From e51831fab36f88bc9ccf4e6ab7987d8e84a233c2 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Mon, 8 May 2017 13:55:02 -0600
Subject: [PATCH] Be clear that #includedir diverts control to the files in the
 specified directory and, when parsing of those files is complete, returns
 control to the original file.  Bug #775

---
 doc/sudoers.cat     | 15 +++++++++------
 doc/sudoers.man.in  |  8 ++++++--
 doc/sudoers.mdoc.in |  8 ++++++--
 3 files changed, 21 insertions(+), 10 deletions(-)

diff --git a/doc/sudoers.cat b/doc/sudoers.cat
index b880ee45e..a647432e1 100644
--- a/doc/sudoers.cat
+++ b/doc/sudoers.cat
@@ -852,14 +852,17 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT
 
          #includedir /etc/sudoers.d
 
-     ssuuddoo will read each file in _/_e_t_c_/_s_u_d_o_e_r_s_._d, skipping file names that end
-     in `~' or contain a `.' character to avoid causing problems with package
-     manager or editor temporary/backup files.  Files are parsed in sorted
-     lexical order.  That is, _/_e_t_c_/_s_u_d_o_e_r_s_._d_/_0_1___f_i_r_s_t will be parsed before
+     ssuuddoo will suspend processing of the current file and read each file in
+     _/_e_t_c_/_s_u_d_o_e_r_s_._d, skipping file names that end in `~' or contain a `.'
+     character to avoid causing problems with package manager or editor
+     temporary/backup files.  Files are parsed in sorted lexical order.  That
+     is, _/_e_t_c_/_s_u_d_o_e_r_s_._d_/_0_1___f_i_r_s_t will be parsed before
      _/_e_t_c_/_s_u_d_o_e_r_s_._d_/_1_0___s_e_c_o_n_d.  Be aware that because the sorting is lexical,
      not numeric, _/_e_t_c_/_s_u_d_o_e_r_s_._d_/_1___w_h_o_o_p_s would be loaded _a_f_t_e_r
      _/_e_t_c_/_s_u_d_o_e_r_s_._d_/_1_0___s_e_c_o_n_d.  Using a consistent number of leading zeroes in
-     the file names can be used to avoid such problems.
+     the file names can be used to avoid such problems.  After parsing the
+     files in the directory, control returns to the file that contained the
+     #includedir directive.
 
      Note that unlike files included via #include, vviissuuddoo will not edit the
      files in a #includedir directory unless one of them contains a syntax
@@ -2810,4 +2813,4 @@ DDIISSCCLLAAIIMMEERR
      file distributed with ssuuddoo or https://www.sudo.ws/license.html for
      complete details.
 
-Sudo 1.8.20                       May 3, 2017                      Sudo 1.8.20
+Sudo 1.8.20                       May 8, 2017                      Sudo 1.8.20
diff --git a/doc/sudoers.man.in b/doc/sudoers.man.in
index 2ebed460e..18de06b83 100644
--- a/doc/sudoers.man.in
+++ b/doc/sudoers.man.in
@@ -21,7 +21,7 @@
 .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
-.TH "SUDOERS" "5" "May 3, 2017" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDOERS" "5" "May 8, 2017" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -1819,7 +1819,7 @@ For example, given:
 .fi
 .PP
 \fBsudo\fR
-will read each file in
+will suspend processing of the current file and read each file in
 \fI/etc/sudoers.d\fR,
 skipping file names that end in
 \(oq~\(cq
@@ -1839,6 +1839,10 @@ would be loaded
 \fI/etc/sudoers.d/10_second\fR.
 Using a consistent number of leading zeroes in the file names can be used
 to avoid such problems.
+After parsing the files in the directory, control returns to the
+file that contained the
+\fR#includedir\fR
+directive.
 .PP
 Note that unlike files included via
 \fR#include\fR,
diff --git a/doc/sudoers.mdoc.in b/doc/sudoers.mdoc.in
index f902b9d2d..a69a7acc5 100644
--- a/doc/sudoers.mdoc.in
+++ b/doc/sudoers.mdoc.in
@@ -19,7 +19,7 @@
 .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
-.Dd May 3, 2017
+.Dd May 8, 2017
 .Dt SUDOERS @mansectform@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -1695,7 +1695,7 @@ For example, given:
 .Ed
 .Pp
 .Nm sudo
-will read each file in
+will suspend processing of the current file and read each file in
 .Pa /etc/sudoers.d ,
 skipping file names that end in
 .Ql ~
@@ -1715,6 +1715,10 @@ would be loaded
 .Pa /etc/sudoers.d/10_second .
 Using a consistent number of leading zeroes in the file names can be used
 to avoid such problems.
+After parsing the files in the directory, control returns to the
+file that contained the
+.Li #includedir
+directive.
 .Pp
 Note that unlike files included via
 .Li #include ,
-- 
2.40.0