Author: bdubbs
Date: 2005-11-23 10:30:34 -0700 (Wed, 23 Nov 2005)
New Revision: 5299
Modified:
trunk/BOOK/general.ent
trunk/BOOK/introduction/welcome/changelog.xml
trunk/BOOK/postlfs/security/sudo.xml
Log:
Added security update and a switch to sudo
Modified: trunk/BOOK/general.ent
===================================================================
--- trunk/BOOK/general.ent 2005-11-23 06:12:35 UTC (rev 5298)
+++ trunk/BOOK/general.ent 2005-11-23 17:30:34 UTC (rev 5299)
@@ -1,8 +1,8 @@
-<!ENTITY day "22">
+<!ENTITY day "23">
<!ENTITY month "11">
<!ENTITY year "2005">
<!ENTITY version "svn-&year;&month;&day;">
-<!ENTITY releasedate "November &day;nd, &year;">
+<!ENTITY releasedate "November &day;rd, &year;">
<!ENTITY pubdate "&year;-&month;-&day;"> <!-- metadata req. by TLDP -->
<!ENTITY blfs-version "svn"> <!-- svn|[release #] -->
<!ENTITY lfs-version "development"> <!--
version|stable|testing|unstable|development] -->
Modified: trunk/BOOK/introduction/welcome/changelog.xml
===================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml 2005-11-23 06:12:35 UTC
(rev 5298)
+++ trunk/BOOK/introduction/welcome/changelog.xml 2005-11-23 17:30:34 UTC
(rev 5299)
@@ -40,7 +40,18 @@
</listitem>
-->
+ <listitem>
+ <para>November 23rd, 2005</para>
+ <itemizedlist>
+ <listitem>
+ <para>[bdubbs] - Added sed to sudo to correct a security issue
+ (Archaic). Also added --enable-shell-sets-home switch
+ (Gerard).</para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+
<listitem>
<para>November 22nd, 2005</para>
<itemizedlist>
Modified: trunk/BOOK/postlfs/security/sudo.xml
===================================================================
--- trunk/BOOK/postlfs/security/sudo.xml 2005-11-23 06:12:35 UTC (rev
5298)
+++ trunk/BOOK/postlfs/security/sudo.xml 2005-11-23 17:30:34 UTC (rev
5299)
@@ -78,8 +78,10 @@
<para>Install <application>sudo</application> by running
the following commands:</para>
-<screen><userinput>./configure --prefix=/usr --libexecdir=/usr/lib \
- --enable-noargs-shell --with-ignore-dot --with-all-insults &&
+<screen><userinput>sed -i -e 's/CDPATH",/&\n "SHELLOPTS",\n "PS4",/'
env.c
+./configure --prefix=/usr --libexecdir=/usr/lib \
+ --enable-noargs-shell --with-ignore-dot --with-all-insults \
+ --enable-shell-sets-home &&
make</userinput></screen>
<para>Now, as the <systemitem class="username">root</systemitem>
user:</para>
@@ -91,6 +93,11 @@
<sect2 role="commands">
<title>Command Explanations</title>
+ <para><command>sed -i -e 's/CDPATH",/&\n "SHELLOPTS",\n "PS4",/'
+ env.c</command>: This command adds two envronment variables to a list of
+ variables to be excluded from the target environment. It solves a
+ security problem.</para>
+
<para><option>--enable-noargs-shell</option>: This switch allows sudo to
run a shell if involked with no arguments.</para>
@@ -100,6 +107,9 @@
<para><option>--with-all-insults</option>: This switch includes all the
sudo insult sets.</para>
+ <para><option>--enable-shell-sets-home</option>: This switch sets HOME to
+ the target user in shell mode.</para>
+
<note><para>There are many options to <application>sudo</application>'s
configure command. Check the <command>configure --help</command> output
for a complete list.</para></note>
--
http://linuxfromscratch.org/mailman/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
