Todd C. Miller [Tue, 28 Feb 2012 19:16:39 +0000 (14:16 -0500)]
Check the owner and mode in -c (check) mode unless the -f option
is specified. Previously, the owner and mode were checked on the
main sudoers file when the -s (strict) option was given, but this
was not documented.
Todd C. Miller [Mon, 27 Feb 2012 18:28:15 +0000 (13:28 -0500)]
We need sysconfdir in compat/Makfile to get the proper sudo.conf
path. Add standard prefix and foodir expansion in all Makefiles
to avoid this problem in the future.
Todd C. Miller [Thu, 9 Feb 2012 16:20:29 +0000 (11:20 -0500)]
Use -m not -M for install-sh for everything except setuid.
Install locale .mo files mode 0444, not 0644.
If timedir parent doesn't exist, use default dir mode, not 0700.
Todd C. Miller [Thu, 9 Feb 2012 16:11:58 +0000 (11:11 -0500)]
Use -m not -M for install-sh for everything except setuid.
Install locale .mo files mode 0444, not 0644.
If timedir parent doesn't exist, use default dir mode, not 0700.
Todd C. Miller [Mon, 6 Feb 2012 20:47:22 +0000 (15:47 -0500)]
More complete fix for LDR_PRELOAD on AIX. The addition of
set_perm(PERM_ROOT) before calling the nss open functions (needed
to avoid a GNU TLS bug) also broke LDR_PRELOAD. Setting the effective
and then real uid to 0 for PERM_ROOT works around the issue.
Todd C. Miller [Mon, 6 Feb 2012 20:46:17 +0000 (15:46 -0500)]
More complete fix for LDR_PRELOAD on AIX. The addition of
set_perm(PERM_ROOT) before calling the nss open functions (needed
to avoid a GNU TLS bug) also broke LDR_PRELOAD. Setting the effective
and then real uid to 0 for PERM_ROOT works around the issue.
Todd C. Miller [Mon, 6 Feb 2012 18:37:26 +0000 (13:37 -0500)]
Set real uid to root before calling sudo_edit() or run_command()
so that the monitor process is owned by root and not by the user.
Otherwise, on AIX at least, the monitor process shows up in ps as
belonging to the user (and can be killed by the user).
Todd C. Miller [Mon, 6 Feb 2012 18:37:11 +0000 (13:37 -0500)]
For PERM_ROOT when using setreuid(), only set the euid to 0 prior
to the call to setuid(0) if the current euid is non-zero. This
effectively restores the state of things prior to rev 7bfeb629fccb.
Fixes a problem on AIX where LDR_PRELOAD was not being honored for
the command being executed.
Todd C. Miller [Mon, 6 Feb 2012 18:33:46 +0000 (13:33 -0500)]
Set real uid to root before calling sudo_edit() or run_command()
so that the monitor process is owned by root and not by the user.
Otherwise, on AIX at least, the monitor process shows up in ps as
belonging to the user (and can be killed by the user).
Todd C. Miller [Mon, 6 Feb 2012 18:29:19 +0000 (13:29 -0500)]
For PERM_ROOT when using setreuid(), only set the euid to 0 prior
to the call to setuid(0) if the current euid is non-zero. This
effectively restores the state of things prior to rev 7bfeb629fccb.
Fixes a problem on AIX where LDR_PRELOAD was not being honored for
the command being executed.
Todd C. Miller [Fri, 3 Feb 2012 19:59:36 +0000 (14:59 -0500)]
Normally, sudo disables core dumps while it is running. This
behavior can now be modified at run time with a line in sudo.conf
like "Set disable_coredumps false"
Todd C. Miller [Fri, 3 Feb 2012 19:57:03 +0000 (14:57 -0500)]
Normally, sudo disables core dumps while it is running. This
behavior can now be modified at run time with a line in sudo.conf
like "Set disable_coredumps false"
Todd C. Miller [Wed, 1 Feb 2012 16:28:21 +0000 (11:28 -0500)]
Error out if user specified --with-pam but we can't find the headers
or library. Also throw an error if the headers are present but the
library is not and vice versa.
Todd C. Miller [Wed, 1 Feb 2012 16:27:50 +0000 (11:27 -0500)]
Error out if user specified --with-pam but we can't find the headers
or library. Also throw an error if the headers are present but the
library is not and vice versa.
projects / sudo / log