mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-22 18:08:23 +00:00
Code Issues Releases Wiki Activity

Substitute in default value for secure_path

Browse Source
This commit is contained in:
Todd C. Miller 2009-09-25 01:11:49 +00:00
parent d8422c4fff
commit 104a402b6a
4 changed files with 31 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
configure vendored
View File

@ -869,6 +869,7 @@ ldap_conf
ldap_secret ldap_secret
nsswitch_conf nsswitch_conf
netsvc_conf netsvc_conf
secure_path
EGREPPROG EGREPPROG
CC CC
ac_ct_CC ac_ct_CC
@ -2120,6 +2121,7 @@ echo "$as_me: Configuring Sudo version $PACKAGE_VERSION" >&6;}
timeout=5 timeout=5
@ -2147,6 +2149,7 @@ tty_tickets=off
insults=off insults=off
root_sudo=on root_sudo=on
path_info=on path_info=on
secure_path="not set"
INSTALL_NOEXEC= INSTALL_NOEXEC=
devdir='$(srcdir)' devdir='$(srcdir)'
PROGS="sudo visudo sudoreplay" PROGS="sudo visudo sudoreplay"
@ -3695,12 +3698,14 @@ echo $ECHO_N "checking whether to override the user's path... $ECHO_C" >&6; }
# Check whether --with-secure-path was given. # Check whether --with-secure-path was given.
if test "${with_secure_path+set}" = set; then if test "${with_secure_path+set}" = set; then
withval=$with_secure_path; case $with_secure_path in withval=$with_secure_path; case $with_secure_path in
yes) cat >>confdefs.h <<_ACEOF yes) with_secure_path="/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc"
#define SECURE_PATH "/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc" cat >>confdefs.h <<_ACEOF
#define SECURE_PATH "$with_secure_path"
_ACEOF _ACEOF
{ echo "$as_me:$LINENO: result: :/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc" >&5 { echo "$as_me:$LINENO: result: $with_secure_path" >&5
echo "${ECHO_T}:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc" >&6; } echo "${ECHO_T}$with_secure_path" >&6; }
secure_path="set to $with_secure_path"
;; ;;
no) { echo "$as_me:$LINENO: result: no" >&5 no) { echo "$as_me:$LINENO: result: no" >&5
echo "${ECHO_T}no" >&6; } echo "${ECHO_T}no" >&6; }
@ -3711,6 +3716,7 @@ _ACEOF
{ echo "$as_me:$LINENO: result: $with_secure_path" >&5 { echo "$as_me:$LINENO: result: $with_secure_path" >&5
echo "${ECHO_T}$with_secure_path" >&6; } echo "${ECHO_T}$with_secure_path" >&6; }
secure_path="set to F<$with_secure_path>"
;; ;;
esac esac
else else
@ -6262,7 +6268,7 @@ ia64-*-hpux*)
;; ;;
*-*-irix6*) *-*-irix6*)
# Find out which ABI we are using. # Find out which ABI we are using.
echo '#line 6265 "configure"' > conftest.$ac_ext echo '#line 6271 "configure"' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5 (eval $ac_compile) 2>&5
ac_status=$? ac_status=$?
@ -8126,11 +8132,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'` -e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:8129: $lt_compile\"" >&5) (eval echo "\"\$as_me:8135: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err) (eval "$lt_compile" 2>conftest.err)
ac_status=$? ac_status=$?
cat conftest.err >&5 cat conftest.err >&5
echo "$as_me:8133: \$? = $ac_status" >&5 echo "$as_me:8139: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized # The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output. # So say no if there are warnings other than the usual output.
@ -8416,11 +8422,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'` -e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:8419: $lt_compile\"" >&5) (eval echo "\"\$as_me:8425: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err) (eval "$lt_compile" 2>conftest.err)
ac_status=$? ac_status=$?
cat conftest.err >&5 cat conftest.err >&5
echo "$as_me:8423: \$? = $ac_status" >&5 echo "$as_me:8429: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized # The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output. # So say no if there are warnings other than the usual output.
@ -8520,11 +8526,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'` -e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:8523: $lt_compile\"" >&5) (eval echo "\"\$as_me:8529: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err) (eval "$lt_compile" 2>out/conftest.err)
ac_status=$? ac_status=$?
cat out/conftest.err >&5 cat out/conftest.err >&5
echo "$as_me:8527: \$? = $ac_status" >&5 echo "$as_me:8533: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext if (exit $ac_status) && test -s out/conftest2.$ac_objext
then then
# The compiler can only warn and ignore the option if not recognized # The compiler can only warn and ignore the option if not recognized
@ -10880,7 +10886,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF cat > conftest.$ac_ext <<EOF
#line 10883 "configure" #line 10889 "configure"
#include "confdefs.h" #include "confdefs.h"
#if HAVE_DLFCN_H #if HAVE_DLFCN_H
@ -10980,7 +10986,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF cat > conftest.$ac_ext <<EOF
#line 10983 "configure" #line 10989 "configure"
#include "confdefs.h" #include "confdefs.h"
#if HAVE_DLFCN_H #if HAVE_DLFCN_H
@ -25989,6 +25995,7 @@ ldap_conf!$ldap_conf$ac_delim
ldap_secret!$ldap_secret$ac_delim ldap_secret!$ldap_secret$ac_delim
nsswitch_conf!$nsswitch_conf$ac_delim nsswitch_conf!$nsswitch_conf$ac_delim
netsvc_conf!$netsvc_conf$ac_delim netsvc_conf!$netsvc_conf$ac_delim
secure_path!$secure_path$ac_delim
EGREPPROG!$EGREPPROG$ac_delim EGREPPROG!$EGREPPROG$ac_delim
CC!$CC$ac_delim CC!$CC$ac_delim
ac_ct_CC!$ac_ct_CC$ac_delim ac_ct_CC!$ac_ct_CC$ac_delim
@ -26024,7 +26031,7 @@ KRB5CONFIG!$KRB5CONFIG$ac_delim
LTLIBOBJS!$LTLIBOBJS$ac_delim LTLIBOBJS!$LTLIBOBJS$ac_delim
_ACEOF _ACEOF
if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 41; then if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 42; then
break break
elif $ac_last_try; then elif $ac_last_try; then
{ { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5

9
configure.in
View File

@ -85,6 +85,7 @@ AC_SUBST(ldap_conf)
AC_SUBST(ldap_secret) AC_SUBST(ldap_secret)
AC_SUBST(nsswitch_conf) AC_SUBST(nsswitch_conf)
AC_SUBST(netsvc_conf) AC_SUBST(netsvc_conf)
AC_SUBST(secure_path)
dnl dnl
dnl Initial values for above dnl Initial values for above
dnl dnl
@ -113,6 +114,7 @@ tty_tickets=off
insults=off insults=off
root_sudo=on root_sudo=on
path_info=on path_info=on
secure_path="not set"
INSTALL_NOEXEC= INSTALL_NOEXEC=
devdir='$(srcdir)' devdir='$(srcdir)'
dnl dnl
@ -988,13 +990,16 @@ fi
AC_MSG_CHECKING(whether to override the user's path) AC_MSG_CHECKING(whether to override the user's path)
AC_ARG_WITH(secure-path, [AS_HELP_STRING([--with-secure-path], [override the user's path with a built-in one])], AC_ARG_WITH(secure-path, [AS_HELP_STRING([--with-secure-path], [override the user's path with a built-in one])],
[case $with_secure_path in [case $with_secure_path in
yes) AC_DEFINE_UNQUOTED(SECURE_PATH, "/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc") yes) with_secure_path="/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc"
AC_MSG_RESULT([:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc]) AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path")
AC_MSG_RESULT([$with_secure_path])
secure_path="set to $with_secure_path"
;; ;;
no) AC_MSG_RESULT(no) no) AC_MSG_RESULT(no)
;; ;;
*) AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path") *) AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path")
AC_MSG_RESULT([$with_secure_path]) AC_MSG_RESULT([$with_secure_path])
secure_path="set to F<$with_secure_path>"
;; ;;
esac], AC_MSG_RESULT(no)) esac], AC_MSG_RESULT(no))

2
sudoers.man.pl
View File

@ -16,6 +16,8 @@ if (/^\./) {
# Fix up broken pod2man formatting of F<@foo@/bar> # Fix up broken pod2man formatting of F<@foo@/bar>
s/\\fI\\f(\(C)?I\@([^\@]*)\\fI\@/\\fI\@$2\@/g; s/\\fI\\f(\(C)?I\@([^\@]*)\\fI\@/\\fI\@$2\@/g;
s/\\f\(\CW\@([^\@]*)\\fR\@/\@$1\@/g;
#\f(CW@secure_path\fR@
# Comment out Compile-time-specific lines in DESCRIPTION # Comment out Compile-time-specific lines in DESCRIPTION
if ($t) { if ($t) {

2
sudoers.pod
View File

@ -1191,7 +1191,7 @@ people running B<sudo> to have a sane C<PATH> environment variable you may
want to use this. Another use is if you want to have the "root path" want to use this. Another use is if you want to have the "root path"
be separate from the "user path." Users in the group specified by the be separate from the "user path." Users in the group specified by the
I<exempt_group> option are not affected by I<secure_path>. I<exempt_group> option are not affected by I<secure_path>.
This is not set by default. This option is @secure_path@ by default.
=item syslog =item syslog