debian/0000775000000000000000000000000012276217107007175 5ustar debian/sudo-ldap.postinst0000664000000000000000000000402612274340015012665 0ustar #!/bin/sh set -e # remove old link if [ -L /etc/alternatives/sudo ]; then rm /etc/alternatives/sudo fi # complain if no sudoers file is present if [ ! -f /etc/sudoers ];then echo "WARNING: /etc/sudoers not present!"; fi # modify nsswitch.conf if needed if [ -z "`grep \"^sudoers:\" /etc/nsswitch.conf`" ] then echo "sudoers: files ldap" >> /etc/nsswitch.conf fi # handle state directory transition from /var/run/sudo to /var/lib/sudo, # moving any existing content over to avoid re-lecturing existing users if [ -d "/var/run/sudo" ];then mkdir -p /var/lib/sudo (cd /var/run/sudo ; tar cf - .) | (cd /var/lib/sudo ; tar xf -) rm -rf /var/run/sudo fi # make sure sudoers has the correct permissions and owner/group chown root:root /etc/sudoers chmod 440 /etc/sudoers # create symlink to ease transition to new path for ldap config # if old config file exists and new one doesn't if [ -e /etc/ldap/ldap.conf -a ! -e /etc/sudo-ldap.conf ];then ln -s ldap/ldap.conf /etc/sudo-ldap.conf fi # if we've gotten this far .. remove the saved, unchanged old sudoers file rm -f /etc/sudoers.pre-conffile # make sure we have a sudo group [ -n "`getent group sudo`" ] && exit 0 # we're finished if there is a group sudo: # start search with gid 27 gid="27" while [ -n "`getent group $gid | cut -d: -f3`" ];do gid=`expr $gid + 1` done if [ "$gid" -ne "27" ];then echo "On Debian we normally use gid 27 for 'sudo'." gname="`getent group 27 | cut -d: -f1`" echo "However, on your system gid 27 is group '$gname'." echo "" echo "Would you like me to stop configuring sudo so that you can change this?"; while true;do echo -n "(Enter 'yes' to stop, enter to continue): " read ans [ "$ans" = "" ] && break if [ "$ans" = "yes" -o "$ans" = "YES" ];then echo "'dpkg --pending --configure' will restart the configuration." exit 1; fi echo "Please enter exactly 'yes' to stop, or press the enter key to continue without stopping" done fi echo "Creating group 'sudo' with gid = $gid"; groupadd -g $gid sudo echo "" #DEBHELPER# debian/sudo.prerm0000664000000000000000000000233512274340015011212 0ustar #!/bin/sh set -e check_password() { if [ ! "$SUDO_FORCE_REMOVE" = "yes" ]; then # let's check whether the root account is locked. # if it is, we're not going another step. No Sirreee! passwd=$(getent shadow root|cut -f2 -d:) passwd1=$(echo "$passwd" |cut -c1) # Note: we do need the 'xfoo' syntax here, since POSIX special-cases # the $passwd value '!' as negation. if [ "x$passwd" = "x*" ] || [ "x$passwd1" = "x!" ]; then # yup, password is locked echo "You have asked that the sudo package be removed," echo "but no root password has been set." echo "Without sudo, you may not be able to gain administrative privileges." echo echo "If you would prefer to access the root account with su(1)" echo "or by logging in directly," echo "you must set a root password with \"sudo passwd\"." echo echo "If you have arranged other means to access the root account," echo "and you are sure this is what you want," echo "you may bypass this check by setting an environment variable " echo "(export SUDO_FORCE_REMOVE=yes)." echo echo "Refusing to remove sudo." exit 1 fi fi } case $1 in remove) check_password; ;; *) ;; esac #DEBHELPER# exit 0 debian/sudo-ldap.dirs0000664000000000000000000000027612274340015011746 0ustar etc/pam.d etc/sudoers.d lib/systemd/system usr/bin usr/share/man/man8 usr/share/man/man5 usr/sbin usr/share/doc/sudo-ldap/examples usr/share/lintian/overrides usr/share/apport/package-hooks debian/copyright0000664000000000000000000000572112274340015011126 0ustar This is the Debian GNU/Linux prepackaged version of sudo. sudo is used to provide limited super user privileges to specific users. Bdale Garbee maintains this package using sources from http://www.sudo.ws/ Sudo is distributed under the following ISC-style license: Copyright (c) 1994-1996, 1998-2008 Todd C. Miller Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. Sponsored in part by the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F39502-99-1-0512. Additionally, fnmatch.c, fnmatch.h, getcwd.c, glob.c, glob.h and snprintf.c bear the following UCB license: Copyright (c) 1987, 1989, 1990, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. debian/control0000664000000000000000000000315512274340015010575 0ustar Source: sudo Section: admin Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Bdale Garbee Build-Depends: debhelper (>= 7), libpam0g-dev, libldap2-dev, libsasl2-dev, libselinux1-dev [linux-any], autoconf, autotools-dev, bison, flex, dh-autoreconf Standards-Version: 3.9.5 Vcs-Git: git://git.debian.org/git/collab-maint/sudo.git Vcs-Browser: http://git.debian.org/?p=collab-maint/sudo.git Package: sudo Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libpam-modules Conflicts: sudo-ldap Replaces: sudo-ldap Description: Provide limited super user privileges to specific users Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. . This version is built with minimal shared library dependencies, use the sudo-ldap package instead if you need LDAP support for sudoers. Package: sudo-ldap Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libpam-modules Conflicts: sudo Replaces: sudo Provides: sudo Description: Provide limited super user privileges to specific users Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. . This version is built with LDAP support, which allows an equivalent of the sudoers database to be distributed via LDAP. Authentication is still performed via pam. debian/NEWS0000664000000000000000000000330612274340015007667 0ustar sudo (1.8.2-1) unstable; urgency=low The sudo package is no longer configured using --with-secure-path. Instead, the provided sudoers file now contains a line declaring 'Defaults secure_path=' with the same path content that was previously hard-coded in the binary. A consequence of this change is that if you do not have such a definition in sudoers, the PATH searched for commands by sudo may be empty. Using explicit paths for each command you want to run with sudo will work well enough to allow the sudoers file to be updated with a suitable entry if one is not already present and you choose to not accept the updated version provided by the package. -- Bdale Garbee Wed, 24 Aug 2011 13:33:11 -0600 sudo (1.7.4p4-2) unstable; urgency=low The HOME and MAIL environment variables are now reset based on the target user's password database entry when the env_reset sudoers option is enabled (which is the case in the default configuration). Users wishing to preserve the original values should use a sudoers entry like: Defaults env_keep += HOME to preserve the old value of HOME and Defaults env_keep += MAIL to preserve the old value of MAIL. The change in handling of HOME is known to affect programs like pbuilder. -- Bdale Garbee Wed, 08 Sep 2010 14:29:16 -0600 sudo (1.6.8p12-5) unstable; urgency=low The sudo package is no longer configured --with-exempt=sudo. If you depend on members of group sudo being able to run sudo without needing a password, you will need to put "%sudo ALL=NOPASSWD: ALL" in /etc/sudoers to preserve equivalent functionality. -- Bdale Garbee Tue, 3 Apr 2007 21:13:39 -0600 debian/README.Debian0000664000000000000000000000372312274340015011234 0ustar The version of sudo that ships with Debian by default resets the environment, as described by the "env_reset" flag in the sudoers file. This implies that all environment variables are removed, except for LOGNAME, PATH, SHELL, TERM, DISPLAY, XAUTHORITY, XAUTHORIZATION, XAPPLRESDIR, XFILESEARCHPATH, XUSERFILESEARCHPATH, LANG, LANGUAGE, LC_*, and USER. In case you want sudo to preserve more environment variables, you must specify the env_keep variable in the sudoers file. You should edit the sudoers file using the visudo tool. Examples: Preserve the default variables plus the EDITOR variable: Defaults env_keep+="EDITOR" Preserve the default variables plus all variables starting with LC_: Defaults env_keep+="LC_*" - - - - - If you're using the sudo-ldap package, note that it is now configured to look for /etc/sudo-ldap.conf. Depending on your system configuration, it probably makes sense for this to be a symlink to /etc/ldap.conf, or perhaps to /etc/libnss-ldap.conf or /etc/pam_ldap.conf. By default, no symlink or file is provided, you'll need to decide what to do and create a suitable file before sudo-ldap will work. - - - - - As of version 1.7, sudo-ldap now requires the LDAP source to be specified in /etc/nsswitch.conf with a line like: sudoers: ldap - - - - - Note that the support for the sss provider (libsss_sudo.so) that allows sudo to use SSSD as a cache for policies stored in LDAP is included in the sudo package, not in the sudo-ldap package. I have some hope that this turns out to be a better overall solution for using sudo with LDAP, as the sudo-ldap package is difficult to maintain and I'd love to be able to eliminate it! - - - - - See the file OPTIONS in this directory for more information on the sudo build options used in building the Debian package. - - - - - If you're having trouble grasping the fundamental idea of what sudo is all about, here's a succinct and humorous take on it... http://www.xkcd.com/c149.html debian/compat0000664000000000000000000000000212274340015010364 0ustar 5 debian/sudo-ldap.lintian0000664000000000000000000000060412274340015012436 0ustar sudo-ldap: non-standard-file-perm etc/sudoers.d/README 0440 != 0644 sudo-ldap: setuid-binary usr/bin/sudo 4755 root/root sudo-ldap: setuid-binary usr/bin/sudoedit 4755 root/root sudo-ldap: read-in-maintainer-script sudo-ldap: duplicate-updaterc.d-calls-in-postinst sudo-ldap: hardening-no-stackprotector usr/lib/sudo/sudo_noexec.so sudo-ldap: systemd-no-service-for-init-script sudo-ldap debian/sudoers0000664000000000000000000000135112274340015010575 0ustar # # This file MUST be edited with the 'visudo' command as root. # # Please consider adding local content in /etc/sudoers.d/ instead of # directly modifying this file. # # See the man page for details on how to write a sudoers file. # Defaults env_reset Defaults mail_badpass Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" # Host alias specification # User alias specification # Cmnd alias specification # User privilege specification root ALL=(ALL:ALL) ALL # Members of the admin group may gain root privileges %admin ALL=(ALL) ALL # Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL # See sudoers(5) for more information on "#include" directives: #includedir /etc/sudoers.d debian/sudo-ldap.postrm0000664000000000000000000000075212274340015012330 0ustar #!/bin/sh -e case "$1" in purge) rm -f /etc/sudo-ldap.conf rm -rf /var/lib/sudo ;; remove|upgrade|deconfigure) ;; abort-upgrade|failed-upgrade) if [ -e "/etc/sudoers.pre-conffile" ]; then mv /etc/sudoers.pre-conffile /etc/sudoers fi ;; *) echo "unknown argument --> $1" >&2 exit 0 ;; esac # remove sudoers entries, if any, from nsswitch.conf if [ -w /etc/nsswitch.conf ] ; then sed -i /^sudoers:/d /etc/nsswitch.conf fi #DEBHELPER# debian/README0000664000000000000000000000167612274340015010060 0ustar # # As of Debian version 1.7.2p1-1, the default /etc/sudoers file created on # installation of the package now includes the directive: # # #includedir /etc/sudoers.d # # This will cause sudo to read and parse any files in the /etc/sudoers.d # directory that do not end in '~' or contain a '.' character. # # Note that there must be at least one file in the sudoers.d directory (this # one will do), and all files in this directory should be mode 0440. # # Note also, that because sudoers contents can vary widely, no attempt is # made to add this directive to existing sudoers files on upgrade. Feel free # to add the above directive to the end of your /etc/sudoers file to enable # this functionality for existing installations if you wish! # # Finally, please note that using the visudo command is the recommended way # to update sudoers content, since it protects against many failure modes. # See the man page for visudo for more information. # debian/patches/0000775000000000000000000000000012276216472010630 5ustar debian/patches/paths-in-samples.diff0000664000000000000000000000315612274340015014641 0ustar diff --git a/doc/sample.sudoers b/doc/sample.sudoers index 9946008..691738a 100644 --- a/doc/sample.sudoers +++ b/doc/sample.sudoers @@ -44,10 +44,10 @@ Host_Alias CDROM = orion, perseus, hercules # Cmnd alias specification ## Cmnd_Alias DUMPS = /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, \ - /usr/sbin/rrestore, /usr/bin/mt, \ + /usr/sbin/rrestore, /bin/mt, \ sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== \ /home/operator/bin/start_backups -Cmnd_Alias KILL = /usr/bin/kill +Cmnd_Alias KILL = /bin/kill Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown Cmnd_Alias HALT = /usr/sbin/halt @@ -85,7 +85,7 @@ operator ALL = DUMPS, KILL, SHUTDOWN, HALT, REBOOT, PRINTING,\ sudoedit /etc/printcap, /usr/oper/bin/ # joe may su only to operator -joe ALL = /usr/bin/su operator +joe ALL = /bin/su operator # pete may change passwords for anyone but root on the hp snakes pete HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd root @@ -99,13 +99,13 @@ jim +biglab = ALL # users in the secretaries netgroup need to help manage the printers # as well as add and remove users -+secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser ++secretaries ALL = PRINTING, /usr/sbin/adduser, /usr/bin/rmuser # fred can run commands as oracle or sybase without a password fred ALL = (DB) NOPASSWD: ALL # on the alphas, john may su to anyone but root and flags are not allowed -john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root* +john ALPHA = /bin/su [!-]*, !/bin/su *root* # jen can run anything on all machines except the ones # in the "SERVERS" Host_Alias debian/patches/keep_home_by_default.patch0000664000000000000000000000134212231567210015771 0ustar Description: Set HOME in initial_keepenv_table Set HOME in initial_keepenv_table; without this, $HOME will never be preserved unless added to keep_env. There's appropriate logic to handle resetting the home for -H and -i options, so this is the only part that's missing. Author: Steve Langasek Index: sudo/plugins/sudoers/env.c =================================================================== --- sudo.orig/plugins/sudoers/env.c 2013-10-22 17:30:45.853570943 -0400 +++ sudo/plugins/sudoers/env.c 2013-10-22 17:30:45.849570943 -0400 @@ -206,6 +206,7 @@ static const char *initial_keepenv_table[] = { "COLORS", "DISPLAY", + "HOME", "HOSTNAME", "KRB5CCNAME", "LS_COLORS", debian/patches/typo-in-classic-insults.diff0000664000000000000000000000107312274340015016165 0ustar Index: sudo/plugins/sudoers/ins_classic.h =================================================================== --- sudo.orig/plugins/sudoers/ins_classic.h 2013-10-22 17:28:58.841574523 -0400 +++ sudo/plugins/sudoers/ins_classic.h 2013-10-22 17:28:58.837574523 -0400 @@ -30,7 +30,7 @@ "Where did you learn to type?", "Are you on drugs?", "My pet ferret can type better than you!", - "You type like i drive.", + "You type like I drive.", "Do you think like you type?", "Your mind just hasn't been the same since the electro-shock, has it?", debian/patches/series0000664000000000000000000000021512274340015012030 0ustar typo-in-classic-insults.diff paths-in-samples.diff actually-use-buildflags.diff keep_home_by_default.patch add_probe_interfaces_setting.diff debian/patches/skip-noedit.diff0000664000000000000000000000047112274340015013677 0ustar Skip installing/unlinking files without doedit set --- a/plugins/sudoers/visudo.c +++ b/plugins/sudoers/visudo.c @@ -247,6 +247,8 @@ /* Install the sudoers temp files. */ tq_foreach_fwd(&sudoerslist, sp) { + if (!sp->doedit) + continue; if (!sp->modified) (void) unlink(sp->tpath); else debian/patches/add_probe_interfaces_setting.diff0000664000000000000000000002200412276214353017333 0ustar # HG changeset patch # User Todd C. Miller # Date 1390513974 25200 # Node ID e9dc28c7db6030bc5910ff1fbcbb0dafd043eb83 # Parent 1559c301caec9fa6de43dfc95857a997473e2458 It is now possible to disable network interface probing in sudo.conf by changing the value of the probe_interfaces setting. diff -r 1559c301caec -r e9dc28c7db60 common/sudo_conf.c --- a/common/sudo_conf.c Wed Jan 22 20:48:49 2014 -0700 +++ b/common/sudo_conf.c Thu Jan 23 14:52:54 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009-2013 Todd C. Miller + * Copyright (c) 2009-2014 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -86,6 +86,7 @@ static void set_var_disable_coredump(const char *entry, const char *conf_file); static void set_var_group_source(const char *entry, const char *conf_file); static void set_var_max_groups(const char *entry, const char *conf_file); +static void set_var_probe_interfaces(const char *entry, const char *conf_file); static unsigned int conf_lineno; @@ -101,11 +102,13 @@ { "disable_coredump", sizeof("disable_coredump") - 1, set_var_disable_coredump }, { "group_source", sizeof("group_source") - 1, set_var_group_source }, { "max_groups", sizeof("max_groups") - 1, set_var_max_groups }, + { "probe_interfaces", sizeof("probe_interfaces") - 1, set_var_probe_interfaces }, { NULL } }; static struct sudo_conf_data { bool disable_coredump; + bool probe_interfaces; int group_source; int max_groups; const char *debug_flags; @@ -113,6 +116,7 @@ struct sudo_conf_paths paths[5]; } sudo_conf_data = { true, + true, GROUP_SOURCE_ADAPTIVE, -1, NULL, @@ -192,6 +196,15 @@ } } +static void +set_var_probe_interfaces(const char *entry, const char *conf_file) +{ + int val = atobool(entry); + + if (val != -1) + sudo_conf_data.probe_interfaces = val; +} + /* * "Debug progname debug_file debug_flags" */ @@ -362,6 +375,12 @@ return sudo_conf_data.disable_coredump; } +bool +sudo_conf_probe_interfaces(void) +{ + return sudo_conf_data.probe_interfaces; +} + /* * Reads in /etc/sudo.conf and populates sudo_conf_data. */ diff -r 1559c301caec -r e9dc28c7db60 doc/sudo.conf.cat --- a/doc/sudo.conf.cat Wed Jan 22 20:48:49 2014 -0700 +++ b/doc/sudo.conf.cat Thu Jan 23 14:52:54 2014 -0700 @@ -204,6 +204,21 @@ This setting is only available in ssuuddoo version 1.8.7 and higher. + probe_interfaces + By default, ssuuddoo will probe the system's network interfaces and + pass the IP address of each enabled interface to the policy + plugin. This makes it possible for the plugin to match rules + based on the IP address without having to query DNS. On Linux + systems with a large number of virtual interfaces, this may + take a non-negligible amount of time. If IP-based matching is + not required, network interface probing can be disabled as + follows: + + Set probe_interfaces false + + This setting is only available in ssuuddoo version 1.8.10 and + higher. + DDeebbuugg ffllaaggss ssuuddoo versions 1.8.4 and higher support a flexible debugging framework that can help track down what ssuuddoo is doing internally if there is a @@ -376,4 +391,4 @@ file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for complete details. -Sudo 1.8.9 December 4, 2013 Sudo 1.8.9 +Sudo 1.8.9 January 22, 2014 Sudo 1.8.9 diff -r 1559c301caec -r e9dc28c7db60 doc/sudo.conf.man.in --- a/doc/sudo.conf.man.in Wed Jan 22 20:48:49 2014 -0700 +++ b/doc/sudo.conf.man.in Thu Jan 23 14:52:54 2014 -0700 @@ -1,7 +1,7 @@ .\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER! .\" IT IS GENERATED AUTOMATICALLY FROM sudo.conf.mdoc.in .\" -.\" Copyright (c) 2010-2013 Todd C. Miller +.\" Copyright (c) 2010-2014 Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -16,7 +16,7 @@ .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.TH "SUDO" "5" "December 4, 2013" "Sudo @PACKAGE_VERSION@" "OpenBSD Programmer's Manual" +.TH "SUDO" "5" "January 22, 2014" "Sudo @PACKAGE_VERSION@" "OpenBSD Programmer's Manual" .nh .if n .ad l .SH "NAME" @@ -405,6 +405,29 @@ \fBsudo\fR version 1.8.7 and higher. .PD +.TP 10n +probe_interfaces +By default, +\fBsudo\fR +will probe the system's network interfaces and pass the IP address +of each enabled interface to the policy plugin. This makes it +possible for the plugin to match rules based on the IP address +without having to query DNS. On Linux systems with a large number +of virtual interfaces, this may take a non-negligible amount of time. +If IP-based matching is not required, network interface probing +can be disabled as follows: +.RS +.nf +.sp +.RS 6n +Set probe_interfaces false +.RE +.fi +.sp +This setting is only available in +\fBsudo\fR +version 1.8.10 and higher. +.RE .SS "Debug flags" \fBsudo\fR versions 1.8.4 and higher support a flexible debugging framework diff -r 1559c301caec -r e9dc28c7db60 doc/sudo.conf.mdoc.in --- a/doc/sudo.conf.mdoc.in Wed Jan 22 20:48:49 2014 -0700 +++ b/doc/sudo.conf.mdoc.in Thu Jan 23 14:52:54 2014 -0700 @@ -1,5 +1,5 @@ .\" -.\" Copyright (c) 2010-2013 Todd C. Miller +.\" Copyright (c) 2010-2014 Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -14,7 +14,7 @@ .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd December 4, 2013 +.Dd January 22, 2014 .Dt SUDO @mansectform@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -360,6 +360,23 @@ This setting is only available in .Nm sudo version 1.8.7 and higher. +.It probe_interfaces +By default, +.Nm sudo +will probe the system's network interfaces and pass the IP address +of each enabled interface to the policy plugin. This makes it +possible for the plugin to match rules based on the IP address +without having to query DNS. On Linux systems with a large number +of virtual interfaces, this may take a non-negligible amount of time. +If IP-based matching is not required, network interface probing +can be disabled as follows: +.Bd -literal -offset indent +Set probe_interfaces false +.Ed +.Pp +This setting is only available in +.Nm sudo +version 1.8.10 and higher. .El .Ss Debug flags .Nm sudo diff -r 1559c301caec -r e9dc28c7db60 include/sudo_conf.h --- a/include/sudo_conf.h Wed Jan 22 20:48:49 2014 -0700 +++ b/include/sudo_conf.h Thu Jan 23 14:52:54 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011-2013 Todd C. Miller + * Copyright (c) 2011-2014 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -43,6 +43,7 @@ const char *sudo_conf_debug_flags(void); struct plugin_info_list *sudo_conf_plugins(void); bool sudo_conf_disable_coredump(void); +bool sudo_conf_probe_interfaces(void); int sudo_conf_group_source(void); int sudo_conf_max_groups(void); diff -r 1559c301caec -r e9dc28c7db60 src/net_ifs.c --- a/src/net_ifs.c Wed Jan 22 20:48:49 2014 -0700 +++ b/src/net_ifs.c Thu Jan 23 14:52:54 2014 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998-2005, 2007-2013 + * Copyright (c) 1996, 1998-2005, 2007-2014 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -55,6 +55,11 @@ #ifdef HAVE_STRINGS_H # include #endif /* HAVE_STRINGS_H */ +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif /* HAVE_STDBOOL_H */ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ @@ -82,6 +87,7 @@ #include "missing.h" #include "alloc.h" #include "fatal.h" +#include "sudo_conf.h" #include "sudo_debug.h" #define DEFAULT_TEXT_DOMAIN "sudo" @@ -115,7 +121,7 @@ char *cp; debug_decl(get_net_ifs, SUDO_DEBUG_NETIF) - if (getifaddrs(&ifaddrs)) + if (!sudo_conf_probe_interfaces() || getifaddrs(&ifaddrs) != 0) debug_return_int(0); /* Allocate space for the interfaces info string. */ @@ -221,6 +227,9 @@ #endif /* _ISC */ debug_decl(get_net_ifs, SUDO_DEBUG_NETIF) + if (!sudo_conf_probe_interfaces()) + debug_return_int(0); + sock = socket(AF_INET, SOCK_DGRAM, 0); if (sock < 0) fatal(U_("unable to open socket")); debian/patches/use-flock-on-hurd.diff0000664000000000000000000000074612274340015014720 0ustar Use flock instead of lockf for visudo on hurd Index: sudo-1.8.3p1/configure.in =================================================================== --- sudo-1.8.3p1.orig/configure.in 2011-10-25 14:11:40.000000000 +0000 +++ sudo-1.8.3p1/configure.in 2012-01-08 04:05:23.000000000 +0000 @@ -1864,6 +1864,9 @@ ;; *-gnu*) OSDEFS="${OSDEFS} -D_GNU_SOURCE" + # lockf() isn't implemented on the Hurd -- use flock instead + ac_cv_func_lockf=no + ac_cv_func_flock=yes ;; esac debian/patches/actually-use-buildflags.diff0000664000000000000000000000672112271707473016213 0ustar --- a/common/Makefile.in +++ b/common/Makefile.in @@ -59,6 +59,9 @@ TEST_PROGS = conf_test parseln_test hltq TEST_LIBS = @LIBS@ @LIBINTL@ ../compat/libreplace.la TEST_LDFLAGS = @LDFLAGS@ +# Linker flags +LDFLAGS = @LDFLAGS@ + # OS dependent defines DEFS = @OSDEFS@ -D_PATH_SUDO_CONF=\"$(sysconfdir)/sudo.conf\" @@ -88,7 +91,7 @@ Makefile: $(srcdir)/Makefile.in $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $< libsudo_util.la: $(LTOBJS) - $(LIBTOOL) --mode=link $(CC) -o $@ $(LTOBJS) -no-install + $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -o $@ $(LTOBJS) -no-install conf_test: $(CONF_TEST_OBJS) libsudo_util.la $(LIBTOOL) --mode=link $(CC) -o $@ $(CONF_TEST_OBJS) libsudo_util.la $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS) --- a/compat/Makefile.in +++ b/compat/Makefile.in @@ -54,6 +54,9 @@ PIE_LDFLAGS = @PIE_LDFLAGS@ SSP_CFLAGS = @SSP_CFLAGS@ SSP_LDFLAGS = @SSP_LDFLAGS@ +# Linker flags +LDFLAGS = @LDFLAGS@ + # OS dependent defines DEFS = @OSDEFS@ @@ -84,7 +87,7 @@ Makefile: $(srcdir)/Makefile.in $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $< libreplace.la: $(LTLIBOBJS) - $(LIBTOOL) --mode=link $(CC) -o $@ $(LTLIBOBJS) -no-install + $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -o $@ $(LTLIBOBJS) -no-install siglist.c: mksiglist ./mksiglist > $@ @@ -93,16 +96,16 @@ signame.c: mksigname ./mksigname > $@ mksiglist: $(srcdir)/mksiglist.c $(srcdir)/mksiglist.h $(incdir)/missing.h $(top_builddir)/config.h - $(CC) $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/mksiglist.c -o $@ + $(CC) $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(LDFLAGS) $(DEFS) $(srcdir)/mksiglist.c -o $@ mksigname: $(srcdir)/mksigname.c $(srcdir)/mksigname.h $(incdir)/missing.h $(top_builddir)/config.h - $(CC) $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/mksigname.c -o $@ + $(CC) $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(LDFLAGS) $(DEFS) $(srcdir)/mksigname.c -o $@ fnm_test: fnm_test.o libreplace.la - $(LIBTOOL) --mode=link $(CC) -o $@ fnm_test.o libreplace.la $(PIE_LDFLAGS) $(SSP_LDFLAGS) + $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -o $@ fnm_test.o libreplace.la $(PIE_LDFLAGS) $(SSP_LDFLAGS) globtest: globtest.o libreplace.la - $(LIBTOOL) --mode=link $(CC) -o $@ globtest.o libreplace.la $(PIE_LDFLAGS) $(SSP_LDFLAGS) + $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -o $@ globtest.o libreplace.la $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(srcdir)/mksiglist.h: $(srcdir)/siglist.in @if [ -n "$(DEVEL)" ]; then \ --- a/plugins/sudoers/Makefile.in +++ b/plugins/sudoers/Makefile.in @@ -58,6 +58,9 @@ CPPFLAGS = -I$(incdir) -I$(top_builddir) # Usually -O and/or -g CFLAGS = @CFLAGS@ +# Linker flags +LDFLAGS = @LDFLAGS@ + # Flags to pass to the link stage LDFLAGS = @LDFLAGS@ LT_LDFLAGS = @SUDOERS_LDFLAGS@ @LT_LDFLAGS@ @LT_LDMAP@ @LT_LDOPT@ @LT_LDEXPORTS@ @@ -190,7 +193,7 @@ Makefile: $(srcdir)/Makefile.in (cd $(top_builddir) && ./config.status --file plugins/sudoers/Makefile) libparsesudoers.la: $(LIBPARSESUDOERS_OBJS) - $(LIBTOOL) --mode=link $(CC) -o $@ $(LIBPARSESUDOERS_OBJS) -no-install + $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -o $@ $(LIBPARSESUDOERS_OBJS) -no-install sudoers.la: $(SUDOERS_OBJS) $(LT_LIBS) libparsesudoers.la @LT_LDDEP@ $(LIBTOOL) @LT_STATIC@ --mode=link $(CC) $(LDFLAGS) $(LT_LDFLAGS) -o $@ $(SUDOERS_OBJS) libparsesudoers.la $(SUDOERS_LIBS) -module -avoid-version -rpath $(plugindir) debian/source_sudo.py0000664000000000000000000000220712231563732012101 0ustar #!/usr/bin/python '''Apport package hook for sudo (c) 2010 Canonical Ltd. Contributors: Marc Deslauriers This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. See http://www.gnu.org/copyleft/gpl.html for the full text of the license. ''' from apport.hookutils import * def add_info(report, ui): response = ui.yesno("The contents of your /etc/sudoers file may help developers diagnose your bug more quickly, however, it may contain sensitive information. Do you want to include it in your bug report?") if response == None: #user cancelled raise StopIteration elif response == True: # This needs to be run as root report['Sudoers'] = root_command_output(['/bin/cat', '/etc/sudoers']) report['VisudoCheck'] = root_command_output(['/usr/sbin/visudo', '-c']) elif response == False: ui.information("The contents of your /etc/sudoers will NOT be included in the bug report.") debian/sudo.postinst0000664000000000000000000000325112274340015011746 0ustar #!/bin/sh set -e # remove old link if [ -L /etc/alternatives/sudo ]; then rm /etc/alternatives/sudo fi # complain if no sudoers file is present if [ ! -f /etc/sudoers ];then echo "WARNING: /etc/sudoers not present!"; fi # handle state directory transition from /var/run/sudo to /var/lib/sudo, # moving any existing content over to avoid re-lecturing existing users if [ -d "/var/run/sudo" ];then mkdir -p /var/lib/sudo (cd /var/run/sudo ; tar cf - .) | (cd /var/lib/sudo ; tar xf -) rm -rf /var/run/sudo fi # make sure sudoers has the correct permissions and owner/group chown root:root /etc/sudoers chmod 440 /etc/sudoers # if we've gotten this far .. remove the saved, unchanged old sudoers file rm -f /etc/sudoers.pre-conffile # make sure we have a sudo group [ -n "`getent group sudo`" ] && exit 0 # we're finished if there is a group sudo: # start search with gid 27 gid="27" while [ -n "`getent group $gid | cut -d: -f3`" ];do gid=`expr $gid + 1` done if [ "$gid" -ne "27" ];then echo "On Debian we normally use gid 27 for 'sudo'." gname="`getent group 27 | cut -d: -f1`" echo "However, on your system gid 27 is group '$gname'." echo "" echo "Would you like me to stop configuring sudo so that you can change this?"; while true;do echo -n "(Enter 'yes' to stop, enter to continue): " read ans [ "$ans" = "" ] && break if [ "$ans" = "yes" -o "$ans" = "YES" ];then echo "'dpkg --pending --configure' will restart the configuration." exit 1; fi echo "Please enter exactly 'yes' to stop, or press the enter key to continue without stopping" done fi echo "Creating group 'sudo' with gid = $gid"; groupadd -g $gid sudo echo "" #DEBHELPER# debian/sudo.service0000664000000000000000000000042012274340015011516 0ustar [Unit] Description=Provide limited super user privileges to specific users [Service] Type=oneshot # \073 is ';' which needs to be part of the find parameters ExecStart=/usr/bin/find /var/lib/sudo -exec /usr/bin/touch -d @0 '{}' \073 [Install] WantedBy=multi-user.target debian/changelog0000664000000000000000000016363612276217077011074 0ustar sudo (1.8.9p5-1ubuntu1) trusty; urgency=low * Merge from Debian unstable. Remaining changes: - debian/rules: + compile with --without-lecture --with-tty-tickets --enable-admin-flag + install man/man8/sudo_root.8 in both flavours + install apport hooks - debian/sudoers: + also grant admin group sudo access - debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs: + add usr/share/apport/package-hooks - debian/sudo.pam: + Use pam_env to read /etc/environment and /etc/default/locale environment files. Reading ~/.pam_environment is not permitted due to security reasons. - debian/control: + dh-autoreconf dependency fixes missing-build-dependency-for-dh_-command - Remaining patches: + keep_home_by_default.patch: Keep HOME in the default environment + actually-use-buildflags: Pass LDFLAGS everywhere + add_probe_interfaces_setting.diff: option to disable network inf probe * add_probe_interfaces_setting.diff: fix to not modify NEWS file. -- Chris J Arges Mon, 10 Feb 2014 12:21:53 -0600 sudo (1.8.9p5-1) unstable; urgency=low * new upstream release, closes: #735328 -- Bdale Garbee Tue, 04 Feb 2014 11:46:19 -0700 sudo (1.8.9p4-1ubuntu2) trusty; urgency=medium * Enable and refresh: actually-use-buildflags: Pass LDFLAGS everywhere * Add the ability to disable network interface probing. This fixes performance issues with large number of network interfaces (LP: #1272414) -- Chris J Arges Tue, 28 Jan 2014 05:07:02 -0600 sudo (1.8.9p4-1ubuntu1) trusty; urgency=low * Merge from Debian unstable. Remaining changes: - debian/rules: + compile with --without-lecture --with-tty-tickets --enable-admin-flag + install man/man8/sudo_root.8 in both flavours + install apport hooks - debian/sudoers: + also grant admin group sudo access - debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs: + add usr/share/apport/package-hooks - debian/sudo.pam: + Use pam_env to read /etc/environment and /etc/default/locale environment files. Reading ~/.pam_environment is not permitted due to security reasons. - debian/control: + dh-autoreconf dependency fixes missing-build-dependency-for-dh_-command - Remaining patches: + keep_home_by_default.patch: Keep HOME in the default environment + actually-use-buildflags: Pass LDFLAGS everywhere -- Chris J Arges Mon, 27 Jan 2014 09:47:58 -0600 sudo (1.8.9p4-1) unstable; urgency=low * new upstream release, closes: #732008 -- Bdale Garbee Wed, 15 Jan 2014 14:55:25 -0700 sudo (1.8.9p3-1) unstable; urgency=low * new upstream release -- Bdale Garbee Mon, 13 Jan 2014 14:49:42 -0700 sudo (1.8.9~rc1-1) experimental; urgency=low * upstream release candidate -- Bdale Garbee Sun, 29 Dec 2013 21:36:12 -0700 sudo (1.8.9~b2-1) experimental; urgency=low * upstream beta release * update Debian standards version * squelch lintian complaint about missing sudo-ldap systemd service, since the service file is always called 'sudo.service' -- Bdale Garbee Wed, 25 Dec 2013 14:48:23 -0700 sudo (1.8.9~b1-1) experimental; urgency=low * upstream beta release -- Bdale Garbee Wed, 27 Nov 2013 09:37:00 -0700 sudo (1.8.8-3) unstable; urgency=low * document in README.Debian that the sssd support is enabled in the sudo package, not in the sudo-ldap package, closes: #728289 -- Bdale Garbee Wed, 30 Oct 2013 10:33:44 -0600 sudo (1.8.8-2ubuntu2) trusty; urgency=medium * Build using dh-autoreconf. -- Matthias Klose Sun, 15 Dec 2013 16:24:49 +0100 sudo (1.8.8-2ubuntu1) trusty; urgency=low * Merge from Debian unstable. Remaining changes: - debian/rules: + compile with --without-lecture --with-tty-tickets --enable-admin-flag + install man/man8/sudo_root.8 in both flavours + install apport hooks - debian/sudoers: + also grant admin group sudo access - debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs: + add usr/share/apport/package-hooks - debian/sudo.pam: + Use pam_env to read /etc/environment and /etc/default/locale environment files. Reading ~/.pam_environment is not permitted due to security reasons. - Remaining patches: + keep_home_by_default.patch: Keep HOME in the default environment + actually-use-buildflags: Pass LDFLAGS everywhere -- Stéphane Graber Tue, 22 Oct 2013 17:43:37 -0400 sudo (1.8.8-2) unstable; urgency=low * fix touch errors on boot, closes: #725193 -- Bdale Garbee Tue, 08 Oct 2013 20:11:38 -0600 sudo (1.8.8-1) unstable; urgency=low * new upstream release -- Bdale Garbee Mon, 30 Sep 2013 23:08:49 -0600 sudo (1.8.8~rc1-1) experimental; urgency=low * upstream release candidate with several of our patches folded in * set filestamps to epoch instead of an arbitrary old date in the init fragment, closes: #722335 -- Bdale Garbee Thu, 12 Sep 2013 10:16:58 -0700 sudo (1.8.8~b3-1) experimental; urgency=low * pre-release of new upstream version, put in experimental -- Bdale Garbee Wed, 04 Sep 2013 07:53:08 -0600 sudo (1.8.7-4) unstable; urgency=low * looks like we actually need both --with-sssd and --with-sssd-lib, closes: #719987, #724763 -- Bdale Garbee Fri, 27 Sep 2013 11:48:55 -0600 sudo (1.8.7-3) unstable; urgency=low * use --with-sssd-lib to help sudo find libsss-sudo in multiarch path, closes: #719987 -- Bdale Garbee Sat, 17 Aug 2013 15:38:53 +0200 sudo (1.8.7-2) unstable; urgency=low * let debhelper scripts manage the update-rc.d calls, closes: #719755 -- Bdale Garbee Fri, 16 Aug 2013 01:48:23 +0200 sudo (1.8.7-1) unstable; urgency=low * new upstream version, closes: #715157, #655879 * make sudo-ldap package's init.d script be called sudo-ldap * add sssd support to sudo, closes: #719574 * recognize lenny, squeeze, and wheezy unmodified sudoers, closes: #660594 -- Bdale Garbee Wed, 14 Aug 2013 00:01:14 +0200 sudo (1.8.6p3-0ubuntu3) raring; urgency=low * SECURITY UPDATE: authentication bypass via clock set to epoch - debian/patches/CVE-2013-1775.patch: ignore time stamp file if it is set to epoch in plugins/sudoers/check.c. - CVE-2013-1775 -- Marc Deslauriers Wed, 27 Feb 2013 13:26:26 -0500 sudo (1.8.6p3-0ubuntu2) raring; urgency=low * The latest sssd upload dropped the soname from libsss_sudo.so, so we can now drop our sudo delta and just use libsss_sudo.so directly. -- Stéphane Graber Fri, 07 Dec 2012 23:11:45 -0500 sudo (1.8.6p3-0ubuntu1) raring; urgency=low * New upstream release (1.8.6p3). * Add patch to fix building with sssd when ldap is disabled. * Drop sudo.manpages and sudo-ldap.manpages as the upstream build system now does the right thing here. * Build the main sudo package with support for sssd, this doesn't add any additional build time or runtime dependency. sudo will dynamically load the sssd library if 'sss' is listed for the 'sudoers' nss service. -- Stéphane Graber Fri, 16 Nov 2012 09:31:32 -0500 sudo (1.8.5p2-1ubuntu1) quantal; urgency=low * Merge from debian/testing (LP: #1024154), remaining changes: - debian/patches/keep_home_by_default.patch: + Set HOME in initial_keepenv_table. - debian/rules: + compile with --without-lecture --with-tty-tickets (Ubuntu specific) + install man/man8/sudo_root.8 in both flavours (Ubuntu specific) + install apport hooks + The ubuntu-sudo-as-admin-successful.patch was taken upstream by Debian however it requires a --enable-admin-flag configure flag to actually enable it in both flavours. - debian/control: + Mark Debian Vcs-* as XS-Debian-Vcs-* + update debian/control - debian/sudoers: + grant admin group sudo access - debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs: + add usr/share/apport/package-hooks - debian/sudo.pam: + Use pam_env to read /etc/environment and /etc/default/locale environment files. Reading ~/.pam_environment is not permitted due to security reasons. * Dropped changes: - debian/patches/lp927828-fix-abort-in-pam-modules-when-timestamp-valid.patch + Fixed upstream in 1.8.5 - debian/patches/CVE-2012-2337.patch: + Fixed upstream in 1.8.4p5 - debian/patches/pam_env_merge.patch: + Feature released upstream in 1.8.5 - debian/{sudo,sudo-ldap}.{preinst,postinst,postrm}: + Drop Ubuntu-specific sudoers file migration code because the only upgrade path to quantal is from precise. All necessary sudoers file migration will have already been done by the time this version of the sudo package is installed. -- Tyler Hicks Mon, 16 Jul 2012 14:01:42 +0200 sudo (1.8.5p2-1) unstable; urgency=low * new upstream version * patch to use flock on hurd, run autoconf in rules, closes: #655883 * patch to avoid calling unlink with null pointer on hurd, closes: #655948 * patch to actually use hardening build flags, closes: #655417 * fix sudo-ldap.postinst syntax issue, closes: #669576 -- Bdale Garbee Thu, 28 Jun 2012 12:01:37 -0600 sudo (1.8.3p2-1ubuntu2) quantal; urgency=low * debian/patches/pam_env_merge.patch: Merge the PAM environment into the user environment (LP: #982684) * debian/sudo.pam: Use pam_env to read /etc/environment and /etc/default/locale environment files. Reading ~/.pam_environment is not permitted due to security reasons. -- Tyler Hicks Mon, 21 May 2012 00:48:10 -0500 sudo (1.8.3p2-1ubuntu1) quantal; urgency=low * Merge from debian/testing, remaining changes: - debian/patches/keep_home_by_default.patch: + Set HOME in initial_keepenv_table. (rebased for 1.8.3p1) - debian/patches/lp927828-fix-abort-in-pam-modules-when-timestamp-valid.patch + Fix Abort in some PAM modules when timestamp is valid. (LP: #927828) - debian/patches/CVE-2012-2337.patch: Don't perform IPv6 checks on IPv4 addresses. Based on upstream patch. - debian/rules: + compile with --without-lecture --with-tty-tickets (Ubuntu specific) + install man/man8/sudo_root.8 in both flavours (Ubuntu specific) + install apport hooks + The ubuntu-sudo-as-admin-successful.patch was taken upstream by Debian however it requires a --enable-admin-flag configure flag to actually enable it in both flavours. - debian/control: + Mark Debian Vcs-* as XS-Debian-Vcs-* + update debian/control - debian/sudoers: + grant admin group sudo access - debian/sudo-ldap.dirs, debian/sudo.dirs: + add usr/share/apport/package-hooks - debian/sudo.preinst: + avoid conffile prompt by checking for known default /etc/sudoers and if found installing the correct default /etc/sudoers file. Modified for updated default sudoers. Aproach taken is different from Debian. Maybe this should now be dropped, since an LTS was released. * Dropped changes: - debian/patches/CVE-2012-0809.patch: + dropped, included in this new upstream release. - debian/patches/enable_badpass.patch: + dropped as Debian chose to set this by default in the sudoers. -- Dmitrijs Ledkovs Tue, 01 May 2012 16:12:45 +0100 sudo (1.8.3p2-1) unstable; urgency=high * new upstream version, closes: #657985 (CVE-2012-0809) * patch from Pino Toscano to only use selinux on Linux, closes: #655894 -- Bdale Garbee Mon, 30 Jan 2012 16:11:54 -0700 sudo (1.8.3p1-3) unstable; urgency=low * patch from Moritz Muehlenhoff enables hardened build flags, closes: #655417 * replacement postinst script from Mike Beattie using shell instead of Perl * include systemd service file from Michael Stapelberg, closes: #639633 * add init.d status support, closes: #641782 * make sudo-ldap package manage a sudoers entry in nsswitch.conf, closes: #610600, #639530 * enable mail_badpass in the default sudoers file, closes: #641218 * enable selinux support, closes: #655510 -- Bdale Garbee Wed, 11 Jan 2012 16:18:13 -0700 sudo (1.8.3p1-2) unstable; urgency=low * if upgrading from squeeze, and the sudoers file is unmodified, avoid the packaging system prompting the user about a change they didn't make now that sudoers is a conffile, closes: #612532, #636049 * add a recommendation for the use of visudo to the sudoers.d/README file, closes: #648104 -- Bdale Garbee Sat, 12 Nov 2011 16:27:13 -0700 sudo (1.8.3p1-1ubuntu5) quantal; urgency=low * SECURITY UPDATE: Properly handle netmasks in sudoers Host and Host_List values (LP: #1000276) - debian/patches/CVE-2012-2337.patch: Don't perform IPv6 checks on IPv4 addresses. Based on upstream patch. - CVE-2012-2337 -- Tyler Hicks Wed, 16 May 2012 09:42:17 -0500 sudo (1.8.3p1-1ubuntu4) quantal; urgency=low * Fix Abort in some PAM modules when timestamp is valid. (LP: #927828) -- TJ (Ubuntu Contributions) Mon, 30 Apr 2012 17:55:27 +0100 sudo (1.8.3p1-1ubuntu3) precise; urgency=low * SECURITY UPDATE: permissions bypass via format string - debian/patches/CVE-2012-0809.patch: fix format string vulnerability in src/sudo.c. - CVE-2012-0809 -- Marc Deslauriers Tue, 31 Jan 2012 10:25:52 -0500 sudo (1.8.3p1-1ubuntu2) precise; urgency=low * debian/sudo.preinst: - updated to avoid conffile prompt by migrating to the new sudoers file changes in Precise. (LP: #894410) -- Marc Deslauriers Thu, 24 Nov 2011 10:48:58 -0500 sudo (1.8.3p1-1ubuntu1) precise; urgency=low * Merge from debian/testing, remaining changes: - debian/patches/keep_home_by_default.patch: + Set HOME in initial_keepenv_table. (rebased for 1.8.3p1) - debian/patches/enable_badpass.patch: turn on "mail_badpass" by default: + attempting sudo without knowing a login password is as bad as not being listed in the sudoers file, especially if getting the password wrong means doing the access-check-email-notification never happens (rebased for 1.8.3p1) - debian/rules: + compile with --without-lecture --with-tty-tickets (Ubuntu specific) + install man/man8/sudo_root.8 (Ubuntu specific) + install apport hooks + The ubuntu-sudo-as-admin-successful.patch was taken upstream by Debian however it requires a --enable-admin-flag configure flag to actually enable it. - debian/sudoers: + grant admin group sudo access - debian/sudo-ldap.dirs, debian/sudo.dirs: + add usr/share/apport/package-hooks - debian/sudo.preinst: + avoid conffile prompt by checking for known default /etc/sudoers and if found installing the correct default /etc/sudoers file -- Marc Deslauriers Sun, 20 Nov 2011 12:07:45 -0500 sudo (1.8.3p1-1) unstable; urgency=low * new upstream version, closes: #646478 -- Bdale Garbee Thu, 27 Oct 2011 01:03:44 +0200 sudo (1.8.3-1) unstable; urgency=low * new upstream version, closes: #639391, #639568 -- Bdale Garbee Sat, 22 Oct 2011 23:49:16 -0600 sudo (1.8.2-2) unstable; urgency=low [ Luca Capello ] * debian/rules improvements, closes: #642535 + mv upstream sample.* files to the examples folder. - do not call dh_installexamples. [ Bdale Garbee ] * patch from upstream for SIGBUS on sparc64, closes: #640304 * use common-session-noninteractive in the pam config to reduce log noise when sudo is used in cron, etc, closes: #519700 * patch from Steven McDonald to fix segfault on startup under certain conditions, closes: #639568 * add a NEWS entry regarding the secure_path change made in 1.8.2-1, closes: #639336 -- Bdale Garbee Mon, 26 Sep 2011 21:55:56 -0600 sudo (1.8.2-1) unstable; urgency=low * new upstream version, closes: #637449, #621830 * include common-session in pam config, closes: #519700, #607199 * move secure_path from configure to default sudoers, closes: #85123, 85917 * improve sudoers self-documentation, closes: #613639 * drop --disable-setresuid since modern systems should not run 2.2 kernels * lose the --with-devel configure option since it's breaking builds in subdirectories for some reason -- Bdale Garbee Wed, 24 Aug 2011 13:33:11 -0600 sudo (1.7.4p6-1ubuntu2) oneiric; urgency=low * debian/patches/enable_badpass.patch: turn on "mail_badpass" by default: - attempting sudo without knowing a login password is as bad as not being listed in the sudoers file, especially if getting the password wrong means doing the access-check-email-notification never happens (Closes: 641218). -- Kees Cook Sun, 11 Sep 2011 10:29:08 -0700 sudo (1.7.4p6-1ubuntu1) oneiric; urgency=low * Merge from debian/unstable, remaining changes: - debian/patches/keep_home_by_default.patch: + Set HOME in initial_keepenv_table. - debian/rules: + compile with --without-lecture --with-tty-tickets (Ubuntu specific) + install man/man8/sudo_root.8 (Ubuntu specific) + install apport hooks - debian/sudoers: + grant admin group sudo access - debian/sudo-ldap.dirs, debian/sudo.dirs: + add usr/share/apport/package-hooks * drop debian/patches/CVE-2011-0010.patch, applied upstream now -- Michael Vogt Mon, 23 May 2011 09:50:37 +0200 sudo (1.7.4p6-1) unstable; urgency=low * new upstream version * touch the right stamp name after configuring, closes: #611287 * patch from Svante Signell to fix build problem on Hurd, closes: #611290 -- Bdale Garbee Wed, 09 Feb 2011 11:32:58 -0700 sudo (1.7.4p4-6) unstable; urgency=low * update /etc/sudoers.d/README now that sudoers is a conffile * patch from upstream to fix special case in password checking code when only the gid is changing, closes: #609641 -- Bdale Garbee Tue, 11 Jan 2011 10:22:39 -0700 sudo (1.7.4p4-5ubuntu8) oneiric; urgency=low * debian/sudo.preinst: - if well-known ec2 vmbuilder file is found, write a file in sudoers.d for the 'ubuntu' user (LP: #768625) -- Scott Moser Thu, 21 Apr 2011 18:04:34 -0400 sudo (1.7.4p4-5ubuntu7) natty; urgency=low * debian/sudo.preinst: - do not consider the ec2 vmbuilder default sudoers file verbatim as its actually customized (LP: #761689) -- Michael Vogt Fri, 15 Apr 2011 16:40:10 +0200 sudo (1.7.4p4-5ubuntu6) natty; urgency=low * debian/patches/keep_home_by_default.patch: Set HOME in initial_keepenv_table. LP: #760140 -- Steve Langasek Wed, 13 Apr 2011 12:32:25 -0700 sudo (1.7.4p4-5ubuntu5) natty; urgency=low * debian/sudo.preinst: - avoid conffile prompt by checking for known default /etc/sudoers and if found installing the correct default /etc/sudoers file (LP: #690873) -- Michael Vogt Fri, 25 Mar 2011 09:13:43 +0100 sudo (1.7.4p4-5ubuntu4) natty; urgency=low * debian/rules: The ubuntu-sudo-as-admin-successful.patch was taken upstream by Debian however it requires a --enable-admin-flag configure flag to actually enable it. (LP: #706045) -- Bryce Harrington Thu, 10 Feb 2011 12:01:53 -0800 sudo (1.7.4p4-5ubuntu3) natty; urgency=low * SECURITY UPDATE: privilege escalation via -g when using group Runas_List - debian/patches/CVE-2011-0010.patch: prompt for password when the user is running sudo as himself but as a different group - CVE-2011-0010 -- Jamie Strandboge Tue, 18 Jan 2011 16:37:09 -0600 sudo (1.7.4p4-5ubuntu2) natty; urgency=low * debian/sudoers: temporarily workaround LP #690873 by adding %admin into the default sudoers file in case people just say "yes" to the dpkg conffile prompt. -- Kees Cook Wed, 15 Dec 2010 15:38:17 -0800 sudo (1.7.4p4-5ubuntu1) natty; urgency=low * Merge from debian unstable (LP: #689025), remaining changes: - debian/rules: + compile with --without-lecture --with-tty-tickets (Ubuntu specific) + install man/man8/sudo_root.8 (Ubuntu specific) + install apport hooks - debian/sudo-ldap.dirs, debian/sudo.dirs: add usr/share/apport/package-hooks * This upload also fixes: LP: #609645 -- Lorenzo De Liso Wed, 15 Dec 2010 21:32:57 +0100 sudo (1.7.4p4-5) unstable; urgency=low * patch from Jakub Wilk to add noopt and nostrip build option support, closes: #605580 * make sudoers a conffile, closes: #605130 * add descriptions to LSB init headers, closes: #604619 * change default sudoers %sudo entry to allow gid changes, closes: #602699 * add Vcs entries to the control file * use debhelper install files instead of explicit installs in rules -- Bdale Garbee Wed, 01 Dec 2010 20:32:31 -0700 sudo (1.7.4p4-4) unstable; urgency=low * patch from upstream to resolve problem always prompting for a password when run without a tty, closes: #599376 * patch from upstream to resolve interoperability problem between HOME in env_keep and the -H flag, closes: #596493 * change path syntax to avoid tar error when /var/run/sudo exists but is empty, closes: #598877 -- Bdale Garbee Thu, 07 Oct 2010 15:59:06 -0600 sudo (1.7.4p4-3) unstable; urgency=low * make postinst clause for handling /var/run -> /var/lib transition less fragile, closes: #585514 * cope with upstream's Makefile trying to install ChangeLog in our doc directory, closes: #597389 * fix README.Debian to reflect that HOME is no longer preserved by default, closes: #596847 -- Bdale Garbee Tue, 21 Sep 2010 23:53:08 -0600 sudo (1.7.4p4-2) unstable; urgency=low * add a NEWS item about change in $HOME handling that impacts programs like pbuilder -- Bdale Garbee Wed, 08 Sep 2010 14:29:16 -0600 sudo (1.7.4p4-1) unstable; urgency=high * new upstream version, urgency high due to fix for flaw in Runas group matching (CVE-2010-2956), closes: #595935 * handle transition of /var/run/sudo to /var/lib/sudo better, to avoid re-lecturing existing users, and to clean up after ourselves on upgrade, and remove the RAMRUN section from README.Debian since the new state dir should fix the original problem, closes: #585514 * deliver README.Debian to both package flavors, closes: #593579 -- Bdale Garbee Tue, 07 Sep 2010 12:22:42 -0600 sudo (1.7.2p7-1ubuntu3) natty; urgency=low * No-change upload to drop sizable upstream changelog. -- Martin Pitt Mon, 22 Nov 2010 11:24:33 +0100 sudo (1.7.2p7-1ubuntu2) maverick; urgency=low * SECURITY UPDATE: privilege escalation via '-g' option when using 'user:group' in Runas_Spec - debian/patches/CVE-2010-2956.patch: update match.c to verify both user and group match sudoers when using '-g' - CVE-2010-2956 -- Jamie Strandboge Tue, 31 Aug 2010 14:54:06 -0500 sudo (1.7.2p7-1ubuntu1) maverick; urgency=low * Merge from debian unstable. Remaining changes: - debian/rules: - compile with --without-lecture --with-tty-tickets (Ubuntu specific) - install man/man8/sudo_root.8 (Ubuntu specific) - install apport hooks - debian/sudo-ldap.dirs, debian/sudo.dirs: add usr/share/apport/package-hooks - debian/patches/ubuntu-sudo-as-admin-successful.patch: adjust sudo.c so that if the user successfully authenticated and he is in the 'admin' group, then create a stamp ~/.sudo_as_admin_successful. Our default bash profile checks for this and displays a short intro about sudo if the flag is not present * Dropped the following, now included upstream: - fix for CVE-2010-1163 - fix for CVE-2010-0426 - debian/sudo.postinst, debian/sudo-ldap.postinst: update description to match behavior in sudoers file - don't install init script. Debian moved to /var/lib/sudo from /var/run/sudo, so Ubuntu's tmpfs usage won't clean those out automatically any more, so we now need the initscript. -- Jamie Strandboge Tue, 06 Jul 2010 11:43:05 -0500 sudo (1.7.2p7-1) unstable; urgency=high * new upstream release with security fix for secure path (CVE-2010-1646), closes: #585394 * move timestamps from /var/run/sudo to /var/lib/sudo, so that the state about whether to give the lecture is preserved across reboots even when RAMRUN is set, closes: #581393 * add a note to README.Debian about LDAP needing an entry in /etc/nsswitch.conf, closes: #522065 * add a note to README.Debian about how to turn off lectures if using RAMRUN in /etc/default/rcS, closes: #581393 -- Bdale Garbee Thu, 10 Jun 2010 15:42:14 -0600 sudo (1.7.2p6-1) unstable; urgency=low * new upstream version fixing CVE-2010-1163, closes: #578275, #570737 -- Bdale Garbee Mon, 19 Apr 2010 10:45:47 -0600 sudo (1.7.2p5-1) unstable; urgency=low * new upstream release, closes a bug filed upstream regarding missing man page processing scripts in the 1.7.2p1 tarball, also includes the fix for CVE-2010-0426 previously the subject of a security team nmu * move to source format 3.0 (quilt) and restructure changes as patches * fix unprocessed substitution variables in man pages, closes: #557204 * apply patch from Neil Moore to fix Debian-specific content in the visudo man page, closes: #555013 * update descriptions to better explain sudo-ldap, closes: #573108 * eliminate spurious 'and' in man page, closes: #571620 * fix confusing text in default sudoers, closes: #566607 -- Bdale Garbee Thu, 11 Mar 2010 15:44:53 -0700 sudo (1.7.2p1-1ubuntu5) lucid; urgency=low * SECURITY UPDATE: properly verify path in find_path.c for the 'sudoedit' pseudo-command when running from the current working directory and secure_path is disabled - CVE-2010-XXXX -- Jamie Strandboge Wed, 07 Apr 2010 15:35:36 -0500 sudo (1.7.2p1-1ubuntu4) lucid; urgency=low * env.c: Revert addition of "http_proxy" again. This was an Ubuntu specific EBW hack, caused inconsistencies with other proxy variables (such as https_proxy and ftp_proxy), made sudo incompatible to upstream behaviour/documentation. This is solved in a much better way in apt itself and gnome-network-properties now. (LP: #432631) -- Martin Pitt Fri, 26 Mar 2010 18:48:18 +0100 sudo (1.7.2p1-1ubuntu3) lucid; urgency=low * debian/sudo.postinst, debian/sudo-ldap.postinst: update description to match behaviour in sudoers file. (LP: #534090) -- Marc Deslauriers Sun, 07 Mar 2010 19:49:39 -0500 sudo (1.7.2p1-1ubuntu2) lucid; urgency=low * SECURITY UPDATE: properly verify path for the 'sudoedit' pseudo-command in match.c - http://sudo.ws/repos/sudo/rev/88f3181692fe - CVE-2010-0426 -- Jamie Strandboge Wed, 24 Feb 2010 16:50:11 -0600 sudo (1.7.2p1-1ubuntu1) lucid; urgency=low * Merge from debian testing. Remaining changes: - debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu specific) - Add debian/sudo_root.8: Explanation of root handling through sudo. Install it in debian/rules. (Ubuntu specific) - sudo.c: If the user successfully authenticated and he is in the 'admin' group, then create a stamp ~/.sudo_as_admin_successful. Our default bash profile checks for this and displays a short intro about sudo if the flag is not present. (Ubuntu specific) - env.c: Add "http_proxy" to initial_keepenv_table, so that it is kept for "sudo apt-get ...". (Ubuntu specific EBW hack, should disappear at some point) - debian/{rules,postinst,sudo-ldap.postinst}: Disable init script installation. Debian reintroduced it because /var/run tmpfs is not the default there, but has been on Ubuntu for ages. - debian/{source_sudo.py,rules,sudo-ldap.dirs,sudo.dirs}: Add apport hook -- Marc Deslauriers Mon, 08 Feb 2010 18:47:06 -0500 sudo (1.7.2p1-1) unstable; urgency=low * new upstream version * add support for /etc/sudoers.d using #includedir in default sudoers, which I think is also a good solution to the request for a crontab-like API requested in March of 2001, closes: #539994, #271813, #89743 * move init.d script from using rcS.d to rc[0-6].d, closes: #542924 -- Bdale Garbee Mon, 31 Aug 2009 14:09:32 -0600 sudo (1.7.2-2) unstable; urgency=low * further improve initial sudoers to not include the NOPASSWD option on the group sudo exception, closes: #539136, #198991 -- Bdale Garbee Wed, 29 Jul 2009 16:21:04 +0200 sudo (1.7.2-1) unstable; urgency=low * new upstream version, closes: #537103 * improve initial sudoers by having the exemption for users in group sudo on by default, and including the ability to run any command as any user. This makes the default install roughly equivalent to our old use of the --with-exempt=sudo build option, closes: #536220, #536222 -- Bdale Garbee Wed, 15 Jul 2009 01:29:46 -0600 sudo (1.7.0-1ubuntu3) lucid; urgency=low * debian/{source_sudo.py,rules}: Add apport hook -- Marc Deslauriers Fri, 29 Jan 2010 09:31:00 -0500 sudo (1.7.0-1ubuntu2) karmic; urgency=low * env.c: add logic similar to pam_env's stripping of single and double quotes around /etc/environment env vars; fixes literal quotes in LANG when using sudo -i; LP: #387262. -- Loïc Minier Mon, 22 Jun 2009 18:03:45 +0200 sudo (1.7.0-1ubuntu1) karmic; urgency=low * Merge from debian unstable, remaining changes: - debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu specific) - Add debian/sudo_root.8: Explanation of root handling through sudo. Install it in debian/rules. (Ubuntu specific) - sudo.c: If the user successfully authenticated and he is in the 'admin' group, then create a stamp ~/.sudo_as_admin_successful. Our default bash profile checks for this and displays a short intro about sudo if the flag is not present. (Ubuntu specific) - env.c: Add "http_proxy" to initial_keepenv_table, so that it is kept for "sudo apt-get ...". (Ubuntu specific EBW hack, should disappear at some point) - debian/{rules,postinst,sudo-ldap.postinst}: Disable init script installation. Debian reintroduced it because /var/run tmpfs is not the default there, but has been on Ubuntu for ages. -- Martin Pitt Mon, 11 May 2009 18:07:03 +0200 sudo (1.7.0-1) unstable; urgency=low * new upstream version, closes: #510179, #128268, #520274, #508514 * fix ldap config file path for sudo-ldap package, including creating a symlink in postinst and cleaning it up in postrm for the sudo-ldap package, closes: #430826 * fix NOPASSWD entry location in default config file for the sudo-ldap instance too, closes: #479616 -- Bdale Garbee Sat, 28 Mar 2009 15:15:01 -0600 sudo (1.6.9p17-2) unstable; urgency=high * patch from upstream to fix privilege escalation with certain configurations, CVE-2009-0034 * typo in sudoers man page, closes: #507163 -- Bdale Garbee Tue, 27 Jan 2009 11:49:02 -0700 sudo (1.6.9p17-1) unstable; urgency=low * new upstream version, closes: #481008 * deliver schemas to doc directory in sudo-ldap package, closes: #474331 * re-apply patch from Petter Reinholdtsen to improve init.d apparently lost in move from CVS to git for package management, closes: #475821 * re-instate the init.d for the sudo-ldap package too... /o\ -- Bdale Garbee Sun, 06 Jul 2008 01:16:31 -0600 sudo (1.6.9p15-2) unstable; urgency=low * revert the fix for 388659 such that visudo once again defaults to using /usr/bin/editor. I was always ambivalent about this change, it has caused more confusion and frustration than it cured, and I find Justin's line of reasoning persuasive. Update the man page source to reflect this choice and the related use of --with-env-editor. Closes: #474197. * patch from Petter Reinholdtsen to improve init.d, closes: #475821 -- Bdale Garbee Wed, 16 Apr 2008 00:38:56 -0600 sudo (1.6.9p15-1) unstable; urgency=low * new upstream version, closes: #467126, #473337 * remove pointless postrm scripts, leaving debhelper do its thing if needed, thanks to Justin Pryzby for pointing this out * reinstate the init.d, since bootclean doesn't quite do what we want. This also means we don't need the preinst scripts any more. Update the lintian overrides since postinst is a Perl script lintian apparently isn't parsing well. closes: #330868 -- Bdale Garbee Thu, 03 Apr 2008 14:25:56 -0600 sudo (1.6.9p12-1) unstable; urgency=low * new upstream version, closes: #464890 -- Bdale Garbee Tue, 19 Feb 2008 11:19:54 +0900 sudo (1.6.9p11-3) unstable; urgency=low * patch for configure to fix FTBFS on GNU/kFreeBSD, closes: #465956 -- Bdale Garbee Fri, 15 Feb 2008 10:54:21 -0700 sudo (1.6.9p11-2) unstable; urgency=low * update version compared in preinst when removing obsolete init.d, closes: #459681 * implement pam session config suggestions from Elizabeth Fong, closes: #452457, #402329 -- Bdale Garbee Mon, 04 Feb 2008 21:26:23 -0700 sudo (1.6.9p11-1) unstable; urgency=low * new upstream version -- Bdale Garbee Fri, 11 Jan 2008 01:54:35 -0700 sudo (1.6.9p10-1) unstable; urgency=low * new upstream version * tweak default password prompt as %u doesn't make sense. Accept patch from Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and uses it by default, closes: #454409 * accept patch from Martin Pitt that adds a prerm making it difficult to "accidentally" remove sudo when there is no root password set on the system, closes: #451241 -- Bdale Garbee Fri, 28 Dec 2007 11:44:30 -0700 sudo (1.6.9p9-1) unstable; urgency=low * new upstream version * debian/rules: configure a more informative default password prompt to reduce confusion when using sudo to invoke commands which also ask for passwords, closes: #343268 * auth/pam.c: don't use the PAM prompt if the user explicitly requested a custom prompt, closes: #448628. * fix configure's ability to discover that libc has dirfd, closes: #451324 * make default editor be /usr/bin/vi instead of /usr/bin/editor, so that the command 'visudo' invokes a vi variant by default as documented, closes: #388659 -- Bdale Garbee Mon, 03 Dec 2007 10:26:51 -0700 sudo (1.6.9p6-1) unstable; urgency=low * new upstream version, closes: #442815, #446146, #438699, #435768, #435314 closes: #434832, #434608, #430382 * eliminate the now-redundant init.d scripts, closes: #397090 * fix typo in TROUBLESHOOTING file, closes: #439624 -- Bdale Garbee Wed, 24 Oct 2007 21:13:41 -0600 sudo (1.6.8p12-6) unstable; urgency=low * fix typos in visudo.pod relating to env_editor variable, closes: #418886 * have init.d touch directories in /var/run/sudo, not just files, as a followup to #330868. * fix various typos in sudoers.pod, closes: #419749 * don't let Makefile strip binaries, closes: #438073 -- Bdale Garbee Wed, 05 Sep 2007 11:26:58 +0100 sudo (1.6.8p12-5) unstable; urgency=low * update debian/copyright to reflect new upstream URL, closes: #368746 * add sandwich cartoon URL to the README.Debian * don't remove sudoers on purge. can cause problems when moving between sudo and sudo-ldap. leaving sudoers around on purge seems like the least evil choice for now, closes: #401366 * also preserve XAPPLRESDIR, XFILESEARCHPATH, and XUSERFILESEARCHPATH, closes: #374509 * accept patch that improves debian/rules from Ted Percival, closes: #382122 * no longer build with --with-exempt=sudo, provide an example entry in the default sudoers file instead, closes: #296605 * add --with-devel to configure and augment build dependencies so that flex and yacc files get re-generated on every build, closes: #316249 -- Bdale Garbee Tue, 3 Apr 2007 21:48:45 -0600 sudo (1.6.8p12-4) unstable; urgency=low * patch from Petter Reinholdtsen for the LSB info block in the init.d script, closes: #361055 * deliver sudoers sample again, closes: #361593 -- Bdale Garbee Sat, 15 Apr 2006 01:38:04 -0600 sudo (1.6.8p12-3) unstable; urgency=low * force-feed configure knowledge of nroff's path so we get unformatted man pages installed without build-depending on groff-base, closes: #360894 * add a reference to OPTIONS in the man page, closes: #186226 -- Bdale Garbee Wed, 5 Apr 2006 17:53:13 -0700 sudo (1.6.8p12-2) unstable; urgency=low * fix typos in init scripts, closes: #346325 * update to debhelper compat level 5 * build depend on autotools-dev to ensure config.sub/guess are fresh * accept patch from Martin Schulze developed for 1.6.8p7-1.4 in stable, and use it here as well. Thanks to Martin and the debian-security team. closes: #349196, #349549, #349587, #349729, #349129, #350776, #349085 closes: #315115, #315718, #203874 * Non-maintainer upload by the Security Team * Reworked the former patch to limit environment variables from being passed through, set env_reset as default instead [sudo.c, env.c, sudoers.pod, Bug#342948, CVE-2005-4158] * env_reset is now set by default * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM, DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER (in addition to the SUDO_* variables) * Rebuild sudoers.man.in from the POD file * Added README.Debian * patch from Alexander Zangerl to fix duplicated PATH issue, closes: #354431 * simplify rules file by using more of Makefile, despite having to override default directories with more arguments to configure, closes: #292833 * update sudo man page to reflect use of SECURE_PATH, closes: #228551 * inconsistencies in sudoers man page resolved, closes: #220808, #161012 * patch from Jeroen van Wolffelaar to improve behavior when FQDNs are unresolveable (requires adding bison as build dep), closes: #314949 -- Bdale Garbee Sun, 2 Apr 2006 14:26:20 -0700 sudo (1.6.8p12-1) unstable; urgency=low * new upstream version, closes: #342948 (CVE-2005-4158) * add env_reset to the sudoers file we create if none already exists, as a further precaution in response to discussion about CVS-2005-4158 * split ldap support into a new sudo-ldap package. I was trying to avoid doing this, but the impact of going from 4 to 17 linked shlibs on the autobuilder chroots is sufficient motivation for me. closes: #344034 -- Bdale Garbee Wed, 28 Dec 2005 13:49:10 -0700 sudo (1.6.8p9-4) unstable; urgency=low * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231 * merge patch from Martin Pitt / Ubuntu to be more robust about resetting timestamps in the init.d script, closes: #330868 * add dependency header to init.d script, closes: #332849 -- Bdale Garbee Sat, 10 Dec 2005 07:47:07 -0800 sudo (1.6.8p9-3) unstable; urgency=high * update debhelper compatibility level from 2 to 4 * add man page symlink for sudoedit * Clean SHELLOPTS and PS4 from the environment before executing programs with sudo permissions [env.c, CAN-2005-2959] * fix typo in manpage pointed out by Moray Allen, closes: #285995 * fix paths in sample complex sudoers file, closes: #303542 * fix type in sudoers man page, closes: #311244 -- Bdale Garbee Wed, 28 Sep 2005 01:18:04 -0600 sudo (1.6.8p9-2) unstable; urgency=high * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1, closes: #305735 -- Bdale Garbee Tue, 28 Jun 2005 16:18:47 -0400 sudo (1.6.8p9-1) unstable; urgency=high * new upstream version, fixes a race condition in sudo's pathname validation, which is a security issue (CAN-2005-1993), closes: #315115, #315718 -- Bdale Garbee Tue, 28 Jun 2005 15:33:11 -0400 sudo (1.6.8p7-1) unstable; urgency=low * new upstream version, closes: #299585 * update lintian overrides to squelch the postinst warning * change sudoedit from a hard to a soft link, closes: #296896 * fix regex doc in sudoers man page, closes: #300361 -- Bdale Garbee Sat, 26 Mar 2005 22:18:34 -0700 sudo (1.6.8p5-1) unstable; urgency=high * new upstream version * restores ability to use config tuples without a value, which was causing problems on upgrade closes: #283306 * deliver sudoedit, closes: #283078 * marking urgency high since 283306 is a serious upgrade incompatibility -- Bdale Garbee Fri, 3 Dec 2004 10:11:16 -0700 sudo (1.6.8p3-2) unstable; urgency=high * update pam.d deliverable so ldap works again, closes: #282191 -- Bdale Garbee Mon, 22 Nov 2004 11:44:46 -0700 sudo (1.6.8p3-1) unstable; urgency=high * new upstream version, fixes a flaw in sudo's environment sanitizing that could allow a malicious user with permission to run a shell script that utilized the bash shell to run arbitrary commands, closes: #281665 * patch the sample sudoers to have the proper path for kill on Debian systems, closes: #263486 * patch the sudo manpage to reflect Debian's choice of exempt_group default setting, closes: #236465 * patch the sudo manpage to reflect Debian's choice of no timeout on the password prompt, closes: #271194 -- Bdale Garbee Tue, 16 Nov 2004 23:23:41 -0700 sudo (1.6.7p5-2) unstable; urgency=low * Jeff Bailey reports that seteuid works on current sparc systems, so we no longer need the "grosshack" stuff in the sudo rules file * add a postrm that removes /etc/sudoers on purge. don't do this with the normal conffile mechanism since it would generate noise on every upgrade, closes: #245405 -- Bdale Garbee Tue, 20 Jul 2004 12:29:48 -0400 sudo (1.6.7p5-1) unstable; urgency=low * new upstream version, closes: #190265, #193222, #197244 * change from '.' to ':' in postinst chown call, closes: #208369 -- Bdale Garbee Tue, 2 Sep 2003 21:27:06 -0600 sudo (1.6.7p3-2) unstable; urgency=low * add --disable-setresuid to configure call since 2.2 kernels don't support setresgid, closes: #189044 * cosmetic cleanups to debian/rules as long as I'm there -- Bdale Garbee Tue, 15 Apr 2003 16:04:48 -0600 sudo (1.6.7p3-1) unstable; urgency=low * new upstream version * add overrides to quiet lintian about things it doesn't understand, except the source one that can't be overridden until 129510 is fixed -- Bdale Garbee Mon, 7 Apr 2003 17:34:05 -0600 sudo (1.6.6-3) unstable; urgency=low * add code to rules file to update config.sub/guess, closes: #164501 -- Bdale Garbee Sat, 12 Oct 2002 15:35:22 -0600 sudo (1.6.6-2) unstable; urgency=low * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to configure, and lose the build dependency on mail-transport-agent * incorporate changes from LaMont's NMU, closes: #144665, #144737 * update init.d to not try and set time on nonexistent timestamp files, closes: #132616 * build with --with-all-insults, admin must edit sudoers to turn insults on at runtime if desired, closes: #135374 * stop setting /usr/doc symlink in postinst -- Bdale Garbee Sat, 12 Oct 2002 01:54:24 -0600 sudo (1.6.6-1.1) unstable; urgency=high * NMU - patch from Colin Watson , in bts. * Revert patch to auth/pam.c that left pass uninitialized, causing a segfault (Closes: #144665). -- LaMont Jones Fri, 26 Apr 2002 22:36:04 -0600 sudo (1.6.6-1) unstable; urgency=high * new upstream version, fixes security problem with crafty prompts, closes: #144540 -- Bdale Garbee Thu, 25 Apr 2002 12:45:49 -0600 sudo (1.6.5p1-4) unstable; urgency=high * apply patch for auth/pam.c to fix yet another way to make sudo segfault if ctrl/C'ed at password prompt, closes: #131235 -- Bdale Garbee Sun, 3 Mar 2002 23:18:56 -0700 sudo (1.6.5p1-3) unstable; urgency=high * ugly hack to add --disable-saved-ids when building on sparc in response to 131592, which will be reassigned to glibc for a real fix * urgency high since the sudo currently in testing for sparc is worthless -- Bdale Garbee Sun, 17 Feb 2002 22:42:10 -0700 sudo (1.6.5p1-2) unstable; urgency=high * patch from upstream to fix seg faults caused by versions of pam that follow a NULL pointer, closes: #129512 -- Bdale Garbee Tue, 22 Jan 2002 01:50:13 -0700 sudo (1.6.5p1-1) unstable; urgency=high * new upstream version * add --disable-root-mailer option supported by new version to configure call in rules file, closes: #129648 -- Bdale Garbee Fri, 18 Jan 2002 11:29:37 -0700 sudo (1.6.4p1-1) unstable; urgency=high * new upstream version, with fix for segfaulting problem in 1.6.4 -- Bdale Garbee Mon, 14 Jan 2002 20:09:46 -0700 sudo (1.6.4-1) unstable; urgency=high * new upstream version, includes an important security fix, closes: #127576 -- Bdale Garbee Mon, 14 Jan 2002 09:35:48 -0700 sudo (1.6.3p7-5) unstable; urgency=low * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872 * fix spelling error in init.d, closes: #126847 -- Bdale Garbee Sat, 29 Dec 2001 11:21:43 -0700 sudo (1.6.3p7-4) unstable; urgency=medium * use touch to set status files to an ancient date instead of removing them outright on reboot. this achieves the desired effect of keeping elevated privs from living across reboots, without forcing everyone to see the new-sudo-user lecture after every reboot. pick a time that's 'old enough' for systems with good clocks, and 'recent enough' that broken PC hardware setting the clock to commonly-seen bogus dates trips over the "don't trust future timestamps" rule. closes: #76529, #123559 * apply patch from Steve Langasek to fix seg faults due to interaction with PAM code. upstream confirms the problem, and says they're fixing this differently for their next release... but this should be useful in the meantime, and would be good to get into woody. closes: #119147 * only run the init.d at boot, not on each runlevel change... and don't run it during package configure. closes: #125935 * add DEB_BUILD_OPTIONS support to rules file, closes: #94952 -- Bdale Garbee Wed, 26 Dec 2001 12:40:44 -0700 sudo (1.6.3p7-3) unstable; urgency=low * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718, * fix a typo in the manpage, closes: #97368 * apply patch to configure.in and run autoconf to fix problem building on the hurd, closes: #96325 * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed to not last across reboots, closes: #76529 * clean up lintian-noticed cosmetic packaging issues -- Bdale Garbee Sat, 1 Dec 2001 02:59:52 -0700 sudo (1.6.3p7-2) unstable; urgency=low * update config.sub/guess for hppa support -- Bdale Garbee Sun, 22 Apr 2001 23:23:42 -0600 sudo (1.6.3p7-1) unstable; urgency=low * new upstream version * add build dependency on mail-transport-agent, closes: #90685 -- Bdale Garbee Thu, 12 Apr 2001 17:02:42 -0600 sudo (1.6.3p6-1) unstable; urgency=high * new upstream version, fixes buffer overflow problem, closes: #87259, #87278, #87263 * revert to using --with-secure-path option at build time, since the option available in sudoers is parsed too late to be useful, and upstream says it won't get fixed quickly. This reopens 85123, which I will mark as forwarded. Closes: #86199, #86117, #85676 -- Bdale Garbee Mon, 26 Feb 2001 11:02:51 -0700 sudo (1.6.3p5-2) unstable; urgency=low * lose the dh_suidregister call since it's obsolete * stop using the --with-secure-path option at build time, and instead show how to set it in sudoers. Closes: #85123 * freshen config.sub and config.guess for ia64 and hppa * update sudoers man page to indicate exempt_group is on by default, closes: #70847 -- Bdale Garbee Sat, 10 Feb 2001 02:05:17 -0700 sudo (1.6.3p5-1) unstable; urgency=low * new upstream version, closes: #63940, #59175, #61817, #64652, #65743 * this version restores core dumps before the exec, while leaving them disabled during sudo's internal execution, closes: #58289 * update debhelper calls in rules file -- Bdale Garbee Wed, 16 Aug 2000 00:13:15 -0600 sudo (1.6.2p2-1) frozen unstable; urgency=medium * new upstream source resulting from direct collaboration with the upstream author to fix ugly pam-related problems on Debian in 1.6.1 and later. Closes: #56129, #55978, #55979, #56550, #56772 * include more upstream documentation, closes: #55054 * pam.d fragment update, closes: #56129 -- Bdale Garbee Sun, 27 Feb 2000 11:48:48 -0700 sudo (1.6.1-1) unstable; urgency=low * new upstream source, closes: #52750 -- Bdale Garbee Fri, 7 Jan 2000 21:01:42 -0700 sudo (1.6-2) unstable; urgency=low * drop suidregister support for this package. The sudo executable is essentially worthless unless it is setuid root, and making suidregister work involves shipping a non-setuid executable in the .deb and setting the perms in the postinst. On a long upgrade run, this can leave the sudo executable 'broken' for a long time, which is unacceptable. With this version, we ship the executable setuid root in the .deb. Closes: #51742 -- Bdale Garbee Wed, 1 Dec 1999 19:59:44 -0700 sudo (1.6-1) unstable; urgency=low * new upstream version, many options previously set at compile-time are now configurable at runtime. Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639 * FHS support -- Bdale Garbee Tue, 23 Nov 1999 16:51:22 -0700 sudo (1.5.9p4-1) unstable; urgency=low * new upstream version, closes: #43464 * empty password handling was fixed in 1.5.8, closes: #31863 -- Bdale Garbee Thu, 26 Aug 1999 00:00:57 -0600 sudo (1.5.9p1-1) unstable; urgency=low * new upstream version -- Bdale Garbee Thu, 15 Apr 1999 22:43:29 -0600 sudo (1.5.8p1-1) unstable; urgency=medium * new upstream version, closes 33690 * add dependency on libpam-modules, closes 34215, 33432 -- Bdale Garbee Mon, 8 Mar 1999 10:27:42 -0700 sudo (1.5.7p4-2) unstable; urgency=medium * update the pam fragment provided so that sudo works with latest pam bits, closes 33432 -- Bdale Garbee Sun, 21 Feb 1999 00:22:44 -0700 sudo (1.5.7p4-1) unstable; urgency=low * new upstream release -- Bdale Garbee Sun, 27 Dec 1998 16:13:53 -0700 sudo (1.5.6p5-1) unstable; urgency=low * new upstream patch release * add PAM support, closes 28594 -- Bdale Garbee Mon, 2 Nov 1998 00:00:24 -0700 sudo (1.5.6p2-2) unstable; urgency=low * update copyright file, closes 24136 * review and close forwarded bugs believed fixed in this upstream version, closes 17606, 15786. -- Bdale Garbee Mon, 5 Oct 1998 22:30:43 -0600 sudo (1.5.6p2-1) unstable; urgency=low * new upstream release -- Bdale Garbee Mon, 5 Oct 1998 22:30:43 -0600 sudo (1.5.4-4) frozen unstable; urgency=low * update postinst to use groupadd, closes 21403 * move the suidregister stuff earlier in postinst to ensure it always runs -- Bdale Garbee Sun, 19 Apr 1998 22:07:45 -0600 sudo (1.5.4-3) frozen unstable; urgency=low * change /etc/sudoers from a conffile to being handled in postinst, closes 18219 * add suidmanager support, closes 15711 * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is unlikely to ever fix, and which just don't matter. closes 17146 * fix FSF address in copyright file, and submit exception for lintian warning about sudo being setuid root -- Bdale Garbee Thu, 9 Apr 1998 23:59:11 -0600 sudo (1.5.4-2) unstable; urgency=high * patch from upstream author correcting/improving security fix -- Bdale Garbee Tue, 13 Jan 1998 10:39:35 -0700 sudo (1.5.4-1) unstable; urgency=high * new upstream version, includes a security fix * change default editor from /bin/ae to /usr/bin/editor -- Bdale Garbee Mon, 12 Jan 1998 23:36:41 -0700 sudo (1.5.3-1) unstable; urgency=medium * new upstream version, closes bug 15911. * rules file reworked to use debhelper * implement a really gross hack to force use of the sudo-provided lsearch(), since the one in libc6 is broken! This closes bugs 12552, 12557, 14881, 15259, 15916. -- Bdale Garbee Sat, 3 Jan 1998 20:39:23 -0700 sudo (1.5.2-6) unstable; urgency=LOW * don't install INSTALL in the doc directory, closes bug 13195. -- Bdale Garbee Sun, 21 Sep 1997 17:10:40 -0600 sudo (1.5.2-5) unstable; urgency=LOW * libc6 -- Bdale Garbee Fri, 5 Sep 1997 00:06:22 -0600 sudo (1.5.2-4) unstable; urgency=LOW * change TIMEOUT (how long before you have to type your password again) to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian packages on slower machines much more tolerable. Closes bug 9076. * touch debian/suid before debstd. Closes bug 8709. -- Bdale Garbee Sat, 26 Apr 1997 00:48:01 -0600 sudo (1.5.2-3) frozen unstable; urgency=LOW * patch from upstream maintainer to close Bug 6828 * add a debian/suid file to get debstd to leave my perl postinst alone -- Bdale Garbee Fri, 11 Apr 1997 23:09:55 -0600 sudo (1.5.2-2) frozen unstable; urgency=LOW * change rules to use -O2 -Wall as per standards -- Bdale Garbee Sun, 6 Apr 1997 12:48:53 -0600 sudo (1.5.2-1) unstable; urgency=LOW * new upstream version * cosmetic changes to debian package control files -- Bdale Garbee Wed, 30 Oct 1996 09:50:00 -0700 sudo (1.5-2) unstable; urgency=LOW * add /usr/X11R6/bin to the end of the secure path... this makes it much easier to run xmkmf, etc., during package builds. To the extent that /usr/local/sbin and /usr/local/bin were already included, I see no security reasons not to add this. -- Bdale Garbee Wed, 30 Oct 1996 09:44:58 -0700 sudo (1.5-1) unstable; urgency=LOW * New upstream version * New maintainer * New packaging format -- Bdale Garbee Thu, 29 Aug 1996 11:44:22 +0200 Tue Mar 5 09:36:41 MET 1996 Michael Meskes sudo (1.4.1-1): * hard code SECURE_PATH to: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" * enable ENV_EDITOR * enabled EXEMPTGROUP "sudo" * moved timestamp dir to /var/log/sudo * changed parser to check for long and short filenames (Bug#1162) Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes sudo (1.4.2-1): * New upstream source * Fixed postinst script (thanks to Peter Tobis ) * Removed special shadow binary. This version works with and without shadow password file. Mon May 20 09:35:22 MET DST 1996 Michael Meskes sudo (1.4.2-2): * Corrected editor path to /bin/ae (Bug#3062) * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063) Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes sudo (1.4.3-1): * New upstream version * Changed sudoers permission to 440 (owner root, group root) to make sudo usable via NFS Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes sudo (1.4.3-2): * Applied upstream patch 1 Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes sudo (1.4.3-3): * Applied upstream patch 2 Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes sudo (1.4.3-4): * Applied upstream patch 3 (fixes problems with an NFS-mounted sudoers file) Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes sudo (1.4.3-5): * Corrected postinst to use /usr/bin/perl instead of /bin/perl [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)] Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes sudo (1.4.3-6): * Applied upstream patch 4 (fixes several bugs) * Changed priority to optional Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes sudo (1.4.3-7): * Corrected postinst to create correct permission for /etc/sudoers (Bug#3749) Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes sudo (1.4.4-1): * New upstream version sudo (1.4.4-2) admin; urgency=HIGH * Fixed major security bug reported by Peter Tobias * Added dchanges support to debian.rules sudo (1.4.5-1) admin; urgency=LOW * New upstream version * Minor changes to debian.rules debian/sudo-ldap.docs0000664000000000000000000000017512274340015011733 0ustar debian/OPTIONS doc/UPGRADE doc/HISTORY doc/TROUBLESHOOTING doc/schema.* plugins/sudoers/sudoers2ldif README README.LDAP debian/sudo.preinst0000664000000000000000000000115212274340015011545 0ustar #!/bin/sh -e case "$1" in install|upgrade) if dpkg --compare-versions "$2" le "1.7.4p4-4"; then SUDOERS="/etc/sudoers" if [ -e "$SUDOERS" ]; then md5sum="$(md5sum $SUDOERS | sed -e 's/ .*//')" if [ "$md5sum" = "c310ef4892a00cca8134f6e4fcd64b6d" ] || #lenny [ "$md5sum" = "c5dab0f2771411ed7e67d6dab60a311f" ] || #squeeze [ "$md5sum" = "45437b4e86fba2ab890ac81db2ec3606" ]; then #wheezy # move unchanged sudoers file to avoid conffile question mv "$SUDOERS" "$SUDOERS.pre-conffile" fi fi fi ;; esac #DEBHELPER# debian/sudo.docs0000664000000000000000000000010612274340015011007 0ustar debian/OPTIONS doc/UPGRADE doc/HISTORY doc/TROUBLESHOOTING README debian/sudo-ldap.manpages0000664000000000000000000000016112274340015012571 0ustar build-ldap/doc/sudo.mdoc build-ldap/doc/sudoers.mdoc build-ldap/doc/sudoers.ldap.mdoc build-ldap/doc/visudo.mdoc debian/rules0000775000000000000000000001307212276216631010261 0ustar #!/usr/bin/make -f export DH_VERBOSE=1 CFLAGS = `dpkg-buildflags --get CFLAGS` CFLAGS += -Wall -Wno-comment LDFLAGS = `dpkg-buildflags --get LDFLAGS` CPPFLAGS = `dpkg-buildflags --get CPPFLAGS` DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) DEB_HOST_ARCH_OS ?= $(shell dpkg-architecture -qDEB_HOST_ARCH_OS) ifeq ($(DEB_HOST_ARCH_OS),linux) configure_args += --with-selinux endif reconf-stamp: dh_testdir dh_autoreconf touch $@ configure: configure-stamp configure-stamp: reconf-stamp dh_testdir cp -f /usr/share/misc/config.sub config.sub cp -f /usr/share/misc/config.guess config.guess # simple version mkdir -p build-simple cd build-simple && NROFFPROG=/usr/bin/nroff CFLAGS="$(CFLAGS)" \ CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" $(CURDIR)/configure \ --prefix=/usr -v \ --with-all-insults \ --with-pam \ --with-fqdn \ --with-logging=syslog \ --with-logfac=authpriv \ --with-env-editor \ --with-editor=/usr/bin/editor \ --with-timeout=15 \ --with-password-timeout=0 \ --with-passprompt="[sudo] password for %p: " \ --without-lecture --with-tty-tickets \ --disable-root-mailer \ --enable-admin-flag \ --with-sendmail=/usr/sbin/sendmail \ --with-timedir=/var/lib/sudo \ --mandir=/usr/share/man \ --libexecdir=/usr/lib/sudo \ --with-sssd --with-sssd-lib=/usr/lib/$(DEB_HOST_MULTIARCH) \ $(configure_args) # LDAP version mkdir -p build-ldap cd build-ldap && NROFFPROG=/usr/bin/nroff CFLAGS="$(CFLAGS)" \ CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" $(CURDIR)/configure \ --prefix=/usr -v \ --with-all-insults \ --with-pam \ --with-ldap \ --with-fqdn \ --with-logging=syslog \ --with-logfac=authpriv \ --with-env-editor \ --with-editor=/usr/bin/editor \ --with-timeout=15 \ --with-password-timeout=0 \ --with-passprompt="[sudo] password for %p: " \ --without-lecture --with-tty-tickets \ --disable-root-mailer \ --enable-admin-flag \ --disable-setresuid \ --with-sendmail=/usr/sbin/sendmail \ --with-ldap-conf-file=/etc/sudo-ldap.conf \ --mandir=/usr/share/man \ --libexecdir=/usr/lib/sudo \ --with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin" touch configure-stamp build: build-arch build-indep build-arch: build-stamp build-indep: build-stamp build-stamp: configure-stamp dh_testdir # ensure our pod changes get picked up $(MAKE) -C doc sudoers.man.in sudo.man.in visudo.man.in $(MAKE) -C build-simple $(MAKE) -C build-ldap $(MAKE) -C build-simple check touch build-stamp clean: dh_testdir dh_testroot rm -f configure-stamp build-stamp rm -rf build-simple build-ldap rm -f config.cache dh_autoreconf_clean dh_clean install: build-stamp dh_testdir dh_testroot dh_prep dh_installdirs $(MAKE) -C build-simple install DESTDIR=$(CURDIR)/debian/sudo $(MAKE) -C build-ldap install DESTDIR=$(CURDIR)/debian/sudo-ldap # remove stuff we don't want rm -f debian/sudo*/etc/sudoers \ debian/sudo*/usr/share/doc/sudo/LICENSE* \ debian/sudo*/usr/share/doc/sudo/ChangeLog # move upstream-installed docs to the right place for ldap package mv debian/sudo-ldap/usr/share/doc/sudo/* \ debian/sudo-ldap/usr/share/doc/sudo-ldap/ rmdir debian/sudo-ldap/usr/share/doc/sudo # move sample files to the examples folder mv debian/sudo/usr/share/doc/sudo/sample.* \ debian/sudo/usr/share/doc/sudo/examples/ mv debian/sudo-ldap/usr/share/doc/sudo-ldap/sample.* \ debian/sudo-ldap/usr/share/doc/sudo-ldap/examples/ # and install things we do want that make install doesn't know about install -o root -g root -m 0644 debian/sudo.pam \ debian/sudo/etc/pam.d/sudo install -o root -g root -m 0644 debian/sudo.pam \ debian/sudo-ldap/etc/pam.d/sudo install -o root -g root -m 0644 debian/sudo.lintian \ debian/sudo/usr/share/lintian/overrides/sudo install -o root -g root -m 0644 debian/sudo-ldap.lintian \ debian/sudo-ldap/usr/share/lintian/overrides/sudo-ldap install -o root -g root -m 0644 debian/sudo_root.8 \ debian/sudo/usr/share/man/man8/sudo_root.8 install -o root -g root -m 0644 debian/sudo_root.8 \ debian/sudo-ldap/usr/share/man/man8/sudo_root.8 install -o root -g root -m 0644 $(CURDIR)/debian/source_sudo.py \ debian/sudo/usr/share/apport/package-hooks/source_sudo.py install -o root -g root -m 0644 $(CURDIR)/debian/source_sudo.py \ debian/sudo-ldap/usr/share/apport/package-hooks/source_sudo.py install -o root -g root -m 0440 debian/sudoers \ debian/sudo/etc/sudoers install -o root -g root -m 0440 debian/sudoers \ debian/sudo-ldap/etc/sudoers install -o root -g root -m 0440 debian/README \ debian/sudo/etc/sudoers.d/README install -o root -g root -m 0440 debian/README \ debian/sudo-ldap/etc/sudoers.d/README install -o root -g root -m 0644 debian/sudo.service \ debian/sudo/lib/systemd/system/sudo.service install -o root -g root -m 0644 debian/sudo.service \ debian/sudo-ldap/lib/systemd/system/sudo.service binary-indep: build install binary-arch: build install dh_testdir dh_testroot dh_installdocs -A dh_installinit -psudo --name=sudo dh_installinit -psudo-ldap --name=sudo-ldap dh_installman -A dh_installinfo -A dh_installchangelogs ChangeLog dh_strip dh_compress dh_fixperms chown root.root debian/sudo/usr/bin/sudo debian/sudo-ldap/usr/bin/sudo chmod 4755 debian/sudo/usr/bin/sudo debian/sudo-ldap/usr/bin/sudo chmod 0440 debian/sudo/etc/sudoers.d/README \ debian/sudo-ldap/etc/sudoers.d/README dh_installdeb dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb binary: binary-indep binary-arch .PHONY: configure build-indep build-arch build clean binary-indep binary-arch binary install debian/sudo.manpages0000664000000000000000000000012612274340015011654 0ustar build-simple/doc/sudo.mdoc build-simple/doc/sudoers.mdoc build-simple/doc/visudo.mdoc debian/sudo_root.80000664000000000000000000000707212231563732011310 0ustar .TH sudo_root 8 "February 8, 2006" .SH NAME sudo_root \- How to run administrative commands .SH SYNOPSIS .B sudo .I command .B sudo \-i .SH INTRODUCTION By default, the password for the user "root" (the system administrator) is locked. This means you cannot login as root or use su. Instead, the installer will set up sudo to allow the user that is created during install to run all administrative commands. This means that in the terminal you can use sudo for commands that require root privileges. All programs in the menu will use a graphical sudo to prompt for a password. When sudo asks for a password, it needs .B your password, this means that a root password is not needed. To run a command which requires root privileges in a terminal, simply prepend .B sudo in front of it. To get an interactive root shell, use .B sudo \-i\fR. .SH ALLOWING OTHER USERS TO RUN SUDO By default, only the user who installed the system is permitted to run sudo. To add more administrators, i. e. users who can run sudo, you have to add these users to the group 'admin' by doing one of the following steps: .IP * 2 In a shell, do .RS 4 .B sudo adduser .I username .B admin .RE .IP * 2 Use the graphical "Users & Groups" program in the "System settings" menu to add the new user to the .B admin group. .SH BENEFITS OF USING SUDO The benefits of leaving root disabled by default include the following: .IP * 2 Users do not have to remember an extra password, which they are likely to forget. .IP * 2 The installer is able to ask fewer questions. .IP * 2 It avoids the "I can do anything" interactive login by default \- you will be prompted for a password before major changes can happen, which should make you think about the consequences of what you are doing. .IP * 2 Sudo adds a log entry of the command(s) run (in \fB/var/log/auth.log\fR). .IP * 2 Every attacker trying to brute\-force their way into your box will know it has an account named root and will try that first. What they do not know is what the usernames of your other users are. .IP * 2 Allows easy transfer for admin rights, in a short term or long term period, by adding and removing users from the admin group, while not compromising the root account. .IP * 2 sudo can be set up with a much more fine\-grained security policy. .IP * 2 On systems with more than one administrator using sudo avoids sharing a password amongst them. .SH DOWNSIDES OF USING SUDO Although for desktops the benefits of using sudo are great, there are possible issues which need to be noted: .IP * 2 Redirecting the output of commands run with sudo can be confusing at first. For instance consider .RS 4 .B sudo ls > /root/somefile .RE .RS 2 will not work since it is the shell that tries to write to that file. You can use .RE .RS 4 .B ls | sudo tee /root/somefile .RE .RS 2 to get the behaviour you want. .RE .IP * 2 In a lot of office environments the ONLY local user on a system is root. All other users are imported using NSS techniques such as nss\-ldap. To setup a workstation, or fix it, in the case of a network failure where nss\-ldap is broken, root is required. This tends to leave the system unusable. An extra local user, or an enabled root password is needed here. .SH GOING BACK TO A TRADITIONAL ROOT ACCOUNT .B This is not recommended! To enable the root account (i.e. set a password) use: .RS 4 .B sudo passwd root .RE Afterwards, edit the sudo configuration with .B sudo visudo and comment out the line .RS 4 %admin ALL=(ALL) ALL .RE to disable sudo access to members of the admin group. .SH SEE ALSO .BR sudo (8), .B https://wiki.ubuntu.com/RootSudo debian/sudo.postrm0000664000000000000000000000050212274340015011403 0ustar #!/bin/sh -e case "$1" in purge) rm -rf /var/lib/sudo ;; remove|upgrade|deconfigure) ;; abort-upgrade|failed-upgrade) if [ -e "/etc/sudoers.pre-conffile" ]; then mv /etc/sudoers.pre-conffile /etc/sudoers fi ;; *) echo "unknown argument --> $1" >&2 exit 0 ;; esac #DEBHELPER# debian/sudo-ldap.preinst0000664000000000000000000000115212274340015012463 0ustar #!/bin/sh -e case "$1" in install|upgrade) if dpkg --compare-versions "$2" le "1.7.4p4-4"; then SUDOERS="/etc/sudoers" if [ -e "$SUDOERS" ]; then md5sum="$(md5sum $SUDOERS | sed -e 's/ .*//')" if [ "$md5sum" = "c310ef4892a00cca8134f6e4fcd64b6d" ] || #lenny [ "$md5sum" = "c5dab0f2771411ed7e67d6dab60a311f" ] || #squeeze [ "$md5sum" = "45437b4e86fba2ab890ac81db2ec3606" ]; then #wheezy # move unchanged sudoers file to avoid conffile question mv "$SUDOERS" "$SUDOERS.pre-conffile" fi fi fi ;; esac #DEBHELPER# debian/sudo.dirs0000664000000000000000000000027112274340015011023 0ustar etc/pam.d etc/sudoers.d lib/systemd/system usr/bin usr/share/man/man8 usr/share/man/man5 usr/sbin usr/share/doc/sudo/examples usr/share/lintian/overrides usr/share/apport/package-hooks debian/sudo.sudo.init0000664000000000000000000000133312274340015011776 0ustar #! /bin/sh ### BEGIN INIT INFO # Provides: sudo # Required-Start: $local_fs $remote_fs # Required-Stop: # X-Start-Before: rmnologin # Default-Start: 2 3 4 5 # Default-Stop: # Short-Description: Provide limited super user privileges to specific users # Description: Provide limited super user privileges to specific users. ### END INIT INFO . /lib/lsb/init-functions N=/etc/init.d/sudo set -e case "$1" in start) # make sure privileges don't persist across reboots if [ -d /var/lib/sudo ] then find /var/lib/sudo -exec touch -d @0 '{}' \; fi ;; stop|reload|restart|force-reload|status) ;; *) echo "Usage: $N {start|stop|restart|force-reload|status}" >&2 exit 1 ;; esac exit 0 debian/sudo-ldap.sudo-ldap.init0000664000000000000000000000134512274340015013635 0ustar #! /bin/sh ### BEGIN INIT INFO # Provides: sudo-ldap # Required-Start: $local_fs $remote_fs # Required-Stop: # X-Start-Before: rmnologin # Default-Start: 2 3 4 5 # Default-Stop: # Short-Description: Provide limited super user privileges to specific users # Description: Provide limited super user privileges to specific users. ### END INIT INFO . /lib/lsb/init-functions N=/etc/init.d/sudo-ldap set -e case "$1" in start) # make sure privileges don't persist across reboots if [ -d /var/lib/sudo ] then find /var/lib/sudo -exec touch -d @0 '{}' \; fi ;; stop|reload|restart|force-reload|status) ;; *) echo "Usage: $N {start|stop|restart|force-reload|status}" >&2 exit 1 ;; esac exit 0 debian/OPTIONS0000664000000000000000000000271712274340015010253 0ustar The following options were used to configure sudo for Debian GNU/Linux. --with-all-insults Include all the insults in the binary, won't be enabled unless turned on in the sudoers file. --with-devel Force flex and bison runs on each build. --with-pam Support for pluggable authentication modules. --with-fqdn Allow use of fully qualified domain names in the sudoers file. --with-logging=syslog --with-logfac=authpriv Where logging information goes. --with-env-editor --with-editor=/usr/bin/editor Honor the EDITOR and VISUAL environment variables. If they are not present, default to the preferred systemwide default editor. --with-timeout=15 --with-password-timeout=0 --with-passprompt="[sudo] password for %p: " Allow 15 minutes before a user has to re-type their passord, versus the sudo usual default of 5. Never time out while waiting for a password to be typed, this is important to Debian package developers using 'dpkg-buildpackage -rsudo'. Make it clear which password is requested. --disable-root-mailer Send mail as the invoking user, not as root. --with-sendmail=/usr/sbin/sendmail Use Debian policy to know the location of sendmail instead of trying to detect it at build time. --with-timedir=/var/lib/sudo --mandir=/usr/share/man --libexecdir=/usr/lib/sudo Comply with Debian policy on suitable paths. --with-ldap Support for LDAP authentication, in the sudo-ldap package version only. debian/sudo.pam0000664000000000000000000000035712274340015010644 0ustar #%PAM-1.0 auth required pam_env.so readenv=1 user_readenv=0 auth required pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0 @include common-auth @include common-account @include common-session-noninteractive debian/source/0000775000000000000000000000000012274340020010462 5ustar debian/source/format0000664000000000000000000000001412274340015011674 0ustar 3.0 (quilt) debian/sudo.lintian0000664000000000000000000000045612274340015011525 0ustar sudo: non-standard-file-perm etc/sudoers.d/README 0440 != 0644 sudo: setuid-binary usr/bin/sudo 4755 root/root sudo: setuid-binary usr/bin/sudoedit 4755 root/root sudo: read-in-maintainer-script sudo: duplicate-updaterc.d-calls-in-postinst sudo: hardening-no-stackprotector usr/lib/sudo/sudo_noexec.so