Changeset 3c0f868f for postlfs

Timestamp:

12/22/2005 03:32:33 AM (18 years ago)

Author:

Archaic <archaic@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

2130862

Parents:

589e525

Message:

Removed the obsolete sed in sudo and added a note to use visudo to edit the sudoers file.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@5453 af4574ff-66df-0310-9fd7-8a98e5e911e0

File:

• postlfs/security/sudo.xml (modified) (5 diffs)

postlfs/security/sudo.xml

@@ -84 +84 @@
     the following commands:</para>
 
-<screen><userinput>sed -i -e 's/CDPATH",/&amp;\n    "SHELLOPTS",\n    "PS4",/' env.c
-./configure --prefix=/usr --libexecdir=/usr/lib \
+<screen><userinput>./configure --prefix=/usr --libexecdir=/usr/lib \
     --enable-noargs-shell --with-ignore-dot --with-all-insults \
     --enable-shell-sets-home &amp;&amp;
@@ -98 +97 @@
   <sect2 role="commands">
     <title>Command Explanations</title>
-
-    <para><command>sed -i -e 's/CDPATH",/&amp;\n    "SHELLOPTS",\n    "PS4",/'
-    env.c</command>:  This command adds two environment variables to a list of
-    variables to be excluded from the target environment.  It solves a
-    security problem.</para>
 
     <para><option>--enable-noargs-shell</option>: This switch allows
@@ -160 +154 @@
       <para>For details, see <command>man sudoers</command>.</para>
 
+      <note>
+        <para>The <application>Sudo</application> developers highly recommend
+        using the <command>visudo</command> program to edit the
+        <filename>sudoers</filename> file. This will provide basic sanity
+        checking like syntax parsing and file permission to avoid some possible
+        mistakes that could lead to a vulnerable configuration.</para>
+      </note>
+
     </sect3>
 
@@ -173 +175 @@
 
       <seglistitem>
-        <seg>sudo and sudoedit</seg>
+        <seg>sudo, sudoedit, and visudo</seg>
         <seg>sudo_noexec.so</seg>
         <seg>None</seg>
@@ -208 +210 @@
       </varlistentry>
 
+      <varlistentry id="visudo">
+        <term><command>visudo</command></term>
+        <listitem>
+          <para>allows for safer editing of the <filename>sudoers</filename>
+          file.</para>
+          <indexterm zone="sudo visudo">
+            <primary sortas="b-visudo">visudo</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+
+
       <varlistentry id="sudo_noexec">
         <term><filename class='libraryfile'>sudo_noexec.so</filename></term>