sudo 1.5.3.

2025-08-30 05:48:18 +00:00 · 1996-11-16 19:42:46 +00:00 · 1996-11-16 19:42:46 +00:00 · a36ba7b5cc
commit a36ba7b5cc
parent 23b2719a37
3 changed files with 66 additions and 43 deletions
--- a/20
+++ b/20
@ -826,3 +826,23 @@ Sudo 1.5.1 released.
 255) Attempt at sequent support.

 Sudo 1.5.2 released.
+
+256) visudo acts sanely when there is no sudoers file.
+
+257) Added Runas_Alias support.
+
+258) Sudo will now work with SUDOERS_MODE == 400 and SUDO_UID = 0.
+
+259) Alias's in a runas list are now expanded.
+
+260) Fixed bug with > 32 saved aliases.  Reported by BHH@capgroup.com.
+
+261) Code that uses sprintf() is now more paraniod about buffer
+     overflows.
+
+262) Whitespace is now allowed after a line continuation character before
+     a newline in sudoers.
+
+263) %h in MAILSUBJECT expands to local hostname.
+
+Sudo 1.5.3 released.
--- a/48
+++ b/48
@ -5,43 +5,43 @@ Name	Rev	Arch	Used		Version	By		 Options
 =======	=======	=======	===============	======= ===============  ===============
 Auspex	1.6.1	sun4	bundled cc	1.3.4	Alek Komarnitsky none
 SunOS	4.1.3	sun4	bundled cc	1.4	Todd Miller	 none
-SunOS	4.1.3	sun4	gcc2.7.2.1	1.5.2	Todd Miller	 none
-SunOS	4.1.3	sun4	gcc2.7.2.1	1.5.2	Todd Miller	 --with-kerb4
-SunOS	4.1.3	sun4	gcc2.7.2.1	1.5.2	Todd Miller	 --with-skey
+SunOS	4.1.3	sun4	gcc2.7.2.1	1.5.3	Todd Miller	 none
+SunOS	4.1.3	sun4	gcc2.7.2.1	1.5.3	Todd Miller	 --with-kerb4
+SunOS	4.1.3	sun4	gcc2.7.2.1	1.5.3	Todd Miller	 --with-skey
 SunOS	4.1.3	sun4	bundled cc	1.5	Alek Komarnitsky --with-C2
-Solaris	2.5	sun4	gcc2.7.2.1	1.5.2	Todd Miller	 none
+Solaris	2.5	sun4	gcc2.7.2.1	1.5.3	Todd Miller	 none
 Solaris	2.[45]	sun4	SC4.0		1.5	Alek Komarnitsky none
-Solaris	2.5	x86	gcc2.7.2.1	1.5.2	Todd Miller	 none
+Solaris	2.5	x86	gcc2.7.2.1	1.5.3	Todd Miller	 none
 ISC	4.0	i386	bundled cc	1.4	Andy Smith	 none
 ISC	4.0	i386	gcc2.7.0	1.4	Andy Smith	 none
 ISC	4.1	i386	bundled cc	1.4	Andy Smith	 none
 ISC	4.1	i386	gcc2.7.0	1.4	Andy Smith	 none
 RISCos	4_52	mips	bundled cc	1.3.7	Andy Smith	 --with-getpass
 SCO	3.2.2	i386	bundled cc	1.3.4	David Meleedy	 --with-getpass
-HP-UX	9.05	hp700	gcc2.7.2.1	1.5.2	Todd Miller	 none
-HP-UX	9.05	hp700	gcc2.7.2.1	1.5.2	Todd Miller	 --with-kerb4
+HP-UX	9.05	hp700	gcc2.7.2.1	1.5.3	Todd Miller	 none
+HP-UX	9.05	hp700	gcc2.7.2.1	1.5.3	Todd Miller	 --with-kerb4
 HP-UX	9.07	hp700	unbundled cc	1.5	Alek Komarnitsky --with-C2
 HP-UX	9.05	hp700	unbundled cc	1.4	Todd Miller	 none
-HP-UX	10.10	hp700	gcc2.7.2.1	1.5.2	Todd Miller	 --with-skey
+HP-UX	10.10	hp700	gcc2.7.2.1	1.5.3	Todd Miller	 --with-skey
 HP-UX	10.01	hp700	gcc		1.3.7	Jeff Earickson	 --with-DCE
 HP-UX	10.01	hp700	cc		1.4.4	David Dill	 --with-C2
 Ultrix	4.3	mips	bundled cc	1.5	Maria Magnusson	 none
-Ultrix	4.3	mips	gcc2.7.2.1	1.5.2	Todd Miller	 none
-Ultrix	4.3	mips	gcc2.7.2.1	1.5.2	Todd Miller	 --with-kerb4
-IRIX	4.05H	mips	gcc2.6.3	1.5.2	Todd Miller	 none
+Ultrix	4.3	mips	gcc2.7.2.1	1.5.3	Todd Miller	 none
+Ultrix	4.3	mips	gcc2.7.2.1	1.5.3	Todd Miller	 --with-kerb4
+IRIX	4.05H	mips	gcc2.6.3	1.5.3	Todd Miller	 none
 IRIX	4.05H	mips	unbundled cc	1.4	Todd Miller	 none
 IRIX	5.3	mips	unbundled cc	1.4	Todd Miller	 none
-IRIX	5.3	mips	gcc2.7.2.1	1.5.2	Todd Miller	 none
-IRIX	5.3	mips	gcc2.7.2.1	1.5.2	Todd Miller	 --with-kerb4
+IRIX	5.3	mips	gcc2.7.2.1	1.5.3	Todd Miller	 none
+IRIX	5.3	mips	gcc2.7.2.1	1.5.3	Todd Miller	 --with-kerb4
 IRIX	5.3	mips	unbundled cc	1.4	Wallace Winfrey	 --with-C2
 IRIX	6.2	mips	unbundled cc	1.5	Alek Komarnitsky --with-C2
 NEXTSTEP 2.1	m68k	bundled cc	1.3.7	Todd Miller	 none
-NEXTSTEP 3.2	m68k	bundled cc	1.5.2	Todd Miller	 none
+NEXTSTEP 3.2	m68k	bundled cc	1.5.3	Todd Miller	 none
 NEXTSTEP 3.2	i386	bundled cc	1.3.2	Jonathan Adams	 none
 NEXTSTEP 3.3	i386	bundled cc	1.4	Jonathan Adams	 none
-DEC UNIX 3.2c	alpha	bundled cc	1.5.2	Todd Miller	 none
-DEC UNIX 4.0	alpha	gcc2.7.2.1	1.5.2	Todd Miller	 none
-DEC UNIX 4.0	alpha	gcc2.7.2.1	1.5.2	Todd Miller	 --with-kerb4
+DEC UNIX 3.2c	alpha	bundled cc	1.5.3	Todd Miller	 none
+DEC UNIX 4.0	alpha	gcc2.7.2.1	1.5.3	Todd Miller	 none
+DEC UNIX 4.0	alpha	gcc2.7.2.1	1.5.3	Todd Miller	 --with-kerb4
 DEC UNIX 3.x	alpha	bundled cc	1.3.4	Tina Yang	 --with-C2
 AIX	3.2.X	rs6000	bundled cc	1.4	Todd Miller	 none
 AIX	4.1.X	rs6000	bundled cc	1.4	Todd Miller	 none
@ -49,8 +49,8 @@ AIX	4.1.3	PowerPC	gcc-2.7.0	1.4	Bob Shair	 none
 BSD	4.3	hp300	gcc2.5.6	1.4	Todd Miller	 none
 ConvexOS 9.1	convex	bundled cc	1.3.6	Todd Miller	 none
 ConvexOS 9.1	convex	gcc2.4.5	1.3.6	Todd Miller	 none
-BSD/OS	2.1	i386	shlicc		1.5.2	Todd Miller	 none
-OpenBSD	2.0	i586	gcc-2.7.2.1	1.5.2	Todd Miller	 none
+BSD/OS	2.1	i386	shlicc		1.5.3	Todd Miller	 none
+OpenBSD	2.0	i586	gcc-2.7.2.1	1.5.3	Todd Miller	 none
 FreeBSD	1.1	i386	gcc		1.3.2	Dieter Muller	 none
 FreeBSD	2.0.5	i386	gcc		1.3.4	Dieter Muller	 none
 Linux	1.2.13	i486	gcc-2.7.0	1.4	Michael Forman	 none
@ -70,8 +70,8 @@ If you can verify any of these, please send mail to sudo-bugs@courtesan.com
 Op. System	CPU	Compilers	Sudo	Reported	 Special
 Name	Rev	Arch	Used		Version	By		 Options
 =======	=======	=======	===============	======= ===============  ===============
-AIX	3.2.X	rs6000	bundled cc	1.5.2	YOUR NAME HERE	 --with-AFS
-ConvexOS 9.1	convex	cc or gcc	1.5.2	YOUR NAME HERE	 --with-C2
-Ultrix	4.x	mips	cc or gcc	1.5.2	YOUR NAME HERE	 --with-C2
-IRIX	6.x	mips	cc or gcc	1.5.2	YOUR NAME HERE	 --with-C2
-DYNIX	4.1.3	Sequent	bundled cc	1.5.2	YOUR NAME HERE
+AIX	3.2.X	rs6000	bundled cc	1.5.3	YOUR NAME HERE	 --with-AFS
+ConvexOS 9.1	convex	cc or gcc	1.5.3	YOUR NAME HERE	 --with-C2
+Ultrix	4.x	mips	cc or gcc	1.5.3	YOUR NAME HERE	 --with-C2
+IRIX	6.x	mips	cc or gcc	1.5.3	YOUR NAME HERE	 --with-C2
+DYNIX	4.1.3	Sequent	bundled cc	1.5.3	YOUR NAME HERE
--- a/41
+++ b/41
@ -9,43 +9,46 @@ TODO list (most will be addressed in the next rewrite)

 04) Make the sudoers file accessible via NIS, Hesiod, and maybe NetInfo.

-05) Add a %h field to MAILSUBJECT for the hostname.
+05) Add a -h (?) flag to sudo for a history mechanism.

-06) Add a -h (?) flag to sudo for a history mechanism.
+06) Make parse.lex in the same coding style as everything else...

-07) Make parse.lex in the same coding style as everything else...
+07) Add an option to hard-code LD_LIBRARY_PATH?

-08) Add an option to hard-code LD_LIBRARY_PATH?
+08) Add Prog_Alias facility (Prog_Alias VI = /usr/secure/bin/vi +args).

-09) Add Prog_Alias facility (Prog_Alias VI = /usr/secure/bin/vi +args).
+09) Make '!' work in Cmnd_Alias, Host_Alias, User_Alias and runas list.

-10) Make '!' work in Cmnd_Alias, Host_Alias, User_Alias and runas list.
+10) check for <net/errno.h> in configure and include it in sudo.c if it exists.

-11) check for <net/errno.h> in configure and include it in sudo.c if it exists.
+11) Add generic STREAMS support for getting interfaces and netmasks.

-12) Add generic STREAMS support for getting interfaces and netmasks.
-
-13) Do shadow password detection at runtime like sunos' issecure(3)???
+12) Do shadow password detection at runtime like sunos' issecure(3)???
    If so then start using GLOBAL_NO_SPW_ENT again (but rename it).

-14) Do all the envariable additions in one fell swoop for efficiency and speed.
+13) Do all the envariable additions in one fell swoop for efficiency and speed.

-15) Catch/ignore signals in sudo?
+14) Catch/ignore signals in sudo?

-16) Make -p work with -v and -l in any order.
+15) Make -p work with -v and -l in any order.

-17) Add support for "safe scripts" by checking for shell script
+16) Add support for "safe scripts" by checking for shell script
    cookie (first two bytes are "#!") and execing the shell outselves
    after doing the stat to guard against spoofing.  This should avoid
    the race condition caused by going through namei() twice...

-18) Sudo should not allow someone with a nil password to run commands.
+17) Sudo should not allow someone with a nil password to run commands.

-19) Overhaul testsudoers to use parse.o so we don't reimplement things.
+18) Overhaul testsudoers to use parse.o so we don't reimplement things.

-20) Make runas_user a struct "runas" with user and group components.
+19) Make runas_user a struct "runas" with user and group components.
    (make uid and gid too???)

-21) Add -g group/gid option.
+20) Add -g group/gid option.

-22) Make `sudo -l' output prettier.
+21) Make `sudo -l' output prettier.
+
+22) Should be able to mix Cmnd_Alias's and command args.  Ie:
+	pete   ALL=PASSWD [A-z]*,!PASSWD root
+    where PASSWD was defined to be /usr/bin/passwd.
+    This requires the arg parsing to happen in the yacc grammer.