mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-09-01 23:05:17 +00:00
Code Issues Releases Wiki Activity

Add BUGS section

Browse Source
This commit is contained in:
Todd C. Miller
1999-08-17 15:20:48 +00:00
parent 3ad8fe164a
commit b7a10e7403
4 changed files with 67 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
sudo.cat
View File

@@ -61,7 +61,7 @@ OOOOPPPPTTTTIIIIOOOONNNNSSSS
1/Aug/1999 1.6 1 17/Aug/1999 1.6 1
@@ -127,7 +127,7 @@ RRRREEEETTTTUUUURRRRNNNN VVVVAAAALLLLUUUUEEEES
1/Aug/1999 1.6 2 17/Aug/1999 1.6 2
@@ -193,7 +193,7 @@ SSSSEEEECCCCUUUURRRRIIIITTTTYYYY NNNNOOOOTTTTE
1/Aug/1999 1.6 3 17/Aug/1999 1.6 3
@@ -234,6 +234,7 @@ AAAAUUUUTTTTHHHHOOOORRRRSSSS
See the HISTORY file in the ssssuuuuddddoooo distribution for a short See the HISTORY file in the ssssuuuuddddoooo distribution for a short
history of ssssuuuuddddoooo. history of ssssuuuuddddoooo.
BBBBUUUUGGGGSSSS
Please send all bugs, comments, and changes to sudo- Please send all bugs, comments, and changes to sudo-
bugs@courtesan.com. Be sure to include the version of bugs@courtesan.com. Be sure to include the version of
ssssuuuuddddoooo you are using and the platform you are running it on. ssssuuuuddddoooo you are using and the platform you are running it on.
@@ -255,11 +256,10 @@ CCCCAAAAVVVVEEEEAAAATTTTSSSS
shell regardless of any '!' elements in the user shell regardless of any '!' elements in the user
specification. specification.
Running shell scripts via ssssuuuuddddoooo can expose the same kernel
1/Aug/1999 1.6 4 17/Aug/1999 1.6 4
@@ -268,6 +268,7 @@ CCCCAAAAVVVVEEEEAAAATTTTSSSS
SUDO(8) MAINTENANCE COMMANDS SUDO(8) SUDO(8) MAINTENANCE COMMANDS SUDO(8)
Running shell scripts via ssssuuuuddddoooo can expose the same kernel
bugs that make setuid shell scripts unsafe on some bugs that make setuid shell scripts unsafe on some
operating systems. operating systems.
@@ -324,7 +325,6 @@ SSSSEEEEEEEE AAAALLLLSSSSOOOO
17/Aug/1999 1.6 5
1/Aug/1999 1.6 5

93
sudo.html
View File

@@ -19,6 +19,7 @@
<LI><A HREF="#FILES">FILES</A> <LI><A HREF="#FILES">FILES</A>
<LI><A HREF="#ENVIRONMENT_VARIABLES">ENVIRONMENT VARIABLES</A> <LI><A HREF="#ENVIRONMENT_VARIABLES">ENVIRONMENT VARIABLES</A>
<LI><A HREF="#AUTHORS">AUTHORS</A> <LI><A HREF="#AUTHORS">AUTHORS</A>
<LI><A HREF="#BUGS">BUGS</A>
<LI><A HREF="#DISCLAIMER">DISCLAIMER</A> <LI><A HREF="#DISCLAIMER">DISCLAIMER</A>
<LI><A HREF="#CAVEATS">CAVEATS</A> <LI><A HREF="#CAVEATS">CAVEATS</A>
<LI><A HREF="#SEE_ALSO">SEE ALSO</A> <LI><A HREF="#SEE_ALSO">SEE ALSO</A>
@@ -30,7 +31,7 @@
<HR> <HR>
<H1><A NAME="NAME">NAME</A></H1> <H1><A NAME="NAME">NAME</A></H1>
<P> <P>
sudo - execute a command as the superuser sudo - execute a command as another user
<P> <P>
<HR> <HR>
@@ -44,22 +45,28 @@ sudo - execute a command as the superuser
<HR> <HR>
<H1><A NAME="DESCRIPTION">DESCRIPTION</A></H1> <H1><A NAME="DESCRIPTION">DESCRIPTION</A></H1>
<P> <P>
<STRONG>sudo</STRONG> allows a permitted user to execute a <EM>command</EM> <STRONG>sudo</STRONG> allows a permitted user to execute a <EM>command</EM> as the superuser or another user, as specified in the sudoers file. The
as the superuser (real and effective uid and gid are set to <CODE>0</CODE> and root's group as set in the passwd file respectively). real and effective uid and gid are set to match those of the target user as
specified in the passwd file (the group vector is also initialized when the
target user is not root).
<P> <P>
<STRONG>sudo</STRONG> determines who is an authorized user by consulting the file <EM>/etc/sudoers</EM>. By giving <STRONG>sudo</STRONG> the <CODE>-v</CODE> flag a user can update the time stamp without running a <EM>command.</EM> <STRONG>sudo</STRONG> determines who is an authorized user by consulting the file <EM>/etc/sudoers</EM>. By giving <STRONG>sudo</STRONG> the <CODE>-v</CODE> flag a user can update the time stamp without running a <EM>command.</EM>
The password prompt itself will also time out if the user's password is not The password prompt itself will also time out if the user's password is not
entered with N minutes (again, this is defined at installation time and entered with N minutes (again, this is defined at configure time and
defaults to 5 minutes). defaults to 5 minutes).
<P> <P>
If an unauthorized user executes <STRONG>sudo</STRONG>, mail will be sent from the user to the local authorities (defined at If a user that is not listed in the <EM>sudoers</EM> file tries to run a command via <STRONG>sudo</STRONG>, mail is sent to the proper authorities, as defined at configure time
installation time). (defaults to root). Note that the mail will not be sent if an unauthorized
user tries to run sudo with the <CODE>-l</CODE> or <CODE>-v</CODE> flags. This allows users to determine for themselves whether or not they
are allowed to use <STRONG>sudo</STRONG>.
<P> <P>
<STRONG>sudo</STRONG> was designed to log via the 4.3 BSD <CODE>syslog(3)</CODE> facility but can <STRONG>sudo</STRONG> can log both successful an unsuccessful attempts (as well as errors) to
log to a file instead if so desired (or to both syslog and a file). <CODE>syslog(3),</CODE> a log file, or both. By default <STRONG>sudo</STRONG>
will log via <CODE>syslog(3)</CODE> but this is changeable at configure
time.
<P> <P>
<HR> <HR>
@@ -83,7 +90,7 @@ The <CODE>-h</CODE> (<EM>help</EM>) option causes <STRONG>sudo</STRONG> to print
<DT><STRONG><A NAME="item__v">-v</A></STRONG><DD> <DT><STRONG><A NAME="item__v">-v</A></STRONG><DD>
<P> <P>
If given the <CODE>-v</CODE> (<EM>validate</EM>) option, <STRONG>sudo</STRONG> will update the user's timestamp file, prompting for the user's password if If given the <CODE>-v</CODE> (<EM>validate</EM>) option, <STRONG>sudo</STRONG> will update the user's timestamp, prompting for the user's password if
necessary. This extends the <STRONG>sudo</STRONG> timeout to for another N minutes (where N is defined at installation time necessary. This extends the <STRONG>sudo</STRONG> timeout to for another N minutes (where N is defined at installation time
and defaults to 5 minutes) but does not run a command. and defaults to 5 minutes) but does not run a command.
@@ -111,7 +118,7 @@ The <CODE>-r</CODE> (<EM>realm</EM>) option is only available if <STRONG>sudo</S
<DT><STRONG><A NAME="item__p">-p</A></STRONG><DD> <DT><STRONG><A NAME="item__p">-p</A></STRONG><DD>
<P> <P>
The <CODE>-p</CODE> (<EM>prompt</EM>) option allows you to override the default password prompt and use a The <CODE>-p</CODE> (<EM>prompt</EM>) option allows you to override the default password prompt and use a
custom one. If the password prompt contains the <CODE>%u</CODE> escape, <CODE>%u</CODE> will be replaced by the user's login name. Similarly, <CODE>%h</CODE> will be replaced by the local hostname. custom one. If the password prompt contains the <CODE>%u</CODE> escape, <CODE>%u</CODE> will be replaced with the user's login name. Similarly, <CODE>%h</CODE> will be replaced with the local hostname.
<DT><STRONG><A NAME="item__u">-u</A></STRONG><DD> <DT><STRONG><A NAME="item__u">-u</A></STRONG><DD>
<P> <P>
@@ -127,7 +134,7 @@ environment variable if it is set or the shell as specified in
<DT><STRONG><A NAME="item__H">-H</A></STRONG><DD> <DT><STRONG><A NAME="item__H">-H</A></STRONG><DD>
<P> <P>
The <CODE>-H</CODE> (<EM>HOME</EM>) option sets the <EM>HOME</EM> environment variable to the homedir of the target user (root by default) as The <CODE>-H</CODE> (<EM>HOME</EM>) option sets the <EM>HOME</EM> environment variable to the homedir of the target user (root by default) as
specified in <CODE>passwd(5).</CODE> specified in <CODE>passwd(5).</CODE> By default, <STRONG>sudo</STRONG> does not modify <EM>HOME</EM>.
<DT><STRONG><A NAME="item__">--</A></STRONG><DD> <DT><STRONG><A NAME="item__">--</A></STRONG><DD>
<P> <P>
@@ -141,13 +148,12 @@ conjunction with the <CODE>-s</CODE> flag.
<P> <P>
<STRONG>sudo</STRONG> quits with an exit value of 1 if there is a configuration/permission <STRONG>sudo</STRONG> quits with an exit value of 1 if there is a configuration/permission
problem or if <STRONG>sudo</STRONG> cannot execute the given command. In the latter case the error string is problem or if <STRONG>sudo</STRONG> cannot execute the given command. In the latter case the error string is
printed to stderr via <CODE>perror(3).</CODE> If <STRONG>sudo</STRONG> cannot <CODE>stat(2)</CODE> one or more entries in the user's PATH the printed to stderr. If <STRONG>sudo</STRONG> cannot <CODE>stat(2)</CODE> one or more entries in the user's
error is printed on stderr via <CODE>perror(3).</CODE> (If the directory <CODE>PATH</CODE> an error is printed on stderr. (If the directory does not exist or if it is
does not exist or if it is not really a directory, the entry is ignored and not really a directory, the entry is ignored and no error is printed.) This
no error is printed.) This should not happen under normal circumstances. should not happen under normal circumstances. The most common reason for
The most common reason for <CODE>stat(3)</CODE> to return ``permission <CODE>stat(2)</CODE> to return ``permission denied'' is if you are running
denied'' is if you are running an automounter and one of the directories in an automounter and one of the directories in your <CODE>PATH</CODE> is on a machine that is currently unreachable.
your PATH is on a machine that is currently unreachable.
<P> <P>
<HR> <HR>
@@ -164,7 +170,7 @@ to all commands executed. <STRONG>sudo</STRONG> will also remove the <CODE>IFS<
<P> <P>
To prevent command spoofing, <STRONG>sudo</STRONG> checks ``.'' and ``'' (both denoting current directory) last when searching To prevent command spoofing, <STRONG>sudo</STRONG> checks ``.'' and ``'' (both denoting current directory) last when searching
for a command in the user's PATH (if one or both are in the PATH). Note, for a command in the user's PATH (if one or both are in the PATH). Note,
however, that the actual PATH environment variable is <EM>not</EM> modified and is passed unchanged to the program that <STRONG>sudo</STRONG> executes. however, that the actual <CODE>PATH</CODE> environment variable is <EM>not</EM> modified and is passed unchanged to the program that <STRONG>sudo</STRONG> executes.
<P> <P>
For security reasons, if your OS supports shared libraries and does not For security reasons, if your OS supports shared libraries and does not
@@ -173,29 +179,30 @@ you should either use a linker option that disables this behavior or link <STRON
<P> <P>
<STRONG>sudo</STRONG> will check the ownership of its timestamp directory (<EM>/var/run/sudo</EM> or <EM>/tmp/.odus</EM> by default) and ignore the directory's contents if it is not owned by root <STRONG>sudo</STRONG> will check the ownership of its timestamp directory (<EM>/var/run/sudo</EM> or <EM>/tmp/.odus</EM> by default) and ignore the directory's contents if it is not owned by root
and only read, writable, and executable by root. On systems that allow and only writable by root. On systems that allow non-root users to give
users to give files away to root (via chown), if the timestamp directory is away files via <CODE>chown(2),</CODE> if the timestamp directory is located
located in a directory writable by anyone (ie: <EM>/tmp</EM>), it is possible for a user to create the timestamp directory before <STRONG>sudo</STRONG> in a directory writable by anyone (ie: <EM>/tmp</EM>), it is possible for a user to create the timestamp directory before <STRONG>sudo</STRONG> is run. However, because <STRONG>sudo</STRONG> checks the ownership and mode of the directory and its contents, the only
is run. However, because <STRONG>sudo</STRONG> checks the ownership and mode of the directory, the only damage that can be damage that can be done is to ``hide'' files by putting them in the
done is to ``hide'' files by putting them in the timestamp dir. This is timestamp dir. This is unlikely to happen since once the timestamp dir is
unlikely to happen since once the timestamp dir is owned by root and owned by root and inaccessible by any other user the user placing files
inaccessible by any other user the user placing files there would be unable there would be unable to get them back out. To get around this issue you
to get them back out. To get around this issue you can use a directory that can use a directory that is not world-writable for the timestamps (<EM>/var/adm/sudo</EM> for instance) or create /tmp/.odus with the appropriate owner (root) and
is not world-writable for the timestamps (<EM>/var/adm/sudo</EM> for instance) or create /tmp/.odus with the appropriate owner (root) and
permissions (0700) in the system startup files. permissions (0700) in the system startup files.
<P> <P>
<CODE>sudo</CODE> will not honor timestamp files set far in the future. Timestamp files with <CODE>sudo</CODE> will not honor timestamps set far in the future. Timestamps with a date
a date greater than current_time + 2 * <CODE>TIMEOUT</CODE> greater than current_time + 2 * <CODE>TIMEOUT</CODE>
will be ignored and sudo will log and complain. This is done to keep a user will be ignored and sudo will log and complain. This is done to keep a user
from creating his/her own timestamp file with a bogus date on system that from creating his/her own timestamp with a bogus date on system that allow
allow users to give away files. users to give away files.
<P> <P>
<HR> <HR>
<H1><A NAME="FILES">FILES</A></H1> <H1><A NAME="FILES">FILES</A></H1>
<P> <P>
<PRE> /etc/sudoers file of authorized users. <PRE> /etc/sudoers List of who can run what
/var/run/sudo Directory containing timestamps
/tmp/.odus Same as above if no /var/run exists
</PRE> </PRE>
<P> <P>
<HR> <HR>
@@ -205,9 +212,10 @@ allow users to give away files.
SHELL Used to determine shell to run with -s option SHELL Used to determine shell to run with -s option
USER Set to the target user (root unless the -u option USER Set to the target user (root unless the -u option
is specified) is specified)
HOME In -s mode, set to homedir of root (or runas user) HOME In -s or -H mode (or if sudo was configured with
if built with the SHELL_SETS_HOME option the --enable-shell-sets-home option), set to
SUDO_PROMPT Replaces the default password prompt homedir of the target user.
SUDO_PROMPT Used as the default password prompt
SUDO_COMMAND Set to the command run by sudo SUDO_COMMAND Set to the command run by sudo
SUDO_USER Set to the login of the user who invoked sudo SUDO_USER Set to the login of the user who invoked sudo
SUDO_UID Set to the uid of the user who invoked sudo SUDO_UID Set to the uid of the user who invoked sudo
@@ -227,18 +235,21 @@ Many people have worked on <STRONG>sudo</STRONG> over the years, this version co
<P> <P>
See the HISTORY file in the <STRONG>sudo</STRONG> distribution for a short history of <STRONG>sudo</STRONG>. See the HISTORY file in the <STRONG>sudo</STRONG> distribution for a short history of <STRONG>sudo</STRONG>.
<P>
<HR>
<H1><A NAME="BUGS">BUGS</A></H1>
<P> <P>
Please send all bugs, comments, and changes to <A Please send all bugs, comments, and changes to <A
HREF="mailto:sudo-bugs@courtesan.com.">sudo-bugs@courtesan.com.</A> HREF="mailto:sudo-bugs@courtesan.com.">sudo-bugs@courtesan.com.</A> Be sure
to include the version of <STRONG>sudo</STRONG> you are using and the platform you are running it on.
<P> <P>
<HR> <HR>
<H1><A NAME="DISCLAIMER">DISCLAIMER</A></H1> <H1><A NAME="DISCLAIMER">DISCLAIMER</A></H1>
<P> <P>
This program is distributed in the hope that it will be useful, but WITHOUT <STRONG>Sudo</STRONG> is provided ``AS IS'' and any express or implied warranties, including, but
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or not limited to, the implied warranties of merchantability and fitness for a
FITNESS FOR A PARTICULAR PURPOSE. See the LICENSE file distributed with particular purpose are disclaimed. See the LICENSE file distributed with <STRONG>sudo</STRONG> for complete details.
sudo for more details.
<P> <P>
<HR> <HR>

10
sudo.man
View File

@@ -2,8 +2,8 @@
''' $RCSfile$$Revision$$Date$ ''' $RCSfile$$Revision$$Date$
''' '''
''' $Log$ ''' $Log$
''' Revision 1.34 1999/08/01 16:26:16 millert ''' Revision 1.35 1999/08/17 15:20:48 millert
''' regen ''' Add BUGS section
''' '''
''' '''
.de Sh .de Sh
@@ -96,7 +96,7 @@
.nr % 0 .nr % 0
.rr F .rr F
.\} .\}
.TH SUDO 8 "1.6" "1/Aug/1999" "MAINTENANCE COMMANDS" .TH SUDO 8 "1.6" "17/Aug/1999" "MAINTENANCE COMMANDS"
.UC .UC
.if n .hy 0 .if n .hy 0
.if n .na .if n .na
@@ -365,7 +365,7 @@ version consists of code written primarily by:
.Ve .Ve
See the HISTORY file in the \fBsudo\fR distribution for a short history See the HISTORY file in the \fBsudo\fR distribution for a short history
of \fBsudo\fR. of \fBsudo\fR.
.PP .SH "BUGS"
Please send all bugs, comments, and changes to sudo-bugs@courtesan.com. Please send all bugs, comments, and changes to sudo-bugs@courtesan.com.
Be sure to include the version of \fBsudo\fR you are using and the platform Be sure to include the version of \fBsudo\fR you are using and the platform
you are running it on. you are running it on.
@@ -435,6 +435,8 @@ that make setuid shell scripts unsafe on some operating systems.
.IX Header "AUTHORS" .IX Header "AUTHORS"
.IX Header "BUGS"
.IX Header "DISCLAIMER" .IX Header "DISCLAIMER"
.IX Header "CAVEATS" .IX Header "CAVEATS"

2
sudo.pod
View File

@@ -251,6 +251,8 @@ version consists of code written primarily by:
See the HISTORY file in the B<sudo> distribution for a short history See the HISTORY file in the B<sudo> distribution for a short history
of B<sudo>. of B<sudo>.
=head1 BUGS
Please send all bugs, comments, and changes to sudo-bugs@courtesan.com. Please send all bugs, comments, and changes to sudo-bugs@courtesan.com.
Be sure to include the version of B<sudo> you are using and the platform Be sure to include the version of B<sudo> you are using and the platform
you are running it on. you are running it on.