r7179 - in trunk/BOOK: . introduction/welcome postlfs/security

dj at linuxfromscratch.org dj at linuxfromscratch.org
Tue Feb 5 22:50:49 PST 2008


Author: dj
Date: 2008-02-05 23:50:49 -0700 (Tue, 05 Feb 2008)
New Revision: 7179

Modified:
   trunk/BOOK/general.ent
   trunk/BOOK/introduction/welcome/changelog.xml
   trunk/BOOK/postlfs/security/sudo.xml
Log:
Updated to sudo-1.6.9p12.

Modified: trunk/BOOK/general.ent
===================================================================
--- trunk/BOOK/general.ent	2008-02-05 23:27:00 UTC (rev 7178)
+++ trunk/BOOK/general.ent	2008-02-06 06:50:49 UTC (rev 7179)
@@ -3,7 +3,7 @@
 $Date$
 -->
 
-<!ENTITY day          "05">                   <!-- Always 2 digits -->
+<!ENTITY day          "06">                   <!-- Always 2 digits -->
 <!ENTITY month        "02">                   <!-- Always 2 digits -->
 <!ENTITY year         "2008">
 <!ENTITY version      "svn-&year;&month;&day;">
@@ -68,7 +68,7 @@
 <!ENTITY mitkrb-version               "1.6">
 <!ENTITY cyrus-sasl-version           "2.1.22">
 <!ENTITY stunnel-version              "4.20">
-<!ENTITY sudo-version                 "1.6.8p12">
+<!ENTITY sudo-version                 "1.6.9p12">
 <!ENTITY nss-version                  "3.11.7">
 
 <!-- Chapter 5 -->

Modified: trunk/BOOK/introduction/welcome/changelog.xml
===================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml	2008-02-05 23:27:00 UTC (rev 7178)
+++ trunk/BOOK/introduction/welcome/changelog.xml	2008-02-06 06:50:49 UTC (rev 7179)
@@ -42,6 +42,15 @@
 -->
 
     <listitem>
+      <para>February 6th, 2008</para>
+      <itemizedlist>
+        <listitem>
+          <para>[dj] - Updated to sudo-1.6.9p12.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
+    <listitem>
       <para>February 5th, 2008</para>
       <itemizedlist>
         <listitem>

Modified: trunk/BOOK/postlfs/security/sudo.xml
===================================================================
--- trunk/BOOK/postlfs/security/sudo.xml	2008-02-05 23:27:00 UTC (rev 7178)
+++ trunk/BOOK/postlfs/security/sudo.xml	2008-02-06 06:50:49 UTC (rev 7179)
@@ -4,12 +4,11 @@
   <!ENTITY % general-entities SYSTEM "../../general.ent">
   %general-entities;
 
-  <!-- <!ENTITY sudo-download-http "http://www.courtesan.com/sudo/dist/sudo-&sudo-version;.tar.gz"> -->
-  <!ENTITY sudo-download-http "http://anduin.linuxfromscratch.org/sources/BLFS/svn/s/sudo-&sudo-version;.tar.gz">
-  <!ENTITY sudo-download-ftp " ">
-  <!ENTITY sudo-md5sum "b29893c06192df6230dd5f340f3badf5">
-  <!ENTITY sudo-size "576 KB">
-  <!ENTITY sudo-buildsize "3.6 MB">
+  <!ENTITY sudo-download-http "http://www.courtesan.com/sudo/dist/sudo-&sudo-version;.tar.gz">
+  <!ENTITY sudo-download-ftp "ftp://ftp.twaren.net/Unix/Security/Sudo/sudo-1.6.9p12.tar.gz">
+  <!ENTITY sudo-md5sum "a5795c292e5c64dd9f7bcba8c1c712c9">
+  <!ENTITY sudo-size "572 KB">
+  <!ENTITY sudo-buildsize "3.8 MB">
   <!ENTITY sudo-time "less than 0.1 SBU">
 ]>
 
@@ -58,18 +57,28 @@
       </listitem>
     </itemizedlist>
 
-    <bridgehead renderas="sect3">Additional Downloads</bridgehead>
+<!--    <bridgehead renderas="sect3">Additional Downloads</bridgehead>
     <itemizedlist spacing='compact'>
       <listitem>
         <para>Required patch: <ulink
         url="&patch-root;/sudo-&sudo-version;-envvar_fix-1.patch"/></para>
       </listitem>
-    </itemizedlist>
-<!--
+    </itemizedlist> -->
+
+
     <bridgehead renderas="sect3">Sudo Dependencies</bridgehead>
 
     <bridgehead renderas="sect4">Optional</bridgehead>
--->
+    <para role="optional"><xref linkend="linux-pam"/>,
+    <ulink url="ftp://ftp.nrl.navy.mil/pub/security/opie">Opie</ulink>,
+    <ulink url="http://www.rsa.com/node.aspx?id=1156">SecurID</ulink>,
+    <ulink url="http://www.fwtk.org/">FWTK</ulink>,
+    an <xref linkend="server-mail"/> (that provides a
+    <command>sendmail</command> command),
+    <ulink url="http://www.pdc.kth.se/kth-krb/">krb4</ulink>,
+    <xref linkend="heimdal"/> or <xref linkend="mitkrb"/>, 
+    <xref linkend="openldap"/>, and
+    <ulink url="http://www.openafs.org/">AFS</ulink></para>
 
     <para condition="html" role="usernotes">User Notes:
     <ulink url="&blfs-wiki;/sudo"/></para>
@@ -82,10 +91,12 @@
     <para>Install <application>sudo</application> by running
     the following commands:</para>
 
-<screen><userinput>patch -Np1 -i ../sudo-&sudo-version;-envvar_fix-1.patch &&
-./configure --prefix=/usr --libexecdir=/usr/lib \
-    --enable-noargs-shell --with-ignore-dot --with-all-insults \
-    --enable-shell-sets-home &&
+<!-- <screen><userinput>patch -Np1 -i ../sudo-&sudo-version;-envvar_fix-1.patch &&
+-->
+<screen><userinput>./configure --prefix=/usr --libexecdir=/usr/lib \
+    --with-ignore-dot --with-all-insults \
+    --enable-shell-sets-home --disable-root-sudo \
+    --with-logfac=auth --without-pam --without-sendmail &&
 make</userinput></screen>
 
     <para>This package does not come with a test suite.</para>
@@ -99,10 +110,6 @@
   <sect2 role="commands">
     <title>Command Explanations</title>
 
-    <para><option>--enable-noargs-shell</option>: This switch allows
-    <application>sudo</application> to run a shell if invoked with no
-    arguments.</para>
-
     <para><option>--with-ignore-dot</option>: This switch causes
     <application>sudo</application> to ignore '.' in the PATH.</para>
 
@@ -112,6 +119,24 @@
     <para><option>--enable-shell-sets-home</option>: This switch sets HOME to
     the target user in shell mode.</para>
 
+    <para><option>--disable-root-sudo</option>: This switch keeps the
+    <systemitem class="username">root</systemitem> user from running sudo, 
+    preventing users from chaining commands to get a root shell.</para>
+
+    <para><option>--with-logfac=auth</option>: This switch forces use of the 
+    auth facility for logging.</para>
+
+    <para><option>--without-pam</option>: This switch disables the use of 
+    <application>PAM</application> authentication. Omit if you have 
+    <application>PAM</application> installed.</para>
+
+    <para><option>--without-sendmail</option>: This switch disables the use of
+    sendmail.  Remove if you have a sendmail compatible MTA.</para>
+
+    <para><option>--enable-noargs-shell</option>: This switch allows
+    <application>sudo</application> to run a shell if invoked with no
+    arguments.</para>
+
     <note>
       <para>There are many options to <application>sudo</application>'s
       <command>configure</command> command.  Check the
@@ -163,6 +188,13 @@
         mistakes that could lead to a vulnerable configuration.</para>
       </note>
 
+      <para>If you've built <application>Sudo</application> with 
+      <application>PAM</application> support, issue the following
+      command as the <systemitem class="username">root</systemitem> user
+      to create the <application>PAM</application> configuration file:</para>
+
+      <screen role="root"><userinput>sed 's@/su@/sudo at g' /etc/pam.d/su > /etc/pam.d/sudo</userinput></screen>
+      
     </sect3>
 
   </sect2>




More information about the blfs-book mailing list