mirror of
https://github.com/sudo-project/sudo.git
synced 2025-08-21 17:37:16 +00:00
Make ignore_dot the default
Add --disable-ignore-dot to disable it and deprecate --with-ignore-dot.
This commit is contained in:
Todd C. Miller
parent
ff3c2185f1
commit
fce45b2767
13
INSTALL.md
13
INSTALL.md
@ -736,6 +736,14 @@ Defaults are listed in brackets after the description.
|
||||
of the "env_reset" Defaults option in sudoers to false.
|
||||
Sudoers option: !env_reset
|
||||
|
||||
--disable-ignore-dot
|
||||
By default, sudo will not search for a command in the current
|
||||
working directory, even if "." or "" in present in the PATH
|
||||
environment variable. If this option is disabled, sudo
|
||||
will check the current directory last if it appears anywhere
|
||||
in PATH. The PATH variable itself is not modified.
|
||||
Sudoers option: ignore_dot
|
||||
|
||||
--disable-path-info
|
||||
Normally, sudo will tell the user when a command could not be found
|
||||
in their $PATH. Some sites may wish to disable this as it could
|
||||
@ -876,11 +884,6 @@ Defaults are listed in brackets after the description.
|
||||
You must either specify --with-insults or enable insults in the
|
||||
sudoers file for this to have any effect.
|
||||
|
||||
--with-ignore-dot
|
||||
If set, sudo will ignore "." or "" (current dir) in $PATH.
|
||||
The $PATH itself is not modified.
|
||||
Sudoers option: ignore_dot
|
||||
|
||||
--with-insults
|
||||
Define this if you want to be insulted by default for typing
|
||||
an incorrect password just like the original sudo(8).
|
||||
|
||||
@ -6,6 +6,9 @@
|
||||
/* Configure script arguments used to build sudo. */
|
||||
#undef CONFIGURE_ARGS
|
||||
|
||||
/* Define to 1 if you want sudo to honor '.' and "" in the PATH. */
|
||||
#undef ALLOW_DOT_PATH
|
||||
|
||||
/* Define to 1 if you want the insults from the "classic" version sudo. */
|
||||
#undef CLASSIC_INSULTS
|
||||
|
||||
@ -1138,9 +1141,6 @@
|
||||
/* Define to 1 if you want the hostname to be entered into the log file. */
|
||||
#undef HOST_IN_LOG
|
||||
|
||||
/* Define to 1 if you want to ignore '.' and empty PATH elements. */
|
||||
#undef IGNORE_DOT_PATH
|
||||
|
||||
/* The message given when a bad password is entered. */
|
||||
#undef INCORRECT_PASSWORD
|
||||
|
||||
|
||||
41
configure
vendored
41
configure
vendored
@ -1025,6 +1025,7 @@ enable_noargs_shell
|
||||
enable_shell_sets_home
|
||||
enable_path_info
|
||||
enable_env_debug
|
||||
enable_ignore_dot
|
||||
enable_postinstall
|
||||
enable_zlib
|
||||
enable_env_reset
|
||||
@ -1737,6 +1738,7 @@ Optional Features:
|
||||
Set $HOME to target user in shell mode
|
||||
--disable-path-info Print 'command not allowed' not 'command not found'
|
||||
--enable-env-debug Whether to enable environment debugging.
|
||||
--disable-ignore-dot allow '.' and "" in the PATH
|
||||
--enable-postinstall Script to run after the install phase
|
||||
--enable-zlib[=PATH] Whether to enable or disable zlib
|
||||
--enable-env-reset Whether to enable environment resetting by default.
|
||||
@ -1843,7 +1845,7 @@ Optional Packages:
|
||||
--with-badpri syslog priority for failures (def is "alert")
|
||||
--with-logpath path to the sudo log file
|
||||
--with-loglen maximum length of a log file line (default is 80)
|
||||
--with-ignore-dot ignore '.' in the PATH
|
||||
--with-ignore-dot deprecated, use --disable-ignore-dot
|
||||
--without-mail-if-no-user
|
||||
do not send mail if user not in sudoers
|
||||
--with-mail-if-no-host send mail if user in sudoers but not for this host
|
||||
@ -3715,7 +3717,7 @@ logfac=auth
|
||||
goodpri=notice
|
||||
badpri=alert
|
||||
loglen=80
|
||||
ignore_dot=off
|
||||
ignore_dot=on
|
||||
mail_no_user=on
|
||||
mail_no_host=off
|
||||
mail_no_perms=off
|
||||
@ -5310,9 +5312,7 @@ then :
|
||||
yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: adding CSOps standard options" >&5
|
||||
printf "%s\n" "$as_me: adding CSOps standard options" >&6;}
|
||||
CHECKSIA=false
|
||||
with_ignore_dot=yes
|
||||
insults=on
|
||||
with_env_editor=yes
|
||||
: ${mansectsu='8'}
|
||||
: ${mansectform='5'}
|
||||
: ${mansectmisc='7'}
|
||||
@ -5664,16 +5664,7 @@ printf "%s\n" "#define MAXLOGFILELEN $loglen" >>confdefs.h
|
||||
# Check whether --with-ignore-dot was given.
|
||||
if test ${with_ignore_dot+y}
|
||||
then :
|
||||
withval=$with_ignore_dot; case $with_ignore_dot in
|
||||
yes) ignore_dot=on
|
||||
printf "%s\n" "#define IGNORE_DOT_PATH 1" >>confdefs.h
|
||||
|
||||
;;
|
||||
no) ignore_dot=off
|
||||
;;
|
||||
*) as_fn_error $? "--with-ignore-dot does not take an argument." "$LINENO" 5
|
||||
;;
|
||||
esac
|
||||
withval=$with_ignore_dot; enable_ignore_dot="$with_ignore_dot"
|
||||
fi
|
||||
|
||||
|
||||
@ -6635,6 +6626,24 @@ printf "%s\n" "$as_me: WARNING: ignoring unknown argument to --enable-env-debug:
|
||||
fi
|
||||
|
||||
|
||||
# Check whether --enable-ignore-dot was given.
|
||||
if test ${enable_ignore_dot+y}
|
||||
then :
|
||||
enableval=$enable_ignore_dot; case "$enableval" in
|
||||
yes) ignore_dot=on
|
||||
;;
|
||||
no) ignore_dot=off
|
||||
printf "%s\n" "#define ALLOW_DOT_PATH 1" >>confdefs.h
|
||||
|
||||
;;
|
||||
*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: ignoring unknown argument to --enable-ignore-dot: $enableval" >&5
|
||||
printf "%s\n" "$as_me: WARNING: ignoring unknown argument to --enable-ignore-dot: $enableval" >&2;}
|
||||
;;
|
||||
esac
|
||||
|
||||
fi
|
||||
|
||||
|
||||
# Check whether --enable-postinstall was given.
|
||||
if test ${enable_postinstall+y}
|
||||
then :
|
||||
@ -6842,8 +6851,8 @@ then :
|
||||
no) printf "%s\n" "#define NO_LEAKS 1" >>confdefs.h
|
||||
|
||||
;;
|
||||
*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: ignoring unknown argument to --disable-leaks: $enableval" >&5
|
||||
printf "%s\n" "$as_me: WARNING: ignoring unknown argument to --disable-leaks: $enableval" >&2;}
|
||||
*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: ignoring unknown argument to --enable-leaks: $enableval" >&5
|
||||
printf "%s\n" "$as_me: WARNING: ignoring unknown argument to --enable-leaks: $enableval" >&2;}
|
||||
;;
|
||||
esac
|
||||
|
||||
|
||||
32
configure.ac
32
configure.ac
@ -205,7 +205,7 @@ logfac=auth
|
||||
goodpri=notice
|
||||
badpri=alert
|
||||
loglen=80
|
||||
ignore_dot=off
|
||||
ignore_dot=on
|
||||
mail_no_user=on
|
||||
mail_no_host=off
|
||||
mail_no_perms=off
|
||||
@ -444,9 +444,7 @@ AC_ARG_WITH(csops, [AS_HELP_STRING([--with-csops], [add CSOps standard options])
|
||||
[case $with_csops in
|
||||
yes) AC_MSG_NOTICE([adding CSOps standard options])
|
||||
CHECKSIA=false
|
||||
with_ignore_dot=yes
|
||||
insults=on
|
||||
with_env_editor=yes
|
||||
: ${mansectsu='8'}
|
||||
: ${mansectform='5'}
|
||||
: ${mansectmisc='7'}
|
||||
@ -665,16 +663,7 @@ AC_ARG_WITH(loglen, [AS_HELP_STRING([--with-loglen], [maximum length of a log fi
|
||||
esac])
|
||||
AC_DEFINE_UNQUOTED(MAXLOGFILELEN, $loglen, [The max number of chars per log file line (for line wrapping).])
|
||||
|
||||
AC_ARG_WITH(ignore-dot, [AS_HELP_STRING([--with-ignore-dot], [ignore '.' in the PATH])],
|
||||
[case $with_ignore_dot in
|
||||
yes) ignore_dot=on
|
||||
AC_DEFINE(IGNORE_DOT_PATH)
|
||||
;;
|
||||
no) ignore_dot=off
|
||||
;;
|
||||
*) AC_MSG_ERROR([--with-ignore-dot does not take an argument.])
|
||||
;;
|
||||
esac])
|
||||
AC_ARG_WITH(ignore-dot, [AS_HELP_STRING([--with-ignore-dot], [deprecated, use --disable-ignore-dot])], [enable_ignore_dot="$with_ignore_dot"])
|
||||
|
||||
AC_ARG_WITH(mail-if-no-user, [AS_HELP_STRING([--without-mail-if-no-user], [do not send mail if user not in sudoers])],
|
||||
[case $with_mail_if_no_user in
|
||||
@ -1279,6 +1268,19 @@ AC_ARG_ENABLE(env_debug,
|
||||
esac
|
||||
])
|
||||
|
||||
AC_ARG_ENABLE(ignore-dot,
|
||||
[AS_HELP_STRING([--disable-ignore-dot], [allow '.' and "" in the PATH])],
|
||||
[ case "$enableval" in
|
||||
yes) ignore_dot=on
|
||||
;;
|
||||
no) ignore_dot=off
|
||||
AC_DEFINE(ALLOW_DOT_PATH)
|
||||
;;
|
||||
*) AC_MSG_WARN([ignoring unknown argument to --enable-ignore-dot: $enableval])
|
||||
;;
|
||||
esac
|
||||
])
|
||||
|
||||
AC_ARG_ENABLE(postinstall,
|
||||
[AS_HELP_STRING([--enable-postinstall], [Script to run after the install phase])],
|
||||
[ case "$enableval" in
|
||||
@ -1384,7 +1386,7 @@ AC_ARG_ENABLE(leaks,
|
||||
yes) ;;
|
||||
no) AC_DEFINE(NO_LEAKS)
|
||||
;;
|
||||
*) AC_MSG_WARN([ignoring unknown argument to --disable-leaks: $enableval])
|
||||
*) AC_MSG_WARN([ignoring unknown argument to --enable-leaks: $enableval])
|
||||
;;
|
||||
esac
|
||||
])
|
||||
@ -4759,7 +4761,7 @@ AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimes
|
||||
AH_TEMPLATE(HAVE_ST_NMTIME, [Define to 1 if your struct stat has an st_nmtime member.])
|
||||
AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.])
|
||||
AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.])
|
||||
AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements.])
|
||||
AH_TEMPLATE(ALLOW_DOT_PATH, [Define to 1 if you want sudo to honor '.' and "" in the PATH.])
|
||||
AH_TEMPLATE(LOGGING, [Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH.])
|
||||
AH_TEMPLATE(LONG_OTP_PROMPT, [Define to 1 if you want a two line OTP (S/Key or OPIE) prompt.])
|
||||
AH_TEMPLATE(NO_AUTHENTICATION, [Define to 1 if you don't want sudo to prompt for a password by default.])
|
||||
|
||||
@ -483,7 +483,7 @@ init_defaults(void)
|
||||
#ifdef LONG_OTP_PROMPT
|
||||
def_long_otp_prompt = true;
|
||||
#endif
|
||||
#ifdef IGNORE_DOT_PATH
|
||||
#ifndef ALLOW_DOT_PATH
|
||||
def_ignore_dot = true;
|
||||
#endif
|
||||
#ifdef ALWAYS_SEND_MAIL
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user