From 104a402b6ab366b69c22f4d5db24dfb62340c5d0 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Fri, 25 Sep 2009 01:11:49 +0000 Subject: [PATCH] Substitute in default value for secure_path --- configure | 35 +++++++++++++++++++++-------------- configure.in | 9 +++++++-- sudoers.man.pl | 2 ++ sudoers.pod | 2 +- 4 files changed, 31 insertions(+), 17 deletions(-) diff --git a/configure b/configure index 39486e3b2..d94314e77 100755 --- a/configure +++ b/configure @@ -869,6 +869,7 @@ ldap_conf ldap_secret nsswitch_conf netsvc_conf +secure_path EGREPPROG CC ac_ct_CC @@ -2120,6 +2121,7 @@ echo "$as_me: Configuring Sudo version $PACKAGE_VERSION" >&6;} + timeout=5 @@ -2147,6 +2149,7 @@ tty_tickets=off insults=off root_sudo=on path_info=on +secure_path="not set" INSTALL_NOEXEC= devdir='$(srcdir)' PROGS="sudo visudo sudoreplay" @@ -3695,12 +3698,14 @@ echo $ECHO_N "checking whether to override the user's path... $ECHO_C" >&6; } # Check whether --with-secure-path was given. if test "${with_secure_path+set}" = set; then withval=$with_secure_path; case $with_secure_path in - yes) cat >>confdefs.h <<_ACEOF -#define SECURE_PATH "/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc" + yes) with_secure_path="/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc" + cat >>confdefs.h <<_ACEOF +#define SECURE_PATH "$with_secure_path" _ACEOF - { echo "$as_me:$LINENO: result: :/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc" >&5 -echo "${ECHO_T}:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc" >&6; } + { echo "$as_me:$LINENO: result: $with_secure_path" >&5 +echo "${ECHO_T}$with_secure_path" >&6; } + secure_path="set to $with_secure_path" ;; no) { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } @@ -3711,6 +3716,7 @@ _ACEOF { echo "$as_me:$LINENO: result: $with_secure_path" >&5 echo "${ECHO_T}$with_secure_path" >&6; } + secure_path="set to F<$with_secure_path>" ;; esac else @@ -6262,7 +6268,7 @@ ia64-*-hpux*) ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 6265 "configure"' > conftest.$ac_ext + echo '#line 6271 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -8126,11 +8132,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8129: $lt_compile\"" >&5) + (eval echo "\"\$as_me:8135: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:8133: \$? = $ac_status" >&5 + echo "$as_me:8139: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -8416,11 +8422,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8419: $lt_compile\"" >&5) + (eval echo "\"\$as_me:8425: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:8423: \$? = $ac_status" >&5 + echo "$as_me:8429: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -8520,11 +8526,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8523: $lt_compile\"" >&5) + (eval echo "\"\$as_me:8529: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:8527: \$? = $ac_status" >&5 + echo "$as_me:8533: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -10880,7 +10886,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext < conftest.$ac_ext <&5 diff --git a/configure.in b/configure.in index f50e9ba91..58e3698f2 100644 --- a/configure.in +++ b/configure.in @@ -85,6 +85,7 @@ AC_SUBST(ldap_conf) AC_SUBST(ldap_secret) AC_SUBST(nsswitch_conf) AC_SUBST(netsvc_conf) +AC_SUBST(secure_path) dnl dnl Initial values for above dnl @@ -113,6 +114,7 @@ tty_tickets=off insults=off root_sudo=on path_info=on +secure_path="not set" INSTALL_NOEXEC= devdir='$(srcdir)' dnl @@ -988,13 +990,16 @@ fi AC_MSG_CHECKING(whether to override the user's path) AC_ARG_WITH(secure-path, [AS_HELP_STRING([--with-secure-path], [override the user's path with a built-in one])], [case $with_secure_path in - yes) AC_DEFINE_UNQUOTED(SECURE_PATH, "/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc") - AC_MSG_RESULT([:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc]) + yes) with_secure_path="/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc" + AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path") + AC_MSG_RESULT([$with_secure_path]) + secure_path="set to $with_secure_path" ;; no) AC_MSG_RESULT(no) ;; *) AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path") AC_MSG_RESULT([$with_secure_path]) + secure_path="set to F<$with_secure_path>" ;; esac], AC_MSG_RESULT(no)) diff --git a/sudoers.man.pl b/sudoers.man.pl index 5eacb5b2d..9ee210a44 100644 --- a/sudoers.man.pl +++ b/sudoers.man.pl @@ -16,6 +16,8 @@ if (/^\./) { # Fix up broken pod2man formatting of F<@foo@/bar> s/\\fI\\f(\(C)?I\@([^\@]*)\\fI\@/\\fI\@$2\@/g; +s/\\f\(\CW\@([^\@]*)\\fR\@/\@$1\@/g; +#\f(CW@secure_path\fR@ # Comment out Compile-time-specific lines in DESCRIPTION if ($t) { diff --git a/sudoers.pod b/sudoers.pod index 543ee7301..09c66481e 100644 --- a/sudoers.pod +++ b/sudoers.pod @@ -1191,7 +1191,7 @@ people running B to have a sane C environment variable you may want to use this. Another use is if you want to have the "root path" be separate from the "user path." Users in the group specified by the I option are not affected by I. -This is not set by default. +This option is @secure_path@ by default. =item syslog -- 2.40.0