Changeset 61b8305

Timestamp:

03/14/2012 09:35:12 PM (12 years ago)

Author:

Krejzi <krejzi@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

8c4a66d

Parents:

d41c02b

Message:

sudo 1.8.4p4

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@9704 af4574ff-66df-0310-9fd7-8a98e5e911e0

Files:

• general.ent (modified) (1 diff)
• introduction/welcome/changelog.xml (modified) (1 diff)
• postlfs/security/sudo.xml (modified) (7 diffs)

general.ent

@@ -139 +139 @@
 <!ENTITY shadow-version               "4.1.5">
 <!ENTITY stunnel-version              "4.52">
-<!ENTITY sudo-version                 "1.8.2">
+<!ENTITY sudo-version                 "1.8.4p4">
 <!ENTITY tcpwrappers-version          "7.6">
 <!ENTITY tripwire-version             "2.4.2.2">

introduction/welcome/changelog.xml

@@ -58 +58 @@
         </listitem>
         <listitem>
+          <para>[krejzi] - sudo 1.8.4p4.</para>
+        </listitem>
+        <listitem>
           <para>[abenton] - Thunderbird 11.0.</para>
         </listitem>

postlfs/security/sudo.xml

@@ -7 +7 @@
   <!ENTITY sudo-download-http "http://www.sudo.ws/sudo/dist/sudo-&sudo-version;.tar.gz">
   <!ENTITY sudo-download-ftp  "ftp://ftp.twaren.net/Unix/Security/Sudo/sudo-&sudo-version;.tar.gz">
-  <!ENTITY sudo-md5sum        "000f458e7391be9fdf459a9ad6a4912a">
-  <!ENTITY sudo-size          "1.4 MB">
-  <!ENTITY sudo-buildsize     "13 MB">
-  <!ENTITY sudo-time          "0.2 SBU">
+  <!ENTITY sudo-md5sum        "b9be6df7ecefedff2263052ed9fc5e93">
+  <!ENTITY sudo-size          "1.5 MB">
+  <!ENTITY sudo-buildsize     "16 MB">
+  <!ENTITY sudo-time          "0.3 SBU">
 ]>
 
@@ -60 +60 @@
     </itemizedlist>
 
-    <bridgehead renderas="sect3">Additional Downloads</bridgehead>
-    <itemizedlist spacing="compact">
-      <listitem>
-        <para>Required patch: <ulink
-        url="&patch-root;/sudo-&sudo-version;-fprintf_debug-1.patch"/></para>
-      </listitem>
-    </itemizedlist>
-
     <bridgehead renderas="sect3">Sudo Dependencies</bridgehead>
 
     <bridgehead renderas="sect4">Optional</bridgehead>
-    <para role="optional"><xref linkend="linux-pam"/>,
-    <ulink url="ftp://ftp.nrl.navy.mil/pub/security/opie">Opie</ulink>,
-    <ulink url="http://www.rsa.com/node.aspx?id=1156">SecurID</ulink>,
+    <para role="optional"><ulink url="http://www.openafs.org/">AFS</ulink>,
+    <xref linkend="linux-pam"/>,
     <ulink url="http://www.fwtk.org/">FWTK</ulink>,
+    <xref linkend="mitkrb"/>,
     an <xref linkend="server-mail"/> (that provides a
     <command>sendmail</command> command),
-    <ulink url="http://www.pdc.kth.se/kth-krb/">krb4</ulink>,
-    <xref linkend="heimdal"/> or <xref linkend="mitkrb"/>,
-    <xref linkend="openldap"/>, and
-    <ulink url="http://www.openafs.org/">AFS</ulink></para>
+    <xref linkend="openldap"/>,
+    <ulink url="ftp://ftp.nrl.navy.mil/pub/security/opie">Opie</ulink> and
+    <ulink url="http://www.rsa.com/node.aspx?id=1156">SecurID</ulink></para>
 
     <para condition="html" role="usernotes">User Notes:
@@ -93 +84 @@
     the following commands:</para>
 
-<screen><userinput>patch -p1 &lt; ../sudo-&sudo-version;-fprintf_debug-1.patch &amp;&amp;
-./configure --prefix=/usr \
-            --libexecdir=/usr/lib \
-            --with-ignore-dot \
+<screen><userinput>./configure --prefix=/usr \
+            --libexecdir=/usr/lib/sudo \
             --with-all-insults \
-            --enable-shell-sets-home \
-            --disable-root-sudo \
-            --with-logfac=auth \
+            --with-env-editor \
             --without-pam \
             --without-sendmail &amp;&amp;
@@ -116 +103 @@
     <title>Command Explanations</title>
 
-    <para><command>patch -p1 &lt; ...</command>: This patch fixes a
-    vulnerability in the debugging code in sudo versions 1.8.0 through 1.8.3p1
-    that can be used to crash sudo or potentially allow an unauthorized user to
-    achieve root privileges.</para>
-
-    <para><option>--with-ignore-dot</option>: This switch causes
-    <application>sudo</application> to ignore '.' in the PATH.</para>
-
     <para><option>--with-all-insults</option>: This switch includes all the
     <application>sudo</application> insult sets.</para>
 
-    <para><option>--enable-shell-sets-home</option>: This switch sets HOME to
-    the target user in shell mode.</para>
-
-    <para><option>--disable-root-sudo</option>: This switch keeps the
-    <systemitem class="username">root</systemitem> user from running sudo,
-    preventing users from chaining commands to get a root shell.</para>
-
-    <para><option>--with-logfac=auth</option>: This switch forces use of the
-    auth facility for logging.</para>
+    <para><option>--with-env-editor</option>: This switch enables use of the 
+    environment variable EDITOR for <command>visudo</command>.</para>
 
     <para><option>--without-pam</option>: This switch disables the use of
     <application>PAM</application> authentication. Omit if you have
-    <application>PAM</application> installed.</para>
+    <application>Linux PAM</application> installed.</para>
 
     <para><option>--without-sendmail</option>: This switch disables the use of
-    sendmail.  Remove if you have a sendmail compatible MTA.</para>
-
-    <para><option>--enable-noargs-shell</option>: This switch allows
-    <application>sudo</application> to run a shell if invoked with no
-    arguments.</para>
+    sendmail. Remove if you have a sendmail compatible MTA.</para>
 
     <note>
@@ -213 +181 @@
 account   include     system-account
 
-# Use xauth keys (if available)
-session   optional    pam_xauth.so
-
 # Set default environment variables for the service user
 session   required    pam_env.so
@@ -239 +204 @@
 
       <seglistitem>
-        <seg>sudo, sudoedit, and visudo</seg>
-        <seg>sudo_noexec.so</seg>
+        <seg>sudo, sudoedit, sudoreplay and visudo</seg>
+        <seg>sudoers.so and sudo_noexec.so</seg>
         <seg>None</seg>
       </seglistitem>
@@ -285 +250 @@
       </varlistentry>
 
+      <varlistentry id="sudoreplay">
+        <term><command>sudoreplay</command></term>
+        <listitem>
+          <para>is used to play back or list the output 
+          logs created by <command>sudo</command>.</para>
+          <indexterm zone="sudo sudoreplay">
+            <primary sortas="b-sudoreplay">sudoreplay</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry id="sudoers">
+        <term><filename class='libraryfile'>sudoers.so</filename></term>
+        <listitem>
+          <para>is default sudo security policy module.</para>
+          <indexterm zone="sudo sudoers">
+            <primary sortas="c-sudoers">sudoers.so</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
 
       <varlistentry id="sudo_noexec">