Revision as of 22:38, 14 November 2018 by Michael Felt (Talk | contribs)

Jump to: navigation, search

Report Issues (via Forums) and/or TWEET:@rootvgnet

MD5 Checksum

808750B3BF5B4E1BA308B6F34FD6F991 aixtools.sudo.
B0183F8659F2ACA6AA967DDA79C1C66A aixtools.sudo.
82EB7CE25B0A4308FD26E2DBC751FB4F aixtools.sudo.


Package Details

Version: 1.8.26
Released: 2018-11-09
Sources from:
Depends on: AIX 6.1 TL7


--Michael Felt (talk) 21:38, 14 November 2018 (CET) Latest version, also available with LDAP support sudo.ldap

--Michael Felt (talk) 20:11, 1 June 2018 (CEST) Now packaging against AIX 6.1 - especially for sudo (as I intend to release an RBAC enabled version).

--Michael Felt (talk) 20:36, 17 April 2018 (CEST) Have this lying around. Finally released to you! See the sudo project for the ChangeLog, CVE's fixed, etc..


--Michael Felt (talk) 19:08, 31 May 2017 (UTC)

RELEASE: May 30, 2017
Did not repackage this as it is reported to only be an issue on LINUX (and SELINUX?)

Sudo version 1.8.20p1 is now available.  This release fixes a
potential security issue that may allow a user to bypass the
"tty_ticket" constraints or overwrite an arbitrary file.
The issue is only present on Linux systems.
Major changes between sudo 1.8.20p1 and 1.8.20:

 * Fixed "make check" when using OpenSSL or GNU crypt.
   Bug #787.

 * Fixed CVE-2017-1000367, a bug parsing /proc/pid/stat on Linux
   when the process name contains spaces.  Since the user has control
   over the command name, this could potentially be used by a user
   with sudo access to overwrite an arbitrary file on systems with
   SELinux enabled.  Also stop performing a breadth-first traversal
   of /dev when looking for the device; only a hard-coded list of
   directories are checked,


--Michael Felt (talk) 16:11, 11 May 2017 (UTC) working hard to improve sudo for AIX (in the background in contact with Todd Miller about getting sudo RBAC aware). Maybe this will show up in version 1.8.21, maybe 1.8.22 - time (available) shall tell.

For this release I have changed the "configure" settings a bit. My goal is to have all AIX host based (AIX packaging terms "root") sudo related files somewhere in /var/sudo rather than in /etc. The "usr" files are somewhere in /opt. FYI: this is not special for sudo - I try and package everything with key config files in /var/APPL/etc (rather than /etc), and further.

For sudo this does become a longish "configure" statement. You can verify the settings with sudo -V.

Sudo version 1.8.20
Configure options: --prefix=/opt --sysconfdir=/var/sudo/etc --sharedstatedir=/var/sudo/com\
--localstatedir=/var/sudo --mandir=/usr/share/man --infodir=/opt/share/info/sudo --with-man\
--disable-rpath --with-pam-login --disable-root-mailer --disable-shadow --enable-log-host\
--disable-noargs-shell --enable-shell-sets-home --disable-path-info --enable-env-reset --disable-nls\
--with-aixauth --with-pam --with-logging=both --with-logpath=/var/sudo/log --with-ignore-dot\
--with-mail-if-no-host --with-mail-if-noperms --with-rundir=/var/sudo/run --with-vardir=/var/sudo/var\
--with-umask=027 --with-editor=/usr/bin/vi --with-env-editor
Sudoers policy plugin version 1.8.20
Sudoers file grammar version 46


--Michael Felt (talk) 14:41, 27 January 2017 (UTC) Added lots of 'specifications' -- because they look nice. If you need something different contact me via the forums and/or try twitter. The .20 is to give p2 a value AIX packaging can work with.

$ ../src/sudo- --prefix=/opt --sysconfdir=/var/sudo/etc 
--sharedstatedir=/var/sudo/com --localstatedir=/var/sudo --mandir=/usr/share/man 
--infodir=/opt/share/info/sudo --with-pc-insults --with-man --with-pam-login
--disable-root-mailer --disable-shadow --disable-root-sudo --enable-log-host
--disable-noargs-shell --enable-shell-sets-home --disable-path-info --enable-env-reset 
--disable-nls --with-aixauth --with-pam --with-logging=both --with-logpath=/var/log/sudo 
--with-ignore-dot --with-mail-if-no-host --with-mail-if-noperms
--with-rundir=/var/sudo/run --with-vardir=/var/sudo --with-umask=027


$ ../src/sudo-1.8.16/configure --prefix=/opt --sysconfdir=/var/sudo/etc
--sharedstatedir=/var/sudo/com --localstatedir=/var/sudo --mandir=/usr/share/man 
Note: the fileset (internal-name) for both sudo and sudo-ldap versions is the same - so you can force install one over the other.
Do not have both versions in one directory - I have no idea which one installp will choose to install
Note: in the near-future I will change the fileset name of sudo-ldap from aixtools.sudo to aixtools.sudo-ldap


Personal tools