From fa67ab3431eccd843515756629be230fbaa6ec71 Mon Sep 17 00:00:00 2001 From: kzak Date: Mon, 29 May 2006 12:51:22 +0000 Subject: [PATCH] added requirettyp to the default sudoers --- sudo-1.6.8p12-requiretty.patch | 11 +++++++++++ sudo.spec | 10 ++++++++-- 2 files changed, 19 insertions(+), 2 deletions(-) create mode 100644 sudo-1.6.8p12-requiretty.patch diff --git a/sudo-1.6.8p12-requiretty.patch b/sudo-1.6.8p12-requiretty.patch new file mode 100644 index 0000000..8a9e45a --- /dev/null +++ b/sudo-1.6.8p12-requiretty.patch @@ -0,0 +1,11 @@ +--- sudo-1.6.8p12/sudoers.tty 2006-05-29 14:40:18.000000000 +0200 ++++ sudo-1.6.8p12/sudoers 2006-05-29 14:46:37.000000000 +0200 +@@ -13,6 +13,8 @@ + + # Defaults specification + ++Defaults requiretty ++ + Defaults env_reset + Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR \ + LS_COLORS MAIL PS1 PS2 QTDIR USERNAME \ diff --git a/sudo.spec b/sudo.spec index 45b8fa9..89d36f0 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,7 +1,7 @@ Summary: Allows restricted root access for specified users. Name: sudo Version: 1.6.8p12 -Release: 5 +Release: 6 License: BSD Group: Applications/System Source: http://www.courtesan.com/sudo/dist/sudo-%{version}.tar.gz @@ -17,8 +17,10 @@ BuildRequires: openldap-devel Patch2: sudo-1.6.8p8-pam-sess.patch # don't strip Patch3: sudo-1.6.7p5-strip.patch -# Default sudoers +# Default sudoers: reset env. Patch4: sudo-1.6.8p12-env-reset.patch +# Default sudoers; require tty (#190062) +Patch5: sudo-1.6.8p12-requiretty.patch %description Sudo (superuser do) allows a system administrator to give certain @@ -36,6 +38,7 @@ on many different machines. %patch2 -p1 -b .sess %patch3 -p1 -b .strip %patch4 -p1 -b .env_reset +%patch4 -p1 -b .tty %build %ifarch s390 s390x @@ -99,6 +102,9 @@ rm -rf $RPM_BUILD_ROOT /bin/chmod 0440 /etc/sudoers || : %changelog +* Mon May 29 2006 Karel Zak 1.6.8p12-6 +- fix #190062 - "ssh localhost sudo su" will show the password in clear + * Tue May 23 2006 Karel Zak 1.6.8p12-5 - add LDAP support (#170848)