diff options
-rw-r--r-- | usr.bin/sudo/CHANGES | 81 | ||||
-rw-r--r-- | usr.bin/sudo/INSTALL | 2 | ||||
-rw-r--r-- | usr.bin/sudo/Makefile.bsd-wrapper | 7 | ||||
-rw-r--r-- | usr.bin/sudo/Makefile.in | 24 | ||||
-rw-r--r-- | usr.bin/sudo/alloc.c | 18 | ||||
-rw-r--r-- | usr.bin/sudo/install-sh | 13 | ||||
-rw-r--r-- | usr.bin/sudo/logging.c | 4 | ||||
-rw-r--r-- | usr.bin/sudo/set_perms.c | 35 | ||||
-rw-r--r-- | usr.bin/sudo/sudo.8 | 8 | ||||
-rw-r--r-- | usr.bin/sudo/sudo.c | 17 | ||||
-rw-r--r-- | usr.bin/sudo/sudo.h | 6 | ||||
-rw-r--r-- | usr.bin/sudo/sudoers.5 | 10 | ||||
-rw-r--r-- | usr.bin/sudo/visudo.8 | 8 |
13 files changed, 119 insertions, 114 deletions
diff --git a/usr.bin/sudo/CHANGES b/usr.bin/sudo/CHANGES index f78a322b12f..fc75c1b2533 100644 --- a/usr.bin/sudo/CHANGES +++ b/usr.bin/sudo/CHANGES @@ -1340,122 +1340,121 @@ Sudo 1.6.3p7 released. 419) Visudo now does its own fork/exec instead of calling system(3). -420) Call clean_env very early in main() for paranoia's sake. Idea from - Marc Esipovich. - -421) Allow special characters (including '#') to be embedded in pathnames +420) Allow special characters (including '#') to be embedded in pathnames if quoted by a '\\'. The quoted chars will be dealt with by fnmatch(). Unfortunately, 'sudo -l' still prints the '\\'. -422) Added always_set_home option. +421) Added the always_set_home option. -423) Strip NLSPATH and PATH_LOCALE out from the environment to prevent - reading of protected files by a less priviledged user. +422) Strip NLSPATH and PATH_LOCALE out from the environment to prevent + reading of protected files by a less privileged user. -424) Add support for BSD authentication and associated -a flag. +423) Added support for BSD authentication and associated -a flag. -425) Added check for _innetgr(3) since NCR systems have this instead +424) Added check for _innetgr(3) since NCR systems have this instead of innetgr(3). -426) Added stay_setuid option for systems that have libraries that perform +425) Added stay_setuid option for systems that have libraries that perform extra paranoia checks in system libraries for setuid programs. -427) Environment munging is now done by hand. The environment is zeroed +426) Environment munging is now done by hand. The environment is zeroed upon sudo startup and a new environment is built before the command is executed. This means we don't rely on getenv(3), putenv(3), or setenv(3). -428) Added a class of environment variables that are only cleared if they +427) Added a class of environment variables that are only cleared if they contain '/' or '%' characters. -429) Use stashed user_gid when checking against exempt gid since sudo +428) Use stashed user_gid when checking against exempt gid since sudo sets its gid to SUDOERS_GID, making getgid() return that, not the real gid. Fixes problem with setting exempt group == SUDOERS_GID. Fix from Paul Kranenburg. -430) Fixed file locking in visudo on NeXT which has a broken lockf(). +429) Fixed file locking in visudo on NeXT which has a broken lockf(). Patch from twetzel@gwdg.de. -431) Regenerated configure script with autoconf-2.52 (required some +430) Regenerated configure script with autoconf-2.52 (required some tweaking of configure.in and friends). -432) Added mail_badpass option to send mail when the user does not +431) Added mail_badpass option to send mail when the user does not authenticate successfully. -433) Added env_reset Defaults option to reset the environment to +432) Added env_reset Defaults option to reset the environment to a clean slate. Also implemented env_keep Defaults option to specify variables to be preserved when resetting the environment. -434) Added env_check and env_delete Defaults options to allow the admin +433) Added env_check and env_delete Defaults options to allow the admin to modify the builtin list of environment variables to remove. -435) If timestamp_timeout < 0 then the timestamp never expires. This +434) If timestamp_timeout < 0 then the timestamp never expires. This allows users to manage their own timestamps and create or delete them via 'sudo -v' and 'sudo -k' respectively. -436) Authentication routines that use sudo's tgetpass() can now use +435) Authentication routines that use sudo's tgetpass() now accept ^C or ^Z at the password prompt and sudo will act appropriately. -437) Added a check-only mode to visudo to check an existing sudoers +436) Added a check-only mode to visudo to check an existing sudoers file for sanity. -438) Visudo can now edit an alternate sudoers file. +437) Visudo can now edit an alternate sudoers file. -439) If sudo is configured with S/Key support and the system has +438) If sudo is configured with S/Key support and the system has skeyaccess(3) use that to determine whether or not to allow a normal Unix password or just S/Key. -440) Fixed CIDR handling in sudoers. +439) Fixed CIDR handling in sudoers. -441) Fixed a segv if the local hostname is not resolvable and +440) Fixed a segv if the local hostname is not resolvable and the 'fqdn' option is set. -442) "listpw=never" was not having an effect for users who did not +441) "listpw=never" was not having an effect for users who did not appear in sudoers--now it does. -443) The --without-sendmail option now works on systems with +442) The --without-sendmail option now works on systems with a /usr/include/paths.h file that defines _PATH_SENDMAIL. -444) Removed the "secure_path" Defaults option as it does not work and +443) Removed the "secure_path" Defaults option as it does not work and cannot work until the parser is overhauled. -445) Added new -P flag and "preserve_groups" sudoers option to cause +444) Added new -P flag and "preserve_groups" sudoers option to cause sudo to preserve the group vector instead of setting it to that of the target user. Previously, if the target user was root the group vector was not changed. Now it is always changed unless the -P flag or "preserve_groups" option was given. -446) If find_path() fails as root, try again as the invoking user (useful +445) If find_path() fails as root, try again as the invoking user (useful for NFS). Idea from Chip Capelik. -447) Use setpwent()/endpwent() and its shadow equivalents to be sure +446) Use setpwent()/endpwent() and its shadow equivalents to be sure the passwd/shadow file gets closed. -448) Use getifaddrs(3) to get the list of network interfaces if it is +447) Use getifaddrs(3) to get the list of network interfaces if it is available. -449) Dump list of local IP addresses and environment variables to clear +448) Dump list of local IP addresses and environment variables to clear when 'sudo -V' is run as root. -450) Reorganized the lexer a bit and added more states. Sudo now does a +449) Reorganized the lexer a bit and added more states. Sudo now does a better job of parsing command arguments in the sudoers file. -451) Wrap each call to syslog() with openlog()/closelog() since some +450) Wrap each call to syslog() with openlog()/closelog() since some things (such as PAM) may call closelog(3) behind sudo's back. -452) The LOGNAME and USER environment variables are now set if the user +451) The LOGNAME and USER environment variables are now set if the user specified a target uid and that uid exists in the password database. -453) configure will no longer add the -g flag to CFLAGS by default. +452) configure will no longer add the -g flag to CFLAGS by default. -454) Now call pam_setcreds() to setup creds for the target user when +453) Now call pam_setcreds() to setup creds for the target user when PAM is in use. On Linux this often sets resource limits. -455) If "make install" is run by non-root and the destination dir +454) If "make install" is run by non-root and the destination dir is writable, install things normally but don't set owner and mode. -456) The Makefile now supports installing in a shadow hierarchy +455) The Makefile now supports installing in a shadow hierarchy specified via the DESTDIR variable. -457) config.h.in is now generated by autoheader. +456) config.h.in is now generated by autoheader. + +Sudo 1.6.4 released. diff --git a/usr.bin/sudo/INSTALL b/usr.bin/sudo/INSTALL index 8afc250fca5..802bf9a3b14 100644 --- a/usr.bin/sudo/INSTALL +++ b/usr.bin/sudo/INSTALL @@ -1,4 +1,4 @@ -Installation instructions for Sudo 1.6.3 +Installation instructions for Sudo 1.6.4 ======================================== Sudo uses a `configure' script to probe the capabilities and type diff --git a/usr.bin/sudo/Makefile.bsd-wrapper b/usr.bin/sudo/Makefile.bsd-wrapper index fa8d6cd38d1..d91cd4700fd 100644 --- a/usr.bin/sudo/Makefile.bsd-wrapper +++ b/usr.bin/sudo/Makefile.bsd-wrapper @@ -1,10 +1,11 @@ -# $OpenBSD: Makefile.bsd-wrapper,v 1.12 2002/01/03 15:25:04 millert Exp $ +# $OpenBSD: Makefile.bsd-wrapper,v 1.13 2002/01/14 00:11:44 millert Exp $ MAN= sudo.8 sudoers.5 visudo.8 BINOWN= root XCFLAGS= CC="${CC}" CFLAGS="${CFLAGS} ${COPTS}" LDFLAGS="${LDFLAGS}" -CONFIGURE_OPTS= --prefix=/usr --with-devel --with-insults --with-bsdauth \ - --with-env-editor --disable-path-info --with-logfac=authpriv +CONFIGURE_OPTS= --prefix=/usr --with-devel --with-execv --with-insults \ + --with-bsdauth --with-env-editor --disable-path-info \ + --with-logfac=authpriv .include <bsd.own.mk> diff --git a/usr.bin/sudo/Makefile.in b/usr.bin/sudo/Makefile.in index 72671759016..11a993f992e 100644 --- a/usr.bin/sudo/Makefile.in +++ b/usr.bin/sudo/Makefile.in @@ -34,7 +34,7 @@ # # @configure_input@ # -# $Sudo: Makefile.in,v 1.219 2002/01/08 15:00:17 millert Exp $ +# $Sudo: Makefile.in,v 1.222 2002/01/12 19:00:14 millert Exp $ # #### Start of system configuration section. #### @@ -344,19 +344,25 @@ dist: bindist: @mkdir tmp.`arch -l` @mkdir tmp.`arch -l`/sudo-$(VERSION) - ( cd tmp.`arch -l`/sudo-$(VERSION) ; \ + ( \ + tdir=tmp.`arch -l`/sudo-$(VERSION) ; \ for i in $(BINFILES) ; do \ - if [ -f ../../$$i ]; then \ - cp ../../$$i . ; \ + if [ -f $$i ]; then \ + cp $$i $$tdir ; \ elif [ -f $(srcdir)/$$i ]; then \ - cp $(srcdir)/$$i . ; \ + cp $(srcdir)/$$i $$tdir ; \ else \ - cp ../../$(srcdir)/$$i . ; \ + echo cannot find $$i ; \ + exit 1 ; \ fi ; \ done ; \ - strip sudo ; \ - strip visudo ; \ - cd .. ; tar Ocf ../sudo-$(VERSION)-`arch -l`.tar sudo-$(VERSION) ; \ + cp $(srcdir)/INSTALL.binary $$tdir/INSTALL ; \ + sed -e 's/@_MANTYPE@/$(mantype)/g' -e 's/@_mansectsu@/$(mansectsu)/g' \ + -e 's/@_mansectform@/$(mansectform)/g' $(srcdir)/Makefile.binary \ + > $$tdir/Makefile ; \ ) + strip sudo + strip visudo + ( cd tmp.`arch -l` && tar Ocf ../sudo-$(VERSION)-`arch -l`.tar sudo-$(VERSION) ) gzip --best sudo-$(VERSION)-`arch -l`.tar rm -rf tmp.`arch -l` diff --git a/usr.bin/sudo/alloc.c b/usr.bin/sudo/alloc.c index ec2e7420f1f..ed872b98524 100644 --- a/usr.bin/sudo/alloc.c +++ b/usr.bin/sudo/alloc.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2001 Todd C. Miller <Todd.Miller@courtesan.com> + * Copyright (c) 1999-2002 Todd C. Miller <Todd.Miller@courtesan.com> * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -58,18 +58,11 @@ #include "sudo.h" -#ifndef STDC_HEADERS -#if !defined(__GNUC__) && !defined(HAVE_MALLOC_H) -extern VOID *malloc __P((size_t)); -#endif /* !__GNUC__ && !HAVE_MALLOC_H */ -#endif /* !STDC_HEADERS */ - -extern char **Argv; /* from sudo.c */ - #ifndef lint -static const char rcsid[] = "$Sudo: alloc.c,v 1.10 2001/12/14 19:52:47 millert Exp $"; +static const char rcsid[] = "$Sudo: alloc.c,v 1.11 2002/01/09 16:56:04 millert Exp $"; #endif /* lint */ +extern char **Argv; /* from sudo.c */ /* * emalloc() calls the system malloc(3) and exits with an error if @@ -81,7 +74,7 @@ emalloc(size) { VOID *ptr; - if ((ptr = malloc(size)) == NULL) { + if ((ptr = (VOID *) malloc(size)) == NULL) { (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); } @@ -99,7 +92,8 @@ erealloc(ptr, size) size_t size; { - if ((ptr = ptr ? realloc(ptr, size) : malloc(size)) == NULL) { + ptr = ptr ? (VOID *) realloc(ptr, size) : (VOID *) malloc(size); + if (ptr == NULL) { (void) fprintf(stderr, "%s: cannot allocate memory!\n", Argv[0]); exit(1); } diff --git a/usr.bin/sudo/install-sh b/usr.bin/sudo/install-sh index ff5d3128e30..73f3d81bb33 100644 --- a/usr.bin/sudo/install-sh +++ b/usr.bin/sudo/install-sh @@ -1,7 +1,7 @@ #! /bin/sh ## (From INN-1.4, written by Rich Salz) -## $Revision: 1.4 $ +## $Revision: 1.5 $ ## A script to install files and directories. PROGNAME=`basename $0` @@ -16,7 +16,7 @@ MKDIR=mkdir MV=mv RM=rm STRIP=strip -WHOAMI=whoami +WHOAMI="echo root" ## Some systems don't support -x, so we have to use -f. for d in /sbin /etc /usr/sbin /usr/etc; do @@ -26,17 +26,16 @@ for d in /sbin /etc /usr/sbin /usr/etc; do fi done -for d in /usr/bin /usr/ucb /usr/bsd; do +for d in /usr/bin /bin /usr/ucb /usr/bsd; do if [ -f $d/whoami ]; then WHOAMI=${d}/whoami break + elif [ -f $d/id ]; then + WHOAMI=${d}/id | sed -n 's/^[^(]*(\([^)]*\)).*/\1/p' fi done -if [ X"$WHOAMI" = X"" ]; then - WHOAMI=id | sed -n 's/^[^(]*(\([^)]*\)).*/\1/p' -fi -for d in /usr/ccs/bin /usr/bin; do +for d in /usr/ccs/bin /usr/bin /bin; do if [ -f $d/strip ]; then STRIP=${d}/strip break diff --git a/usr.bin/sudo/logging.c b/usr.bin/sudo/logging.c index e8fdb3450e8..d04dd6d47a8 100644 --- a/usr.bin/sudo/logging.c +++ b/usr.bin/sudo/logging.c @@ -65,7 +65,7 @@ #include "sudo.h" #ifndef lint -static const char rcsid[] = "$Sudo: logging.c,v 1.151 2001/12/14 23:33:38 millert Exp $"; +static const char rcsid[] = "$Sudo: logging.c,v 1.152 2002/01/13 18:27:25 millert Exp $"; #endif /* lint */ static void do_syslog __P((int, char *)); @@ -494,7 +494,7 @@ send_mail(line) endpwent(); /* Run mailer as root so user cannot kill it. */ - set_perms(PERM_ROOT, 0); + set_perms(PERM_FULL_ROOT, 0); execv(mpath, argv); _exit(127); } diff --git a/usr.bin/sudo/set_perms.c b/usr.bin/sudo/set_perms.c index 197aa6eb036..96577e13c64 100644 --- a/usr.bin/sudo/set_perms.c +++ b/usr.bin/sudo/set_perms.c @@ -66,7 +66,7 @@ #include "sudo.h" #ifndef lint -static const char rcsid[] = "$Sudo: set_perms.c,v 1.8 2001/12/31 17:18:05 millert Exp $"; +static const char rcsid[] = "$Sudo: set_perms.c,v 1.9 2002/01/13 18:28:09 millert Exp $"; #endif /* lint */ /* @@ -93,19 +93,20 @@ set_perms_posix(perm, sudo_mode) if (seteuid(0)) fatal("seteuid(0)"); break; + + case PERM_FULL_ROOT: + /* headed for exec() */ + (void) seteuid(0); + if (setuid(0)) + fatal("setuid(0)"); + break; + case PERM_USER: (void) setegid(user_gid); if (seteuid(user_uid)) fatal("seteuid(user_uid)"); break; - case PERM_FULL_USER: - /* headed for exec() */ - (void) setgid(user_gid); - if (setuid(user_uid)) - fatal("setuid(user_uid)"); - break; - case PERM_RUNAS: /* headed for exec(), assume euid == 0 */ runas_setup(); @@ -155,25 +156,18 @@ set_perms_fallback(perm, sudo_mode) int error; switch (perm) { + case PERM_FULL_ROOT: case PERM_ROOT: if (setuid(0)) fatal("setuid(0)"); break; + case PERM_USER: (void) setegid(user_gid); if (setreuid(0, user_uid)) fatal("setreuid(0, user_uid)"); break; - case PERM_FULL_USER: - /* headed for exec() */ - (void) setgid(user_gid); - if (setuid(user_uid)) { - fatal("setuid(user_uid)"); - exit(1); - } - break; - case PERM_RUNAS: /* headed for exec(), assume euid == 0 */ runas_setup(); @@ -234,13 +228,6 @@ set_perms_fallback(perm, sudo_mode) fatal("seteuid(user_uid)"); break; - case PERM_FULL_USER: - /* headed for exec() */ - (void) setgid(user_gid); - if (setuid(user_uid)) - fatal("setuid(user_uid)"); - break; - case PERM_RUNAS: /* headed for exec(), assume euid == 0 */ runas_setup(); diff --git a/usr.bin/sudo/sudo.8 b/usr.bin/sudo/sudo.8 index d073b38865e..2a51f7d5736 100644 --- a/usr.bin/sudo/sudo.8 +++ b/usr.bin/sudo/sudo.8 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Fri Dec 14 17:27:57 2001 +.\" Sat Jan 12 15:54:24 2002 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "sudo 8" -.TH sudo 8 "1.6.4" "December 14, 2001" "MAINTENANCE COMMANDS" +.TH sudo 8 "1.6.4" "January 12, 2002" "MAINTENANCE COMMANDS" .UC .SH "NAME" sudo \- execute a command as another user @@ -426,12 +426,12 @@ version consists of code written primarily by: \& Chris Jepeway .Ve See the \s-1HISTORY\s0 file in the \fBsudo\fR distribution or visit -http://www.courtesan.com/sudo/history.html for a short history +http://www.sudo.ws/sudo/history.html for a short history of \fBsudo\fR. .SH "BUGS" .IX Header "BUGS" If you feel you have found a bug in sudo, please submit a bug report -at http://www.courtesan.com/sudo/bugs/ +at http://www.sudo.ws/sudo/bugs/ .SH "DISCLAIMER" .IX Header "DISCLAIMER" \&\fBSudo\fR is provided ``\s-1AS\s0 \s-1IS\s0'' and any express or implied warranties, diff --git a/usr.bin/sudo/sudo.c b/usr.bin/sudo/sudo.c index e317d978353..83173713a93 100644 --- a/usr.bin/sudo/sudo.c +++ b/usr.bin/sudo/sudo.c @@ -98,7 +98,7 @@ #include "version.h" #ifndef lint -static const char rcsid[] = "$Sudo: sudo.c,v 1.313 2002/01/08 15:00:18 millert Exp $"; +static const char rcsid[] = "$Sudo: sudo.c,v 1.314 2002/01/13 18:29:23 millert Exp $"; #endif /* lint */ /* @@ -256,6 +256,21 @@ main(argc, argv, envp) validated = sudoers_lookup(pwflag); /* + * If we have POSIX saved uids and the stay_setuid flag was not set, + * set the real, effective and saved uids to 0 and use set_perms_fallback() + * instead of set_perms_posix(). + */ +#if defined(_SC_SAVED_IDS) && defined(_SC_VERSION) + if (!def_flag(I_STAY_SETUID) && set_perms == set_perms_posix) { + if (setuid(0)) { + perror("setuid(0)"); + exit(1); + } + set_perms = set_perms_fallback; + } +#endif + + /* * Look up runas user passwd struct. If we are given a uid then * there may be no corresponding passwd(5) entry (which is OK). */ diff --git a/usr.bin/sudo/sudo.h b/usr.bin/sudo/sudo.h index 04eaa3d21d2..088a67dfe91 100644 --- a/usr.bin/sudo/sudo.h +++ b/usr.bin/sudo/sudo.h @@ -31,7 +31,7 @@ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $Sudo: sudo.h,v 1.182 2001/12/31 17:18:05 millert Exp $ + * $Sudo: sudo.h,v 1.183 2002/01/13 18:28:09 millert Exp $ */ #ifndef _SUDO_SUDO_H @@ -111,8 +111,8 @@ struct sudo_user { * Used with set_perms() */ #define PERM_ROOT 0x00 -#define PERM_USER 0x01 -#define PERM_FULL_USER 0x02 +#define PERM_FULL_ROOT 0x01 +#define PERM_USER 0x02 #define PERM_SUDOERS 0x03 #define PERM_RUNAS 0x04 diff --git a/usr.bin/sudo/sudoers.5 b/usr.bin/sudo/sudoers.5 index 5b9a13dab23..fb68fb888ed 100644 --- a/usr.bin/sudo/sudoers.5 +++ b/usr.bin/sudo/sudoers.5 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Sun Dec 30 12:24:30 2001 +.\" Sun Jan 13 11:37:06 2002 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "sudoers 5" -.TH sudoers 5 "1.6.4" "December 30, 2001" "MAINTENANCE COMMANDS" +.TH sudoers 5 "1.6.4" "January 13, 2002" "MAINTENANCE COMMANDS" .UC .SH "NAME" sudoers \- list of which users may execute what @@ -513,7 +513,11 @@ UIDs are set to the target user (root by default). This option changes that behavior such that the real \s-1UID\s0 is left as the invoking user's \s-1UID\s0. In other words, this makes \fBsudo\fR act as a setuid wrapper. This can be useful on systems that disable some potentially -dangerous functionality when a program is run setuid. +dangerous functionality when a program is run setuid. Note, however, +that this means that sudo will run with the real uid of the invoking +user which may allow that user to kill \fBsudo\fR before it can log a +failure, depending on how your \s-1OS\s0 defines the interaction between +signals and setuid processes. .Ip "env_reset" 12 .IX Item "env_reset" If set, \fBsudo\fR will reset the environment to only contain the diff --git a/usr.bin/sudo/visudo.8 b/usr.bin/sudo/visudo.8 index cc85f7eca02..c4c7d3eee2d 100644 --- a/usr.bin/sudo/visudo.8 +++ b/usr.bin/sudo/visudo.8 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Wed Dec 12 13:27:24 2001 +.\" Sat Jan 12 15:54:25 2002 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "visudo 8" -.TH visudo 8 "1.6.4" "December 12, 2001" "MAINTENANCE COMMANDS" +.TH visudo 8 "1.6.4" "January 12, 2002" "MAINTENANCE COMMANDS" .UC .SH "NAME" visudo \- edit the sudoers file @@ -254,11 +254,11 @@ Many people have worked on \fIsudo\fR over the years; this version of \& Todd Miller <Todd.Miller@courtesan.com> .Ve See the \s-1HISTORY\s0 file in the sudo distribution or visit -http://www.courtesan.com/sudo/history.html for more details. +http://www.sudo.ws/sudo/history.html for more details. .SH "BUGS" .IX Header "BUGS" If you feel you have found a bug in sudo, please submit a bug report -at http://www.courtesan.com/sudo/bugs/ +at http://www.sudo.ws/sudo/bugs/ .SH "DISCLAIMER" .IX Header "DISCLAIMER" \&\fBVisudo\fR is provided ``\s-1AS\s0 \s-1IS\s0'' and any express or implied warranties, |