upstream/oracle/userland-gate: components/sudo/TESTING@24913c16931e (annotated)

1830 93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	1	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	2
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	3	# Open second terminal with root shell. Keep this as a possibility to assume
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	4	# root privileges if you loose the ability to do so via sudo during testing.
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	5
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	6	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	7
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	8	# Make sure we are looking at the correct version
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	9	sudo -V \| grep version
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	10
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	11	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	12
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	13	# Test digest feature
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	14
5497 862a4276da0f 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 1830 diff changeset	15	# Make sure that the following line is commented out in /etc/sudoers:
862a4276da0f 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 1830 diff changeset	16	# ALL ALL=(ALL) NOPASSWD: ALL
862a4276da0f 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 1830 diff changeset	17
1830 93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	18	openssl dgst -sha224 /usr/bin/ls # make note of the hash
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	19
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	20	# Add this line to sudoers (replace UID by your user ID and HASH by the ls
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	21	# hash):
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	22	<UID> ALL = sha224:<HASH> /usr/bin/ls
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	23
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	24	# This should work (asking you a password first)
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	25	sudo /usr/bin/ls /
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	26
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	27	# Now change the hash so that it is wrong and make sure it does not work this
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	28	# time
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	29	sudo /usr/bin/ls /
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	30
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	31	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	32
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	33	# add this line to sudoers
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	34	ALL ALL=(ALL:ALL) NOPASSWD: ALL
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	35
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	36	# Make sure it gives you root account
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	37	sudo id
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	38
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	39	# Make sure this changes just your group
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	40	sudo -g sol_src id
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	41
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	42	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	43
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	44	# Test creating a file in etc
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	45	sudoedit /etc/test
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	46	...
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	47	cat /etc/test # Make sure the text is there
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	48
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	49	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	50
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	51	# Auditing
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	52	cd /var/audit
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	53	sudo /usr/sbin/audit -t
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	54	sudo rm *
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	55	sudo /usr/sbin/audit -s
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	56	sudo auditreduce * \| praudit -s
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	57	> file,1970-01-01 00:00:00.000 +00:00,
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	58	> file,2014-03-27 10:34:23.000 +00:00,
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	59
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	60	# Make sure that since the first run we can see new auditing record
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	61	sudo auditreduce * \| praudit -s
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	62	> file,2014-03-27 10:34:23.000 +00:00,
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	63	> header,158,2,AUE_sudo,,10.0.2.15,2014-03-27 10:34:23.735 +00:00
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	64	> subject,vmarek,root,staff,vmarek,staff,2295,3108723863,5096 202240 10.0.2.2
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	65	> path,/var/share/audit
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	66	> path,/usr/sbin/auditreduce
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	67	> cmd,argcnt,1,20140327103420.not_terminated.S12-43,envcnt,0,
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	68	> return,success,0
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	69	> file,2014-03-27 10:34:23.000 +00:00,
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	70
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	71	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	72
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	73	# PAM credentials
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	74
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	75	# Make sure that 'root' is a role
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	76	sudo usermod -K type=role root
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	77
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	78	# Note the preselection mask, it should probably be 'lo(0x1000,0x1000)'
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	79	sudo bash -c 'auditconfig -getpinfo $$'
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	80
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	81	# Add audit flags to root
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	82	sudo rolemod -K audit_flags=lo,ex:no root
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	83
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	84	# Make sure that the preselection mask now shows new entries (lo,ex)
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	85	sudo bash -c 'auditconfig -getpinfo $$'
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	86
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	87	# Disable PAM credentials in sudo by adding this line to sudoers:
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	88	Defaults !pam_setcred
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	89
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	90	# Make sure that the preselection mask now shows only previous entry
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	91	sudo bash -c 'auditconfig -getpinfo $$'
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	92
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	93	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	94
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	95	# Solaris privileges
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	96
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	97	# Add this to the end sudoers keeping the 'ALL ALL=(ALL:ALL) NOPASSWD: ALL' above
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	98	<UID> ALL = () PRIVS="basic,dtrace_kernel,dtrace_proc,dtrace_user" NOPASSWD: /usr/sbin/dtrace, /usr/bin/bash
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	99
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	100	# Just your regular id
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	101	id
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	102	> uid=157888(vmarek) gid=10(staff)
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	103
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	104	# Sudo normally turning you into root via the 'ALL ALL=(ALL:ALL) NOPASSWD: ALL' line
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	105	sudo id
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	106	> uid=0(root) gid=0(root)
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	107
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	108	# For bash it should leave your ID and just grant dtrace privileges
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	109	sudo bash -c 'id; ppriv $$'
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	110	uid=157888(vmarek) gid=10(staff)
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	111	> 2296: bash -c id; ppriv $$
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	112	> flags = <none>
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	113	> E: basic,dtrace_kernel,dtrace_proc,dtrace_user
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	114	> I: basic,dtrace_kernel,dtrace_proc,dtrace_user
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	115	> P: basic,dtrace_kernel,dtrace_proc,dtrace_user
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	116	> L: basic,dtrace_kernel,dtrace_proc,dtrace_user
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	117
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	118	# dtrace functionality
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	119	sudo dtrace -l -n 'syscall::b*:entry'
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	120	> ID PROVIDER MODULE FUNCTION NAME
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	121	> 11282 syscall brk entry
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	122	> 11550 syscall brandsys entry
93243cb310c5 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	123	> 11642 syscall bind entry
5497 862a4276da0f 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 1830 diff changeset	124
862a4276da0f 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 1830 diff changeset	125	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
862a4276da0f 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 1830 diff changeset	126
862a4276da0f 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 1830 diff changeset	127	# Test noexec
862a4276da0f 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 1830 diff changeset	128
862a4276da0f 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 1830 diff changeset	129	# Verify the following works
862a4276da0f 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 1830 diff changeset	130
862a4276da0f 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 1830 diff changeset	131	$ sudo /usr/perl5/5.12/bin/perl -e 'print "before\n"; system("id -a"); print "after\n"'
862a4276da0f 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 1830 diff changeset	132	before
862a4276da0f 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 1830 diff changeset	133	uid=0(root) gid=0(root) groups=0(root),1(other),2(bin),3(sys),4(adm),6(mail),7(tty),8(lp),12(daemon)
862a4276da0f 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 1830 diff changeset	134	after
862a4276da0f 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 1830 diff changeset	135
862a4276da0f 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 1830 diff changeset	136	# Add the following to sudoers
862a4276da0f 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 1830 diff changeset	137
862a4276da0f 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 1830 diff changeset	138	ALL ALL = NOPASSWD: NOEXEC: /usr/perl5/5.12/bin/perl
862a4276da0f 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 1830 diff changeset	139
862a4276da0f 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 1830 diff changeset	140	# Now Perl should be prevent to run further commands, so the output is
862a4276da0f 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 1830 diff changeset	141
862a4276da0f 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 1830 diff changeset	142	$ sudo /usr/perl5/5.12/bin/perl -e 'print "before\n"; system("id -a"); print "after\n"'
862a4276da0f 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 1830 diff changeset	143	before
862a4276da0f 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 1830 diff changeset	144	after
862a4276da0f 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 1830 diff changeset	145
862a4276da0f 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 1830 diff changeset	146	# Perl itself works as expected
862a4276da0f 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 1830 diff changeset	147
862a4276da0f 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 1830 diff changeset	148	$ /usr/perl5/5.12/bin/perl -e 'print "before\n"; system("id -a"); print "after\n"'
862a4276da0f 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 1830 diff changeset	149	before
862a4276da0f 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 1830 diff changeset	150	uid=101(rimmer) gid=10(staff) groups=10(staff)
862a4276da0f 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 1830 diff changeset	151	after

author	Craig Mohrman <craig.mohrman@oracle.com>
	Thu, 04 Aug 2016 08:26:36 -0700
changeset 6548	24913c16931e
parent 5497	862a4276da0f
child 7301	0853d00f0cd4
child 7409	f574f35f5142
permissions	-rw-r--r--