From 535ed3817c9fd62aed7413bcd0d65f6624cebbe4 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Fri, 7 Nov 2008 02:06:48 +0000 Subject: [PATCH] Sudo will now refuse to run if no tty is present unless the new visiblepw sudoers flag is set. --- def_data.c | 4 ++++ def_data.h | 2 ++ def_data.in | 3 +++ sudo.c | 11 ++++++++--- sudoers.pod | 17 ++++++++++++----- 5 files changed, 29 insertions(+), 8 deletions(-) diff --git a/def_data.c b/def_data.c index da859e894..72c14c9f1 100644 --- a/def_data.c +++ b/def_data.c @@ -298,6 +298,10 @@ struct sudo_defs_types sudo_defs_table[] = { "sudoers_locale", T_STR, "Locale to use while parsing sudoers: %s", NULL, + }, { + "visiblepw", T_FLAG, + "Allow sudo to prompt for a password even if it would be visisble", + NULL, }, { NULL, 0, NULL } diff --git a/def_data.h b/def_data.h index 72d793eab..afa78e0b5 100644 --- a/def_data.h +++ b/def_data.h @@ -136,6 +136,8 @@ #define I_ENV_FILE 67 #define def_sudoers_locale (sudo_defs_table[68].sd_un.str) #define I_SUDOERS_LOCALE 68 +#define def_visiblepw (sudo_defs_table[69].sd_un.flag) +#define I_VISIBLEPW 69 enum def_tupple { never, diff --git a/def_data.in b/def_data.in index f92c63116..0a0a3b86d 100644 --- a/def_data.in +++ b/def_data.in @@ -220,3 +220,6 @@ env_file sudoers_locale T_STR "Locale to use while parsing sudoers: %s" +visiblepw + T_FLAG + "Allow sudo to prompt for a password even if it would be visisble" diff --git a/sudo.c b/sudo.c index 4246c6dd0..0a5b9a719 100644 --- a/sudo.c +++ b/sudo.c @@ -399,9 +399,14 @@ main(argc, argv, envp) "no askpass program specified, try setting SUDO_ASKPASS"); } else { /* If no tty but DISPLAY is set, use askpass if we have it. */ - if (user_askpass && !ISSET(tgetpass_flags, TGP_STDIN) && - !user_ttypath && user_display && *user_display != '\0') - SET(tgetpass_flags, TGP_ASKPASS); + if (!user_ttypath && !ISSET(tgetpass_flags, TGP_STDIN)) { + if (user_askpass && user_display && *user_display != '\0') { + SET(tgetpass_flags, TGP_ASKPASS); + } else if (!def_visiblepw) { + log_error(NO_MAIL, + "no tty present and no askpass program specified"); + } + } } /* User may have overriden environment resetting via the -E flag. */ diff --git a/sudoers.pod b/sudoers.pod index a561be415..077ee3ab7 100644 --- a/sudoers.pod +++ b/sudoers.pod @@ -662,11 +662,9 @@ user. This flag is I by default. =item requiretty If set, B will only run when the user is logged in to a real -tty. This will disallow things like C<"rsh somehost sudo ls"> since -L does not allocate a tty. Because it is not possible to turn -off echo when there is no tty present, some sites may wish to set -this flag to prevent a user from entering a visible password. This -flag is I by default. +tty. When this flag is set, B can only be run from a login +session and not via other means such as L or cgi-bin scripts. +This flag is I by default. =item root_sudo @@ -758,6 +756,15 @@ If set, B will apply the defaults specified for the target user's login class if one exists. Only available if B is configured with the --with-logincap option. This flag is I by default. +=item visiblepw + +By default, B will refuse to run if the user must enter a +password but it is not possible to disable echo on the terminal. +If the I flag is set, B will prompt for a password +even when it would be visible on the screen. This makes it possible +to run things like C<"rsh somehost sudo ls"> since L does +not allocate a tty. This flag is I by default. + =back B: -- 2.40.0