r5453 - in trunk/BOOK: . introduction/welcome postlfs/security

archaic at linuxfromscratch.org archaic at linuxfromscratch.org
Wed Dec 21 19:32:35 PST 2005


Author: archaic
Date: 2005-12-21 20:32:33 -0700 (Wed, 21 Dec 2005)
New Revision: 5453

Modified:
   trunk/BOOK/general.ent
   trunk/BOOK/introduction/welcome/changelog.xml
   trunk/BOOK/postlfs/security/sudo.xml
Log:
Removed the obsolete sed in sudo and added a note to use visudo to edit the sudoers file.

Modified: trunk/BOOK/general.ent
===================================================================
--- trunk/BOOK/general.ent	2005-12-20 23:50:47 UTC (rev 5452)
+++ trunk/BOOK/general.ent	2005-12-22 03:32:33 UTC (rev 5453)
@@ -1,8 +1,8 @@
-<!ENTITY day          "20">
+<!ENTITY day          "21">
 <!ENTITY month        "12">
 <!ENTITY year         "2005">
 <!ENTITY version      "svn-&year;&month;&day;">
-<!ENTITY releasedate  "December &day;th, &year;">
+<!ENTITY releasedate  "December &day;st, &year;">
 <!ENTITY pubdate      "&year;-&month;-&day;"> <!-- metadata req. by TLDP -->
 <!ENTITY blfs-version "svn">                  <!-- svn|[release #] -->
 <!ENTITY lfs-version  "development">          <!-- version|stable|testing|unstable|development] -->

Modified: trunk/BOOK/introduction/welcome/changelog.xml
===================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml	2005-12-20 23:50:47 UTC (rev 5452)
+++ trunk/BOOK/introduction/welcome/changelog.xml	2005-12-22 03:32:33 UTC (rev 5453)
@@ -40,7 +40,17 @@
     </listitem>
 
 -->
+    <listitem>
+      <para>December 21st, 2005</para>
+      <itemizedlist>
+        <listitem>
+          <para>[archaic] - Removed the obsolete sed in sudo and added a note to
+          use visudo to edit the sudoers file.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
 
+
     <listitem>
       <para>December 20th, 2005</para>
       <itemizedlist>

Modified: trunk/BOOK/postlfs/security/sudo.xml
===================================================================
--- trunk/BOOK/postlfs/security/sudo.xml	2005-12-20 23:50:47 UTC (rev 5452)
+++ trunk/BOOK/postlfs/security/sudo.xml	2005-12-22 03:32:33 UTC (rev 5453)
@@ -83,8 +83,7 @@
     <para>Install <application>sudo</application> by running
     the following commands:</para>
 
-<screen><userinput>sed -i -e 's/CDPATH",/&\n    "SHELLOPTS",\n    "PS4",/' env.c
-./configure --prefix=/usr --libexecdir=/usr/lib \
+<screen><userinput>./configure --prefix=/usr --libexecdir=/usr/lib \
     --enable-noargs-shell --with-ignore-dot --with-all-insults \
     --enable-shell-sets-home &&
 make</userinput></screen>
@@ -98,11 +97,6 @@
   <sect2 role="commands">
     <title>Command Explanations</title>
 
-    <para><command>sed -i -e 's/CDPATH",/&\n    "SHELLOPTS",\n    "PS4",/'
-    env.c</command>:  This command adds two environment variables to a list of
-    variables to be excluded from the target environment.  It solves a
-    security problem.</para>
-
     <para><option>--enable-noargs-shell</option>: This switch allows
     <application>sudo</application> to run a shell if invoked with no
     arguments.</para>
@@ -159,6 +153,14 @@
 
       <para>For details, see <command>man sudoers</command>.</para>
 
+      <note>
+        <para>The <application>Sudo</application> developers highly recommend
+        using the <command>visudo</command> program to edit the
+        <filename>sudoers</filename> file. This will provide basic sanity
+        checking like syntax parsing and file permission to avoid some possible
+        mistakes that could lead to a vulnerable configuration.</para>
+      </note>
+
     </sect3>
 
   </sect2>
@@ -172,7 +174,7 @@
       <segtitle>Installed Directories</segtitle>
 
       <seglistitem>
-        <seg>sudo and sudoedit</seg>
+        <seg>sudo, sudoedit, and visudo</seg>
         <seg>sudo_noexec.so</seg>
         <seg>None</seg>
       </seglistitem>
@@ -207,6 +209,18 @@
         </listitem>
       </varlistentry>
 
+      <varlistentry id="visudo">
+        <term><command>visudo</command></term>
+        <listitem>
+          <para>allows for safer editing of the <filename>sudoers</filename>
+          file.</para>
+          <indexterm zone="sudo visudo">
+            <primary sortas="b-visudo">visudo</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+
+
       <varlistentry id="sudo_noexec">
         <term><filename class='libraryfile'>sudo_noexec.so</filename></term>
         <listitem>




More information about the blfs-book mailing list