sudo 1.8.4p4

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@9704 af4574ff-66df-0310-9fd7-8a98e5e911e0

general.ent

@@ -138,7 +138,7 @@ $Date$
 <!ENTITY polkit-gnome-version         "0.104">
 <!ENTITY shadow-version               "4.1.5">
 <!ENTITY stunnel-version              "4.52">
-<!ENTITY sudo-version                 "1.8.2">
+<!ENTITY sudo-version                 "1.8.4p4">
 <!ENTITY tcpwrappers-version          "7.6">
 <!ENTITY tripwire-version             "2.4.2.2">
 

introduction/welcome/changelog.xml

@@ -56,6 +56,9 @@
         <listitem>
           <para>[abenton] - Firefox/Xulrunner 11.0.</para>
         </listitem>
+        <listitem>
+          <para>[krejzi] - sudo 1.8.4p4.</para>
+        </listitem>
         <listitem>
           <para>[abenton] - Thunderbird 11.0.</para>
         </listitem>

postlfs/security/sudo.xml

@@ -6,10 +6,10 @@
 
   <!ENTITY sudo-download-http "http://www.sudo.ws/sudo/dist/sudo-&sudo-version;.tar.gz">
   <!ENTITY sudo-download-ftp  "ftp://ftp.twaren.net/Unix/Security/Sudo/sudo-&sudo-version;.tar.gz">
-  <!ENTITY sudo-md5sum        "000f458e7391be9fdf459a9ad6a4912a">
-  <!ENTITY sudo-size          "1.4 MB">
-  <!ENTITY sudo-buildsize     "13 MB">
-  <!ENTITY sudo-time          "0.2 SBU">
+  <!ENTITY sudo-md5sum        "b9be6df7ecefedff2263052ed9fc5e93">
+  <!ENTITY sudo-size          "1.5 MB">
+  <!ENTITY sudo-buildsize     "16 MB">
+  <!ENTITY sudo-time          "0.3 SBU">
 ]>
 
 <sect1 id="sudo" xreflabel="sudo-&sudo-version;">
@@ -59,27 +59,18 @@
       </listitem>
     </itemizedlist>
 
-    <bridgehead renderas="sect3">Additional Downloads</bridgehead>
-    <itemizedlist spacing="compact">
-      <listitem>
-        <para>Required patch: <ulink
-        url="&patch-root;/sudo-&sudo-version;-fprintf_debug-1.patch"/></para>
-      </listitem>
-    </itemizedlist>
-
     <bridgehead renderas="sect3">Sudo Dependencies</bridgehead>
 
     <bridgehead renderas="sect4">Optional</bridgehead>
-    <para role="optional"><xref linkend="linux-pam"/>,
-    <ulink url="ftp://ftp.nrl.navy.mil/pub/security/opie">Opie</ulink>,
-    <ulink url="http://www.rsa.com/node.aspx?id=1156">SecurID</ulink>,
+    <para role="optional"><ulink url="http://www.openafs.org/">AFS</ulink>,
+    <xref linkend="linux-pam"/>,
     <ulink url="http://www.fwtk.org/">FWTK</ulink>,
+    <xref linkend="mitkrb"/>,
     an <xref linkend="server-mail"/> (that provides a
     <command>sendmail</command> command),
-    <ulink url="http://www.pdc.kth.se/kth-krb/">krb4</ulink>,
-    <xref linkend="heimdal"/> or <xref linkend="mitkrb"/>,
-    <xref linkend="openldap"/>, and
-    <ulink url="http://www.openafs.org/">AFS</ulink></para>
+    <xref linkend="openldap"/>,
+    <ulink url="ftp://ftp.nrl.navy.mil/pub/security/opie">Opie</ulink> and
+    <ulink url="http://www.rsa.com/node.aspx?id=1156">SecurID</ulink></para>
 
     <para condition="html" role="usernotes">User Notes:
     <ulink url="&blfs-wiki;/sudo"/></para>
@@ -92,14 +83,10 @@
     <para>Install <application>sudo</application> by running
     the following commands:</para>
 
-<screen><userinput>patch -p1 &lt; ../sudo-&sudo-version;-fprintf_debug-1.patch &amp;&amp;
-./configure --prefix=/usr \
-            --libexecdir=/usr/lib \
-            --with-ignore-dot \
+<screen><userinput>./configure --prefix=/usr \
+            --libexecdir=/usr/lib/sudo \
             --with-all-insults \
-            --enable-shell-sets-home \
-            --disable-root-sudo \
-            --with-logfac=auth \
+            --with-env-editor \
             --without-pam \
             --without-sendmail &amp;&amp;
 make</userinput></screen>
@@ -115,37 +102,18 @@ make</userinput></screen>
   <sect2 role="commands">
     <title>Command Explanations</title>
 
-    <para><command>patch -p1 &lt; ...</command>: This patch fixes a
-    vulnerability in the debugging code in sudo versions 1.8.0 through 1.8.3p1
-    that can be used to crash sudo or potentially allow an unauthorized user to
-    achieve root privileges.</para>
-
-    <para><option>--with-ignore-dot</option>: This switch causes
-    <application>sudo</application> to ignore '.' in the PATH.</para>
-
     <para><option>--with-all-insults</option>: This switch includes all the
     <application>sudo</application> insult sets.</para>
 
-    <para><option>--enable-shell-sets-home</option>: This switch sets HOME to
-    the target user in shell mode.</para>
-
-    <para><option>--disable-root-sudo</option>: This switch keeps the
-    <systemitem class="username">root</systemitem> user from running sudo,
-    preventing users from chaining commands to get a root shell.</para>
-
-    <para><option>--with-logfac=auth</option>: This switch forces use of the
-    auth facility for logging.</para>
+    <para><option>--with-env-editor</option>: This switch enables use of the 
+    environment variable EDITOR for <command>visudo</command>.</para>
 
     <para><option>--without-pam</option>: This switch disables the use of
     <application>PAM</application> authentication. Omit if you have
-    <application>PAM</application> installed.</para>
+    <application>Linux PAM</application> installed.</para>
 
     <para><option>--without-sendmail</option>: This switch disables the use of
-    sendmail.  Remove if you have a sendmail compatible MTA.</para>
-
-    <para><option>--enable-noargs-shell</option>: This switch allows
-    <application>sudo</application> to run a shell if invoked with no
-    arguments.</para>
+    sendmail. Remove if you have a sendmail compatible MTA.</para>
 
     <note>
       <para>There are many options to <application>sudo</application>'s
@@ -212,9 +180,6 @@ auth      include     system-auth
 # include the default account settings
 account   include     system-account
 
-# Use xauth keys (if available)
-session   optional    pam_xauth.so
-
 # Set default environment variables for the service user
 session   required    pam_env.so
 
@@ -238,8 +203,8 @@ chmod 644 /etc/pam.d/sudo</userinput></screen>
       <segtitle>Installed Directories</segtitle>
 
       <seglistitem>
-        <seg>sudo, sudoedit, and visudo</seg>
-        <seg>sudo_noexec.so</seg>
+        <seg>sudo, sudoedit, sudoreplay and visudo</seg>
+        <seg>sudoers.so and sudo_noexec.so</seg>
         <seg>None</seg>
       </seglistitem>
     </segmentedlist>
@@ -284,6 +249,26 @@ chmod 644 /etc/pam.d/sudo</userinput></screen>
         </listitem>
       </varlistentry>
 
+      <varlistentry id="sudoreplay">
+        <term><command>sudoreplay</command></term>
+        <listitem>
+          <para>is used to play back or list the output 
+          logs created by <command>sudo</command>.</para>
+          <indexterm zone="sudo sudoreplay">
+            <primary sortas="b-sudoreplay">sudoreplay</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry id="sudoers">
+        <term><filename class='libraryfile'>sudoers.so</filename></term>
+        <listitem>
+          <para>is default sudo security policy module.</para>
+          <indexterm zone="sudo sudoers">
+            <primary sortas="c-sudoers">sudoers.so</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
 
       <varlistentry id="sudo_noexec">
         <term><filename class='libraryfile'>sudo_noexec.so</filename></term>