Changeset 61b8305
- Timestamp:
- 03/14/2012 09:35:12 PM (12 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 8c4a66d
- Parents:
- d41c02b
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
general.ent
rd41c02b r61b8305 139 139 <!ENTITY shadow-version "4.1.5"> 140 140 <!ENTITY stunnel-version "4.52"> 141 <!ENTITY sudo-version "1.8. 2">141 <!ENTITY sudo-version "1.8.4p4"> 142 142 <!ENTITY tcpwrappers-version "7.6"> 143 143 <!ENTITY tripwire-version "2.4.2.2"> -
introduction/welcome/changelog.xml
rd41c02b r61b8305 58 58 </listitem> 59 59 <listitem> 60 <para>[krejzi] - sudo 1.8.4p4.</para> 61 </listitem> 62 <listitem> 60 63 <para>[abenton] - Thunderbird 11.0.</para> 61 64 </listitem> -
postlfs/security/sudo.xml
rd41c02b r61b8305 7 7 <!ENTITY sudo-download-http "http://www.sudo.ws/sudo/dist/sudo-&sudo-version;.tar.gz"> 8 8 <!ENTITY sudo-download-ftp "ftp://ftp.twaren.net/Unix/Security/Sudo/sudo-&sudo-version;.tar.gz"> 9 <!ENTITY sudo-md5sum " 000f458e7391be9fdf459a9ad6a4912a">10 <!ENTITY sudo-size "1. 4MB">11 <!ENTITY sudo-buildsize "1 3MB">12 <!ENTITY sudo-time "0. 2SBU">9 <!ENTITY sudo-md5sum "b9be6df7ecefedff2263052ed9fc5e93"> 10 <!ENTITY sudo-size "1.5 MB"> 11 <!ENTITY sudo-buildsize "16 MB"> 12 <!ENTITY sudo-time "0.3 SBU"> 13 13 ]> 14 14 … … 60 60 </itemizedlist> 61 61 62 <bridgehead renderas="sect3">Additional Downloads</bridgehead>63 <itemizedlist spacing="compact">64 <listitem>65 <para>Required patch: <ulink66 url="&patch-root;/sudo-&sudo-version;-fprintf_debug-1.patch"/></para>67 </listitem>68 </itemizedlist>69 70 62 <bridgehead renderas="sect3">Sudo Dependencies</bridgehead> 71 63 72 64 <bridgehead renderas="sect4">Optional</bridgehead> 73 <para role="optional"><xref linkend="linux-pam"/>, 74 <ulink url="ftp://ftp.nrl.navy.mil/pub/security/opie">Opie</ulink>, 75 <ulink url="http://www.rsa.com/node.aspx?id=1156">SecurID</ulink>, 65 <para role="optional"><ulink url="http://www.openafs.org/">AFS</ulink>, 66 <xref linkend="linux-pam"/>, 76 67 <ulink url="http://www.fwtk.org/">FWTK</ulink>, 68 <xref linkend="mitkrb"/>, 77 69 an <xref linkend="server-mail"/> (that provides a 78 70 <command>sendmail</command> command), 79 <ulink url="http://www.pdc.kth.se/kth-krb/">krb4</ulink>, 80 <xref linkend="heimdal"/> or <xref linkend="mitkrb"/>, 81 <xref linkend="openldap"/>, and 82 <ulink url="http://www.openafs.org/">AFS</ulink></para> 71 <xref linkend="openldap"/>, 72 <ulink url="ftp://ftp.nrl.navy.mil/pub/security/opie">Opie</ulink> and 73 <ulink url="http://www.rsa.com/node.aspx?id=1156">SecurID</ulink></para> 83 74 84 75 <para condition="html" role="usernotes">User Notes: … … 93 84 the following commands:</para> 94 85 95 <screen><userinput>patch -p1 < ../sudo-&sudo-version;-fprintf_debug-1.patch && 96 ./configure --prefix=/usr \ 97 --libexecdir=/usr/lib \ 98 --with-ignore-dot \ 86 <screen><userinput>./configure --prefix=/usr \ 87 --libexecdir=/usr/lib/sudo \ 99 88 --with-all-insults \ 100 --enable-shell-sets-home \ 101 --disable-root-sudo \ 102 --with-logfac=auth \ 89 --with-env-editor \ 103 90 --without-pam \ 104 91 --without-sendmail && … … 116 103 <title>Command Explanations</title> 117 104 118 <para><command>patch -p1 < ...</command>: This patch fixes a119 vulnerability in the debugging code in sudo versions 1.8.0 through 1.8.3p1120 that can be used to crash sudo or potentially allow an unauthorized user to121 achieve root privileges.</para>122 123 <para><option>--with-ignore-dot</option>: This switch causes124 <application>sudo</application> to ignore '.' in the PATH.</para>125 126 105 <para><option>--with-all-insults</option>: This switch includes all the 127 106 <application>sudo</application> insult sets.</para> 128 107 129 <para><option>--enable-shell-sets-home</option>: This switch sets HOME to 130 the target user in shell mode.</para> 131 132 <para><option>--disable-root-sudo</option>: This switch keeps the 133 <systemitem class="username">root</systemitem> user from running sudo, 134 preventing users from chaining commands to get a root shell.</para> 135 136 <para><option>--with-logfac=auth</option>: This switch forces use of the 137 auth facility for logging.</para> 108 <para><option>--with-env-editor</option>: This switch enables use of the 109 environment variable EDITOR for <command>visudo</command>.</para> 138 110 139 111 <para><option>--without-pam</option>: This switch disables the use of 140 112 <application>PAM</application> authentication. Omit if you have 141 <application> PAM</application> installed.</para>113 <application>Linux PAM</application> installed.</para> 142 114 143 115 <para><option>--without-sendmail</option>: This switch disables the use of 144 sendmail. Remove if you have a sendmail compatible MTA.</para> 145 146 <para><option>--enable-noargs-shell</option>: This switch allows 147 <application>sudo</application> to run a shell if invoked with no 148 arguments.</para> 116 sendmail. Remove if you have a sendmail compatible MTA.</para> 149 117 150 118 <note> … … 213 181 account include system-account 214 182 215 # Use xauth keys (if available)216 session optional pam_xauth.so217 218 183 # Set default environment variables for the service user 219 184 session required pam_env.so … … 239 204 240 205 <seglistitem> 241 <seg>sudo, sudoedit, and visudo</seg>242 <seg>sudo _noexec.so</seg>206 <seg>sudo, sudoedit, sudoreplay and visudo</seg> 207 <seg>sudoers.so and sudo_noexec.so</seg> 243 208 <seg>None</seg> 244 209 </seglistitem> … … 285 250 </varlistentry> 286 251 252 <varlistentry id="sudoreplay"> 253 <term><command>sudoreplay</command></term> 254 <listitem> 255 <para>is used to play back or list the output 256 logs created by <command>sudo</command>.</para> 257 <indexterm zone="sudo sudoreplay"> 258 <primary sortas="b-sudoreplay">sudoreplay</primary> 259 </indexterm> 260 </listitem> 261 </varlistentry> 262 263 <varlistentry id="sudoers"> 264 <term><filename class='libraryfile'>sudoers.so</filename></term> 265 <listitem> 266 <para>is default sudo security policy module.</para> 267 <indexterm zone="sudo sudoers"> 268 <primary sortas="c-sudoers">sudoers.so</primary> 269 </indexterm> 270 </listitem> 271 </varlistentry> 287 272 288 273 <varlistentry id="sudo_noexec">
Note:
See TracChangeset
for help on using the changeset viewer.