mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-22 09:57:41 +00:00
Code Issues Releases Wiki Activity

Add env_file Defaults option that is similar to /etc/environment on some

Browse Source 
systems.
This commit is contained in:
Todd C. Miller 2008-05-03 00:53:21 +00:00
parent c3470aa583
commit b85a28aba9
10 changed files with 157 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
WHATSNEW
View File

@ -59,6 +59,9 @@ What's new in Sudo 1.7.0?
"From:" field in the warning/error mail. If unspecified, the
login name of the invoking user is used.
* A new Defaults option, "env_file" that refers to a file containing
environment variables to be set in the command being run.
* A new flag, -n, may be used to indicate that sudo should not
prompt the user for a password and, instead, exit with an error
if authentication is required.

4
def_data.c
View File

@ -290,6 +290,10 @@ struct sudo_defs_types sudo_defs_table[] = {
"askpass", T_STR|T_PATH|T_BOOL,
"Path to the askpass helper program: %s",
NULL,
}, {
"env_file", T_STR|T_PATH|T_BOOL,
"Path to the sudo-specific environment file: %s",
NULL,
}, {
NULL, 0, NULL
}

2
def_data.h
View File

@ -132,6 +132,8 @@
#define I_TYPE 65
#define def_askpass (sudo_defs_table[66].sd_un.str)
#define I_ASKPASS 66
#define def_env_file (sudo_defs_table[67].sd_un.str)
#define I_ENV_FILE 67
enum def_tupple {
never,

3
def_data.in
View File

@ -214,3 +214,6 @@ type
askpass
T_STR|T_PATH|T_BOOL
"Path to the askpass helper program: %s"
env_file
T_STR|T_PATH|T_BOOL
"Path to the sudo-specific environment file: %s"

8
env.c
View File

@ -346,6 +346,7 @@ insert_env(str, dupcheck, dosync)
for (nep = env.envp; *nep; nep++) {
if (strncmp(str, *nep, varlen) == 0) {
if (dupcheck != -1)
*nep = str;
return;
}
@ -738,7 +739,6 @@ validate_env_vars(env_vars)
}
}
#if defined(__linux__) || defined(_AIX)
/*
* Read in /etc/environment ala AIX and Linux.
* Lines are in the form of NAME=VALUE
@ -746,8 +746,9 @@ validate_env_vars(env_vars)
* character are skipped.
*/
void
read_env_file(path)
read_env_file(path, replace)
const char *path;
int replace;
{
FILE *fp;
char *cp;
@ -768,11 +769,10 @@ read_env_file(path)
if (strchr(cp, '=') == NULL)
continue;
insert_env(estrdup(cp), TRUE, TRUE);
insert_env(estrdup(cp), replace ? TRUE : -1, TRUE);
}
fclose(fp);
}
#endif /* __linux__ || _AIX */
void
init_envtables()

6
sudo.c
View File

@ -474,13 +474,17 @@ main(argc, argv, envp)
#if defined(__linux__) || defined(_AIX)
/* Insert system-wide environment variables. */
read_env_file(_PATH_ENVIRONMENT);
read_env_file(_PATH_ENVIRONMENT, TRUE);
#endif
}
if (ISSET(sudo_mode, MODE_EDIT))
exit(sudo_edit(NewArgc, NewArgv, envp));
/* Insert system-wide environment variables. */
if (def_env_file)
read_env_file(def_env_file, FALSE);
/* Insert user-specified environment variables. */
insert_env_vars(sudo_user.env_vars);

2
sudo.h
View File

@ -284,7 +284,7 @@ void efree __P((void *));
void dump_defaults __P((void));
void dump_auth_methods __P((void));
void init_envtables __P((void));
void read_env_file __P((const char *));
void read_env_file __P((const char *, int));
int lock_file __P((int, int));
int touch __P((int, char *, struct timespec *));
int user_is_exempt __P((void));

172
sudoers.cat
View File

@ -915,7 +915,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
_a_s_k_p_a_s_s may be overridden by the SUDO_ASKPASS environment
variable.
env_file The _e_n_v___f_i_l_e options specifies the fully-qualilfy path to a
@ -928,6 +928,12 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
file containing variables to be set in the environment of
the program being run. Entries in this file should be of
the form VARIABLE=value. Variables in this file are sub-
ject to other ssuuddoo environment settings such as _e_n_v___k_e_e_p
and _e_n_v___c_h_e_c_k.
exempt_group
Users in this group are exempt from password and PATH
requirements. This is not set by default.
@ -977,12 +983,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
ting a path turns on logging to a file; negating this
option turns it off. By default, ssuuddoo logs via syslog.
mailerflags Flags to use when invoking mailer. Defaults to --tt.
mailerpath Path to mail program used to send warning mail. Defaults
to the path to sendmail found at configure time.
1.7.0 May 2, 2008 15
@ -994,6 +994,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
mailerflags Flags to use when invoking mailer. Defaults to --tt.
mailerpath Path to mail program used to send warning mail. Defaults
to the path to sendmail found at configure time.
mailfrom Address to use for the "from" address when sending warning
and error mail. The address should be enclosed in double
quotes (") to protect against ssuuddoo interpreting the @ sign.
@ -1042,12 +1047,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
environment if the variable's value contains % or /
characters. This can be used to guard against printf-
style format vulnerabilities in poorly-written pro-
grams. The argument may be a double-quoted, space-sep-
arated list or a single value without double-quotes.
The list can be replaced, added to, deleted from, or
disabled by using the =, +=, -=, and ! operators
respectively. Regardless of whether the env_reset
option is enabled or disabled, variables specified by
grams. The argument may be a double-quoted, space-
@ -1060,6 +1060,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
separated list or a single value without double-quotes.
The list can be replaced, added to, deleted from, or
disabled by using the =, +=, -=, and ! operators
respectively. Regardless of whether the env_reset
option is enabled or disabled, variables specified by
env_check will be preserved in the environment if they
pass the aforementioned check. The default list of
environment variables to check is displayed when ssuuddoo
@ -1106,14 +1111,9 @@ EEXXAAMMPPLLEESS
Below are example _s_u_d_o_e_r_s entries. Admittedly, some of these are a bit
contrived. First, we define our _a_l_i_a_s_e_s:
# User alias specification
User_Alias FULLTIMERS = millert, mikef, dowdy
User_Alias PARTTIMERS = bostley, jwfox, crawl
User_Alias WEBMASTERS = will, wendy, wim
# Runas alias specification
Runas_Alias OP = root, operator
Runas_Alias DB = oracle, sybase
@ -1126,6 +1126,15 @@ EEXXAAMMPPLLEESS
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
# User alias specification
User_Alias FULLTIMERS = millert, mikef, dowdy
User_Alias PARTTIMERS = bostley, jwfox, crawl
User_Alias WEBMASTERS = will, wendy, wim
# Runas alias specification
Runas_Alias OP = root, operator
Runas_Alias DB = oracle, sybase
# Host alias specification
Host_Alias SPARC = bigtime, eclipse, moet, anchor :\
SGI = grolsch, dandelion, black :\
@ -1172,15 +1181,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
The _U_s_e_r _s_p_e_c_i_f_i_c_a_t_i_o_n is the part that actually determines who may run
what.
root ALL = (ALL) ALL
%wheel ALL = (ALL) ALL
We let rroooott and any user in group wwhheeeell run any command on any host as
any user.
FULLTIMERS ALL = NOPASSWD: ALL
1.7.0 May 2, 2008 18
@ -1192,6 +1192,14 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
root ALL = (ALL) ALL
%wheel ALL = (ALL) ALL
We let rroooott and any user in group wwhheeeell run any command on any host as
any user.
FULLTIMERS ALL = NOPASSWD: ALL
Full time sysadmins (mmiilllleerrtt, mmiikkeeff, and ddoowwddyy) may run any command on
any host without authenticating themselves.
@ -1239,14 +1247,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
jim +biglab = ALL
The user jjiimm may run any command on machines in the _b_i_g_l_a_b netgroup.
ssuuddoo knows that "biglab" is a netgroup due to the '+' prefix.
+secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser
Users in the sseeccrreettaarriieess netgroup need to help manage the printers as
well as add and remove users, so they are allowed to run those commands
1.7.0 May 2, 2008 19
@ -1258,6 +1258,13 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
The user jjiimm may run any command on machines in the _b_i_g_l_a_b netgroup.
ssuuddoo knows that "biglab" is a netgroup due to the '+' prefix.
+secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser
Users in the sseeccrreettaarriieess netgroup need to help manage the printers as
well as add and remove users, so they are allowed to run those commands
on all machines.
fred ALL = (DB) NOPASSWD: ALL
@ -1305,13 +1312,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
This is a bit tedious for users to type, so it is a prime candidate for
encapsulating in a shell script.
SSEECCUURRIITTYY NNOOTTEESS
It is generally not effective to "subtract" commands from ALL using the
'!' operator. A user can trivially circumvent this by copying the
desired command to a different name and then executing that. For exam-
ple:
bill ALL = ALL, !SU, !SHELLS
@ -1324,6 +1324,14 @@ SSEECCUURRIITTYY NNOOTTEESS
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
SSEECCUURRIITTYY NNOOTTEESS
It is generally not effective to "subtract" commands from ALL using the
'!' operator. A user can trivially circumvent this by copying the
desired command to a different name and then executing that. For exam-
ple:
bill ALL = ALL, !SU, !SHELLS
Doesn't really prevent bbiillll from running the commands listed in _S_U or
_S_H_E_L_L_S since he can simply copy those commands to a different name, or
use a shell escape from an editor or other program. Therefore, these
@ -1370,14 +1378,6 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS
in the standard library with its own that simply return an
error. Unfortunately, there is no foolproof way to know
whether or not _n_o_e_x_e_c will work at compile-time. _n_o_e_x_e_c
should work on SunOS, Solaris, *BSD, Linux, IRIX, Tru64 UNIX,
MacOS X, and HP-UX 11.x. It is known nnoott to work on AIX and
UnixWare. _n_o_e_x_e_c is expected to work on most operating sys-
tems that support the LD_PRELOAD environment variable. Check
your operating system's manual pages for the dynamic linker
(usually ld.so, ld.so.1, dyld, dld.sl, rld, or loader) to see
if LD_PRELOAD is supported.
@ -1390,6 +1390,14 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
should work on SunOS, Solaris, *BSD, Linux, IRIX, Tru64 UNIX,
MacOS X, and HP-UX 11.x. It is known nnoott to work on AIX and
UnixWare. _n_o_e_x_e_c is expected to work on most operating sys-
tems that support the LD_PRELOAD environment variable. Check
your operating system's manual pages for the dynamic linker
(usually ld.so, ld.so.1, dyld, dld.sl, rld, or loader) to see
if LD_PRELOAD is supported.
To enable _n_o_e_x_e_c for a command, use the NOEXEC tag as docu-
mented in the User Specification section above. Here is that
example again:
@ -1436,6 +1444,18 @@ DDIISSCCLLAAIIMMEERR
including, but not limited to, the implied warranties of merchantabil-
ity and fitness for a particular purpose are disclaimed. See the
LICENSE file distributed with ssuuddoo or
1.7.0 May 2, 2008 22
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
http://www.sudo.ws/sudo/license.html for complete details.
@ -1447,6 +1467,52 @@ DDIISSCCLLAAIIMMEERR
1.7.0 May 2, 2008 22
1.7.0 May 2, 2008 23

7
sudoers.man.in
View File

@ -1036,6 +1036,13 @@ specified by \fIaskpass\fR should display the argument passed to it
as the prompt and write the user's password to the standard output.
The value of \fIaskpass\fR may be overridden by the \f(CW\*(C`SUDO_ASKPASS\*(C'\fR
environment variable.
.IP "env_file" 12
.IX Item "env_file"
The \fIenv_file\fR options specifies the fully-qualilfy path to a file
containing variables to be set in the environment of the program
being run. Entries in this file should be of the form \f(CW\*(C`VARIABLE=value\*(C'\fR.
Variables in this file are subject to other \fBsudo\fR environment
settings such as \fIenv_keep\fR and \fIenv_check\fR.
.IP "exempt_group" 12
.IX Item "exempt_group"
Users in this group are exempt from password and \s-1PATH\s0 requirements.

8
sudoers.pod
View File

@ -926,6 +926,14 @@ as the prompt and write the user's password to the standard output.
The value of I<askpass> may be overridden by the C<SUDO_ASKPASS>
environment variable.
=item env_file
The I<env_file> options specifies the fully-qualilfy path to a file
containing variables to be set in the environment of the program
being run. Entries in this file should be of the form C<VARIABLE=value>.
Variables in this file are subject to other B<sudo> environment
settings such as I<env_keep> and I<env_check>.
=item exempt_group
Users in this group are exempt from password and PATH requirements.