./security/sudo, Allow others to run commands as root

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.8.31p1, Package name: sudo-1.8.31p1, Maintainer: pkgsrc-users

Sudo is a program designed to allow a sysadmin to give limited root
privileges to users and log root activity. The basic philosophy is to
give as few privileges as possible but still allow people to get their
work done.


Required to build:
[pkgtools/cwrappers]

Package options: skey

Master sites: (Expand)

SHA1: b959be78c815e37d893c5c481975b9793f9ed227
RMD160: ace03e181e4240fde407f5353b363f28a72900c1
Filesize: 3272.766 KB

Version history: (Expand)


CVS history: (Expand)


   2020-04-28 07:29:18 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
security/sudo: update to 1.8.31p1

Update sudo to 1.8.31p1.

Major changes between sudo 1.8.31p1 and 1.8.31

 * Sudo once again ignores a failure to restore the RLIMIT_CORE
   resource limit, as it did prior to version 1.8.29.  Linux
   containers don't allow RLIMIT_CORE to be set back to RLIM_INFINITY
   if we set the limit to zero, even for root, which resulted in a
   warning from sudo.
   2020-02-03 08:47:56 by Kimmo Suominen | Files touched by this commit (2) | Package updated
Log message:
Update to sudo 1.8.31

What's new:

* Fixed CVE-2019-18634, a buffer overflow when the "pwfeedback"
  sudoers option is enabled on systems with uni-directional pipes.

* The "sudoedit_checkdir" option now treats a user-owned directory
  as writable, even if it does not have the write bit set at the
  time of check.  Symbolic links will no longer be followed by
  sudoedit in any user-owned directory.  Bug #912

* Fixed sudoedit on macOS 10.15 and above where the root file system
  is mounted read-only.  Bug #913.

* Fixed a crash introduced in sudo 1.8.30 when suspending sudo
  at the password prompt.  Bug #914.

* Fixed compilation on systems where the mmap MAP_ANON flag
  is not available.  Bug #915.
   2020-01-30 22:08:00 by =?UTF-8?B?RnLDqWTDqXJpYyBGYXViZXJ0ZWF1?= | Files touched by this commit (1) | Package updated
Log message:
sudo: update master site

TW Aren FTP server seems down and the fetching step hangs for hours.
   2020-01-18 22:51:16 by Jonathan Perkin | Files touched by this commit (1836)
Log message:
*: Recursive revision bump for openssl 1.1.1.
   2020-01-01 02:47:29 by Kimmo Suominen | Files touched by this commit (2) | Package updated
Log message:
Update to sudo 1.8.30

Notable changes:

* The version string no longer has the word "beta" in it.
   2019-12-28 21:43:56 by Kimmo Suominen | Files touched by this commit (14) | Package removed
Log message:
Update to sudo 1.8.30beta3

* Portability fixes from pkgsrc have been merged upstream

* Add runas_check_shell flag to require a runas user to have a valid
  shell. Not enabled by default.

* Add a new flag "allow_unknown_runas_id" to control matching of unknown
  IDs. Previous, sudo would always allow unknown user or group IDs if
  the sudoers entry permitted it. This included the "ALL" alias. With
  this change, the admin must explicitly enable support for unknown IDs.

* Transparently handle the "sudo sudoedit" problem. Some admin are
  confused about how to give users sudoedit permission and many users
  try to run sudoedit via sudo instead of directly. If the user runs
  "sudo sudoedit" sudo will now treat it as plain "sudoedit" \ 
after
  issuing a warning. If the admin has specified a fully-qualified path
  for sudoedit in sudoers, sudo will treat it as just "sudoedit" and
  match accordingly. In visudo (but not sudo), a fully-qualified path
  for sudoedit is now treated as an error.

* When restoring old resource limits, try to recover if we receive
  EINVAL. On NetBSD, setrlimit(2) can return EINVAL if the new soft
  limit is lower than the current resource usage. This can be a problem
  when restoring the old stack limit if sudo has raised it.

* Restore resource limits before executing the askpass program. Linux
  with docker seems to have issues executing a program when the stack
  size is unlimited. Bug #908

* macOS does not allow rlim_cur to be set to RLIM_INFINITY for
  RLIMIT_NOFILE. We need to use OPEN_MAX instead as per the macOS
  setrlimit manual. Bug #904

* Use 64-bit resource limits on AIX.
   2019-12-19 17:59:44 by Kimmo Suominen | Files touched by this commit (3)
Log message:
Don't touch RLIMIT_STACK for now, see https://gnats.netbsd.org/51158
   2019-12-18 16:56:11 by Kimmo Suominen | Files touched by this commit (4)
Log message:
Fix setrlimit(3): Invalid argument

The new code that unlimits many resources appears to have been problematic
on a number of fronts. Fetched the current version of src/limits.c from
the sudo hg repo. RLIMIT_STACK (i.e. "3") is no longer set to \ 
RLIM_INFINITY.

Added code to output the name of the limit instead of its number.