NEXTSTEP 2.1 m68k bundled cc 1.3.7 Todd Miller none -NEXTSTEP 3.2 m68k bundled cc 1.5.2 Todd Miller none +NEXTSTEP 3.2 m68k bundled cc 1.5.3 Todd Miller none NEXTSTEP 3.2 i386 bundled cc 1.3.2 Jonathan Adams none NEXTSTEP 3.3 i386 bundled cc 1.4 Jonathan Adams none -DEC UNIX 3.2c alpha bundled cc 1.5.2 Todd Miller none -DEC UNIX 4.0 alpha gcc2.7.2.1 1.5.2 Todd Miller none -DEC UNIX 4.0 alpha gcc2.7.2.1 1.5.2 Todd Miller --with-kerb4 +DEC UNIX 3.2c alpha bundled cc 1.5.3 Todd Miller none +DEC UNIX 4.0 alpha gcc2.7.2.1 1.5.3 Todd Miller none +DEC UNIX 4.0 alpha gcc2.7.2.1 1.5.3 Todd Miller --with-kerb4 DEC UNIX 3.x alpha bundled cc 1.3.4 Tina Yang --with-C2 AIX 3.2.X rs6000 bundled cc 1.4 Todd Miller none AIX 4.1.X rs6000 bundled cc 1.4 Todd Miller none @@ -49,8 +49,8 @@ AIX 4.1.3 PowerPC gcc-2.7.0 1.4 Bob Shair none BSD 4.3 hp300 gcc2.5.6 1.4 Todd Miller none ConvexOS 9.1 convex bundled cc 1.3.6 Todd Miller none ConvexOS 9.1 convex gcc2.4.5 1.3.6 Todd Miller none -BSD/OS 2.1 i386 shlicc 1.5.2 Todd Miller none -OpenBSD 2.0 i586 gcc-2.7.2.1 1.5.2 Todd Miller none +BSD/OS 2.1 i386 shlicc 1.5.3 Todd Miller none +OpenBSD 2.0 i586 gcc-2.7.2.1 1.5.3 Todd Miller none FreeBSD 1.1 i386 gcc 1.3.2 Dieter Muller none FreeBSD 2.0.5 i386 gcc 1.3.4 Dieter Muller none Linux 1.2.13 i486 gcc-2.7.0 1.4 Michael Forman none @@ -70,8 +70,8 @@ If you can verify any of these, please send mail to sudo-bugs@courtesan.com Op. System CPU Compilers Sudo Reported Special Name Rev Arch Used Version By Options ======= ======= ======= =============== ======= =============== =============== -AIX 3.2.X rs6000 bundled cc 1.5.2 YOUR NAME HERE --with-AFS -ConvexOS 9.1 convex cc or gcc 1.5.2 YOUR NAME HERE --with-C2 -Ultrix 4.x mips cc or gcc 1.5.2 YOUR NAME HERE --with-C2 -IRIX 6.x mips cc or gcc 1.5.2 YOUR NAME HERE --with-C2 -DYNIX 4.1.3 Sequent bundled cc 1.5.2 YOUR NAME HERE +AIX 3.2.X rs6000 bundled cc 1.5.3 YOUR NAME HERE --with-AFS +ConvexOS 9.1 convex cc or gcc 1.5.3 YOUR NAME HERE --with-C2 +Ultrix 4.x mips cc or gcc 1.5.3 YOUR NAME HERE --with-C2 +IRIX 6.x mips cc or gcc 1.5.3 YOUR NAME HERE --with-C2 +DYNIX 4.1.3 Sequent bundled cc 1.5.3 YOUR NAME HERE diff --git a/TODO b/TODO index 4554bda2d..ba2c23869 100644 --- a/TODO +++ b/TODO @@ -9,43 +9,46 @@ TODO list (most will be addressed in the next rewrite) 04) Make the sudoers file accessible via NIS, Hesiod, and maybe NetInfo. -05) Add a %h field to MAILSUBJECT for the hostname. +05) Add a -h (?) flag to sudo for a history mechanism. -06) Add a -h (?) flag to sudo for a history mechanism. +06) Make parse.lex in the same coding style as everything else... -07) Make parse.lex in the same coding style as everything else... +07) Add an option to hard-code LD_LIBRARY_PATH? -08) Add an option to hard-code LD_LIBRARY_PATH? +08) Add Prog_Alias facility (Prog_Alias VI = /usr/secure/bin/vi +args). -09) Add Prog_Alias facility (Prog_Alias VI = /usr/secure/bin/vi +args). +09) Make '!' work in Cmnd_Alias, Host_Alias, User_Alias and runas list. -10) Make '!' work in Cmnd_Alias, Host_Alias, User_Alias and runas list. +10) check for in configure and include it in sudo.c if it exists. -11) check for in configure and include it in sudo.c if it exists. +11) Add generic STREAMS support for getting interfaces and netmasks. -12) Add generic STREAMS support for getting interfaces and netmasks. - -13) Do shadow password detection at runtime like sunos' issecure(3)??? +12) Do shadow password detection at runtime like sunos' issecure(3)??? If so then start using GLOBAL_NO_SPW_ENT again (but rename it). -14) Do all the envariable additions in one fell swoop for efficiency and speed. +13) Do all the envariable additions in one fell swoop for efficiency and speed. -15) Catch/ignore signals in sudo? +14) Catch/ignore signals in sudo? -16) Make -p work with -v and -l in any order. +15) Make -p work with -v and -l in any order. -17) Add support for "safe scripts" by checking for shell script +16) Add support for "safe scripts" by checking for shell script cookie (first two bytes are "#!") and execing the shell outselves after doing the stat to guard against spoofing. This should avoid the race condition caused by going through namei() twice... -18) Sudo should not allow someone with a nil password to run commands. +17) Sudo should not allow someone with a nil password to run commands. -19) Overhaul testsudoers to use parse.o so we don't reimplement things. +18) Overhaul testsudoers to use parse.o so we don't reimplement things. -20) Make runas_user a struct "runas" with user and group components. +19) Make runas_user a struct "runas" with user and group components. (make uid and gid too???) -21) Add -g group/gid option. +20) Add -g group/gid option. + +21) Make `sudo -l' output prettier. -22) Make `sudo -l' output prettier. +22) Should be able to mix Cmnd_Alias's and command args. Ie: + pete ALL=PASSWD [A-z]*,!PASSWD root + where PASSWD was defined to be /usr/bin/passwd. + This requires the arg parsing to happen in the yacc grammer.