]> granicus.if.org Git - sudo/log
sudo
9 years agoUse yy_size_t for digest_len since newer flex uses yy_size_t for
Todd C. Miller [Sun, 22 Nov 2015 16:19:12 +0000 (09:19 -0700)]
Use yy_size_t for digest_len since newer flex uses yy_size_t for
yyleng.  Old flex uses int for yyleng so we need to use a cast to
avoid a sign compare warning.

9 years agoUse https in sudo.ws urls
Todd C. Miller [Fri, 20 Nov 2015 17:51:11 +0000 (10:51 -0700)]
Use https in sudo.ws urls

9 years agoUse https in urls.
Todd C. Miller [Fri, 20 Nov 2015 17:36:53 +0000 (10:36 -0700)]
Use https in urls.

9 years agosudo 1.8.16
Todd C. Miller [Fri, 20 Nov 2015 17:33:08 +0000 (10:33 -0700)]
sudo 1.8.16

9 years agoWhen preserving variables from the invoking user's environment, if
Todd C. Miller [Fri, 20 Nov 2015 16:55:18 +0000 (09:55 -0700)]
When preserving variables from the invoking user's environment, if
there are duplicates only keep the first instance.

9 years agoAdd debug_return_ssize_t
Todd C. Miller [Sun, 1 Nov 2015 22:13:28 +0000 (15:13 -0700)]
Add debug_return_ssize_t

9 years agoAvoid compilation error on Solaris 10 with Stun Studio 12.
Todd C. Miller [Sun, 1 Nov 2015 22:08:50 +0000 (15:08 -0700)]
Avoid compilation error on Solaris 10 with Stun Studio 12.
Bug #727

9 years agosync with translationproject.org
Todd C. Miller [Sat, 31 Oct 2015 23:33:51 +0000 (17:33 -0600)]
sync with translationproject.org

9 years agoMention ssp configure fix.
Todd C. Miller [Sat, 31 Oct 2015 15:10:58 +0000 (09:10 -0600)]
Mention ssp configure fix.

9 years agosync with translationproject.org
Todd C. Miller [Fri, 30 Oct 2015 16:20:47 +0000 (10:20 -0600)]
sync with translationproject.org

9 years agoDon't use CPPFLAGS for the -fstack-protector check. Otherwise on
Todd C. Miller [Fri, 30 Oct 2015 16:11:55 +0000 (10:11 -0600)]
Don't use CPPFLAGS for the -fstack-protector check.  Otherwise on
systems with _FORTIFY_SOURCE support we'll get an error due to the
lack of optimization flags.  Bug #725

9 years agoWhen checking for stack protector support we need to actually link
Todd C. Miller [Fri, 30 Oct 2015 14:49:22 +0000 (08:49 -0600)]
When checking for stack protector support we need to actually link
the test program.

9 years agoPreserve LDFLAGS when checking for stack protector as they may include
Todd C. Miller [Thu, 29 Oct 2015 20:06:21 +0000 (14:06 -0600)]
Preserve LDFLAGS when checking for stack protector as they may include
rpath settings to allow the stack protector lib to be found.  Avoid
using existing CFLAGS since we don't want the compiler to optimize
away the stack variable.

9 years agoBetter configure test for -fstack-protector. Some gcc installations
Todd C. Miller [Thu, 29 Oct 2015 16:51:09 +0000 (10:51 -0600)]
Better configure test for -fstack-protector.  Some gcc installations
may be missing the ssp library even though the compiler supports it.

9 years agoSet errno to EISDIR instead of ENOTDIR if directory is writable
Todd C. Miller [Sun, 25 Oct 2015 20:28:38 +0000 (14:28 -0600)]
Set errno to EISDIR instead of ENOTDIR if directory is writable
since ENOTDIR can be a legitimate errno.  This avoids a bogus
"directory is writable" error in that case.

9 years agoFix the check for whether to include 32-bit arch in Mac OS X packages.
Todd C. Miller [Sun, 25 Oct 2015 15:10:15 +0000 (09:10 -0600)]
Fix the check for whether to include 32-bit arch in Mac OS X packages.

9 years agoregen
Todd C. Miller [Sat, 24 Oct 2015 12:27:55 +0000 (06:27 -0600)]
regen

9 years agoWhen creating a new file, sudoedit will now check that the file's
Todd C. Miller [Sat, 24 Oct 2015 12:20:20 +0000 (06:20 -0600)]
When creating a new file, sudoedit will now check that the file's
parent directory exists before running the editor.

9 years agoAdd always_query_group_plugin
Todd C. Miller [Sat, 24 Oct 2015 11:43:07 +0000 (05:43 -0600)]
Add always_query_group_plugin

9 years agoAdd ABOUT-NLS from GNU gettext.
Todd C. Miller [Fri, 23 Oct 2015 20:13:54 +0000 (14:13 -0600)]
Add ABOUT-NLS from GNU gettext.

9 years agoAdd directory writability checks for sudoedit.
Todd C. Miller [Fri, 23 Oct 2015 20:04:35 +0000 (14:04 -0600)]
Add directory writability checks for sudoedit.

9 years agoLatest.
Todd C. Miller [Tue, 6 Oct 2015 21:23:22 +0000 (15:23 -0600)]
Latest.

9 years agoIgnore the SUDO_CONV_PROMPT_ECHO_OK flag when echo is enabled.
Todd C. Miller [Tue, 6 Oct 2015 21:21:41 +0000 (15:21 -0600)]
Ignore the SUDO_CONV_PROMPT_ECHO_OK flag when echo is enabled.
This was preventing a match of SUDO_CONV_PROMPT_ECHO_ON which
resulted in a masked password instead of an echoed one.

9 years agoRepair challenge/response prompting for BSD authentication which
Todd C. Miller [Tue, 6 Oct 2015 21:00:47 +0000 (15:00 -0600)]
Repair challenge/response prompting for BSD authentication which
got broken while it was converted to use the conversation function.

9 years agoUse the auth_getpass (and the plugin conversation fuction) for Tru64
Todd C. Miller [Tue, 6 Oct 2015 16:25:53 +0000 (10:25 -0600)]
Use the auth_getpass (and the plugin conversation fuction) for Tru64
SIA.  This prevents sudo from sleeping while holding the tty ticket
lock.

9 years agoFor env_reset, SHELL should be set based on the target user, not
Todd C. Miller [Tue, 6 Oct 2015 16:25:43 +0000 (10:25 -0600)]
For env_reset, SHELL should be set based on the target user, not
the invoking user unless preserved via env_keep.

9 years agosync with translationproject.org
Todd C. Miller [Tue, 6 Oct 2015 15:33:27 +0000 (09:33 -0600)]
sync with translationproject.org

9 years agoHungarian and Slovak translations
Todd C. Miller [Mon, 5 Oct 2015 12:06:52 +0000 (06:06 -0600)]
Hungarian and Slovak translations

9 years agoAdd new Slovak and Hungarian translations from translationproject.org
Todd C. Miller [Mon, 5 Oct 2015 12:03:42 +0000 (06:03 -0600)]
Add new Slovak and Hungarian translations from translationproject.org

9 years agoRemove S_ISREG check from sudo_edit_open(), it is already done in
Todd C. Miller [Sat, 3 Oct 2015 02:35:55 +0000 (20:35 -0600)]
Remove S_ISREG check from sudo_edit_open(), it is already done in
the caller.

9 years agoOpen sudoedit files with O_NONBLOCK and fail if they are not regular
Todd C. Miller [Fri, 2 Oct 2015 20:45:09 +0000 (14:45 -0600)]
Open sudoedit files with O_NONBLOCK and fail if they are not regular
files.

9 years agoIt is possible for WIFSTOPPED to be true even if waitpid() is not
Todd C. Miller [Fri, 2 Oct 2015 17:24:01 +0000 (11:24 -0600)]
It is possible for WIFSTOPPED to be true even if waitpid() is not
given WUNTRACED if the child is ptraced.  Don't exit the waitpid()
loop if WIFSTOPPED is true, just in case.

9 years agorebuild .mo files
Todd C. Miller [Wed, 30 Sep 2015 20:04:39 +0000 (14:04 -0600)]
rebuild .mo files

9 years agosync with translationproject.org
Todd C. Miller [Wed, 30 Sep 2015 20:04:17 +0000 (14:04 -0600)]
sync with translationproject.org

9 years agoThere's no point in trying to interpose protected versions of the
Todd C. Miller [Tue, 29 Sep 2015 03:20:37 +0000 (21:20 -0600)]
There's no point in trying to interpose protected versions of the
exec family of functions.  Many modern C libraries use hidden symbols
for the functions and syscalls defined in libc such that they cannot
be overridden inside libc itself.  We have to just wrap all the exec
variants plus system and popen.

9 years agoList all the functions wrapped by sudo_noexec.so.
Todd C. Miller [Mon, 28 Sep 2015 22:48:46 +0000 (16:48 -0600)]
List all the functions wrapped by sudo_noexec.so.

9 years agoThe section is now called "EXEC and NOEXEC" and it is above, not
Todd C. Miller [Mon, 28 Sep 2015 22:48:20 +0000 (16:48 -0600)]
The section is now called "EXEC and NOEXEC" and it is above, not
below.

9 years agoAlso wrap popen(3).
Todd C. Miller [Mon, 28 Sep 2015 21:34:16 +0000 (15:34 -0600)]
Also wrap popen(3).

9 years agoAlso interpose system(3). On glibc systems you cannot interpose
Todd C. Miller [Mon, 28 Sep 2015 21:10:00 +0000 (15:10 -0600)]
Also interpose system(3).  On glibc systems you cannot interpose
the syscalls used internally by libc.

9 years agoSet active debug instance to sudo_debug_instance() during the
Todd C. Miller [Mon, 28 Sep 2015 18:28:18 +0000 (12:28 -0600)]
Set active debug instance to sudo_debug_instance() during the
conversation function.

9 years agoLOGNAME and USERNAME are set the same way as USER
Todd C. Miller [Sun, 27 Sep 2015 21:40:05 +0000 (15:40 -0600)]
LOGNAME and USERNAME are set the same way as USER

9 years agoDocument behavior when the command dies from a signal in EXIT STATUS.
Todd C. Miller [Sun, 27 Sep 2015 14:59:46 +0000 (08:59 -0600)]
Document behavior when the command dies from a signal in EXIT STATUS.

9 years agoBug #722
Todd C. Miller [Sat, 26 Sep 2015 17:02:24 +0000 (11:02 -0600)]
Bug #722

9 years agoWhen the command sudo is running is killed by a signal, sudo will
Todd C. Miller [Sat, 26 Sep 2015 16:53:16 +0000 (10:53 -0600)]
When the command sudo is running is killed by a signal, sudo will
now send itself the same signal with the default signal handler
instead of exiting.  The bash shell appears to ignore some signals,
e.g.  SIGINT, unless the command is killed by that signal.  This
makes the behavior of commands run under sudo the same as without
sudo when bash is the shell.  Bug #722

9 years agoAdjust set_logname description to new behavior when any of LOGNAME,
Todd C. Miller [Fri, 25 Sep 2015 17:19:28 +0000 (11:19 -0600)]
Adjust set_logname description to new behavior when any of LOGNAME,
USER or USERNAME are preserved.

9 years agoIf some, but not all, of the LOGNAME, USER or USERNAME environment
Todd C. Miller [Fri, 25 Sep 2015 17:15:22 +0000 (11:15 -0600)]
If some, but not all, of the LOGNAME, USER or USERNAME environment
variables have been preserved from the invoking user's environment,
sudo will now use the preserved value to set the remaining variables
instead of using the runas user.  This ensures that if, for example,
only LOGNAME is present in the env_keep list, that sudo will not
set USER and USERNAME to the runas user.

9 years agoFix passing of the callback pointer to the conversation function.
Todd C. Miller [Thu, 24 Sep 2015 19:43:17 +0000 (13:43 -0600)]
Fix passing of the callback pointer to the conversation function.
This was preventing the on_suspend and on_resume functions from
being called on PAM systems.

9 years agoExplicitly mark large hex constants unsigned.
Todd C. Miller [Thu, 24 Sep 2015 17:23:02 +0000 (11:23 -0600)]
Explicitly mark large hex constants unsigned.

9 years agoCast sizeof(entry) to off_t before making it a negative offset for
Todd C. Miller [Thu, 24 Sep 2015 16:52:44 +0000 (10:52 -0600)]
Cast sizeof(entry) to off_t before making it a negative offset for
lseek().  Fixes "sudo -k" on Solaris and probably others.

9 years agoAdd explicit mention of sudo's netgroup semantics since they differ
Todd C. Miller [Mon, 21 Sep 2015 22:04:59 +0000 (16:04 -0600)]
Add explicit mention of sudo's netgroup semantics since they differ
from most other netgroup consumers.

9 years agosync with translationproject.org
Todd C. Miller [Mon, 21 Sep 2015 21:18:04 +0000 (15:18 -0600)]
sync with translationproject.org

9 years agoFix potential double free of the cookie when sudo is suspended at
Todd C. Miller [Mon, 21 Sep 2015 21:07:00 +0000 (15:07 -0600)]
Fix potential double free of the cookie when sudo is suspended at
the password prompt.

9 years agosync with translationproject.org
Todd C. Miller [Wed, 16 Sep 2015 15:53:43 +0000 (09:53 -0600)]
sync with translationproject.org

9 years agosync with translationproject.org
Todd C. Miller [Tue, 15 Sep 2015 20:04:43 +0000 (14:04 -0600)]
sync with translationproject.org

9 years agoBug #719
Todd C. Miller [Tue, 15 Sep 2015 19:36:34 +0000 (13:36 -0600)]
Bug #719

9 years agoSIGHUP is now relayed to the command. Bug #719
Todd C. Miller [Tue, 15 Sep 2015 18:24:19 +0000 (12:24 -0600)]
SIGHUP is now relayed to the command.  Bug #719

9 years agoWhen a terminal device is closed, SIGHUP is sent to the controlling
Todd C. Miller [Tue, 15 Sep 2015 16:30:36 +0000 (10:30 -0600)]
When a terminal device is closed, SIGHUP is sent to the controlling
process associated with that terminal.  It is not sent to the entire
process group so sudo needs to relay SIGHUP to the command when it
is not being run in a new pty.  Bug #719

9 years agoMention visudo bug in 1.8.14
Todd C. Miller [Tue, 15 Sep 2015 15:50:35 +0000 (09:50 -0600)]
Mention visudo bug in 1.8.14

9 years agoWe reserved two slots at the end of the editor argv for the line
Todd C. Miller [Tue, 15 Sep 2015 15:29:40 +0000 (09:29 -0600)]
We reserved two slots at the end of the editor argv for the line
number and the file name.  However, resolve_editor() adds "--"
before the file names so the +line_number is interpreted as a file
name, not a line number so we need to overwrite the "--" as well.

9 years agoRemove checks for __sys_siglist and __sys_signame. They are internal
Todd C. Miller [Thu, 10 Sep 2015 22:44:57 +0000 (16:44 -0600)]
Remove checks for __sys_siglist and __sys_signame.  They are internal
to libc and there are no known systems that export those symbols
that do not already export the single underbar or no-underbar versions.

9 years agoSync with translationproject.org
Todd C. Miller [Thu, 10 Sep 2015 20:30:57 +0000 (14:30 -0600)]
Sync with translationproject.org

9 years agoregen
Todd C. Miller [Thu, 10 Sep 2015 20:30:02 +0000 (14:30 -0600)]
regen

9 years agoRestore old signal handlers before tty settings. That way SIGTTOU
Todd C. Miller [Wed, 9 Sep 2015 21:27:09 +0000 (15:27 -0600)]
Restore old signal handlers before tty settings.  That way SIGTTOU
is at its original value if sudo_term_restore() should fail.

9 years agoDocument what happens when the on_suspend/on_resume callbacks
Todd C. Miller [Wed, 9 Sep 2015 21:14:06 +0000 (15:14 -0600)]
Document what happens when the on_suspend/on_resume callbacks
return an error.

9 years agoNo need to have version macros for hooks, callbacks and the sudoers
Todd C. Miller [Wed, 9 Sep 2015 20:56:52 +0000 (14:56 -0600)]
No need to have version macros for hooks, callbacks and the sudoers
group plugin.  We can just use the main sudo API macros.  The sudoers
group plugin macros are preserved for source compatibility but are
not documented.

9 years agoProperly escape the backslash before a comma in an example so the
Todd C. Miller [Wed, 9 Sep 2015 20:33:01 +0000 (14:33 -0600)]
Properly escape the backslash before a comma in an example so the
example rule is parsable by visudo.

9 years agoIgnore callbacks if major version doesn't match.
Todd C. Miller [Wed, 9 Sep 2015 19:29:57 +0000 (13:29 -0600)]
Ignore callbacks if major version doesn't match.

9 years agoRemove include/compat/timespec.h. Systems old enough to lack struct
Todd C. Miller [Wed, 9 Sep 2015 17:13:22 +0000 (11:13 -0600)]
Remove include/compat/timespec.h.  Systems old enough to lack struct
timespec are too old to build a modern sudo.

9 years agoBug #713
Todd C. Miller [Wed, 9 Sep 2015 16:52:23 +0000 (10:52 -0600)]
Bug #713

9 years agoFill in cstat if exec_setup() fails. Previously it was only filled
Todd C. Miller [Wed, 9 Sep 2015 16:50:21 +0000 (10:50 -0600)]
Fill in cstat if exec_setup() fails.  Previously it was only filled
in for an execve() failure.  Fixes an unkillable sudo process when
exec_setup() fails and I/O logging is enabled.

9 years agoFix running commands as non-root when neither setresuid() not
Todd C. Miller [Wed, 9 Sep 2015 16:45:56 +0000 (10:45 -0600)]
Fix running commands as non-root when neither setresuid() not
setreuid() are available.  At this point we are already root so
setuid() must succeed.  Bug #713

9 years agoCast uid_t to unsigned int when printing as %u
Todd C. Miller [Wed, 9 Sep 2015 16:14:03 +0000 (10:14 -0600)]
Cast uid_t to unsigned int when printing as %u

9 years agoMention time stamp file locking changes, fix some spelling.
Todd C. Miller [Wed, 9 Sep 2015 15:57:10 +0000 (09:57 -0600)]
Mention time stamp file locking changes, fix some spelling.

9 years agoUpdate with latest changes.
Todd C. Miller [Wed, 9 Sep 2015 12:23:29 +0000 (06:23 -0600)]
Update with latest changes.

9 years agoAvoid touching the time stamp directory for "sudo -k command"
Todd C. Miller [Mon, 7 Sep 2015 12:06:08 +0000 (06:06 -0600)]
Avoid touching the time stamp directory for "sudo -k command"

9 years agoBring back the check for time stamp files that predate the boot
Todd C. Miller [Mon, 7 Sep 2015 12:06:08 +0000 (06:06 -0600)]
Bring back the check for time stamp files that predate the boot
time.  Instead of truncating we now unlink the file since another
process may be sleeping on the lock.

9 years agoUse pread(2) and pwrite(2) where possible.
Todd C. Miller [Mon, 7 Sep 2015 12:06:08 +0000 (06:06 -0600)]
Use pread(2) and pwrite(2) where possible.

9 years agosudo_term_* already restart themselve for all but SIGTTOU so we
Todd C. Miller [Mon, 7 Sep 2015 12:06:08 +0000 (06:06 -0600)]
sudo_term_* already restart themselve for all but SIGTTOU so we
don't need to use our own restart loops.

9 years agoSet errno to EINVAL if sudo_lock_* is called with a bad type.
Todd C. Miller [Mon, 7 Sep 2015 12:06:08 +0000 (06:06 -0600)]
Set errno to EINVAL if sudo_lock_* is called with a bad type.

9 years agoAdjust new locking to work when tty_tickets is disabled. We need
Todd C. Miller [Mon, 7 Sep 2015 12:06:08 +0000 (06:06 -0600)]
Adjust new locking to work when tty_tickets is disabled.  We need
to use per-tty/ppid locking to gain exclusive access to the tty
for the password prompt but use a separate (short term) lock
that is shared among all sudo processes for the user.

9 years agoAllow the time stamp lock to be interrupted by signals.
Todd C. Miller [Mon, 7 Sep 2015 12:06:08 +0000 (06:06 -0600)]
Allow the time stamp lock to be interrupted by signals.

9 years agoImplement suspend/resume callbacks for the conversation function.
Todd C. Miller [Mon, 7 Sep 2015 12:06:08 +0000 (06:06 -0600)]
Implement suspend/resume callbacks for the conversation function.
If suspended, close the timestamp file (dropping all locks).  On
resume, lock the record before reading the password.

For this to work properly we need to be able to run th callback
when tsetattr() suspends us, not just when the user does.  To
accomplish this the term_* functions now return EINTR if SIGTTOU
would be generated.  The caller now has to restart the term_*
function (and send itself SIGTTOU) instead of it being done
automatically.

9 years agoLock individual records in the timestamp file instead of the entire
Todd C. Miller [Mon, 7 Sep 2015 12:06:08 +0000 (06:06 -0600)]
Lock individual records in the timestamp file instead of the entire
file.  This will make it possible for multiple sudo processes using
the same tty to serialize their timestamp lookups.

9 years agoAdd a struct sudo_conv_callback that contains on_suspend and on_resume
Todd C. Miller [Mon, 7 Sep 2015 12:06:08 +0000 (06:06 -0600)]
Add a struct sudo_conv_callback that contains on_suspend and on_resume
function pointer args plus a closure pointer and at it to the
conversation function.

9 years agoMake hook_version and hook_type unsigned.
Todd C. Miller [Wed, 2 Sep 2015 14:00:27 +0000 (08:00 -0600)]
Make hook_version and hook_type unsigned.

9 years agoWhen decoding base64, avoid using '=' in the decoded temporary array
Todd C. Miller [Tue, 1 Sep 2015 16:24:59 +0000 (10:24 -0600)]
When decoding base64, avoid using '=' in the decoded temporary array
as a sentinel as it can legitimately be present.  Instead, just use
the count of bytes stored in the temp array to determine which bytes
to fold into the destination.

9 years agoWhen parsing def_editor, break out of the loop when we find the
Todd C. Miller [Fri, 21 Aug 2015 17:25:02 +0000 (11:25 -0600)]
When parsing def_editor, break out of the loop when we find the
first valid editor.  Bug #714

9 years agoThe condition for adding a missing newline at the end of sudoers
Todd C. Miller [Tue, 18 Aug 2015 14:57:53 +0000 (08:57 -0600)]
The condition for adding a missing newline at the end of sudoers
was never reached.  Keep track of the last character and write a
newline character if when copying to the temp file.  Found by Radovan
Sroka.

9 years agoRemove extraneous while() from botched do {} while() loop
Todd C. Miller [Tue, 18 Aug 2015 14:34:10 +0000 (08:34 -0600)]
Remove extraneous while() from botched do {} while() loop
conversion to use sudo_strsplit.  Noticed by Radovan Sroka.

9 years agoIn sudo_pam_begin_session() and sudo_pam_end_session() return
Todd C. Miller [Tue, 11 Aug 2015 02:17:02 +0000 (20:17 -0600)]
In sudo_pam_begin_session() and sudo_pam_end_session() return
AUTH_FATAL on error, not AUTH_FAILURE.  In sudo_auth_begin_session()
treat anything other than AUTH_SUCCESS as a fatal error.

9 years agoLinux sets si_pid in struct siginfo to 0 when the process that sent
Todd C. Miller [Mon, 10 Aug 2015 21:13:37 +0000 (15:13 -0600)]
Linux sets si_pid in struct siginfo to 0 when the process that sent
the signal is in a different container since the PID namespaces in
different conatiners are separate.  Avoid looking up the process
group by id when si_pid is 0 since getpgid(0) returns the process
group of the current process.  Since sudo ignores signals sent
by processes in its own process group, this had the effect of
ignoring signals sent from other containers.  From Maarten de Vries

9 years agoSprinkle some debugging.
Todd C. Miller [Mon, 10 Aug 2015 16:56:47 +0000 (10:56 -0600)]
Sprinkle some debugging.

9 years agoDocument that sudo uses the real uid to map from uid to passwd file
Todd C. Miller [Sun, 9 Aug 2015 22:22:16 +0000 (16:22 -0600)]
Document that sudo uses the real uid to map from uid to passwd file
user name.

9 years agodisable_coredump can be set to no on modern OSes without
Todd C. Miller [Sun, 9 Aug 2015 22:12:00 +0000 (16:12 -0600)]
disable_coredump can be set to no on modern OSes without
security consequences.

9 years agoEmphasis on the never.
Todd C. Miller [Fri, 7 Aug 2015 23:05:50 +0000 (17:05 -0600)]
Emphasis on the never.

9 years agoExplicitly tell people not to grant sudoedit to directories the
Todd C. Miller [Fri, 7 Aug 2015 23:01:15 +0000 (17:01 -0600)]
Explicitly tell people not to grant sudoedit to directories the
user can write to.  While sudoedit will no longer open symbolic
links, hard links are still an issue.

9 years agoAdd warning about writable directories and sudo/sudoedit.
Todd C. Miller [Fri, 7 Aug 2015 23:00:42 +0000 (17:00 -0600)]
Add warning about writable directories and sudo/sudoedit.

9 years agoEmphasize that wildcards are not regexps. Bug #692
Todd C. Miller [Fri, 7 Aug 2015 18:37:15 +0000 (12:37 -0600)]
Emphasize that wildcards are not regexps.  Bug #692

9 years agoEmphasize that wildcards in command line arguments are dangerous.
Todd C. Miller [Fri, 7 Aug 2015 18:21:37 +0000 (12:21 -0600)]
Emphasize that wildcards in command line arguments are dangerous.
Document the failings of the passwd example on GNU systems.
Bug #691

9 years agoEscape the colons in [[:alpha:]] as required by sudoers.
Todd C. Miller [Fri, 7 Aug 2015 18:00:12 +0000 (12:00 -0600)]
Escape the colons in [[:alpha:]] as required by sudoers.