]> granicus.if.org Git - sudo/log
sudo
9 years agoThere's no point in trying to interpose protected versions of the
Todd C. Miller [Tue, 29 Sep 2015 03:20:37 +0000 (21:20 -0600)]
There's no point in trying to interpose protected versions of the
exec family of functions.  Many modern C libraries use hidden symbols
for the functions and syscalls defined in libc such that they cannot
be overridden inside libc itself.  We have to just wrap all the exec
variants plus system and popen.

9 years agoList all the functions wrapped by sudo_noexec.so.
Todd C. Miller [Mon, 28 Sep 2015 22:48:46 +0000 (16:48 -0600)]
List all the functions wrapped by sudo_noexec.so.

9 years agoThe section is now called "EXEC and NOEXEC" and it is above, not
Todd C. Miller [Mon, 28 Sep 2015 22:48:20 +0000 (16:48 -0600)]
The section is now called "EXEC and NOEXEC" and it is above, not
below.

9 years agoAlso wrap popen(3).
Todd C. Miller [Mon, 28 Sep 2015 21:34:16 +0000 (15:34 -0600)]
Also wrap popen(3).

9 years agoAlso interpose system(3). On glibc systems you cannot interpose
Todd C. Miller [Mon, 28 Sep 2015 21:10:00 +0000 (15:10 -0600)]
Also interpose system(3).  On glibc systems you cannot interpose
the syscalls used internally by libc.

9 years agoSet active debug instance to sudo_debug_instance() during the
Todd C. Miller [Mon, 28 Sep 2015 18:28:18 +0000 (12:28 -0600)]
Set active debug instance to sudo_debug_instance() during the
conversation function.

9 years agoLOGNAME and USERNAME are set the same way as USER
Todd C. Miller [Sun, 27 Sep 2015 21:40:05 +0000 (15:40 -0600)]
LOGNAME and USERNAME are set the same way as USER

9 years agoDocument behavior when the command dies from a signal in EXIT STATUS.
Todd C. Miller [Sun, 27 Sep 2015 14:59:46 +0000 (08:59 -0600)]
Document behavior when the command dies from a signal in EXIT STATUS.

9 years agoBug #722
Todd C. Miller [Sat, 26 Sep 2015 17:02:24 +0000 (11:02 -0600)]
Bug #722

9 years agoWhen the command sudo is running is killed by a signal, sudo will
Todd C. Miller [Sat, 26 Sep 2015 16:53:16 +0000 (10:53 -0600)]
When the command sudo is running is killed by a signal, sudo will
now send itself the same signal with the default signal handler
instead of exiting.  The bash shell appears to ignore some signals,
e.g.  SIGINT, unless the command is killed by that signal.  This
makes the behavior of commands run under sudo the same as without
sudo when bash is the shell.  Bug #722

9 years agoAdjust set_logname description to new behavior when any of LOGNAME,
Todd C. Miller [Fri, 25 Sep 2015 17:19:28 +0000 (11:19 -0600)]
Adjust set_logname description to new behavior when any of LOGNAME,
USER or USERNAME are preserved.

9 years agoIf some, but not all, of the LOGNAME, USER or USERNAME environment
Todd C. Miller [Fri, 25 Sep 2015 17:15:22 +0000 (11:15 -0600)]
If some, but not all, of the LOGNAME, USER or USERNAME environment
variables have been preserved from the invoking user's environment,
sudo will now use the preserved value to set the remaining variables
instead of using the runas user.  This ensures that if, for example,
only LOGNAME is present in the env_keep list, that sudo will not
set USER and USERNAME to the runas user.

9 years agoFix passing of the callback pointer to the conversation function.
Todd C. Miller [Thu, 24 Sep 2015 19:43:17 +0000 (13:43 -0600)]
Fix passing of the callback pointer to the conversation function.
This was preventing the on_suspend and on_resume functions from
being called on PAM systems.

9 years agoExplicitly mark large hex constants unsigned.
Todd C. Miller [Thu, 24 Sep 2015 17:23:02 +0000 (11:23 -0600)]
Explicitly mark large hex constants unsigned.

9 years agoCast sizeof(entry) to off_t before making it a negative offset for
Todd C. Miller [Thu, 24 Sep 2015 16:52:44 +0000 (10:52 -0600)]
Cast sizeof(entry) to off_t before making it a negative offset for
lseek().  Fixes "sudo -k" on Solaris and probably others.

9 years agoAdd explicit mention of sudo's netgroup semantics since they differ
Todd C. Miller [Mon, 21 Sep 2015 22:04:59 +0000 (16:04 -0600)]
Add explicit mention of sudo's netgroup semantics since they differ
from most other netgroup consumers.

9 years agosync with translationproject.org
Todd C. Miller [Mon, 21 Sep 2015 21:18:04 +0000 (15:18 -0600)]
sync with translationproject.org

9 years agoFix potential double free of the cookie when sudo is suspended at
Todd C. Miller [Mon, 21 Sep 2015 21:07:00 +0000 (15:07 -0600)]
Fix potential double free of the cookie when sudo is suspended at
the password prompt.

9 years agosync with translationproject.org
Todd C. Miller [Wed, 16 Sep 2015 15:53:43 +0000 (09:53 -0600)]
sync with translationproject.org

9 years agosync with translationproject.org
Todd C. Miller [Tue, 15 Sep 2015 20:04:43 +0000 (14:04 -0600)]
sync with translationproject.org

9 years agoBug #719
Todd C. Miller [Tue, 15 Sep 2015 19:36:34 +0000 (13:36 -0600)]
Bug #719

9 years agoSIGHUP is now relayed to the command. Bug #719
Todd C. Miller [Tue, 15 Sep 2015 18:24:19 +0000 (12:24 -0600)]
SIGHUP is now relayed to the command.  Bug #719

9 years agoWhen a terminal device is closed, SIGHUP is sent to the controlling
Todd C. Miller [Tue, 15 Sep 2015 16:30:36 +0000 (10:30 -0600)]
When a terminal device is closed, SIGHUP is sent to the controlling
process associated with that terminal.  It is not sent to the entire
process group so sudo needs to relay SIGHUP to the command when it
is not being run in a new pty.  Bug #719

9 years agoMention visudo bug in 1.8.14
Todd C. Miller [Tue, 15 Sep 2015 15:50:35 +0000 (09:50 -0600)]
Mention visudo bug in 1.8.14

9 years agoWe reserved two slots at the end of the editor argv for the line
Todd C. Miller [Tue, 15 Sep 2015 15:29:40 +0000 (09:29 -0600)]
We reserved two slots at the end of the editor argv for the line
number and the file name.  However, resolve_editor() adds "--"
before the file names so the +line_number is interpreted as a file
name, not a line number so we need to overwrite the "--" as well.

9 years agoRemove checks for __sys_siglist and __sys_signame. They are internal
Todd C. Miller [Thu, 10 Sep 2015 22:44:57 +0000 (16:44 -0600)]
Remove checks for __sys_siglist and __sys_signame.  They are internal
to libc and there are no known systems that export those symbols
that do not already export the single underbar or no-underbar versions.

9 years agoSync with translationproject.org
Todd C. Miller [Thu, 10 Sep 2015 20:30:57 +0000 (14:30 -0600)]
Sync with translationproject.org

9 years agoregen
Todd C. Miller [Thu, 10 Sep 2015 20:30:02 +0000 (14:30 -0600)]
regen

9 years agoRestore old signal handlers before tty settings. That way SIGTTOU
Todd C. Miller [Wed, 9 Sep 2015 21:27:09 +0000 (15:27 -0600)]
Restore old signal handlers before tty settings.  That way SIGTTOU
is at its original value if sudo_term_restore() should fail.

9 years agoDocument what happens when the on_suspend/on_resume callbacks
Todd C. Miller [Wed, 9 Sep 2015 21:14:06 +0000 (15:14 -0600)]
Document what happens when the on_suspend/on_resume callbacks
return an error.

9 years agoNo need to have version macros for hooks, callbacks and the sudoers
Todd C. Miller [Wed, 9 Sep 2015 20:56:52 +0000 (14:56 -0600)]
No need to have version macros for hooks, callbacks and the sudoers
group plugin.  We can just use the main sudo API macros.  The sudoers
group plugin macros are preserved for source compatibility but are
not documented.

9 years agoProperly escape the backslash before a comma in an example so the
Todd C. Miller [Wed, 9 Sep 2015 20:33:01 +0000 (14:33 -0600)]
Properly escape the backslash before a comma in an example so the
example rule is parsable by visudo.

9 years agoIgnore callbacks if major version doesn't match.
Todd C. Miller [Wed, 9 Sep 2015 19:29:57 +0000 (13:29 -0600)]
Ignore callbacks if major version doesn't match.

9 years agoRemove include/compat/timespec.h. Systems old enough to lack struct
Todd C. Miller [Wed, 9 Sep 2015 17:13:22 +0000 (11:13 -0600)]
Remove include/compat/timespec.h.  Systems old enough to lack struct
timespec are too old to build a modern sudo.

9 years agoBug #713
Todd C. Miller [Wed, 9 Sep 2015 16:52:23 +0000 (10:52 -0600)]
Bug #713

9 years agoFill in cstat if exec_setup() fails. Previously it was only filled
Todd C. Miller [Wed, 9 Sep 2015 16:50:21 +0000 (10:50 -0600)]
Fill in cstat if exec_setup() fails.  Previously it was only filled
in for an execve() failure.  Fixes an unkillable sudo process when
exec_setup() fails and I/O logging is enabled.

9 years agoFix running commands as non-root when neither setresuid() not
Todd C. Miller [Wed, 9 Sep 2015 16:45:56 +0000 (10:45 -0600)]
Fix running commands as non-root when neither setresuid() not
setreuid() are available.  At this point we are already root so
setuid() must succeed.  Bug #713

9 years agoCast uid_t to unsigned int when printing as %u
Todd C. Miller [Wed, 9 Sep 2015 16:14:03 +0000 (10:14 -0600)]
Cast uid_t to unsigned int when printing as %u

9 years agoMention time stamp file locking changes, fix some spelling.
Todd C. Miller [Wed, 9 Sep 2015 15:57:10 +0000 (09:57 -0600)]
Mention time stamp file locking changes, fix some spelling.

9 years agoUpdate with latest changes.
Todd C. Miller [Wed, 9 Sep 2015 12:23:29 +0000 (06:23 -0600)]
Update with latest changes.

9 years agoAvoid touching the time stamp directory for "sudo -k command"
Todd C. Miller [Mon, 7 Sep 2015 12:06:08 +0000 (06:06 -0600)]
Avoid touching the time stamp directory for "sudo -k command"

9 years agoBring back the check for time stamp files that predate the boot
Todd C. Miller [Mon, 7 Sep 2015 12:06:08 +0000 (06:06 -0600)]
Bring back the check for time stamp files that predate the boot
time.  Instead of truncating we now unlink the file since another
process may be sleeping on the lock.

9 years agoUse pread(2) and pwrite(2) where possible.
Todd C. Miller [Mon, 7 Sep 2015 12:06:08 +0000 (06:06 -0600)]
Use pread(2) and pwrite(2) where possible.

9 years agosudo_term_* already restart themselve for all but SIGTTOU so we
Todd C. Miller [Mon, 7 Sep 2015 12:06:08 +0000 (06:06 -0600)]
sudo_term_* already restart themselve for all but SIGTTOU so we
don't need to use our own restart loops.

9 years agoSet errno to EINVAL if sudo_lock_* is called with a bad type.
Todd C. Miller [Mon, 7 Sep 2015 12:06:08 +0000 (06:06 -0600)]
Set errno to EINVAL if sudo_lock_* is called with a bad type.

9 years agoAdjust new locking to work when tty_tickets is disabled. We need
Todd C. Miller [Mon, 7 Sep 2015 12:06:08 +0000 (06:06 -0600)]
Adjust new locking to work when tty_tickets is disabled.  We need
to use per-tty/ppid locking to gain exclusive access to the tty
for the password prompt but use a separate (short term) lock
that is shared among all sudo processes for the user.

9 years agoAllow the time stamp lock to be interrupted by signals.
Todd C. Miller [Mon, 7 Sep 2015 12:06:08 +0000 (06:06 -0600)]
Allow the time stamp lock to be interrupted by signals.

9 years agoImplement suspend/resume callbacks for the conversation function.
Todd C. Miller [Mon, 7 Sep 2015 12:06:08 +0000 (06:06 -0600)]
Implement suspend/resume callbacks for the conversation function.
If suspended, close the timestamp file (dropping all locks).  On
resume, lock the record before reading the password.

For this to work properly we need to be able to run th callback
when tsetattr() suspends us, not just when the user does.  To
accomplish this the term_* functions now return EINTR if SIGTTOU
would be generated.  The caller now has to restart the term_*
function (and send itself SIGTTOU) instead of it being done
automatically.

9 years agoLock individual records in the timestamp file instead of the entire
Todd C. Miller [Mon, 7 Sep 2015 12:06:08 +0000 (06:06 -0600)]
Lock individual records in the timestamp file instead of the entire
file.  This will make it possible for multiple sudo processes using
the same tty to serialize their timestamp lookups.

9 years agoAdd a struct sudo_conv_callback that contains on_suspend and on_resume
Todd C. Miller [Mon, 7 Sep 2015 12:06:08 +0000 (06:06 -0600)]
Add a struct sudo_conv_callback that contains on_suspend and on_resume
function pointer args plus a closure pointer and at it to the
conversation function.

9 years agoMake hook_version and hook_type unsigned.
Todd C. Miller [Wed, 2 Sep 2015 14:00:27 +0000 (08:00 -0600)]
Make hook_version and hook_type unsigned.

9 years agoWhen decoding base64, avoid using '=' in the decoded temporary array
Todd C. Miller [Tue, 1 Sep 2015 16:24:59 +0000 (10:24 -0600)]
When decoding base64, avoid using '=' in the decoded temporary array
as a sentinel as it can legitimately be present.  Instead, just use
the count of bytes stored in the temp array to determine which bytes
to fold into the destination.

9 years agoWhen parsing def_editor, break out of the loop when we find the
Todd C. Miller [Fri, 21 Aug 2015 17:25:02 +0000 (11:25 -0600)]
When parsing def_editor, break out of the loop when we find the
first valid editor.  Bug #714

9 years agoThe condition for adding a missing newline at the end of sudoers
Todd C. Miller [Tue, 18 Aug 2015 14:57:53 +0000 (08:57 -0600)]
The condition for adding a missing newline at the end of sudoers
was never reached.  Keep track of the last character and write a
newline character if when copying to the temp file.  Found by Radovan
Sroka.

9 years agoRemove extraneous while() from botched do {} while() loop
Todd C. Miller [Tue, 18 Aug 2015 14:34:10 +0000 (08:34 -0600)]
Remove extraneous while() from botched do {} while() loop
conversion to use sudo_strsplit.  Noticed by Radovan Sroka.

9 years agoIn sudo_pam_begin_session() and sudo_pam_end_session() return
Todd C. Miller [Tue, 11 Aug 2015 02:17:02 +0000 (20:17 -0600)]
In sudo_pam_begin_session() and sudo_pam_end_session() return
AUTH_FATAL on error, not AUTH_FAILURE.  In sudo_auth_begin_session()
treat anything other than AUTH_SUCCESS as a fatal error.

9 years agoLinux sets si_pid in struct siginfo to 0 when the process that sent
Todd C. Miller [Mon, 10 Aug 2015 21:13:37 +0000 (15:13 -0600)]
Linux sets si_pid in struct siginfo to 0 when the process that sent
the signal is in a different container since the PID namespaces in
different conatiners are separate.  Avoid looking up the process
group by id when si_pid is 0 since getpgid(0) returns the process
group of the current process.  Since sudo ignores signals sent
by processes in its own process group, this had the effect of
ignoring signals sent from other containers.  From Maarten de Vries

9 years agoSprinkle some debugging.
Todd C. Miller [Mon, 10 Aug 2015 16:56:47 +0000 (10:56 -0600)]
Sprinkle some debugging.

9 years agoDocument that sudo uses the real uid to map from uid to passwd file
Todd C. Miller [Sun, 9 Aug 2015 22:22:16 +0000 (16:22 -0600)]
Document that sudo uses the real uid to map from uid to passwd file
user name.

9 years agodisable_coredump can be set to no on modern OSes without
Todd C. Miller [Sun, 9 Aug 2015 22:12:00 +0000 (16:12 -0600)]
disable_coredump can be set to no on modern OSes without
security consequences.

9 years agoEmphasis on the never.
Todd C. Miller [Fri, 7 Aug 2015 23:05:50 +0000 (17:05 -0600)]
Emphasis on the never.

9 years agoExplicitly tell people not to grant sudoedit to directories the
Todd C. Miller [Fri, 7 Aug 2015 23:01:15 +0000 (17:01 -0600)]
Explicitly tell people not to grant sudoedit to directories the
user can write to.  While sudoedit will no longer open symbolic
links, hard links are still an issue.

9 years agoAdd warning about writable directories and sudo/sudoedit.
Todd C. Miller [Fri, 7 Aug 2015 23:00:42 +0000 (17:00 -0600)]
Add warning about writable directories and sudo/sudoedit.

9 years agoEmphasize that wildcards are not regexps. Bug #692
Todd C. Miller [Fri, 7 Aug 2015 18:37:15 +0000 (12:37 -0600)]
Emphasize that wildcards are not regexps.  Bug #692

9 years agoEmphasize that wildcards in command line arguments are dangerous.
Todd C. Miller [Fri, 7 Aug 2015 18:21:37 +0000 (12:21 -0600)]
Emphasize that wildcards in command line arguments are dangerous.
Document the failings of the passwd example on GNU systems.
Bug #691

9 years agoEscape the colons in [[:alpha:]] as required by sudoers.
Todd C. Miller [Fri, 7 Aug 2015 18:00:12 +0000 (12:00 -0600)]
Escape the colons in [[:alpha:]] as required by sudoers.

9 years agoChange warning when user tries to sudoedit a symbolic link.
Todd C. Miller [Fri, 7 Aug 2015 13:09:01 +0000 (07:09 -0600)]
Change warning when user tries to sudoedit a symbolic link.

9 years agoregen
Todd C. Miller [Thu, 6 Aug 2015 19:21:37 +0000 (13:21 -0600)]
regen

9 years agoregen
Todd C. Miller [Thu, 6 Aug 2015 19:20:36 +0000 (13:20 -0600)]
regen

9 years agoDo not follow symbolic links in sudoedit by default. This behavior
Todd C. Miller [Thu, 6 Aug 2015 19:20:01 +0000 (13:20 -0600)]
Do not follow symbolic links in sudoedit by default.  This behavior
can be controlled by the sudoedit_follow Defaults flag as well as
the FOLLOW/NOFOLLOW tags.

9 years agoSudo 1.8.15
Todd C. Miller [Thu, 6 Aug 2015 19:15:00 +0000 (13:15 -0600)]
Sudo 1.8.15

9 years agoadd .json regress files to MANIFEST
Todd C. Miller [Thu, 6 Aug 2015 19:39:59 +0000 (13:39 -0600)]
add .json regress files to MANIFEST

9 years agoCheck JSON output of sudoers test files too.
Todd C. Miller [Thu, 6 Aug 2015 16:57:42 +0000 (10:57 -0600)]
Check JSON output of sudoers test files too.

9 years agoMove comment to match moved code.
Todd C. Miller [Tue, 4 Aug 2015 22:15:11 +0000 (16:15 -0600)]
Move comment to match moved code.

9 years agomaxseq is an int not a string
Todd C. Miller [Tue, 4 Aug 2015 17:28:43 +0000 (11:28 -0600)]
maxseq is an int not a string

9 years agoInclude sys/types.h for id_t. Bug #711
Todd C. Miller [Mon, 3 Aug 2015 01:59:32 +0000 (19:59 -0600)]
Include sys/types.h for id_t.  Bug #711

9 years agoAvoid a potential out of bounds read found by enh while fuzzing
Todd C. Miller [Fri, 31 Jul 2015 22:10:03 +0000 (16:10 -0600)]
Avoid a potential out of bounds read found by enh while fuzzing
with address sanitizer enabled.

9 years agoSet sssd lib location to /usr/lib64 on 64-bit RHEL/Centos.
Todd C. Miller [Mon, 27 Jul 2015 13:07:38 +0000 (07:07 -0600)]
Set sssd lib location to /usr/lib64 on 64-bit RHEL/Centos.
Bug #710

9 years agoAdd Jakub Wilk
Todd C. Miller [Wed, 8 Jul 2015 21:14:55 +0000 (15:14 -0600)]
Add Jakub Wilk

9 years agoThe init.d files are generated from a .in file so we need to install
Todd C. Miller [Fri, 24 Jul 2015 19:38:03 +0000 (13:38 -0600)]
The init.d files are generated from a .in file so we need to install
from top_builddir not top_srcdir.  From Ross Burton.  Bug #708

9 years agoReplace two "return 0" with debug_return_bool(false).
Todd C. Miller [Thu, 23 Jul 2015 01:11:32 +0000 (19:11 -0600)]
Replace two "return 0" with debug_return_bool(false).

9 years agofix typo in previous commit
Todd C. Miller [Wed, 22 Jul 2015 12:21:21 +0000 (06:21 -0600)]
fix typo in previous commit

9 years agoSudo 1.8.14p3
Todd C. Miller [Wed, 22 Jul 2015 12:09:14 +0000 (06:09 -0600)]
Sudo 1.8.14p3

9 years agoFix errno value from get_process_ttyname() when no tty is present.
Todd C. Miller [Tue, 21 Jul 2015 21:20:49 +0000 (15:20 -0600)]
Fix errno value from get_process_ttyname() when no tty is present.

9 years agoOn AIX, only convert the tty device number from dev64_t to dev32_t
Todd C. Miller [Tue, 21 Jul 2015 21:02:56 +0000 (15:02 -0600)]
On AIX, only convert the tty device number from dev64_t to dev32_t
if dev_t is 32-bits.

9 years agoSudo 1.8.14p2
Todd C. Miller [Tue, 21 Jul 2015 02:27:40 +0000 (20:27 -0600)]
Sudo 1.8.14p2

9 years agoFix creation of the timestamp file; bug #704
Todd C. Miller [Tue, 21 Jul 2015 02:16:14 +0000 (20:16 -0600)]
Fix creation of the timestamp file; bug #704

9 years agoAvoid needless memory allocation when resolving the tty name.
Todd C. Miller [Mon, 20 Jul 2015 02:19:22 +0000 (20:19 -0600)]
Avoid needless memory allocation when resolving the tty name.

9 years agoSudo 1.8.14p1
Todd C. Miller [Fri, 17 Jul 2015 21:28:26 +0000 (15:28 -0600)]
Sudo 1.8.14p1

9 years agoFix typo in sudo_sss_attrcpy() that caused a memory allocation error.
Todd C. Miller [Fri, 17 Jul 2015 19:58:26 +0000 (13:58 -0600)]
Fix typo in sudo_sss_attrcpy() that caused a memory allocation error.

9 years agorebuild
Todd C. Miller [Wed, 15 Jul 2015 18:36:02 +0000 (12:36 -0600)]
rebuild

9 years agoAdd some debugging printfs when malloc fails and we don't have an
Todd C. Miller [Tue, 14 Jul 2015 21:28:01 +0000 (15:28 -0600)]
Add some debugging printfs when malloc fails and we don't have an
explicit call to sudo_warnx().

9 years agoAdd missing warnings for memory allocation failure.
Todd C. Miller [Tue, 14 Jul 2015 20:50:36 +0000 (14:50 -0600)]
Add missing warnings for memory allocation failure.
Add function name to memory allocation warnings.

9 years agoReturn -1 if realloc() fails.
Todd C. Miller [Tue, 14 Jul 2015 20:48:04 +0000 (14:48 -0600)]
Return -1 if realloc() fails.

9 years agoAdd line number to debug log for memory allocation errors.
Todd C. Miller [Tue, 14 Jul 2015 20:47:12 +0000 (14:47 -0600)]
Add line number to debug log for memory allocation errors.

9 years agoAdd warning if calloc() fails.
Todd C. Miller [Tue, 14 Jul 2015 20:00:18 +0000 (14:00 -0600)]
Add warning if calloc() fails.
Add debugging for other unexpected errors.

9 years agoAdd missing check for calloc(3) return value.
Todd C. Miller [Tue, 14 Jul 2015 19:56:29 +0000 (13:56 -0600)]
Add missing check for calloc(3) return value.

9 years agoDocument that the values printed by "sudo -V" are affected by
Todd C. Miller [Mon, 13 Jul 2015 18:58:25 +0000 (12:58 -0600)]
Document that the values printed by "sudo -V" are affected by
Defaults settings in sudoers.

9 years agoAvoid calling dlerror() multiple times since it clear the error
Todd C. Miller [Fri, 10 Jul 2015 16:31:21 +0000 (10:31 -0600)]
Avoid calling dlerror() multiple times since it clear the error
status after printing the error.
Problem caused by sudo_warn/sudo_fatal being macros...

9 years agoAttempt to clarify the conditions under which MAIL and HOME are
Todd C. Miller [Fri, 10 Jul 2015 16:02:38 +0000 (10:02 -0600)]
Attempt to clarify the conditions under which MAIL and HOME are
set to the target user.