mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-22 01:49:11 +00:00
Code Issues Releases Wiki Activity

Improve the description of secure_path.

Browse Source
This commit is contained in:
Todd C. Miller 2024-06-11 08:16:23 -06:00
parent e0e24456bc
commit 06799eddf9
2 changed files with 47 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
docs/sudoers.man.in
View File

@ -25,7 +25,7 @@
.nr BA @BAMAN@ .nr BA @BAMAN@
.nr LC @LCMAN@ .nr LC @LCMAN@
.nr PS @PSMAN@ .nr PS @PSMAN@
.TH "SUDOERS" "@mansectform@" "April 17, 2024" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .TH "SUDOERS" "@mansectform@" "June 11, 2024" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh .nh
.if n .ad l .if n .ad l
.SH "NAME" .SH "NAME"
@ -5648,17 +5648,37 @@ If set,
will use this value in place of the user's will use this value in place of the user's
\fRPATH\fR \fRPATH\fR
environment variable. environment variable.
This option can be used to reset the There are two basic use cases for
\fRPATH\fR \fIsecure_path\fR:
to a known good value that contains directories for system administrator .PP
commands such as .RS 14n
.PD 0
.TP 3n
1.\&
To make it possible for
\fBsudo\fR
to find system administrator commands located in directories that
may not be in the default user path, such as
\fI/usr/sbin\fR. \fI/usr/sbin\fR.
.sp .PD
.TP 3n
2.\&
To help protect scripts and programs that execute other commands without
first setting
\fRPATH\fR
to a safe value.
Otherwise, a user with limited privileges may be able to run arbitrary
commands by manipulating the
\fRPATH\fR
if the command being run executes other commands without using a
fully-qualified path name.
.PP
Users in the group specified by the Users in the group specified by the
\fIexempt_group\fR \fIexempt_group\fR
option are not affected by option are not affected by
\fIsecure_path\fR. \fIsecure_path\fR.
This option is @secure_path@ by default. This option is @secure_path_set@ by default.
.RE
.TP 14n .TP 14n
syslog syslog
Syslog facility if syslog is being used for logging (negate to Syslog facility if syslog is being used for logging (negate to

25
docs/sudoers.mdoc.in
View File

@ -25,7 +25,7 @@
.nr BA @BAMAN@ .nr BA @BAMAN@
.nr LC @LCMAN@ .nr LC @LCMAN@
.nr PS @PSMAN@ .nr PS @PSMAN@
.Dd April 17, 2024 .Dd June 11, 2024
.Dt SUDOERS @mansectform@ .Dt SUDOERS @mansectform@
.Os Sudo @PACKAGE_VERSION@ .Os Sudo @PACKAGE_VERSION@
.Sh NAME .Sh NAME
@ -5295,11 +5295,26 @@ If set,
will use this value in place of the user's will use this value in place of the user's
.Ev PATH .Ev PATH
environment variable. environment variable.
This option can be used to reset the There are two basic use cases for
.Ev PATH .Em secure_path :
to a known good value that contains directories for system administrator .Bl -enum -width 1n
commands such as .It
To make it possible for
.Nm sudo
to find system administrator commands located in directories that
may not be in the default user path, such as
.Pa /usr/sbin . .Pa /usr/sbin .
.It
To help protect scripts and programs that execute other commands without
first setting
.Ev PATH
to a safe value.
Otherwise, a user with limited privileges may be able to run arbitrary
commands by manipulating the
.Ev PATH
if the command being run executes other commands without using a
fully-qualified path name.
.El
.Pp .Pp
Users in the group specified by the Users in the group specified by the
.Em exempt_group .Em exempt_group