From a3d412049e7e8d5a175540a6c787ea98b0ce66e0 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Tue, 14 Sep 2010 17:12:33 -0400 Subject: [PATCH] Implement --with-umask-override configure flag. --HG-- branch : 1.7 --- INSTALL | 5 ++++ config.h.in | 6 +++- configure | 51 ++++++++++++++++++++++++---------- configure.in | 16 ++++++++++- defaults.c | 3 ++ sudoers.cat | 74 +++++++++++++++++++++++++------------------------- sudoers.man.in | 12 ++++---- sudoers.pod | 2 +- 8 files changed, 110 insertions(+), 59 deletions(-) diff --git a/INSTALL b/INSTALL index 80ce152b3..c626c72bc 100644 --- a/INSTALL +++ b/INSTALL @@ -463,6 +463,11 @@ The following options are also configurable at runtime: --without-umask Preserves the umask of the user invoking sudo. + --with-umask-override + Use the umask specified in sudoers even if it is less restrictive + than the user's. The default is to use the intersection of the + user's umask and the umask specified in sudoers. + --with-runas-default=USER The default user to run commands as if the -u flag is not specified on the command line. This defaults to "root". diff --git a/config.h.in b/config.h.in index af5653b6d..276ef2ea8 100644 --- a/config.h.in +++ b/config.h.in @@ -729,7 +729,7 @@ /* Define to 1 if the code in interfaces.c does not compile for you. */ #undef STUB_LOAD_INTERFACES -/* The umask that the root-run prog should use. */ +/* The umask that the sudo-run prog should use. */ #undef SUDO_UMASK /* The number of minutes before sudo asks for a password again. */ @@ -741,6 +741,10 @@ /* The number of tries a user gets to enter their password. */ #undef TRIES_FOR_PASSWORD +/* Define to 1 to use the umask specified in sudoers even when it is less + restrictive than the invoking user's. */ +#undef UMASK_OVERRIDE + /* Define to 1 if the `unsetenv' function returns void instead of `int'. */ #undef UNSETENV_VOID diff --git a/configure b/configure index 280085b82..4a9b593a3 100755 --- a/configure +++ b/configure @@ -811,6 +811,7 @@ logfac lecture long_otp_prompt passprompt +umask_override sudo_umask password_timeout timeout @@ -947,6 +948,7 @@ with_sudoers_mode with_sudoers_uid with_sudoers_gid with_umask +with_umask_override with_runas_default with_exempt with_editor @@ -1709,6 +1711,8 @@ Optional Packages: --with-umask umask with which the prog should run (default is 022) --without-umask Preserves the umask of the user invoking sudo. + --with-umask-override Use the umask specified in sudoers even if it is + less restrictive than the user's. --with-runas-default User to run commands as (default is "root") --with-exempt=group no passwd needed for users in this group --with-editor=path Default editor for visudo (defaults to vi) @@ -2949,6 +2953,7 @@ $as_echo "$as_me: Configuring Sudo version $PACKAGE_VERSION" >&6;} + # @@ -2958,6 +2963,7 @@ timedir=/var/adm/sudo timeout=5 password_timeout=5 sudo_umask=0022 +umask_override=off passprompt="Password:" long_otp_prompt=off lecture=once @@ -4775,6 +4781,22 @@ else $as_echo "$sudo_umask" >&6; } fi + +# Check whether --with-umask-override was given. +if test "${with_umask_override+set}" = set; then : + withval=$with_umask_override; case $with_umask_override in + yes) $as_echo "#define UMASK_OVERRIDE 1" >>confdefs.h + + umask_override=on + ;; + no) umask_override=off + ;; + *) as_fn_error "\"--with-umask-override does not take an argument.\"" "$LINENO" 5 + ;; +esac +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for default user to run commands as" >&5 $as_echo_n "checking for default user to run commands as... " >&6; } @@ -6762,13 +6784,13 @@ if test "${lt_cv_nm_interface+set}" = set; then : else lt_cv_nm_interface="BSD nm" echo "int some_variable = 0;" > conftest.$ac_ext - (eval echo "\"\$as_me:6765: $ac_compile\"" >&5) + (eval echo "\"\$as_me:6787: $ac_compile\"" >&5) (eval "$ac_compile" 2>conftest.err) cat conftest.err >&5 - (eval echo "\"\$as_me:6768: $NM \\\"conftest.$ac_objext\\\"\"" >&5) + (eval echo "\"\$as_me:6790: $NM \\\"conftest.$ac_objext\\\"\"" >&5) (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) cat conftest.err >&5 - (eval echo "\"\$as_me:6771: output\"" >&5) + (eval echo "\"\$as_me:6793: output\"" >&5) cat conftest.out >&5 if $GREP 'External.*some_variable' conftest.out > /dev/null; then lt_cv_nm_interface="MS dumpbin" @@ -7973,7 +7995,7 @@ ia64-*-hpux*) ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 7976 "configure"' > conftest.$ac_ext + echo '#line 7998 "configure"' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -9366,11 +9388,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:9369: $lt_compile\"" >&5) + (eval echo "\"\$as_me:9391: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:9373: \$? = $ac_status" >&5 + echo "$as_me:9395: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -9705,11 +9727,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:9708: $lt_compile\"" >&5) + (eval echo "\"\$as_me:9730: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:9712: \$? = $ac_status" >&5 + echo "$as_me:9734: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -9810,11 +9832,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:9813: $lt_compile\"" >&5) + (eval echo "\"\$as_me:9835: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:9817: \$? = $ac_status" >&5 + echo "$as_me:9839: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -9865,11 +9887,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:9868: $lt_compile\"" >&5) + (eval echo "\"\$as_me:9890: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:9872: \$? = $ac_status" >&5 + echo "$as_me:9894: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -12232,7 +12254,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 12235 "configure" +#line 12257 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -12328,7 +12350,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 12331 "configure" +#line 12353 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -20734,5 +20756,6 @@ fi + diff --git a/configure.in b/configure.in index c9ef33c98..2588b74a8 100644 --- a/configure.in +++ b/configure.in @@ -61,6 +61,7 @@ AC_SUBST([timedir])dnl real initial value from SUDO_TIMEDIR AC_SUBST([timeout]) AC_SUBST([password_timeout]) AC_SUBST([sudo_umask]) +AC_SUBST([umask_override]) AC_SUBST([passprompt]) AC_SUBST([long_otp_prompt]) AC_SUBST([lecture]) @@ -96,6 +97,7 @@ timedir=/var/adm/sudo timeout=5 password_timeout=5 sudo_umask=0022 +umask_override=off passprompt="Password:" long_otp_prompt=off lecture=once @@ -784,13 +786,24 @@ AS_HELP_STRING([--without-umask], [Preserves the umask of the user invoking sudo *) AC_MSG_ERROR(["you must enter a numeric mask."]) ;; esac]) -AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the root-run prog should use.]) +AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the sudo-run prog should use.]) if test "$sudo_umask" = "0777"; then AC_MSG_RESULT(user) else AC_MSG_RESULT($sudo_umask) fi +AC_ARG_WITH(umask-override, [AS_HELP_STRING([--with-umask-override], [Use the umask specified in sudoers even if it is less restrictive than the user's.])], +[case $with_umask_override in + yes) AC_DEFINE(UMASK_OVERRIDE) + umask_override=on + ;; + no) umask_override=off + ;; + *) AC_MSG_ERROR(["--with-umask-override does not take an argument."]) + ;; +esac]) + AC_MSG_CHECKING(for default user to run commands as) AC_ARG_WITH(runas-default, [AS_HELP_STRING([--with-runas-default], [User to run commands as (default is "root")])], [case $with_runas_default in @@ -2895,6 +2908,7 @@ AH_TEMPLATE(SEND_MAIL_WHEN_NO_USER, [Define to 1 to send mail when the user is n AH_TEMPLATE(SHELL_IF_NO_ARGS, [Define to 1 if you want sudo to start a shell if given no arguments.]) AH_TEMPLATE(SHELL_SETS_HOME, [Define to 1 if you want sudo to set $HOME in shell mode.]) AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.]) +AH_TEMPLATE(UMASK_OVERRIDE, [Define to 1 to use the umask specified in sudoers even when it is less restrictive than the invoking user's.]) AH_TEMPLATE(USE_ADMIN_FLAG, [Define to 1 if you want to create ~/.sudo_as_admin_successful if the user is in the admin group the first time they run sudo.]) AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.]) AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.]) diff --git a/defaults.c b/defaults.c index 10757eefc..79271ef32 100644 --- a/defaults.c +++ b/defaults.c @@ -433,6 +433,9 @@ init_defaults() #ifdef ENV_EDITOR def_env_editor = TRUE; #endif +#ifdef UMASK_OVERRIDE + def_umask_override = TRUE; +#endif #ifdef _PATH_SUDO_ASKPASS def_askpass = estrdup(_PATH_SUDO_ASKPASS); #endif diff --git a/sudoers.cat b/sudoers.cat index 164985535..e00b8ff24 100644 --- a/sudoers.cat +++ b/sudoers.cat @@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN -1.7.4 July 21, 2010 1 +1.7.5 September 14, 2010 1 @@ -127,7 +127,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.4 July 21, 2010 2 +1.7.5 September 14, 2010 2 @@ -193,7 +193,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.4 July 21, 2010 3 +1.7.5 September 14, 2010 3 @@ -259,7 +259,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.4 July 21, 2010 4 +1.7.5 September 14, 2010 4 @@ -325,7 +325,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.4 July 21, 2010 5 +1.7.5 September 14, 2010 5 @@ -391,7 +391,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.4 July 21, 2010 6 +1.7.5 September 14, 2010 6 @@ -457,7 +457,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.4 July 21, 2010 7 +1.7.5 September 14, 2010 7 @@ -523,7 +523,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.4 July 21, 2010 8 +1.7.5 September 14, 2010 8 @@ -589,7 +589,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.4 July 21, 2010 9 +1.7.5 September 14, 2010 9 @@ -611,8 +611,9 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS that the --HH option is always implied. Note that HOME is already set when the the _e_n_v___r_e_s_e_t option is enabled, so _a_l_w_a_y_s___s_e_t___h_o_m_e is only effective for - configurations where _e_n_v___r_e_s_e_t is disabled. This flag - is _o_f_f by default. + configurations where either _e_n_v___r_e_s_e_t is disabled or + HOME is present in the _e_n_v___k_e_e_p list. This flag is _o_f_f + by default. authenticate If set, users must authenticate themselves via a password (or other means of authentication) before they @@ -651,11 +652,10 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS its value will be used for the PATH environment variable. This flag is _o_n by default. - fast_glob Normally, ssuuddoo uses the _g_l_o_b(3) function to do shell- -1.7.4 July 21, 2010 10 +1.7.5 September 14, 2010 10 @@ -664,6 +664,7 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + fast_glob Normally, ssuuddoo uses the _g_l_o_b(3) function to do shell- style globbing when matching path names. However, since it accesses the file system, _g_l_o_b(3) can take a long time to complete for some patterns, especially @@ -717,11 +718,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) insults If set, ssuuddoo will insult users when they enter an incorrect password. This flag is _o_f_f by default. - log_host If set, the host name will be logged in the (non- -1.7.4 July 21, 2010 11 +1.7.5 September 14, 2010 11 @@ -730,6 +730,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + log_host If set, the host name will be logged in the (non- syslog) ssuuddoo log file. This flag is _o_f_f by default. log_year If set, the four-digit year will be logged in the (non- @@ -783,11 +784,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) passprompt_override The password prompt specified by _p_a_s_s_p_r_o_m_p_t will normally only be used if the password prompt provided - by systems such as PAM matches the string "Password:". -1.7.4 July 21, 2010 12 +1.7.5 September 14, 2010 12 @@ -796,6 +796,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + by systems such as PAM matches the string "Password:". If _p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e is set, _p_a_s_s_p_r_o_m_p_t will always be used. This flag is _o_f_f by default. @@ -846,14 +847,13 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) --uu option is used). This effectively makes the --ss option imply --HH. Note that HOME is already set when the the _e_n_v___r_e_s_e_t option is enabled, so _s_e_t___h_o_m_e is - only effective for configurations where _e_n_v___r_e_s_e_t is - disabled. This flag is _o_f_f by default. - - set_logname Normally, ssuuddoo will set the LOGNAME, USER and USERNAME + only effective for configurations where either + _e_n_v___r_e_s_e_t is disabled or HOME is present in the + _e_n_v___k_e_e_p list. This flag is _o_f_f by default. -1.7.4 July 21, 2010 13 +1.7.5 September 14, 2010 13 @@ -862,6 +862,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + set_logname Normally, ssuuddoo will set the LOGNAME, USER and USERNAME environment variables to the name of the target user (usually root unless the --uu option is given). However, since some programs (including the RCS revision control @@ -918,8 +919,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - -1.7.4 July 21, 2010 14 +1.7.5 September 14, 2010 14 @@ -985,7 +985,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.4 July 21, 2010 15 +1.7.5 September 14, 2010 15 @@ -1051,7 +1051,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.4 July 21, 2010 16 +1.7.5 September 14, 2010 16 @@ -1117,7 +1117,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.4 July 21, 2010 17 +1.7.5 September 14, 2010 17 @@ -1183,7 +1183,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.4 July 21, 2010 18 +1.7.5 September 14, 2010 18 @@ -1249,7 +1249,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.4 July 21, 2010 19 +1.7.5 September 14, 2010 19 @@ -1315,7 +1315,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.4 July 21, 2010 20 +1.7.5 September 14, 2010 20 @@ -1381,7 +1381,7 @@ EEXXAAMMPPLLEESS -1.7.4 July 21, 2010 21 +1.7.5 September 14, 2010 21 @@ -1447,7 +1447,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.4 July 21, 2010 22 +1.7.5 September 14, 2010 22 @@ -1513,7 +1513,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7.4 July 21, 2010 23 +1.7.5 September 14, 2010 23 @@ -1579,7 +1579,7 @@ SSEECCUURRIITTYY NNOOTTEESS -1.7.4 July 21, 2010 24 +1.7.5 September 14, 2010 24 @@ -1645,7 +1645,7 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS -1.7.4 July 21, 2010 25 +1.7.5 September 14, 2010 25 @@ -1711,7 +1711,7 @@ SSUUPPPPOORRTT -1.7.4 July 21, 2010 26 +1.7.5 September 14, 2010 26 @@ -1777,6 +1777,6 @@ DDIISSCCLLAAIIMMEERR -1.7.4 July 21, 2010 27 +1.7.5 September 14, 2010 27 diff --git a/sudoers.man.in b/sudoers.man.in index 5dff20053..c83962d54 100644 --- a/sudoers.man.in +++ b/sudoers.man.in @@ -22,7 +22,7 @@ .nr BA @BAMAN@ .nr LC @LCMAN@ .\" -.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) +.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) .\" .\" Standard preamble: .\" ======================================================================== @@ -148,7 +148,7 @@ .\" ======================================================================== .\" .IX Title "SUDOERS @mansectform@" -.TH SUDOERS @mansectform@ "July 21, 2010" "1.7.4" "MAINTENANCE COMMANDS" +.TH SUDOERS @mansectform@ "September 14, 2010" "1.7.5" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -740,7 +740,8 @@ home directory of the target user (which is root unless the \fB\-u\fR option is used). This effectively means that the \fB\-H\fR option is always implied. Note that \f(CW\*(C`HOME\*(C'\fR is already set when the the \&\fIenv_reset\fR option is enabled, so \fIalways_set_home\fR is only -effective for configurations where \fIenv_reset\fR is disabled. +effective for configurations where either \fIenv_reset\fR is disabled +or \f(CW\*(C`HOME\*(C'\fR is present in the \fIenv_keep\fR list. This flag is \fIoff\fR by default. .IP "authenticate" 16 .IX Item "authenticate" @@ -936,7 +937,8 @@ environment variable will be set to the home directory of the target user (which is root unless the \fB\-u\fR option is used). This effectively makes the \fB\-s\fR option imply \fB\-H\fR. Note that \f(CW\*(C`HOME\*(C'\fR is already set when the the \fIenv_reset\fR option is enabled, so \fIset_home\fR is -only effective for configurations where \fIenv_reset\fR is disabled. +only effective for configurations where either \fIenv_reset\fR is disabled +or \f(CW\*(C`HOME\*(C'\fR is present in the \fIenv_keep\fR list. This flag is \fIoff\fR by default. .IP "set_logname" 16 .IX Item "set_logname" @@ -1022,7 +1024,7 @@ modification. This makes it possible to specify a more permissive umask in \fIsudoers\fR than the user's own umask and matches historical behavior. If \fIumask_override\fR is not set, \fBsudo\fR will set the umask to be the union of the user's umask and what is specified in -\&\fIsudoers\fR. This flag is \fIoff\fR by default. +\&\fIsudoers\fR. This flag is \fI@umask_override@\fR by default. .if \n(LC \{\ .IP "use_loginclass" 16 .IX Item "use_loginclass" diff --git a/sudoers.pod b/sudoers.pod index 519984e1b..684911614 100644 --- a/sudoers.pod +++ b/sudoers.pod @@ -919,7 +919,7 @@ modification. This makes it possible to specify a more permissive umask in I than the user's own umask and matches historical behavior. If I is not set, B will set the umask to be the union of the user's umask and what is specified in -I. This flag is I by default. +I. This flag is I<@umask_override@> by default. =item use_loginclass -- 2.40.0