Jump to: navigation, search

Report Issues (via Forums) and/or TWEET:@rootvgnet

MD5 Checksum

8F7CF4A62D9561249564F76E734322A6 aixtools.sudo.
A9DC4055719BF5D3EE23E27D193DB4A8 aixtools.sudo.
42967B824E040568B11397D3799C93D4 aixtools.sudo.


Package Details

Version: 1.8.20
Released: May 10, 2017
Sources from:
Depends on: AIX 5.3 TL7


--Michael Felt (talk) 19:08, 31 May 2017 (UTC)

RELEASE: May 30, 2017
Did not repackage this as it is reported to only be an issue on LINUX (and SELINUX?)

Sudo version 1.8.20p1 is now available.  This release fixes a
potential security issue that may allow a user to bypass the
"tty_ticket" constraints or overwrite an arbitrary file.
The issue is only present on Linux systems.
Major changes between sudo 1.8.20p1 and 1.8.20:

 * Fixed "make check" when using OpenSSL or GNU crypt.
   Bug #787.

 * Fixed CVE-2017-1000367, a bug parsing /proc/pid/stat on Linux
   when the process name contains spaces.  Since the user has control
   over the command name, this could potentially be used by a user
   with sudo access to overwrite an arbitrary file on systems with
   SELinux enabled.  Also stop performing a breadth-first traversal
   of /dev when looking for the device; only a hard-coded list of
   directories are checked,


--Michael Felt (talk) 16:11, 11 May 2017 (UTC) working hard to improve sudo for AIX (in the background in contact with Todd Miller about getting sudo RBAC aware). Maybe this will show up in version 1.8.21, maybe 1.8.22 - time (available) shall tell.

For this release I have changed the "configure" settings a bit. My goal is to have all AIX host based (AIX packaging terms "root") sudo related files somewhere in /var/sudo rather than in /etc. The "usr" files are somewhere in /opt. FYI: this is not special for sudo - I try and package everything with key config files in /var/APPL/etc (rather than /etc), and further.

For sudo this does become a longish "configure" statement. You can verify the settings with sudo -V.

Sudo version 1.8.20
Configure options: --prefix=/opt --sysconfdir=/var/sudo/etc --sharedstatedir=/var/sudo/com\
--localstatedir=/var/sudo --mandir=/usr/share/man --infodir=/opt/share/info/sudo --with-man\
--disable-rpath --with-pam-login --disable-root-mailer --disable-shadow --enable-log-host\
--disable-noargs-shell --enable-shell-sets-home --disable-path-info --enable-env-reset --disable-nls\
--with-aixauth --with-pam --with-logging=both --with-logpath=/var/sudo/log --with-ignore-dot\
--with-mail-if-no-host --with-mail-if-noperms --with-rundir=/var/sudo/run --with-vardir=/var/sudo/var\
--with-umask=027 --with-editor=/usr/bin/vi --with-env-editor
Sudoers policy plugin version 1.8.20
Sudoers file grammar version 46


--Michael Felt (talk) 14:41, 27 January 2017 (UTC) Added lots of 'specifications' -- because they look nice. If you need something different contact me via the forums and/or try twitter. The .20 is to give p2 a value AIX packaging can work with.

$ ../src/sudo- --prefix=/opt --sysconfdir=/var/sudo/etc 
--sharedstatedir=/var/sudo/com --localstatedir=/var/sudo --mandir=/usr/share/man 
--infodir=/opt/share/info/sudo --with-pc-insults --with-man --with-pam-login
--disable-root-mailer --disable-shadow --disable-root-sudo --enable-log-host
--disable-noargs-shell --enable-shell-sets-home --disable-path-info --enable-env-reset 
--disable-nls --with-aixauth --with-pam --with-logging=both --with-logpath=/var/log/sudo 
--with-ignore-dot --with-mail-if-no-host --with-mail-if-noperms
--with-rundir=/var/sudo/run --with-vardir=/var/sudo --with-umask=027


$ ../src/sudo-1.8.16/configure --prefix=/opt --sysconfdir=/var/sudo/etc
--sharedstatedir=/var/sudo/com --localstatedir=/var/sudo --mandir=/usr/share/man 
Note: the fileset (internal-name) for both sudo and sudo-ldap versions is the same - so you can force install one over the other.
Do not have both versions in one directory - I have no idea which one installp will choose to install
Note: in the near-future I will change the fileset name of sudo-ldap from aixtools.sudo to aixtools.sudo-ldap
Personal tools