r5299 - in trunk/BOOK: . introduction/welcome postlfs/security

bdubbs at linuxfromscratch.org bdubbs at linuxfromscratch.org
Wed Nov 23 09:30:35 PST 2005


Author: bdubbs
Date: 2005-11-23 10:30:34 -0700 (Wed, 23 Nov 2005)
New Revision: 5299

Modified:
   trunk/BOOK/general.ent
   trunk/BOOK/introduction/welcome/changelog.xml
   trunk/BOOK/postlfs/security/sudo.xml
Log:
Added security update and a switch to sudo

Modified: trunk/BOOK/general.ent
===================================================================
--- trunk/BOOK/general.ent	2005-11-23 06:12:35 UTC (rev 5298)
+++ trunk/BOOK/general.ent	2005-11-23 17:30:34 UTC (rev 5299)
@@ -1,8 +1,8 @@
-<!ENTITY day          "22">
+<!ENTITY day          "23">
 <!ENTITY month        "11">
 <!ENTITY year         "2005">
 <!ENTITY version      "svn-&year;&month;&day;">
-<!ENTITY releasedate  "November &day;nd, &year;">
+<!ENTITY releasedate  "November &day;rd, &year;">
 <!ENTITY pubdate      "&year;-&month;-&day;"> <!-- metadata req. by TLDP -->
 <!ENTITY blfs-version "svn">                  <!-- svn|[release #] -->
 <!ENTITY lfs-version  "development">          <!-- version|stable|testing|unstable|development] -->

Modified: trunk/BOOK/introduction/welcome/changelog.xml
===================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml	2005-11-23 06:12:35 UTC (rev 5298)
+++ trunk/BOOK/introduction/welcome/changelog.xml	2005-11-23 17:30:34 UTC (rev 5299)
@@ -40,7 +40,18 @@
     </listitem>
 
 -->
+    <listitem>
+      <para>November 23rd, 2005</para>
+      <itemizedlist>
+        <listitem>
+          <para>[bdubbs] - Added sed to sudo to correct a security issue
+          (Archaic).  Also added --enable-shell-sets-home switch 
+          (Gerard).</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
 
+
     <listitem>
       <para>November 22nd, 2005</para>
       <itemizedlist>

Modified: trunk/BOOK/postlfs/security/sudo.xml
===================================================================
--- trunk/BOOK/postlfs/security/sudo.xml	2005-11-23 06:12:35 UTC (rev 5298)
+++ trunk/BOOK/postlfs/security/sudo.xml	2005-11-23 17:30:34 UTC (rev 5299)
@@ -78,8 +78,10 @@
     <para>Install <application>sudo</application> by running
     the following commands:</para>
 
-<screen><userinput>./configure --prefix=/usr --libexecdir=/usr/lib \
-    --enable-noargs-shell --with-ignore-dot --with-all-insults &&
+<screen><userinput>sed -i -e 's/CDPATH",/&\n    "SHELLOPTS",\n    "PS4",/' env.c
+./configure --prefix=/usr --libexecdir=/usr/lib \
+    --enable-noargs-shell --with-ignore-dot --with-all-insults \
+    --enable-shell-sets-home &&
 make</userinput></screen>
 
     <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
@@ -91,6 +93,11 @@
   <sect2 role="commands">
     <title>Command Explanations</title>
 
+    <para><command>sed -i -e 's/CDPATH",/&\n    "SHELLOPTS",\n    "PS4",/'
+    env.c</command>:  This command adds two envronment variables to a list of
+    variables to be excluded from the target environment.  It solves a
+    security problem.</para>
+
     <para><option>--enable-noargs-shell</option>: This switch allows sudo to
     run a shell if involked with no arguments.</para>
 
@@ -100,6 +107,9 @@
     <para><option>--with-all-insults</option>: This switch includes all the
     sudo insult sets.</para>
 
+    <para><option>--enable-shell-sets-home</option>: This switch sets HOME to
+    the target user in shell mode.</para>
+
     <note><para>There are many options to <application>sudo</application>'s
     configure command.  Check the <command>configure --help</command>  output
     for a complete list.</para></note>




More information about the blfs-book mailing list