From bogus@does.not.exist.com Wed Jul 14 12:04:31 2010 From: bogus@does.not.exist.com () Date: Wed, 14 Jul 2010 16:04:31 -0000 Subject: No subject Message-ID: 270) Initialize group vector if we are becoming a user other than root. For root, it is often more useful to hang on to our existing group vector. Why is this, exactly? I tried perusing the mailing list archives for a discussion of this topic, but didn't find anything. I would assume that sudo would always set the credentials of the process to the user's UID and primary and supplemental GIDs, no matter which user. That user root is handled as an exception, differently than other users, is a little obscure and potentially confusing. An alternative approach might be to use a command line option, -P/--preserve-group-vector, to be used when the existing user's supplemental group membership vector is to be preserved, with sudo defaulting to always using initgroup(3) (if present) to set the group vector. TJ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Nothing ever becomes real till it is experienced -- even a proverb is no proverb to you till your life has illustrated it. -John Keats ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From dkopecek at redhat.com Wed Jul 7 05:06:25 2010 From: dkopecek at redhat.com (Daniel Kopecek) Date: Wed, 7 Jul 2010 11:06:25 +0200 Subject: [sudo-workers] Negating user name in Defaults Message-ID: <20100707110625.4c94bb78@mr-flibble-n2.toxicon.cz> Hello, there seems to be a bug when you try to negate an user name in a Defaults option. For example: Defaults:dkopecek requiretty ... works Defaults:!dkopecek requiretty ... does not work I've looked into the toke.l file and found out that the rule doesn't count with the negation operator. The rule is... ^[[:blank:]]*Defaults([:@>\!]{WORD})? ...but it should probably read... ^[[:blank:]]*Defaults([:@>\!]\!?{WORD})? i.e. include the optional '!' operator since WORD is defined so that this character is excluded. I've attached two parser trace files (yydebug set to 1 and "%option debug" in toke.l). One with the original rule and second with the modified rule. Note that I've included several more Defaults option to test the behavior of other parts of the parser. Dan -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 230 bytes Desc: not available URL: From Todd.Miller at courtesan.com Wed Jul 7 14:31:32 2010 From: Todd.Miller at courtesan.com (Todd C. Miller) Date: Wed, 07 Jul 2010 14:31:32 -0400 Subject: [sudo-workers] Negating user name in Defaults In-Reply-To: Your message of "Wed, 07 Jul 2010 11:06:25 +0200." <20100707110625.4c94bb78@mr-flibble-n2.toxicon.cz> References: <20100707110625.4c94bb78@mr-flibble-n2.toxicon.cz> Message-ID: <201007071831.o67IVWHK010737@core.courtesan.com> I hadn't really taken that use case into account when I added the per-user/host/command Defaults bits. Your change looks correct to me, I'll check it in to the mercurial repo. - todd From jhrozek at redhat.com Wed Jul 14 08:51:10 2010 From: jhrozek at redhat.com (Jakub Hrozek) Date: Wed, 14 Jul 2010 14:51:10 +0200 Subject: [sudo-workers] sudo plugins Message-ID: <4C3DB2BE.9080600@redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello sudo workers, We're currently researching ways to provide a custom centralized sudo backend for our project. The server[1] side storage is based on LDAP directory, and there is also a client[2] that provides caching and connection pooling among other things. In particular, we're interested in grabbing the data from the server via our client and providing them to sudo. This is where the plugins that emerged in the master branch of sudo caught our attention. Right now, it seems it would be nice to have a FreeIPA plugin similar to the sudoers one that would communicate with SSSD. From very brief look at the sudoers plugin it also seems that it would be nice to share some code between the new FreeIPA plugin and the sudoers one. Does that sound like a sane plan? Before going on with my research, I would like to ask if there is any expected data of release of a sudo version (I presume 1.8) that would contain the plugin support? Thanks, Jakub [1] http://freeipa.org [2] https://fedorahosted.org/sssd/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkw9sr4ACgkQHsardTLnvCV6VQCeO3//rXvMcK/KQrGRKdxQXyjr a9UAoLSKkhPMtEI0/rtBnLVdxJV9nQbc =7Nu1 -----END PGP SIGNATURE----- From Todd.Miller at courtesan.com Sat Jul 17 13:16:33 2010 From: Todd.Miller at courtesan.com (Todd C. Miller) Date: Sat, 17 Jul 2010 13:16:33 -0400 Subject: [sudo-workers] sudo plugins In-Reply-To: Your message of "Wed, 14 Jul 2010 14:51:10 +0200." <4C3DB2BE.9080600@redhat.com> References: <4C3DB2BE.9080600@redhat.com> Message-ID: <201007171716.o6HHGXlV013793@core.courtesan.com> In message <4C3DB2BE.9080600 at redhat.com> so spake Jakub Hrozek (jhrozek): > In particular, we're interested in grabbing the data from the server via > our client and providing them to sudo. This is where the plugins that > emerged in the master branch of sudo caught our attention. Right now, it > seems it would be nice to have a FreeIPA plugin similar to the sudoers > one that would communicate with SSSD. From very brief look at the > sudoers plugin it also seems that it would be nice to share some code > between the new FreeIPA plugin and the sudoers one. Does that sound like > a sane plan? That sounds reasonable. The plugin API has been finalized so you shouldn't have to worry about things changing out from under you. I do still intend to improve the plugin documentation, but what is there now should be sufficient to write a working plugin. > Before going on with my research, I would like to ask if there is any > expected data of release of a sudo version (I presume 1.8) that would > contain the plugin support? I don't have a firm release date for sudo 1.8 at the moment, though it will definitely be released before the end of the year. - todd From Todd.Miller at courtesan.com Sat Jul 17 14:18:45 2010 From: Todd.Miller at courtesan.com (Todd C. Miller) Date: Sat, 17 Jul 2010 14:18:45 -0400 Subject: [sudo-workers] Sudo 1.7.4b1 available Message-ID: <201007171818.o6HIIjDS000747@core.courtesan.com> The first beta release of Sudo version 1.7.4 is now available. Download links: http://www.sudo.ws/sudo/dist/beta/sudo-1.7.4b1.tar.gz ftp://ftp.sudo.ws/pub/sudo/beta/sudo-1.7.4b1.tar.gz Major changes between sudo 1.7.3 and 1.7.4b1: * Sudoedit will now preserve the file extension in the name of the temporary file being edited. The extension is used by some editors (such as emacs) to choose the editing mode. * Time stamp files have moved from /var/run/sudo to either /var/db/sudo, /var/lib/sudo or /var/adm/sudo. The directories are checked for existence in that order. This prevents users from receiving the sudo lecture every time the system reboots. Time stamp files older than the boot time are ignored on systems where it is possible to determine this. * Ancillary documentation (README files, LICENSE, etc) is now installed in a sudo documentation directory. * Sudo now recognizes "tls_cacert" as an alias for "tls_cacertfile" in ldap.conf. * Defaults settings that are tied to a user, host or command may now include the negation operator. For example: Defaults:!millert lecture will match any user but millert. * The default PATH environment variable, used when no PATH variable exists, now includes /usr/sbin and /sbin. * Sudo now uses polypkg (http://rc.quest.com/topics/polypkg/) for cross-platform packing. * On Linux, sudo will now restore the nproc resource limit before executing a command, unless the limit appears to have been modified by pam_limits. This avoids a problem with bash scripts that open more than 32 descriptors on SuSE Linux, where sysconf(_SC_CHILD_MAX) will return -1 when RLIMIT_NPROC is set to RLIMIT_UNLIMITED (-1). From Todd.Miller at courtesan.com Mon Jul 19 16:09:53 2010 From: Todd.Miller at courtesan.com (Todd C. Miller) Date: Mon, 19 Jul 2010 16:09:53 -0400 Subject: [sudo-workers] Sudo 1.7.4b2 available Message-ID: <201007192009.o6JK9r4l012062@core.courtesan.com> The second beta release of Sudo version 1.7.4 is now available. Download links: http://www.sudo.ws/sudo/dist/beta/sudo-1.7.4b2.tar.gz ftp://ftp.sudo.ws/pub/sudo/beta/sudo-1.7.4b2.tar.gz Major changes between sudo 1.7.4b1 and 1.7.4b2: * Visudo will now treat an unrecognized Defaults entry as a parse error (sudo will warn but still run). * The HOME and MAIL environment variables are now reset based on the target user's password database entry when the env_reset sudoers option is enabled (which is the case in the default configuration). Users wishing to preserve the original values should use a sudoers entry like: Defaults env_keep += HOME to preserve the old value of HOME and Defaults env_keep += MAIL to preserve the old value of MAIL. * Fixed a build problem with boottime.c on some systems. Major changes between sudo 1.7.3 and 1.7.4b1: * Sudoedit will now preserve the file extension in the name of the temporary file being edited. The extension is used by some editors (such as emacs) to choose the editing mode. * Time stamp files have moved from /var/run/sudo to either /var/db/sudo, /var/lib/sudo or /var/adm/sudo. The directories are checked for existence in that order. This prevents users from receiving the sudo lecture every time the system reboots. Time stamp files older than the boot time are ignored on systems where it is possible to determine this. * Ancillary documentation (README files, LICENSE, etc) is now installed in a sudo documentation directory. * Sudo now recognizes "tls_cacert" as an alias for "tls_cacertfile" in ldap.conf. * Defaults settings that are tied to a user, host or command may now include the negation operator. For example: Defaults:!millert lecture will match any user but millert. * The default PATH environment variable, used when no PATH variable exists, now includes /usr/sbin and /sbin. * Sudo now uses polypkg (http://rc.quest.com/topics/polypkg/) for cross-platform packing. * On Linux, sudo will now restore the nproc resource limit before executing a command, unless the limit appears to have been modified by pam_limits. This avoids a problem with bash scripts that open more than 32 descriptors on SuSE Linux, where sysconf(_SC_CHILD_MAX) will return -1 when RLIMIT_NPROC is set to RLIMIT_UNLIMITED (-1). From Todd.Miller at courtesan.com Wed Jul 21 16:25:48 2010 From: Todd.Miller at courtesan.com (Todd C. Miller) Date: Wed, 21 Jul 2010 16:25:48 -0400 Subject: [sudo-workers] Sudo 1.7.4b4 available Message-ID: <201007212025.o6LKPmxI015096@core.courtesan.com> The fourth beta release of Sudo version 1.7.4 is now available. Download links: http://www.sudo.ws/sudo/dist/beta/sudo-1.7.4b4.tar.gz ftp://ftp.sudo.ws/pub/sudo/beta/sudo-1.7.4b4.tar.gz Major changes between sudo 1.7.4b3 and 1.7.4b4: * Documentation updates. * If pam is in use, wait until the process has finished before closing the PAM session. * The WHATSNEW file has been renamed to NEWS. * Compilation fix for mkstemps.c on some systems. Major changes between sudo 1.7.4b2 and 1.7.4b3: * The tty_tickets option is now on by default. * Fixed a problem in the restoration of the AIX authdb registry setting. Major changes between sudo 1.7.4b1 and 1.7.4b2: * Visudo will now treat an unrecognized Defaults entry as a parse error (sudo will warn but still run). * The HOME and MAIL environment variables are now reset based on the target user's password database entry when the env_reset sudoers option is enabled (which is the case in the default configuration). Users wishing to preserve the original values should use a sudoers entry like: Defaults env_keep += HOME to preserve the old value of HOME and Defaults env_keep += MAIL to preserve the old value of MAIL. * Fixed a build problem with boottime.c on some systems. Major changes between sudo 1.7.3 and 1.7.4b1: * Sudoedit will now preserve the file extension in the name of the temporary file being edited. The extension is used by some editors (such as emacs) to choose the editing mode. * Time stamp files have moved from /var/run/sudo to either /var/db/sudo, /var/lib/sudo or /var/adm/sudo. The directories are checked for existence in that order. This prevents users from receiving the sudo lecture every time the system reboots. Time stamp files older than the boot time are ignored on systems where it is possible to determine this. * Ancillary documentation (README files, LICENSE, etc) is now installed in a sudo documentation directory. * Sudo now recognizes "tls_cacert" as an alias for "tls_cacertfile" in ldap.conf. * Defaults settings that are tied to a user, host or command may now include the negation operator. For example: Defaults:!millert lecture will match any user but millert. * The default PATH environment variable, used when no PATH variable exists, now includes /usr/sbin and /sbin. * Sudo now uses polypkg (http://rc.quest.com/topics/polypkg/) for cross-platform packing. * On Linux, sudo will now restore the nproc resource limit before executing a command, unless the limit appears to have been modified by pam_limits. This avoids a problem with bash scripts that open more than 32 descriptors on SuSE Linux, where sysconf(_SC_CHILD_MAX) will return -1 when RLIMIT_NPROC is set to RLIMIT_UNLIMITED (-1). From Todd.Miller at courtesan.com Mon Jul 26 14:39:37 2010 From: Todd.Miller at courtesan.com (Todd C. Miller) Date: Mon, 26 Jul 2010 14:39:37 -0400 Subject: [sudo-workers] Sudo 1.7.4b5 available Message-ID: <201007261839.o6QIdbUs021996@core.courtesan.com> The fifth and hopefully final beta release of Sudo version 1.7.4 is now available. I expect to have a release candidate of 1.7.4 prepared within the next few days. Download links: http://www.sudo.ws/sudo/dist/beta/sudo-1.7.4b5.tar.gz ftp://ftp.sudo.ws/pub/sudo/beta/sudo-1.7.4b5.tar.gz Major changes between sudo 1.7.4b4 and 1.7.4b5: * Fixed a build problem on Solaris. * Fixed "sudo -i -u user" where user has no shell listed in the password database. * When logging I/O, sudo now handles pty read/write returning ENXIO, as seen on FreeBSD when the login session has been killed. Major changes between sudo 1.7.4b3 and 1.7.4b4: * Documentation updates. * If pam is in use, wait until the process has finished before closing the PAM session. * The WHATSNEW file has been renamed to NEWS. * Compilation fix for mkstemps.c on some systems. Major changes between sudo 1.7.4b2 and 1.7.4b3: * The tty_tickets option is now on by default. * Fixed a problem in the restoration of the AIX authdb registry setting. Major changes between sudo 1.7.4b1 and 1.7.4b2: * Visudo will now treat an unrecognized Defaults entry as a parse error (sudo will warn but still run). * The HOME and MAIL environment variables are now reset based on the target user's password database entry when the env_reset sudoers option is enabled (which is the case in the default configuration). Users wishing to preserve the original values should use a sudoers entry like: Defaults env_keep += HOME to preserve the old value of HOME and Defaults env_keep += MAIL to preserve the old value of MAIL. * Fixed a build problem with boottime.c on some systems. Major changes between sudo 1.7.3 and 1.7.4b1: * Sudoedit will now preserve the file extension in the name of the temporary file being edited. The extension is used by some editors (such as emacs) to choose the editing mode. * Time stamp files have moved from /var/run/sudo to either /var/db/sudo, /var/lib/sudo or /var/adm/sudo. The directories are checked for existence in that order. This prevents users from receiving the sudo lecture every time the system reboots. Time stamp files older than the boot time are ignored on systems where it is possible to determine this. * Ancillary documentation (README files, LICENSE, etc) is now installed in a sudo documentation directory. * Sudo now recognizes "tls_cacert" as an alias for "tls_cacertfile" in ldap.conf. * Defaults settings that are tied to a user, host or command may now include the negation operator. For example: Defaults:!millert lecture will match any user but millert. * The default PATH environment variable, used when no PATH variable exists, now includes /usr/sbin and /sbin. * Sudo now uses polypkg (http://rc.quest.com/topics/polypkg/) for cross-platform packing. * On Linux, sudo will now restore the nproc resource limit before executing a command, unless the limit appears to have been modified by pam_limits. This avoids a problem with bash scripts that open more than 32 descriptors on SuSE Linux, where sysconf(_SC_CHILD_MAX) will return -1 when RLIMIT_NPROC is set to RLIMIT_UNLIMITED (-1). From Todd.Miller at courtesan.com Tue Jul 27 16:46:32 2010 From: Todd.Miller at courtesan.com (Todd C. Miller) Date: Tue, 27 Jul 2010 16:46:32 -0400 Subject: [sudo-workers] Sudo 1.7.4rc1 available Message-ID: <201007272046.o6RKkW4O002521@core.courtesan.com> The first release candidate for sudo 1.7.4 is now available. Download links: http://www.sudo.ws/sudo/dist/beta/sudo-1.7.4rc1.tar.gz ftp://ftp.sudo.ws/pub/sudo/beta/sudo-1.7.4rc1.tar.gz Major changes between sudo 1.7.4b5 and 1.7.4rc1: * Sudo now performs I/O logging in the C locale. This avoids locale-related issues when parsing floating point numbers in the timing file. Major changes between sudo 1.7.4b4 and 1.7.4b5: * Fixed a build problem on Solaris. * Fixed "sudo -i -u user" where user has no shell listed in the password database. * When logging I/O, sudo now handles pty read/write returning ENXIO, as seen on FreeBSD when the login session has been killed. Major changes between sudo 1.7.4b3 and 1.7.4b4: * Documentation updates. * If pam is in use, wait until the process has finished before closing the PAM session. * The WHATSNEW file has been renamed to NEWS. * Compilation fix for mkstemps.c on some systems. Major changes between sudo 1.7.4b2 and 1.7.4b3: * The tty_tickets option is now on by default. * Fixed a problem in the restoration of the AIX authdb registry setting. Major changes between sudo 1.7.4b1 and 1.7.4b2: * Visudo will now treat an unrecognized Defaults entry as a parse error (sudo will warn but still run). * The HOME and MAIL environment variables are now reset based on the target user's password database entry when the env_reset sudoers option is enabled (which is the case in the default configuration). Users wishing to preserve the original values should use a sudoers entry like: Defaults env_keep += HOME to preserve the old value of HOME and Defaults env_keep += MAIL to preserve the old value of MAIL. * Fixed a build problem with boottime.c on some systems. Major changes between sudo 1.7.3 and 1.7.4b1: * Sudoedit will now preserve the file extension in the name of the temporary file being edited. The extension is used by some editors (such as emacs) to choose the editing mode. * Time stamp files have moved from /var/run/sudo to either /var/db/sudo, /var/lib/sudo or /var/adm/sudo. The directories are checked for existence in that order. This prevents users from receiving the sudo lecture every time the system reboots. Time stamp files older than the boot time are ignored on systems where it is possible to determine this. * Ancillary documentation (README files, LICENSE, etc) is now installed in a sudo documentation directory. * Sudo now recognizes "tls_cacert" as an alias for "tls_cacertfile" in ldap.conf. * Defaults settings that are tied to a user, host or command may now include the negation operator. For example: Defaults:!millert lecture will match any user but millert. * The default PATH environment variable, used when no PATH variable exists, now includes /usr/sbin and /sbin. * Sudo now uses polypkg (http://rc.quest.com/topics/polypkg/) for cross-platform packing. * On Linux, sudo will now restore the nproc resource limit before executing a command, unless the limit appears to have been modified by pam_limits. This avoids a problem with bash scripts that open more than 32 descriptors on SuSE Linux, where sysconf(_SC_CHILD_MAX) will return -1 when RLIMIT_NPROC is set to RLIMIT_UNLIMITED (-1). From Todd.Miller at courtesan.com Thu Jul 29 10:51:27 2010 From: Todd.Miller at courtesan.com (Todd C. Miller) Date: Thu, 29 Jul 2010 10:51:27 -0400 Subject: [sudo-workers] Sudo 1.7.4rc2 available Message-ID: <201007291451.o6TEpRx3000536@core.courtesan.com> The second release candidate for sudo 1.7.4 is now available. Download links: http://www.sudo.ws/sudo/dist/beta/sudo-1.7.4rc2.tar.gz ftp://ftp.sudo.ws/pub/sudo/beta/sudo-1.7.4rc2.tar.gz Major changes between sudo 1.7.4rc1 and 1.7.4rc2: * Packaging fixes. * Added support for Ubuntu-style admin flag dot files. Major changes between sudo 1.7.4b5 and 1.7.4rc1: * Sudo now performs I/O logging in the C locale. This avoids locale-related issues when parsing floating point numbers in the timing file. Major changes between sudo 1.7.4b4 and 1.7.4b5: * Fixed a build problem on Solaris. * Fixed "sudo -i -u user" where user has no shell listed in the password database. * When logging I/O, sudo now handles pty read/write returning ENXIO, as seen on FreeBSD when the login session has been killed. Major changes between sudo 1.7.4b3 and 1.7.4b4: * Documentation updates. * If pam is in use, wait until the process has finished before closing the PAM session. * The WHATSNEW file has been renamed to NEWS. * Compilation fix for mkstemps.c on some systems. Major changes between sudo 1.7.4b2 and 1.7.4b3: * The tty_tickets option is now on by default. * Fixed a problem in the restoration of the AIX authdb registry setting. Major changes between sudo 1.7.4b1 and 1.7.4b2: * Visudo will now treat an unrecognized Defaults entry as a parse error (sudo will warn but still run). * The HOME and MAIL environment variables are now reset based on the target user's password database entry when the env_reset sudoers option is enabled (which is the case in the default configuration). Users wishing to preserve the original values should use a sudoers entry like: Defaults env_keep += HOME to preserve the old value of HOME and Defaults env_keep += MAIL to preserve the old value of MAIL. * Fixed a build problem with boottime.c on some systems. Major changes between sudo 1.7.3 and 1.7.4b1: * Sudoedit will now preserve the file extension in the name of the temporary file being edited. The extension is used by some editors (such as emacs) to choose the editing mode. * Time stamp files have moved from /var/run/sudo to either /var/db/sudo, /var/lib/sudo or /var/adm/sudo. The directories are checked for existence in that order. This prevents users from receiving the sudo lecture every time the system reboots. Time stamp files older than the boot time are ignored on systems where it is possible to determine this. * Ancillary documentation (README files, LICENSE, etc) is now installed in a sudo documentation directory. * Sudo now recognizes "tls_cacert" as an alias for "tls_cacertfile" in ldap.conf. * Defaults settings that are tied to a user, host or command may now include the negation operator. For example: Defaults:!millert lecture will match any user but millert. * The default PATH environment variable, used when no PATH variable exists, now includes /usr/sbin and /sbin. * Sudo now uses polypkg (http://rc.quest.com/topics/polypkg/) for cross-platform packing. * On Linux, sudo will now restore the nproc resource limit before executing a command, unless the limit appears to have been modified by pam_limits. This avoids a problem with bash scripts that open more than 32 descriptors on SuSE Linux, where sysconf(_SC_CHILD_MAX) will return -1 when RLIMIT_NPROC is set to RLIMIT_UNLIMITED (-1).