mirror of
https://github.com/sudo-project/sudo.git
synced 2025-08-22 01:49:11 +00:00
Sudo now stores its libexec files in a "sudo" subdirectory instead
of in libexec itself. For backwards compatibility, if the plugin is not found in the default plugin directory, sudo will check the parent directory default directory ends in "/sudo".
This commit is contained in:
Todd C. Miller
parent
becc5fca7c
commit
6b09c76a20
25
configure
vendored
25
configure
vendored
@ -2960,10 +2960,10 @@ path_info=on
|
||||
ldap_conf=/etc/ldap.conf
|
||||
ldap_secret=/etc/ldap.secret
|
||||
netsvc_conf=/etc/netsvc.conf
|
||||
noexec_file=/usr/local/libexec/sudo_noexec.so
|
||||
noexec_file=/usr/local/libexec/sudo/sudo_noexec.so
|
||||
nsswitch_conf=/etc/nsswitch.conf
|
||||
secure_path="not set"
|
||||
PLUGINDIR=/usr/local/libexec
|
||||
PLUGINDIR=/usr/local/libexec/sudo
|
||||
#
|
||||
# End initial values for man page substitution
|
||||
#
|
||||
@ -3011,6 +3011,19 @@ RTLD_PRELOAD_DEFAULT=
|
||||
|
||||
|
||||
|
||||
#
|
||||
# Prior to sudo 1.8.7, sudo stored libexec files in $libexecdir.
|
||||
# Starting with sudo 1.8.7, $libexecdir/sudo is used so strip
|
||||
# off an extraneous "/sudo" from libexecdir.
|
||||
#
|
||||
case "$libexecdir" in
|
||||
*/sudo)
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: libexecdir should not include the \"sudo\" subdirectory" >&5
|
||||
$as_echo "$as_me: WARNING: libexecdir should not include the \"sudo\" subdirectory" >&2;}
|
||||
libexecdir=`expr "$libexecdir" : '\\(.*\\)/sudo$'`
|
||||
;;
|
||||
esac
|
||||
|
||||
|
||||
|
||||
# Check whether --with-otp-only was given.
|
||||
@ -5258,7 +5271,7 @@ if test "${with_plugindir+set}" = set; then :
|
||||
*) ;;
|
||||
esac
|
||||
else
|
||||
with_plugindir="$libexecdir"
|
||||
with_plugindir="$libexecdir/sudo"
|
||||
fi
|
||||
|
||||
|
||||
@ -13659,13 +13672,13 @@ $as_echo_n "checking path to sudo_noexec.so... " >&6; }
|
||||
# Check whether --with-noexec was given.
|
||||
if test "${with_noexec+set}" = set; then :
|
||||
withval=$with_noexec; case $with_noexec in
|
||||
yes) with_noexec="$libexecdir/sudo_noexec$_shrext"
|
||||
yes) with_noexec="$libexecdir/sudo/sudo_noexec$_shrext"
|
||||
;;
|
||||
no) ;;
|
||||
*) ;;
|
||||
esac
|
||||
else
|
||||
with_noexec="$libexecdir/sudo_noexec$_shrext"
|
||||
with_noexec="$libexecdir/sudo/sudo_noexec$_shrext"
|
||||
fi
|
||||
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_noexec" >&5
|
||||
@ -21150,7 +21163,7 @@ EOF
|
||||
|
||||
fi
|
||||
if test X"$with_selinux" != X"no"; then
|
||||
sesh_file="$libexecdir/sesh"
|
||||
sesh_file="$libexecdir/sudo/sesh"
|
||||
_sesh_file=
|
||||
while test X"$sesh_file" != X"$_sesh_file"; do
|
||||
_sesh_file="$sesh_file"
|
||||
|
||||
24
configure.in
24
configure.in
@ -157,10 +157,10 @@ path_info=on
|
||||
ldap_conf=/etc/ldap.conf
|
||||
ldap_secret=/etc/ldap.secret
|
||||
netsvc_conf=/etc/netsvc.conf
|
||||
noexec_file=/usr/local/libexec/sudo_noexec.so
|
||||
noexec_file=/usr/local/libexec/sudo/sudo_noexec.so
|
||||
nsswitch_conf=/etc/nsswitch.conf
|
||||
secure_path="not set"
|
||||
PLUGINDIR=/usr/local/libexec
|
||||
PLUGINDIR=/usr/local/libexec/sudo
|
||||
#
|
||||
# End initial values for man page substitution
|
||||
#
|
||||
@ -221,6 +221,18 @@ dnl libc replacement functions live in compat
|
||||
dnl
|
||||
AC_CONFIG_LIBOBJ_DIR(compat)
|
||||
|
||||
#
|
||||
# Prior to sudo 1.8.7, sudo stored libexec files in $libexecdir.
|
||||
# Starting with sudo 1.8.7, $libexecdir/sudo is used so strip
|
||||
# off an extraneous "/sudo" from libexecdir.
|
||||
#
|
||||
case "$libexecdir" in
|
||||
*/sudo)
|
||||
AC_MSG_WARN([libexecdir should not include the "sudo" subdirectory])
|
||||
libexecdir=`expr "$libexecdir" : '\\(.*\\)/sudo$'`
|
||||
;;
|
||||
esac
|
||||
|
||||
dnl
|
||||
dnl Deprecated --with options (these all warn or generate an error)
|
||||
dnl
|
||||
@ -1138,7 +1150,7 @@ AC_ARG_WITH(plugindir, [AS_HELP_STRING([--with-plugindir], [set directory to loa
|
||||
no) AC_MSG_ERROR(["illegal argument: --without-plugindir."])
|
||||
;;
|
||||
*) ;;
|
||||
esac], [with_plugindir="$libexecdir"])
|
||||
esac], [with_plugindir="$libexecdir/sudo"])
|
||||
|
||||
AC_ARG_WITH(man, [AS_HELP_STRING([--with-man], [manual pages use man macros])],
|
||||
[case $with_man in
|
||||
@ -1477,11 +1489,11 @@ fi
|
||||
AC_MSG_CHECKING(path to sudo_noexec.so)
|
||||
AC_ARG_WITH(noexec, [AS_HELP_STRING([--with-noexec[=PATH]], [fully qualified pathname of sudo_noexec.so])],
|
||||
[case $with_noexec in
|
||||
yes) with_noexec="$libexecdir/sudo_noexec$_shrext"
|
||||
yes) with_noexec="$libexecdir/sudo/sudo_noexec$_shrext"
|
||||
;;
|
||||
no) ;;
|
||||
*) ;;
|
||||
esac], [with_noexec="$libexecdir/sudo_noexec$_shrext"])
|
||||
esac], [with_noexec="$libexecdir/sudo/sudo_noexec$_shrext"])
|
||||
AC_MSG_RESULT($with_noexec)
|
||||
NOEXECFILE="sudo_noexec$_shrext"
|
||||
NOEXECDIR="`echo $with_noexec|sed -e 's:^${\([[^}]]*\)}:$(\1):' -e 's:^\(.*\)/[[^/]]*:\1:'`"
|
||||
@ -3566,7 +3578,7 @@ if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no"; then
|
||||
SUDO_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so])
|
||||
fi
|
||||
if test X"$with_selinux" != X"no"; then
|
||||
sesh_file="$libexecdir/sesh"
|
||||
sesh_file="$libexecdir/sudo/sesh"
|
||||
_sesh_file=
|
||||
while test X"$sesh_file" != X"$_sesh_file"; do
|
||||
_sesh_file="$sesh_file"
|
||||
|
||||
@ -1,6 +1,13 @@
|
||||
Notes on upgrading from an older release
|
||||
========================================
|
||||
|
||||
o Upgrading from a version prior to 1.8.7:
|
||||
|
||||
Sudo now stores its libexec files in a "sudo" subdirectory
|
||||
instead of in libexec itself. For backwards compatibility, if
|
||||
the plugin is not found in the default plugin directory, sudo
|
||||
will check the parent directory default directory ends in "/sudo".
|
||||
|
||||
o Upgrading from a version prior to 1.8.2:
|
||||
|
||||
When matching Unix groups in the sudoers file, sudo will now
|
||||
|
||||
4
mkpkg
4
mkpkg
@ -147,7 +147,7 @@ case "$osversion" in
|
||||
# Note, must indent with tabs, not spaces due to IFS trickery
|
||||
# XXX - SuSE uses secure path but only for env_reset
|
||||
configure_opts="--prefix=/usr
|
||||
--libexecdir=/usr/$libexec/sudo
|
||||
--libexecdir=/usr/$libexec
|
||||
--with-logging=syslog
|
||||
--with-logfac=auth
|
||||
--with-all-insults
|
||||
@ -197,7 +197,7 @@ case "$osversion" in
|
||||
--disable-setresuid
|
||||
--with-sendmail=/usr/sbin/sendmail
|
||||
--mandir=/usr/share/man
|
||||
--libexecdir=/usr/lib/sudo
|
||||
--libexecdir=/usr/lib
|
||||
--with-secure-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin
|
||||
$configure_opts"
|
||||
;;
|
||||
|
||||
@ -122,13 +122,13 @@ install: install-binaries @INSTALL_NOEXEC@
|
||||
|
||||
install-dirs:
|
||||
$(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(bindir) \
|
||||
$(DESTDIR)$(noexecdir)
|
||||
$(DESTDIR)$(libexecdir)/sudo $(DESTDIR)$(noexecdir)
|
||||
|
||||
install-binaries: install-dirs $(PROGS)
|
||||
$(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -m 04755 sudo $(DESTDIR)$(bindir)/sudo
|
||||
rm -f $(DESTDIR)$(bindir)/sudoedit
|
||||
ln -s sudo $(DESTDIR)$(bindir)/sudoedit
|
||||
if [ -f sesh ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0755 sesh $(DESTDIR)$(libexecdir)/sesh; fi
|
||||
if [ -f sesh ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0755 sesh $(DESTDIR)$(libexecdir)/sudo/sesh; fi
|
||||
|
||||
install-doc:
|
||||
|
||||
@ -143,7 +143,7 @@ install-plugin:
|
||||
|
||||
uninstall:
|
||||
-rm -f $(DESTDIR)$(bindir)/sudo $(DESTDIR)$(bindir)/sudoedit \
|
||||
$(DESTDIR)$(libexecdir)/sesh \
|
||||
$(DESTDIR)$(libexecdir)/sudo/sesh \
|
||||
$(DESTDIR)$(noexecdir)/$(noexecfile)
|
||||
|
||||
check:
|
||||
|
||||
@ -66,6 +66,7 @@ sudo_load_plugin(struct plugin_container *policy_plugin,
|
||||
void *handle;
|
||||
char path[PATH_MAX];
|
||||
bool rval = false;
|
||||
int status;
|
||||
debug_decl(sudo_load_plugin, SUDO_DEBUG_PLUGIN)
|
||||
|
||||
if (info->path[0] == '/') {
|
||||
@ -75,6 +76,7 @@ sudo_load_plugin(struct plugin_container *policy_plugin,
|
||||
warningx(_("%s: %s"), info->path, strerror(ENAMETOOLONG));
|
||||
goto done;
|
||||
}
|
||||
status = stat(path, &sb);
|
||||
} else {
|
||||
if (snprintf(path, sizeof(path), "%s%s", _PATH_SUDO_PLUGIN_DIR,
|
||||
info->path) >= sizeof(path)) {
|
||||
@ -84,11 +86,22 @@ sudo_load_plugin(struct plugin_container *policy_plugin,
|
||||
strerror(ENAMETOOLONG));
|
||||
goto done;
|
||||
}
|
||||
/* Try parent dir for compatibility with old plugindir default. */
|
||||
if ((status = stat(path, &sb)) != 0) {
|
||||
char *cp = strrchr(path, '/');
|
||||
if (cp > path + 4 && cp[-5] == '/' && cp[-4] == 's' &&
|
||||
cp[-3] == 'u' && cp[-2] == 'd' && cp[-1] == 'o') {
|
||||
int serrno = errno;
|
||||
strlcpy(cp - 4, info->path, sizeof(path) - (cp - 4 - path));
|
||||
if ((status = stat(path, &sb)) != 0)
|
||||
errno = serrno;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (stat(path, &sb) != 0) {
|
||||
if (status != 0) {
|
||||
warningx(_("error in %s, line %d while loading plugin `%s'"),
|
||||
_PATH_SUDO_CONF, info->lineno, info->symbol_name);
|
||||
warning("%s", path);
|
||||
warning("%s%s", _PATH_SUDO_PLUGIN_DIR, info->path);
|
||||
goto done;
|
||||
}
|
||||
if (sb.st_uid != ROOT_UID) {
|
||||
|
||||
4
sudo.pp
4
sudo.pp
@ -262,7 +262,9 @@ still allow people to get their work done."
|
||||
$sbindir/visudo 0755
|
||||
$bindir/sudoreplay 0755
|
||||
$includedir/sudo_plugin.h 0644
|
||||
$libexecdir/* $shlib_mode optional
|
||||
$libexecdir/sudo/ 0755
|
||||
$libexecdir/sudo/sesh 0755 optional,ignore-others
|
||||
$libexecdir/sudo/* $shlib_mode optional
|
||||
$sudoersdir/sudoers.d/ 0750 $sudoers_uid:$sudoers_gid
|
||||
$timedir/ 0700 root:
|
||||
$docdir/ 0755
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user