From 59e2925374f0a24dff3a35f6dd1fbb6c76bffbaa Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Thu, 3 Jun 2010 08:32:53 -0400 Subject: [PATCH] Sudo now stashes tty ctime for tty_tickets on Solaris too. --- doc/sudo.cat | 34 +++++++++++++++++----------------- doc/sudo.man.in | 14 +++++++------- doc/sudo.pod | 12 ++++++------ 3 files changed, 30 insertions(+), 30 deletions(-) diff --git a/doc/sudo.cat b/doc/sudo.cat index 46ff9e011..5d16aa88e 100644 --- a/doc/sudo.cat +++ b/doc/sudo.cat @@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN -1.8.0a2 May 28, 2010 1 +1.8.0a2 June 3, 2010 1 @@ -127,7 +127,7 @@ OOPPTTIIOONNSS -1.8.0a2 May 28, 2010 2 +1.8.0a2 June 3, 2010 2 @@ -193,7 +193,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -1.8.0a2 May 28, 2010 3 +1.8.0a2 June 3, 2010 3 @@ -259,7 +259,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -1.8.0a2 May 28, 2010 4 +1.8.0a2 June 3, 2010 4 @@ -325,7 +325,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) -1.8.0a2 May 28, 2010 5 +1.8.0a2 June 3, 2010 5 @@ -391,7 +391,7 @@ SSEECCUURRIITTYY NNOOTTEESS -1.8.0a2 May 28, 2010 6 +1.8.0a2 June 3, 2010 6 @@ -447,17 +447,17 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) modification time is within 5 minutes (or whatever the timeout is set to in _s_u_d_o_e_r_s). When the _t_t_y___t_i_c_k_e_t_s option is enabled in _s_u_d_o_e_r_s, the time stamp has per-tty granularity but still may outlive the user's - session. On Linux systems where the devpts filesystem is used, as well - as other systems that utilize a devfs filesystem that monotonically - increase the inode number of devices as they are created (such as Mac - OS X), ssuuddoo is able to determine when a tty-based time stamp file is - stale and will ignore it. Administrators should not rely on this - feature as it is not universally available. + session. On Linux systems where the devpts filesystem is used, Solaris + systems with the devices filesystem, as well as other systems that + utilize a devfs filesystem that monotonically increase the inode number + of devices as they are created (such as Mac OS X), ssuuddoo is able to + determine when a tty-based time stamp file is stale and will ignore it. + Administrators should not rely on this feature as it is not universally + available. - -1.8.0a2 May 28, 2010 7 +1.8.0a2 June 3, 2010 7 @@ -523,7 +523,7 @@ FFIILLEESS -1.8.0a2 May 28, 2010 8 +1.8.0a2 June 3, 2010 8 @@ -589,7 +589,7 @@ CCAAVVEEAATTSS -1.8.0a2 May 28, 2010 9 +1.8.0a2 June 3, 2010 9 @@ -655,6 +655,6 @@ DDIISSCCLLAAIIMMEERR -1.8.0a2 May 28, 2010 10 +1.8.0a2 June 3, 2010 10 diff --git a/doc/sudo.man.in b/doc/sudo.man.in index bcfad7b8b..9d6dbc80f 100644 --- a/doc/sudo.man.in +++ b/doc/sudo.man.in @@ -148,7 +148,7 @@ .\" ======================================================================== .\" .IX Title "SUDO @mansectsu@" -.TH SUDO @mansectsu@ "May 28, 2010" "1.8.0a2" "MAINTENANCE COMMANDS" +.TH SUDO @mansectsu@ "June 3, 2010" "1.8.0a2" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -590,12 +590,12 @@ stamp file's modification time is within \f(CW\*(C`@timeout@\*(C'\fR minutes (or whatever the timeout is set to in \fIsudoers\fR). When the \fItty_tickets\fR option is enabled in \fIsudoers\fR, the time stamp has per-tty granularity but still may outlive the user's session. On Linux systems where -the devpts filesystem is used, as well as other systems that utilize -a devfs filesystem that monotonically increase the inode number of -devices as they are created (such as Mac \s-1OS\s0 X), \fBsudo\fR is able to -determine when a tty-based time stamp file is stale and will ignore -it. Administrators should not rely on this feature as it is not -universally available. +the devpts filesystem is used, Solaris systems with the devices +filesystem, as well as other systems that utilize a devfs filesystem +that monotonically increase the inode number of devices as they are +created (such as Mac \s-1OS\s0 X), \fBsudo\fR is able to determine when a +tty-based time stamp file is stale and will ignore it. Administrators +should not rely on this feature as it is not universally available. .PP Please note that \fBsudo\fR will normally only log the command it explicitly runs. If a user runs a command such as \f(CW\*(C`sudo su\*(C'\fR or diff --git a/doc/sudo.pod b/doc/sudo.pod index 54bb854a3..93af96510 100644 --- a/doc/sudo.pod +++ b/doc/sudo.pod @@ -493,12 +493,12 @@ stamp file's modification time is within C<@timeout@> minutes (or whatever the timeout is set to in I). When the I option is enabled in I, the time stamp has per-tty granularity but still may outlive the user's session. On Linux systems where -the devpts filesystem is used, as well as other systems that utilize -a devfs filesystem that monotonically increase the inode number of -devices as they are created (such as Mac OS X), B is able to -determine when a tty-based time stamp file is stale and will ignore -it. Administrators should not rely on this feature as it is not -universally available. +the devpts filesystem is used, Solaris systems with the devices +filesystem, as well as other systems that utilize a devfs filesystem +that monotonically increase the inode number of devices as they are +created (such as Mac OS X), B is able to determine when a +tty-based time stamp file is stale and will ignore it. Administrators +should not rely on this feature as it is not universally available. Please note that B will normally only log the command it explicitly runs. If a user runs a command such as C or -- 2.50.0