diff --git a/NEWS b/NEWS index cf64ae3c2..de5598080 100644 --- a/NEWS +++ b/NEWS @@ -67,9 +67,10 @@ What's new in Sudo 1.9.3 * It is now possible to set the working directory or change the root directory on a per-command basis using the CWD and CHROOT - options. There are also new Defaults settings, runchroot and - runcwd, that can be used to set the working directory or root - directory on a more global basis. + options. CWD and CHROOT are now reserved words in sudoers--they + can no longer be used as alias names. There are also new Defaults + settings, runchroot and runcwd, that can be used to set the + working directory or root directory on a more global basis. * New -D (--chdir) and -R (--chroot) command line options can be used to set the working directory or root directory if the sudoers diff --git a/doc/UPGRADE b/doc/UPGRADE index 73c033abe..853b60d20 100644 --- a/doc/UPGRADE +++ b/doc/UPGRADE @@ -3,6 +3,12 @@ Notes on upgrading from an older release o Upgrading from a version prior to 1.9.3: + Due to the addition of the CHROOT and CWD options, it is no + longer possible to declare an alias with one of those names. + If a sudoers file has an alias with one of those names, sudo + and visudo will report a syntax error with a message like + "syntax error: unexpected CHROOT, expecting ALIAS". + Starting with version 1.9.3, sudoers rules must end in either a newline or the end-of-file. This makes it possible to provide better error messages. Previously, it was possible to include @@ -97,6 +103,13 @@ o Upgrading from a version prior to 1.8.23: o Upgrading from a version prior to 1.8.20: + Due to the addition of the TIMEOUT, NOTBEFORE and NOTAFTTER + options, it is no longer possible to declare an alias with one + of those names. If a sudoers file has an alias with one of + those names, sudo and visudo will report a syntax error with a + message like "syntax error: unexpected TIMEOUT, expecting ALIAS". + + Starting with version 1.9.3, sudoers rules must end in either Prior to version 1.8.20, when log_input, log_output or use_pty were enabled, if any of the standard input, output or error were not connected to a terminal, sudo would use a pipe. The diff --git a/doc/sudoers.man.in b/doc/sudoers.man.in index 77ea0d72d..f7dadbc8e 100644 --- a/doc/sudoers.man.in +++ b/doc/sudoers.man.in @@ -25,7 +25,7 @@ .nr BA @BAMAN@ .nr LC @LCMAN@ .nr PS @PSMAN@ -.TH "SUDOERS" "@mansectform@" "September 9, 2020" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.TH "SUDOERS" "@mansectform@" "September 25, 2020" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .nh .if n .ad l .SH "NAME" @@ -1380,6 +1380,10 @@ subsequent in the \fRCmnd_Spec_List\fR, inherit that option unless it is overridden by another option. +Note that the option names are reserved words in +\fIsudoers\fR. +This means that none of the valid option names (see below) can be used +when declaring an alias. .if \n(SL \{\ .SS "SELinux_Spec" On systems with SELinux support, @@ -2128,17 +2132,42 @@ It can be used wherever one might otherwise use a \fRRunas_Alias\fR, or \fRHost_Alias\fR. -You should not try to define your own +Attempting to define an \fIalias\fR -called +named \fBALL\fR -as the built-in alias will be used in preference to your own. +will result in a syntax error. Please note that using \fBALL\fR can be dangerous since in a command context, it allows the user to run \fIany\fR command on the system. .PP +The following option names permitted in an +\fROption_Spec\fR +are also considered reserved words: +\fRCHROOT\fR, +.if \n(PS \{\ +\fRPRIVS\fR, +.\} +.if \n(PS \{\ +\fRLIMITPRIVS\fR, +.\} +.if \n(SL \{\ +\fRROLE\fR, +.\} +.if \n(SL \{\ +\fRTYPE\fR, +.\} +\fRCMND_TIMEOUT\fR, +\fRCWD\fR, +\fRNOTBEFORE\fR +and +\fRNOTAFTER\fR. +Attempting to define an +\fIalias\fR +with the same name as one of the options will result in a syntax error. +.PP An exclamation point (\(oq\&!\(cq) can be used as a logical diff --git a/doc/sudoers.man.in.sed b/doc/sudoers.man.in.sed index 37df7afe4..32ee5600d 100644 --- a/doc/sudoers.man.in.sed +++ b/doc/sudoers.man.in.sed @@ -114,3 +114,29 @@ s/^\(.TH .*\)/.nr SL @SEMAN@\ } } } + +/^\\fRPRIVS\\fR,/ { + i\ +.if \\n(PS \\{\\ + a\ +.\\} +} +/^\\fRLIMITPRIVS\\fR,/ { + i\ +.if \\n(PS \\{\\ + a\ +.\\} +} + +/^\\fRROLE\\fR,/ { + i\ +.if \\n(SL \\{\\ + a\ +.\\} +} +/^\\fRTYPE\\fR,/ { + i\ +.if \\n(SL \\{\\ + a\ +.\\} +} diff --git a/doc/sudoers.mdoc.in b/doc/sudoers.mdoc.in index 7f9829a3b..1fd3b60a1 100644 --- a/doc/sudoers.mdoc.in +++ b/doc/sudoers.mdoc.in @@ -24,7 +24,7 @@ .nr BA @BAMAN@ .nr LC @LCMAN@ .nr PS @PSMAN@ -.Dd September 9, 2020 +.Dd September 25, 2020 .Dt SUDOERS @mansectform@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -1308,6 +1308,10 @@ subsequent in the .Li Cmnd_Spec_List , inherit that option unless it is overridden by another option. +Note that the option names are reserved words in +.Em sudoers . +This means that none of the valid option names (see below) can be used +when declaring an alias. .if \n(SL \{\ .Ss SELinux_Spec On systems with SELinux support, @@ -2004,17 +2008,38 @@ It can be used wherever one might otherwise use a .Li Runas_Alias , or .Li Host_Alias . -You should not try to define your own +Attempting to define an .Em alias -called +named .Sy ALL -as the built-in alias will be used in preference to your own. +will result in a syntax error. Please note that using .Sy ALL can be dangerous since in a command context, it allows the user to run .Em any command on the system. .Pp +The following option names permitted in an +.Li Option_Spec +are also considered reserved words: +.Li CHROOT , +.if \n(PS \{\ +.Li PRIVS , +.Li LIMITPRIVS , +.\} +.if \n(SL \{\ +.Li ROLE , +.Li TYPE , +.\} +.Li CMND_TIMEOUT , +.Li CWD , +.Li NOTBEFORE +and +.Li NOTAFTER . +Attempting to define an +.Em alias +with the same name as one of the options will result in a syntax error. +.Pp An exclamation point .Pq Ql \&! can be used as a logical