upstream/oracle/userland-gate: components/sudo/TESTING@c36ab839e682 (annotated)

3208 73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	1	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	2
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	3	# Open second terminal with root shell. Keep this as a possibility to assume
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	4	# root privileges if you loose the ability to do so via sudo during testing.
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	5
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	6	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	7
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	8	# Make sure we are looking at the correct version
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	9	sudo -V \| grep version
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	10
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	11	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	12
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	13	# Test digest feature
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	14
5568 d36fc1f41120 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 3208 diff changeset	15	# Make sure that the following line is commented out in /etc/sudoers:
d36fc1f41120 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 3208 diff changeset	16	# ALL ALL=(ALL) NOPASSWD: ALL
d36fc1f41120 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 3208 diff changeset	17
3208 73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	18	openssl dgst -sha224 /usr/bin/ls # make note of the hash
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	19
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	20	# Add this line to sudoers (replace UID by your user ID and HASH by the ls
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	21	# hash):
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	22	<UID> ALL = sha224:<HASH> /usr/bin/ls
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	23
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	24	# This should work (asking you a password first)
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	25	sudo /usr/bin/ls /
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	26
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	27	# Now change the hash so that it is wrong and make sure it does not work this
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	28	# time
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	29	sudo /usr/bin/ls /
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	30
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	31	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	32
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	33	# add this line to sudoers
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	34	ALL ALL=(ALL:ALL) NOPASSWD: ALL
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	35
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	36	# Make sure it gives you root account
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	37	sudo id
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	38
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	39	# Make sure this changes just your group
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	40	sudo -g sol_src id
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	41
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	42	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	43
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	44	# Test creating a file in etc
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	45	sudoedit /etc/test
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	46	...
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	47	cat /etc/test # Make sure the text is there
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	48
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	49	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	50
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	51	# Auditing
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	52	cd /var/audit
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	53	sudo /usr/sbin/audit -t
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	54	sudo rm *
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	55	sudo /usr/sbin/audit -s
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	56	sudo auditreduce * \| praudit -s
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	57	> file,1970-01-01 00:00:00.000 +00:00,
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	58	> file,2014-03-27 10:34:23.000 +00:00,
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	59
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	60	# Make sure that since the first run we can see new auditing record
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	61	sudo auditreduce * \| praudit -s
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	62	> file,2014-03-27 10:34:23.000 +00:00,
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	63	> header,158,2,AUE_sudo,,10.0.2.15,2014-03-27 10:34:23.735 +00:00
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	64	> subject,vmarek,root,staff,vmarek,staff,2295,3108723863,5096 202240 10.0.2.2
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	65	> path,/var/share/audit
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	66	> path,/usr/sbin/auditreduce
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	67	> cmd,argcnt,1,20140327103420.not_terminated.S12-43,envcnt,0,
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	68	> return,success,0
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	69	> file,2014-03-27 10:34:23.000 +00:00,
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	70
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	71	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	72
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	73	# PAM credentials
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	74
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	75	# Make sure that 'root' is a role
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	76	sudo usermod -K type=role root
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	77
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	78	# Note the preselection mask, it should probably be 'lo(0x1000,0x1000)'
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	79	sudo bash -c 'auditconfig -getpinfo $$'
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	80
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	81	# Add audit flags to root
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	82	sudo rolemod -K audit_flags=lo,ex:no root
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	83
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	84	# Make sure that the preselection mask now shows new entries (lo,ex)
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	85	sudo bash -c 'auditconfig -getpinfo $$'
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	86
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	87	# Disable PAM credentials in sudo by adding this line to sudoers:
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	88	Defaults !pam_setcred
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	89
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	90	# Make sure that the preselection mask now shows only previous entry
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	91	sudo bash -c 'auditconfig -getpinfo $$'
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	92
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	93	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	94
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	95	# Solaris privileges
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	96
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	97	# Add this to the end sudoers keeping the 'ALL ALL=(ALL:ALL) NOPASSWD: ALL' above
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	98	<UID> ALL = () PRIVS="basic,dtrace_kernel,dtrace_proc,dtrace_user" NOPASSWD: /usr/sbin/dtrace, /usr/bin/bash
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	99
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	100	# Just your regular id
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	101	id
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	102	> uid=157888(vmarek) gid=10(staff)
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	103
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	104	# Sudo normally turning you into root via the 'ALL ALL=(ALL:ALL) NOPASSWD: ALL' line
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	105	sudo id
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	106	> uid=0(root) gid=0(root)
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	107
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	108	# For bash it should leave your ID and just grant dtrace privileges
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	109	sudo bash -c 'id; ppriv $$'
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	110	uid=157888(vmarek) gid=10(staff)
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	111	> 2296: bash -c id; ppriv $$
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	112	> flags = <none>
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	113	> E: basic,dtrace_kernel,dtrace_proc,dtrace_user
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	114	> I: basic,dtrace_kernel,dtrace_proc,dtrace_user
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	115	> P: basic,dtrace_kernel,dtrace_proc,dtrace_user
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	116	> L: basic,dtrace_kernel,dtrace_proc,dtrace_user
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	117
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	118	# dtrace functionality
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	119	sudo dtrace -l -n 'syscall::b*:entry'
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	120	> ID PROVIDER MODULE FUNCTION NAME
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	121	> 11282 syscall brk entry
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	122	> 11550 syscall brandsys entry
73ff78fac05b 17890284 Update to sudo version 1.8.9p5 Vladimir Marek <Vladimir.Marek@oracle.com> parents: diff changeset	123	> 11642 syscall bind entry
5568 d36fc1f41120 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 3208 diff changeset	124
d36fc1f41120 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 3208 diff changeset	125	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
d36fc1f41120 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 3208 diff changeset	126
d36fc1f41120 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 3208 diff changeset	127	# Test noexec
d36fc1f41120 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 3208 diff changeset	128
d36fc1f41120 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 3208 diff changeset	129	# Verify the following works
d36fc1f41120 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 3208 diff changeset	130
d36fc1f41120 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 3208 diff changeset	131	$ sudo /usr/perl5/5.12/bin/perl -e 'print "before\n"; system("id -a"); print "after\n"'
d36fc1f41120 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 3208 diff changeset	132	before
d36fc1f41120 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 3208 diff changeset	133	uid=0(root) gid=0(root) groups=0(root),1(other),2(bin),3(sys),4(adm),6(mail),7(tty),8(lp),12(daemon)
d36fc1f41120 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 3208 diff changeset	134	after
d36fc1f41120 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 3208 diff changeset	135
d36fc1f41120 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 3208 diff changeset	136	# Add the following to sudoers
d36fc1f41120 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 3208 diff changeset	137
d36fc1f41120 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 3208 diff changeset	138	ALL ALL = NOPASSWD: NOEXEC: /usr/perl5/5.12/bin/perl
d36fc1f41120 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 3208 diff changeset	139
d36fc1f41120 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 3208 diff changeset	140	# Now Perl should be prevent to run further commands, so the output is
d36fc1f41120 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 3208 diff changeset	141
d36fc1f41120 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 3208 diff changeset	142	$ sudo /usr/perl5/5.12/bin/perl -e 'print "before\n"; system("id -a"); print "after\n"'
d36fc1f41120 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 3208 diff changeset	143	before
d36fc1f41120 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 3208 diff changeset	144	after
d36fc1f41120 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 3208 diff changeset	145
d36fc1f41120 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 3208 diff changeset	146	# Perl itself works as expected
d36fc1f41120 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 3208 diff changeset	147
d36fc1f41120 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 3208 diff changeset	148	$ /usr/perl5/5.12/bin/perl -e 'print "before\n"; system("id -a"); print "after\n"'
d36fc1f41120 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 3208 diff changeset	149	before
d36fc1f41120 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 3208 diff changeset	150	uid=101(rimmer) gid=10(staff) groups=10(staff)
d36fc1f41120 22663737 Upgrade sudo to version 1.8.15 Lukas Rovensky <Lukas.Rovensky@oracle.com> parents: 3208 diff changeset	151	after

author	Petr Sumbera <petr.sumbera@oracle.com>
	Thu, 21 Jul 2016 07:05:13 -0700
branch	s11u3-sru
changeset 6464	c36ab839e682
parent 5568	d36fc1f41120
child 7301	0853d00f0cd4
child 7409	f574f35f5142
permissions	-rw-r--r--