From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ldv@altlinux.org>
Date: Mon, 21 May 2007 18:20:27 +0400
From: "Dmitry V. Levin" <ldv@altlinux.org>
To: ALT Devel discussion list <devel@lists.altlinux.org>
Message-ID: <20070521142027.GA27994@basalt.office.altlinux.org>
Mail-Followup-To: ALT Devel discussion list <devel@lists.altlinux.org>
References: <20070521134541.GB25724@osdn.org.ua>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="/04w6evG8XlLl3ft"
Content-Disposition: inline
In-Reply-To: <20070521134541.GB25724@osdn.org.ua>
X-fingerprint: FE4C 93AB E19A 2E4C CB5D  3E4E 7CAB E6AC 9E35 361E
Subject: Re: [devel] q: current sudo default: was it all worth it?
X-BeenThere: devel@lists.altlinux.org
X-Mailman-Version: 2.1.9rc1
Precedence: list
Reply-To: ALT Devel discussion list <devel@lists.altlinux.org>
List-Id: ALT Devel discussion list <devel.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/listinfo/devel>,
	<mailto:devel-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/devel>
List-Post: <mailto:devel@lists.altlinux.org>
List-Help: <mailto:devel-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/devel>,
	<mailto:devel-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Mon, 21 May 2007 14:20:27 -0000
Archived-At: <http://lore.altlinux.org/devel/20070521142027.GA27994@basalt.office.altlinux.org/>
List-Archive: <http://lore.altlinux.org/devel/>
List-Post: <mailto:devel@altlinux.org>


--/04w6evG8XlLl3ft
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi,

On Mon, May 21, 2007 at 04:45:41PM +0300, Michael Shigorin wrote:
> =E5=DD=A3 =D7=CF=D0=D2=CF=D3 =CB =E4=C9=CD=C5, =CE=C1=C2=CF=C4=C1=D7=DB=
=C9=D3=D8 =D3 sudo =C9 =D7 =C9=D4=CF=C7=C5 =CF=D4=CB=C1=D4=C9=D7=20
> =D3 1.6.8p12-alt2 =CE=C1 1.6.7p5-alt6.1 =D7 =D0=D2=CF=C3=C5=D3=D3=C5 =D7=
=D9=D1=D3=CE=C5=CE=C9=D1
> =D0=D2=C9=DE=C9=CE=D9 =D0=D2=CF=C2=CC=C5=CD=D9 =D0=CF=D3=CC=C5 dist-upgra=
de =D3 =D3=C9=DA=C9=C6=C1 =D0=D2=C9=CD=C5=D2=CE=CF
> =C4=D7=D5=C8=CD=C5=D3=D1=DE=CE=CF=CA =C4=C1=D7=CE=CF=D3=D4=C9 =CE=C1 4.0-=
branch: =DE=D4=CF =C4=C1=A3=D4=20
>=20
> - Enabled env_reset, requiretty and tty_tickets options by default.

requiretty =D7 1.6.8p12-alt2 =D3=CE=CF=D7=C1 =D2=C1=C2=CF=D4=C1=C5=D4 =D4=
=C1=CB =D6=C5 =CB=C1=CB =C9 =D7 1.6.7p5-alt6.1;
=F1 =D0=D2=C5=C4=D0=CF=CC=CF=D6=C9=CC, =DE=D4=CF requiretty =D2=C1=C2=CF=D4=
=C1=C5=D4 =CC=D5=DE=DB=C5 =DE=C5=CD =CD=CF=CA =D0=C1=D4=DE, =CE=CF =CF=DE=
=C5=CE=D8 =C2=D9=D3=D4=D2=CF
=D5=C2=C5=C4=C9=CC=D3=D1, =DE=D4=CF =DC=D4=CF =CE=C5 =D4=C1=CB.

> =D0=CF=CD=C9=CD=CF =D5=D6=C5 =CF=C2=D3=D5=D6=C4=C1=D7=DB=C5=C7=CF=D3=D1 =
=CF=C2=CC=CF=CD=C1 =D3 =C9=D3=D0=CF=CC=D8=DA=CF=D7=C1=CE=C9=C5=CD sudo=20
> =C9 =C7=D2=C1=C6=C9=DE=C5=D3=CB=C9=C8 =D0=D2=CF=C7=D2=C1=CD=CD?

=F0=C5=D2=C5=C8=CF=C4 =CE=C1 env_reset, =CB=CF=C7=C4=C1 =CE=D5=D6=CE=D9=C5 =
=D0=C5=D2=C5=CD=C5=CE=CE=D9=C5 =D1=D7=CE=CF =D2=C1=DA=D2=C5=DB=C5=CE=D9 =D7=
 sudoers,
=D2=C5=DB=C1=C5=D4 =CB=CC=C1=D3=D3 =D0=D2=CF=C2=CC=C5=CD =D7=C9=C4=C1
CVE-2006-0151
CVE-2005-4158
CVE-2005-2959
CVE-2004-1051

> =EE=C1 =D3=C5=CA=DE=C1=D3 =D0=CF=CA=CD=C1=CC=C9 =D0=D2=C9 =D4=C1=CB=CF=CD=
 =D2=C1=D3=CB=CC=C1=C4=C5 (=D0=CF=CC=D5=CB=C9=CF=D3=CB): =CD=C9=CE=C9=CD=C1=
=CC=D8=CE=D9=CA
> =C4=C5=D3=CB=D4=CF=D0 =CF=D4 =CF=C4=CE=CF=C7=CF =D0=CF=CC=D8=DA=CF=D7=C1=
=D4=C5=CC=D1 =D7=C9=D3=C9=D4 =CE=C1 :0.0, =D0=D2=C9 =DC=D4=CF=CD =C5=D3=D4=
=D8
> =CB=CE=CF=D0=CB=C1 =DA=C1=D0=D5=D3=CB=C1 =C2=D2=C1=D5=DA=C5=D2=C1 =CE=C1 =
:0.1 (=CF=D4=C4=C5=CC=D8=CE=D9=CA =CD=CF=CE=C9=D4=CF=D2) =CF=D4 =C4=D2=D5=
=C7=CF=C7=CF
> =D0=CF=CC=D8=DA=CF=D7=C1=D4=C5=CC=D1.
>=20
> =F0=CF=CD=CF=C7=CC=CF =D7 =D3=D5=CD=CD=C5 =D0=CF=CC=D5=DE=C1=D3=CF=D7=CF=
=C5 =C9=DA=D5=DE=C5=CE=C9=C5 sudoers(5)=20
> =C9 =CB=CF=CC=D5=D0=C1=CE=C9=C5 =D3  visudo(8), =D0=D2=C9=D7=C5=C4=DB=C5=
=C5 =CB:
>=20
> # Defaults specification
> Defaults !env_reset
> Defaults !requiretty
> Defaults !tty_tickets

=F0=CF=D6=C1=CC=D5=CA, =C8=D7=C1=D4=C9=CC=CF =C2=D9
Defaults env_keep +=3D "DISPLAY"

=F7 FC =D4=C1=CB =D3=C4=C5=CC=C1=CE=CF =D0=CF =D5=CD=CF=CC=DE=C1=CE=C9=C0, =
=CD=CF=D6=C5=D4 =C9 =CE=C1=CD =D3=D4=CF=C9=D4 =DC=D4=CF =D3=C4=C5=CC=C1=D4=
=D8.

> =EE=C1=D7=C5=D2=CE=CF=C5, =C4=CC=D1 =D3=C5=D2=D7=C5=D2=C1 =D0=D2=CF=C9=DA=
=D7=C5=C4=A3=CE=CE=D9=C5 =C9=DA=CD=C5=CE=C5=CE=C9=D1 =D4=C5=CF=D2=C5=D4=C9=
=DE=C5=D3=CB=C9
> =D0=CF=CC=C5=DA=CE=D9, =CE=CF =D7=CF=D4 =CE=C1 =C4=C5=D3=CB=D4=CF=D0=C5 =
=CE=C1=D3 =D3 =D4=C1=CB=C9=CD =C4=C5=C6=CF=CC=D4=CE=D9=CD =D0=CF=D7=C5=C4=
=C5=CE=C9=C5=CD
> =DA=C1=CB=C9=C4=C1=C0=D4 =D4=D5=C8=CC=D9=CD=C9 =C2=CF=CC=D7=C1=CE=CB=C1=
=CD=C9 =C9 =C2=D5=C4=D5=D4 =D0=D2=C1=D7=D9.

=E4=CC=D1 =CD=C5=CE=D1 =DA=C1=CB=C9=C4=D9=D7=C1=CE=C9=C5 =CE=C5 =D1=D7=CC=
=D1=C5=D4=D3=D1 =C1=D2=C7=D5=CD=C5=CE=D4=CF=CD.
=E5=D3=CC=C9 =D7=C1=CD =CE=D5=D6=C5=CE =CB=CF=CE=D4=D2=C1=D2=C7=D5=CD=C5=CE=
=D4, =D4=CF =D0=CF=CB=C1=D6=C9=D4=C5 =D0=C1=CC=D8=C3=C5=CD =CE=C1 FC.

> =EE=C1=D3=D4=CF=CA=DE=C9=D7=CF =D0=D2=C5=C4=CC=C1=C7=C1=C0 =D4=C1=CB=CF=
=C5:
>=20
> - =C4=CF=C2=C1=D7=C9=D4=D8 =D7 =DA=C1=CB=CF=CD=CD=C5=CE=D4=C9=D2=CF=D7=C1=
=CE=CE=CF=CD =D7=C9=C4=C5 =DC=D4=C9 =D4=D2=C9 =D3=D4=D2=CF=DE=CB=C9
>   =D7 /etc/sudoers =D7 =D0=C1=CB=C5=D4=C5;

!env_reset =D0=CF=CC=C5=DA=C5=CE =D4=CF=CC=D8=CB=CF =D7 =CF=C4=CE=CF=CD =D3=
=CC=D5=DE=C1=C5: =CE=D5=D6=CE=CF =DA=C1=D0=D5=D3=D4=C9=D4=D8 =D3=CF=C6=D4=
=C9=CE=D5
"=D0=D2=D1=CD=CF =D3=C5=CA=DE=C1=D3", =D0=D2=C9 =DC=D4=CF=CD security is no=
t my problem.
=F7=CF =D7=D3=C5=C8 =CF=D3=D4=C1=CC=D8=CE=D9=C8 =D3=CC=D5=DE=C1=D1=C8 =C4=
=CF=D3=D4=C1=D4=CF=DE=CE=CF env_keep.

!requiretty =CE=C5 =CE=D5=D6=C5=CE, =D0=CF=D3=CB=CF=CC=D8=CB=D5 =DC=D4=CF =
=DA=CE=C1=DE=C5=CE=C9=C5 =D0=CF =D5=CD=CF=CC=DE=C1=CE=C9=C0.

=EB=CF=C7=C4=C1 =C2=D9=D7=C1=C5=D4 =CE=D5=D6=C5=CE !tty_tickets, =CD=CE=C5 =
=D4=CF=D6=C5 =CE=C5 =D0=CF=CE=D1=D4=CE=CF.

> - =D0=D2=CF=D7=C5=D2=C9=D4=D8 =D3=CF=CF=D4=D7=C5=D4=D3=D4=D7=C9=C5 =D0=C1=
=CB=C5=D4=CE=CF=C7=CF =D3=CF=D3=D4=CF=D1=CE=C9=D1 =CB=CF=C4=C1 =C9 /etc/sud=
oers
>   =CF=D0=C9=D3=C1=CE=C9=C0 =D7 sudoers(5) -- =D3=C5=CA=DE=C1=D3 =D7 =CD=
=C1=CE=D0=C5=CA=C4=D6=C5 off by default, =CE=C1
>   =C4=C5=CC=C5 =D6=C5 =DC=D4=C9 =D4=D2=C9 =CF=D0=C3=C9=C9 =D7=CB=CC=C0=DE=
=C5=CE=D9 (=DE=D4=CF =C4=CF=CB=D5=CD=C5=CE=D4=C9=D2=CF=D7=C1=CE=CF =D4=CF=
=CC=D8=CB=CF =D7
>   rpm changelog);

=F4=C1=CD =C5=D3=D4=D8 =CE=C5=C4=CF=C4=C5=CC=CB=C1; =C9=D3=D0=D2=C1=D7=CC=
=C5=CE=C9=C5 =D7=CE=CF=D3=D1=D4=D3=D1 =D7 =C9=D3=C8=CF=C4=CE=D9=CA =CB=CF=
=C4 =C4=CF=CB=D5=CD=C5=CE=D4=C1=C3=C9=C9,
=CB=CF=D4=CF=D2=C1=D1 =CE=C5 =D7=CF=D3=D3=CF=DA=C4=C1=A3=D4=D3=D1 =D7 =CE=
=D5=D6=CE=CF=CD =CF=C2=DF=A3=CD=C5.

> - =C8=CF=D2=CF=DB=CF =C2=D9 =C4=CC=D1 =C4=C5=D3=CB=D4=CF=D0=C1 =DC=D4=CF=
=D4 =C4=C5=C6=CF=CC=D4 =D3=CD=C5=CE=C9=D4=D8 =CE=C1 =D7=D0=CF=CC=CE=C5 =D2=
=C1=DA=D5=CD=CE=D9=CA,
>   =CB=C1=CB=CF=D7=CF=CA =C9 =D0=CF=CC=CF=D6=C5=CE =C1=D0=D3=D4=D2=C9=CD=
=CF=CD.

=EE=C5=CB=CF=D4=CF=D2=D9=C5 =D3=DE=C9=D4=C1=C0=D4, =DE=D4=CF =C4=CC=D1 =C4=
=C5=D3=CB=D4=CF=D0=C1 =D2=C1=DA=D5=CD=CE=D9=CD =D1=D7=CC=D1=C5=D4=D3=D1
%wheel ALL =3D (root) NOPASSWD: ALL

=FE=D4=CF =C9=DA =DC=D4=CF=C7=CF =D3=CC=C5=C4=D5=C5=D4?
=F4=CF, =DE=D4=CF =D0=D2=C5=C4=D3=D4=C1=D7=CC=C5=CE=C9=D1 =CF =D2=C1=DA=D5=
=CD=CE=CF=D3=D4=C9 =D0=CF=D2=CF=CA =D3=C9=CC=D8=CE=CF =D2=C1=DA=CC=C9=DE=C1=
=C0=D4=D3=D1.


--=20
ldv

--/04w6evG8XlLl3ft
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGUaqrfKvmrJ41Nh4RAnspAJ9g5RghFgWOfzfFouhWAY8zde2T1QCffCN8
LL4I1MLq6m+7geyrzqko7Mw=
=HGY8
-----END PGP SIGNATURE-----

--/04w6evG8XlLl3ft--