debian/0000775000000000000000000000000012525176120007171 5ustar debian/lintian-overrides0000664000000000000000000000006212325570426012555 0ustar super: setuid-binary usr/bin/super 4755 root/root debian/docs0000664000000000000000000000003712325570426010051 0ustar debian/_tmp_/README README.Y2K debian/preinst0000664000000000000000000000160512325570426010607 0ustar #!/bin/sh set -e if [ "$1" = "upgrade" -a -d /var/lib/superstamps ] && dpkg --compare-versions "$2" lt "3.18.0-2" ; then echo -n "Moving old /var/lib/superstamps dir into /var/run..." rm -rf /var/run/superstamps mv -f /var/lib/superstamps /var/run echo "OK" fi # Handle our old cron script if [ "$1" = "upgrade" -a -e /etc/cron.weekly/super ] ; then if dpkg --compare-versions "$2" lt "3.14.0" >/dev/null 2>&1; then if echo 'de938b7353b549cb3390b45dfd38bc1a /etc/cron.weekly/super' \ | md5sum -c >/dev/null 2>&1; then # not modified, remove it echo -n "Removing obsolete /etc/cron.weekly/super..." rm -f /etc/cron.weekly/super echo "OK" else # modified echo -n "Saving obsolete /etc/cron.weekly/super " echo -n "as /etc/cron.weekly/super.dpkg-old..." mv -f /etc/cron.weekly/super /etc/cron.weekly/super.dpkg-old echo "OK" fi fi fi #DEBHELPER# exit 0 debian/rules0000775000000000000000000000505212325570426010260 0ustar #!/usr/bin/make -f # $Id: rules 182 2011-02-19 12:36:53Z robert $ # Sample debian/rules that uses debhelper. # This file is public domain software, originally written by Joey Hess. # Uncomment this to turn on verbose mode. # export DH_VERBOSE=1 include /usr/share/hardening-includes/hardening.make BUILDDIR := DEB-BUILD DH_AUTO_OPTIONS := -v -Sautoconf -B$(BUILDDIR) --parallel DESTDIR := $(CURDIR)/debian/$(shell dh_listpackages) TDIR := $(CURDIR)/debian/_tmp_ CFLAGS := $(shell dpkg-buildflags --get CFLAGS) CFLAGS += -Wall $(HARDENING_CFLAGS) LDFLAGS := $(shell dpkg-buildflags --get LDFLAGS) LDFLAGS += -Wl,-z,defs -Wl,--as-needed $(HARDENING_LDFLAGS) build-arch: $(BUILDDIR)/build-arch-stamp $(BUILDDIR)/build-arch-stamp: dh_testdir # Add here commands to compile the package. CC=gcc \ CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" \ dh_auto_configure $(DH_AUTO_OPTIONS) -- \ --enable-pam dh_auto_build $(DH_AUTO_OPTIONS) -- \ TIMESTAMP_DIR=/var/run/superstamps \ D_SYSLOG_PRIORITY="-DSYSLOG_PRIORITY=LOG_INFO -DSYSLOG_FACILITY=LOG_AUTH" mkdir $(TDIR) sed '25,50d' README > $(TDIR)/README cp -a sample.tab $(TDIR)/super.tab cp -a sample.cdmount $(TDIR)/cdmount cp -a sample.cdumount $(TDIR)/cdumount chmod 755 $(TDIR)/cdmount chmod 755 $(TDIR)/cdumount touch "$@" clean: dh_testdir dh_testroot rm -f $(BUILDDIR)/build-arch-stamp dh_auto_clean $(DH_AUTO_OPTIONS) rm -rf Makefile *~ $(TDIR) config.cache config.log dh_clean install: build dh_testdir dh_testroot dh_prep dh_installdirs dh_auto_install $(DH_AUTO_OPTIONS) --destdir="$(DESTDIR)" dh_install debian/super.tab etc mv $(DESTDIR)/usr/share/man/man5/super.5 \ $(DESTDIR)/usr/share/man/man5/super.tab.5 # Build architecture-dependent files here. binary-arch: build-arch install dh_testdir dh_testroot dh_installchangelogs WhatsNew dh_installdocs dh_installexamples # dh_install # dh_installmenu # dh_installdebconf dh_installlogrotate # dh_installemacsen dh_installpam # dh_installmime # dh_installinit # dh_installcron # dh_installinfo # dh_undocumented # dh_installman # dh_link dh_lintian dh_strip dh_compress dh_fixperms -Xusr/bin/super # dh_makeshlibs dh_installdeb # dh_perl dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb binary-indep build-indep: # We have nothing to do by default. binary: binary-arch build: build-arch .PHONY: build build-arch build-indep clean binary-indep binary-arch binary install .DEFAULT_GOAL := binary debian/copyright0000664000000000000000000000322612325570426011134 0ustar This is the Debian GNU/Linux prepackaged version of super, a smart program that lets users run commands under different user ids. This package was put together by Robert Luberda from sources obtained from: ftp://ftp.ucolick.org/pub/users/will/super-3.30.0-tar.gz This package was previously maintained by Martin Schulze Copyright (c) 1993, 1994 by California Institute of Technology. Written by William Deich. Not derived from licensed software. This program is free software; you can redistribute it and/or modify it under the terms of either: a) the GNU General Public License as published by the Free Software Foundation; either version 1, or (at your option) any later version, or b) the "Artistic License" (from Larry Wall). This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See either the GNU General Public License or the Artistic License for more details. You should have received a copy of the Artistic License with this Kit, in the file named "Artistic". If not, I'll be glad to provide one. You should also have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA. On Debian GNU/Linux systems, the complete text of the GNU General Public License can be found in `/usr/share/common-licenses/GPL-2'. You also find the "Artistic License" in `/usr/share/common-licenses/Artistic'. debian/changelog0000664000000000000000000003431412525176120011050 0ustar super (3.30.0-6+deb7u1build0.14.04.1) trusty-security; urgency=medium * fake sync from Debian -- Steve Beattie Thu, 14 May 2015 12:49:36 -0700 super (3.30.0-6+deb7u1) wheezy-security; urgency=high * Add 14-Fix-unchecked-setuid-call.patch to fix a flaw in `super -F' command which might open super for RLIMIT_NPROC style exploits on older 2.6 kernels (CVE-2014-0470). -- Robert Luberda Wed, 23 Apr 2014 00:30:28 +0200 super (3.30.0-6) unstable; urgency=high * Add 12-Use-vsnprintf.patch to fix buffer overflow error occurring when logging via syslog is enabled (CVE-2011-2776). * Add 13-Potential-format-string-vulnerability.patch to fix a vulnerability that might occur if the user of file name or file name used in the tag contains a '%' character. * Rename & refresh other patches with gbp-pq import/export. * debian/control: + Add VCS fields; + Standards-Version: 3.9.2 (no changes). + Sort dependency fields with wrap and sort. -- Robert Luberda Mon, 09 Jan 2012 00:34:16 +0100 super (3.30.0-5) unstable; urgency=low * 10_ftbfs_hurd.patch: fix FTBFS on GNU/Hurd. * 11_gcc_wformat.patch: fix warnings given by gcc when hardening options are turned on. -- Robert Luberda Mon, 21 Feb 2011 22:04:44 +0100 super (3.30.0-4) unstable; urgency=low * Switch to the `3.0 (quilt) source format: + remove build-time depenency on quilt; + remove debian/README.source. * debian/rules: + drop patch/unpatch target; + use dpkg-buildflags for getting CFLAGS/LDFLAGS; + call dh_auto_{configure,build,clean} commands; + provide build-{arch,indep} targets. * 09_Makefile_srcdir.patch: new patch to use $(srcdir) where it's needed. * Enable hardening logic provided by the hardening-includes package; add the package to build-depends. * Standards-Version: 3.9.1. * Build with debhelper v8. -- Robert Luberda Sat, 19 Feb 2011 13:25:00 +0100 super (3.30.0-3) unstable; urgency=low * 07_ftbfs_kfreebsd.patch: A patch from Cyril Brulebois to fix FTBFS on GNU/kFreeBSD (closes: #561787). * 08_logfile_group.patch: Create log files owned by the adm group and with proper access rights (closes: #112700). * Updated 05_manpages.patch to fix yet another warning from man. * Standards-Version: 3.8.3. * Bump debhelper to v7. * Remove linda overrides, use dh_lintian for installing lintian's overrides. * Remove /var/run/superstamps from the binary package. The directory will be created by super anyway, if it doesn't exist. * Add a home page link, a README.source file. * Write patches' descriptions. -- Robert Luberda Sun, 03 Jan 2010 15:08:34 +0100 super (3.30.0-2) unstable; urgency=low * Bump build-dependency on debhelper. * Fix hyphens in man pages (lintian). * Pass -Wl,-as-needed to LD_FLAGS to quit dpkg-shlibdeps warnings. * Add support for cross-compiling. * Move to quilt for managing patches, split debian diff into 0[1-5]*.patch. * 06_gcc_warnings.patch: fix gcc -Wall warnings. -- Robert Luberda Sat, 19 Apr 2008 17:24:05 +0200 super (3.30.0-1) unstable; urgency=low * New upstream version. -- Robert Luberda Sat, 22 Dec 2007 15:29:00 +0100 super (3.28.0-1) unstable; urgency=low * New upstream version. * Standards-Version: 3.7.3 (no changes). * Set debhelper compat version to 6. -- Robert Luberda Wed, 19 Dec 2007 20:12:09 +0100 super (3.27.1-2) unstable; urgency=low * Upload to unstable. -- Robert Luberda Sun, 15 Apr 2007 19:08:49 +0200 super (3.27.1-1) experimental; urgency=low * New upstream version. -- Robert Luberda Thu, 22 Mar 2007 08:25:12 +0100 super (3.26.2-1) unstable; urgency=low * New upstream version. * Standards-Version: 3.7.2 (no changes needed). -- Robert Luberda Wed, 31 Jan 2007 00:33:22 +0100 super (3.26.1-1) unstable; urgency=low * New upstream version. * debian/control: Standards-Version: 3.6.2. * Remove lintian source overrides file, it's not needed. * Fix format of the `closes' clauses at the end of this changelog to make lintian happy. -- Robert Luberda Thu, 17 Nov 2005 18:50:03 +0100 super (3.26.0-2) unstable; urgency=low * Upload to unstable. -- Robert Luberda Mon, 8 Nov 2004 23:15:11 +0100 super (3.26.0-1) experimental; urgency=low * New upstream version. -- Robert Luberda Tue, 26 Oct 2004 21:17:31 +0200 super (3.25.0-1) experimental; urgency=low * New upstream version. -- Robert Luberda Fri, 15 Oct 2004 21:08:08 +0200 super (3.24.1-1) unstable; urgency=low * New upstream version. -- Robert Luberda Fri, 10 Sep 2004 20:59:52 +0200 super (3.23.0-2) unstable; urgency=low * Fix FTBFS problem on hurd (closes:#256634). -- Robert Luberda Wed, 30 Jun 2004 20:11:17 +0200 super (3.23.0-1) unstable; urgency=high * New upstream version: + fixed format string vulnerability (CAN-2004-0579) found by Max Vozeler . * Added debian/watch file. -- Robert Luberda Fri, 18 Jun 2004 22:40:17 +0200 super (3.22.2-1) unstable; urgency=low * New upstream version. * Add lintian source override file for `cvsignore-file-in-source'. * Add linda override file. -- Robert Luberda Sat, 22 May 2004 15:06:49 +0200 super (3.22.1-0) unstable; urgency=low * New upstream version. -- Robert Luberda Wed, 5 May 2004 21:08:40 +0200 super (3.22.0-2) unstable; urgency=low * checks.c: if both uid and euid with diffrent values were specified in super.tab file, uid was overriden by euid. * super.c: when execve() fails, save errno value before reopening the log file. -- Robert Luberda Tue, 27 Apr 2004 20:24:05 +0200 super (3.22.0-1) unstable; urgency=low * New upstream version. -- Robert Luberda Tue, 20 Apr 2004 20:00:25 +0200 super (3.20.1-2) unstable; urgency=low * Update PAM configuration file. * Add dependency on libpam-runtime (>= 0.76-14). * Standards-Version: 3.6.1 (no changes). -- Robert Luberda Wed, 10 Sep 2003 22:00:45 +0200 super (3.20.1-1) unstable; urgency=low * New upstream version. * Update download URL in copyright file. * Standards-Version: 3.5.10 (no changes). -- Robert Luberda Sat, 21 Jun 2003 13:36:36 +0200 super (3.20.0-2) unstable; urgency=low * Upgrade Standards-Version to 3.5.7 * Install lintian override file for setuid-binary warning. * Fix some gcc warnings. -- Robert Luberda Thu, 24 Oct 2002 08:20:42 +0200 super (3.20.0-1) unstable; urgency=low * New upstream version. -- Robert Luberda Mon, 5 Aug 2002 20:09:50 +0200 super (3.18.0-3) unstable; urgency=critical * SECURITY FIX for local root exploit reported recently on the BugTraq list (closes: #154982). -- Robert Luberda Thu, 1 Aug 2002 06:56:13 +0200 super (3.18.0-2) unstable; urgency=low * Move superstamps dir from /var/lib to /var/run. I think it better complies with FHS standard. * Add `create' option to our logrotate script. * debian/control: recommends logrotate, not depend on it. * Add commented out `patterns=shell' line into super.tab. * Install sample.cdumount as cdumount in examples dir. * Fix typo in super.tab(5). * debian/rules: debhelper v4. -- Robert Luberda Sat, 1 Jun 2002 10:26:54 +0200 super (3.18.0-1) unstable; urgency=low * New upstream version. * Remove emacs settings from bottom of this changelog (lintian). -- Robert Luberda Thu, 23 May 2002 08:53:12 +0200 super (3.16.1-1) unstable; urgency=low * New upstream version. -- Robert Luberda Fri, 6 Jul 2001 22:30:37 +0200 super (3.16.0-2) unstable; urgency=low * Fix NAME section in super.tab(5) man page (closes: #99571). * Compiled with -Wall, fixed most gcc warnings. * Standards-Version: 3.5.5 * Include /var/lib/superstamps directory in the package. * debian/rules: updated to the newest debhelper. * Made sample cdmount script work on Debian. -- Robert Luberda Mon, 4 Jun 2001 20:56:58 +0200 super (3.16.0-1) unstable; urgency=low * New upstream version: - PAM support added (closes: #63845). Note that you need to edit your /etc/super.tab to enable PAM. - behaviour changed for root user. Please read upstream changelog.gz file for more information. * Added libpam-dev to Build-Depends. -- Robert Luberda Tue, 23 Jan 2001 22:54:09 +0100 super (3.14.0-2) unstable; urgency=low * Fix build problem on Alpha (closes: #81678). * Update the copyright file. -- Robert Luberda Tue, 9 Jan 2001 19:48:12 +0100 super (3.14.0-1) unstable; urgency=low * New upstream version. * New maintainer. (closes: #68153) * Standards-Version: 3.2.1 (FHS, Build-Depends). * Switched to debhelper v3. * Use logrotate instead of cron.weekly script. * debian/postrm: remove log and timestamp files only when package is purged. * Compiled without rsyslog support. (closes: #63849) -- Robert Luberda Wed, 13 Dec 2000 23:27:38 +0100 super (3.12.2-2) frozen unstable; urgency=low * Added section to binary target * Removed bashism from postrm script (closes: Bug#56010) -- Martin Schulze Fri, 3 Mar 2000 18:51:07 +0100 super (3.12.2-1) unstable; urgency=low * New upstream source (closes: Bug#45278) -- Martin Schulze Thu, 28 Oct 1999 23:23:01 +0200 super (3.12.1-3) unstable; urgency=low * Added /var/log/super.log{,.0,.*.gz} to postrm remove files (closes: Bug#45279) * Added /etc/cron.weekly/super to conffiles (closes: Bug#45280) * Made /etc/cron.weekly/super a NOP if super got removed -- Martin Schulze Tue, 26 Oct 1999 18:43:13 +0200 super (3.12.1-2) unstable; urgency=low * Added correction to cdmount example (closes: Bug#27328) * Corrected shadow support (closes: Bug#27370) -- Martin Schulze Mon, 24 May 1999 12:11:58 +0200 super (3.12.1-1) frozen unstable; urgency=high * New upstream version * Fixes buffer overflow -- Martin Schulze Wed, 3 Mar 1999 01:21:39 +0100 super (3.11.7-1) stable frozen unstable; urgency=high * New upstream version, fixing two buffer overflows -- Martin Schulze Mon, 15 Feb 1999 23:49:53 +0100 super (3.11.6-3) unstable; urgency=low * Corrected cdmount/cdumount example (closes: Bug#27328) * Removed some offending code which made super segfault when called with -d and -D (closes: Bug#27323) -- Martin Schulze Fri, 2 Oct 1998 01:56:10 +0200 super (3.11.6-2) unstable; urgency=low * Fixed three bugs wrt user .supertab files 1) super seg. faults, if the full path + name of the user .supertab is longer than the default name, which easily happens in debian, as the default is the (short) /etc/super.tab 2) super tries to execute "acct:cmd" instead of "cmd" in user mode for "acct" 3) super tries to clear/set extra groups, but in user mode the euid already changed to !root, so setgroups() fails and super complains A patch (that I only partially used) was suppllied by Ingo Felger (closes: Bug#26617) -- Martin Schulze Sat, 12 Sep 1998 11:32:40 +0200 super (3.11.6-1) frozen unstable; urgency=low * New upstream release * Includes a security fix * New standards version -- Martin Schulze Sun, 19 Apr 1998 17:19:59 +0200 super (3.11.5-2) unstable; urgency=low * Applied patch from Will to include a PATH variable again * This time created a diff file -- Martin Schulze Fri, 20 Mar 1998 10:14:14 +0100 super (3.11.5-1) unstable; urgency=low * New upstream source * Used $(installbin) and $(installdoc) for postrm and conffiles (lintian) (closes: Bug#19411) -- Martin Schulze Thu, 19 Mar 1998 09:55:05 +0100 super (3.11.2-2) unstable; urgency=low * Corrected FSF's address (lintian) -- Martin Schulze Wed, 11 Feb 1998 01:40:01 +0100 super (3.11.2-1) unstable; urgency=low * New upstream source (closes: Bug#16831, Bug#13476) * Applied 1st patch from upstream author * Set SHELL to /bin/bash * Corrected Standards-Version to 2.3.0.1 (closes: Bug#16768) * Included WhatsNew as changelog -- Martin Schulze Sun, 18 Jan 1998 08:10:17 +0100 super (3.10.6-4) unstable; urgency=low * Linked against libc6 * Fixed clean target (closes: Bug#12491) -- Martin Schulze Tue, 30 Dec 1997 03:18:26 +0100 super (3.10.6-3) unstable; urgency=low * Changed from make clean to make distclean * Installed /etc/super as /etc/cron.weekly (closes: Bug#10819) * Installed super.tab.5 in correct directory (closes: Bug#11222) -- Martin Schulze Sun, 20 Jul 1997 15:25:38 +0200 super (3.10.6-2) unstable; urgency=low * Added /etc/cron.weekly/super (closes: Bug#7006) * New maintainer address -- Martin Schulze Mon, 28 Apr 1997 12:22:46 +0200 super (3.10.6-1) unstable; urgency=low * New upstream version * Converted into new packaging scheme -- Martin Schulze Sun, 23 Feb 1997 12:23:35 +0100 Sun Dec 22 11:48:50 1996 Martin Schulze * debian.rules: Installed ChangeLog Thu Aug 22 09:55:29 1996 Martin Schulze * check.c: Addes support wor Shadow passwords, thanks to Michael Meskes. Sun May 26 23:14:12 1996 Martin Schulze * utils.c: rewrote get_canonical_hostname() because it did reuse a static array which produces rubbish. Sun May 26 14:23:40 1996 Martin Schulze * Added Debian packaging information debian/control0000664000000000000000000000145512325570426010606 0ustar Source: super Section: admin Priority: optional Maintainer: Robert Luberda Standards-Version: 3.9.2 Build-Depends: debhelper (>= 8), hardening-includes, libpam0g-dev (>= 0.76-14) Homepage: http://ftp.ucolick.org/pub/users/will/ Vcs-Git: git://anonscm.debian.org/users/robert/super.git Vcs-Browser: http://anonscm.debian.org/gitweb/?p=users/robert/super.git Package: super Architecture: any Depends: libpam-runtime (>= 0.76-14), ${misc:Depends}, ${shlibs:Depends} Recommends: logrotate (>= 3.5.9) Description: Execute commands setuid root Super allows specified users to execute scripts (or other commands) as if they were root; or it can set the uid and/or gid on a per-command basis before executing the command. It is intended to be a secure alternative to making scripts setuid root. debian/super.tab0000664000000000000000000000220212325570426011020 0ustar # # super.tab super(1) configuration file. # $Id: super.tab,v 1.3 2002-06-01 08:28:00 robert Exp $ # # # This file lists commands that super(1) will execute for you as root. # Therefore, DO NOT ADD ANY ENTRIES until you understand how this works. # # See /usr/share/doc/super/examples for examples on both this file and its # commands. See the super.tab(5) man page for information. # # # Global options ========================================================= # :global_options \ logfile=/var/log/super.log # log to this file... \ renewtime=y # this says the user doesn't need to re-enter \ # password if super cmds are issued frequently \ # (so that we "know" it must be all one user) \ # patterns=shell # set user/group/host patterns matching to \ # Bourne-shell style patterns \ # (but note it's commented out). \ # timestampuid=sysmgr # create timestamp files w/ uid sysmgr \ # (but note it's commented out). \ # loguid=sysmgr # create logfile under uid sysmgr \ # (but note it's commented out). # # A useful definition... # :define OfficeHours {8:00-17:30}/{mon,tue,wed,thu,fri} debian/postrm0000664000000000000000000000037712325570426010454 0ustar #! /bin/sh set -e if [ "$1" = "purge" ] ; then rm -rf /var/lib/super \ /var/run/superstamps \ /var/log/super.log \ /var/log/super.log.0 \ /var/log/super.log.*.gz \ /etc/cron.weekly/super \ /etc/cron.weekly/super.dpkg-old fi #DEBHELPER# exit 0 debian/patches/0000775000000000000000000000000012325570426010625 5ustar debian/patches/08-Logfile-group.patch0000664000000000000000000000161312325570426014607 0ustar From: Robert Luberda Date: Sat, 2 Jan 2010 13:57:00 +0100 Subject: 08 Logfile group. Create log files owned by the adm group (closes: #112700). --- utils.c | 16 ++++++++++++++++ 1 files changed, 16 insertions(+), 0 deletions(-) diff --git a/utils.c b/utils.c index a063f8f..494649c 100644 --- a/utils.c +++ b/utils.c @@ -1102,6 +1102,22 @@ pid_t *pid_p; /* filled with pid of created logger */ (void) close(fildes[1]); exit(1); } + + /* Debian bug#112700 - set group & umask for log files */ + gid_t adm = findgid(0, "adm"); + if (adm >= 0) + { + if ((setgid(adm)) == -1) { + Error(1, 0, "failed to setgid %d before opening logfile; no logging: ", adm); + exit(1); + } + umask(0037); + } + else + { + umask(0077); + } + if (user && *user != '\0') { stringcopy(localinfo.user, user, sizeof(localinfo.user)); *localinfo.euser = '\0'; -- debian/patches/07-FTBFS-kFreeBSD.patch0000664000000000000000000000176112325570426014326 0ustar From: Cyril Brulebois Date: Sun, 20 Dec 2009 12:03:21 +0100 Subject: 07 FTBFS kFreeBSD. Fix FTBFS on GNU/kFreeBSD (closes: #561787). --- configure | 4 ++++ configure.in | 3 +++ 2 files changed, 7 insertions(+), 0 deletions(-) diff --git a/configure b/configure index 765e76e..9aeba2f 100755 --- a/configure +++ b/configure @@ -2175,6 +2175,10 @@ elif test "$Uname" = Linux ; then #define _BSD_SOURCE 1 _ACEOF +elif test "$Uname" = GNU/kFreeBSD ; then + cat >>confdefs.h <<\_ACEOF +#define _BSD_SOURCE 1 +_ACEOF elif test "$Uname" = OSF1 ; then cat >>confdefs.h <<\_ACEOF diff --git a/configure.in b/configure.in index 8465e01..95f10db 100644 --- a/configure.in +++ b/configure.in @@ -38,6 +38,9 @@ if test "$Uname" = HP-UX ; then elif test "$Uname" = Linux ; then AC_DEFINE(_BSD_SOURCE) +elif test "$Uname" = GNU/kFreeBSD ; then + AC_DEFINE(_BSD_SOURCE) + elif test "$Uname" = OSF1 ; then AC_DEFINE(_OSF_SOURCE) AC_DEFINE(Digital_UNIX) -- debian/patches/03-Show-perror.patch0000664000000000000000000000100712325570426014313 0ustar From: Robert Luberda Date: Fri, 30 Apr 2004 19:28:00 +0200 Subject: 03 Show perror. Make error messages more verbose. --- error.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/error.c b/error.c index d9f6906..0b91ad9 100644 --- a/error.c +++ b/error.c @@ -348,6 +348,8 @@ Error( va_start(ap, fmt); (void) vsprintf(buf, newfmt, ap); va_end(ap); + if (show_perror) + StrLCat(buf, Strerror(error), sizeof(buf)); SysLog(error_priority, buf); } #endif -- debian/patches/14-Fix-unchecked-setuid-call.patch0000664000000000000000000000167512325570426016762 0ustar From: Robert Luberda Date: Wed, 23 Apr 2014 00:28:19 +0200 Subject: 14 Fix unchecked setuid call Fix the following issue noticed by John Lightsey: super.c does an unchecked setuid(getuid()) when the -F flag is supplied pointing to a configuration file to test. This opens super up to the RLIM_NPROC style exploits on 2.6 kernels. The issue was assigned number CVE-2014-0470. --- super.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/super.c b/super.c index abea061..1c21886 100644 --- a/super.c +++ b/super.c @@ -849,7 +849,9 @@ by `-o %s' is overridden by file `%s'", *o_file, superfile); * to the real uid. */ if (getuid() != 0) { - setuid(getuid()); + if (setuid(getuid()) == -1) + Error(1, 1, "Can't set uid to %d: ", getuid()); + fprintf(stderr, "\t** Since you have supplied a super.tab file that isn't the default,\n"); fprintf(stderr, debian/patches/11-gcc-Wformat.patch0000664000000000000000000000162512325570426014242 0ustar From: Robert Luberda Date: Mon, 21 Feb 2011 22:05:00 +0100 Subject: 11 gcc Wformat. Fix warnings given by gcc when hardening options are enabled. --- getpass.c | 6 ++++-- 1 files changed, 4 insertions(+), 2 deletions(-) diff --git a/getpass.c b/getpass.c index c10382a..e2b091e 100644 --- a/getpass.c +++ b/getpass.c @@ -166,7 +166,8 @@ int n_buf; /* size of buf. Up to n_buf characters are written } if (prompt) { - write(fdout, prompt, strlen(prompt)); + if (write(fdout, prompt, strlen(prompt)) != strlen(prompt)) + return Error(0, 0, "write(prompt) failed\n"); } /* @@ -177,7 +178,8 @@ int n_buf; /* size of buf. Up to n_buf characters are written buf[(nread < n_buf) ? nread : (n_buf-1)] = '\0'; } if (prompt) { - write(fdout, "\n", 1); + if (write(fdout, "\n", 1) != 1) + return Error(0, 0, "write(\\n) failed\n"); } /* -- debian/patches/series0000664000000000000000000000052412325570426012043 0ustar 01-FTBFS-Hurd.patch 02-FTBFS-Alpha.patch 03-Show-perror.patch 04-Examples.patch 05-Manpages.patch 06-gcc-warnings.patch 07-FTBFS-kFreeBSD.patch 08-Logfile-group.patch 09-Makefile-srcdir.patch 10-FTBFS-Hurd-2.patch 11-gcc-Wformat.patch 12-Use-vnsprintf.patch 13-Potential-format-string-vulnerability.patch 14-Fix-unchecked-setuid-call.patch debian/patches/09-Makefile-srcdir.patch0000664000000000000000000000336612325570426015105 0ustar From: Robert Luberda Date: Sat, 19 Feb 2011 08:54:00 +0100 Subject: 09 Makefile srcdir. Use $(srcdir) if needed. --- Makefile.in | 18 +++++++++--------- 1 files changed, 9 insertions(+), 9 deletions(-) diff --git a/Makefile.in b/Makefile.in index 87a615a..1095617 100644 --- a/Makefile.in +++ b/Makefile.in @@ -193,22 +193,22 @@ install: install-bin install-man install-bin: super setuid - ./mkdir_p -p755 $(DESTDIR)/$(BINDIR) - ./mkdir_p -p755 $(DESTDIR)/$(localstatedir) - ./mkdir_p -p755 $(DESTDIR)/$(sysconfdir) - ./install-sh -c -o root -m 04755 super $(DESTDIR)/$(BINDIR)/super - ./install-sh -c -o root -m 0755 setuid $(DESTDIR)/$(BINDIR)/setuid + $(srcdir)/mkdir_p -p755 $(DESTDIR)/$(BINDIR) + $(srcdir)/mkdir_p -p755 $(DESTDIR)/$(localstatedir) + $(srcdir)/mkdir_p -p755 $(DESTDIR)/$(sysconfdir) + $(srcdir)/install-sh -c -o root -m 04755 super $(DESTDIR)/$(BINDIR)/super + $(srcdir)/install-sh -c -o root -m 0755 setuid $(DESTDIR)/$(BINDIR)/setuid test -f $(DESTDIR)/$(sysconfdir)/super.tab && \ echo "Not overwriting existing file $(DESTDIR)/$(sysconfdir)/super.tab" || \ - ./install-sh -c -o root -m 0644 barebones.tab \ + $(srcdir)/install-sh -c -o root -m 0644 $(srcdir)/barebones.tab \ $(DESTDIR)/$(sysconfdir)/super.tab install-man: super.1 setuid.1 super.5 - ./install-sh -c -o root -m 0644 super.1 \ + $(srcdir)/install-sh -c -o root -m 0644 super.1 \ $(DESTDIR)/$(MAN1DIR)/super.$(MAN1EXT) - ./install-sh -c -o root -m 0644 setuid.1 \ + $(srcdir)/install-sh -c -o root -m 0644 setuid.1 \ $(DESTDIR)/$(MAN1DIR)/setuid.$(MAN1EXT) - ./install-sh -c -o root -m 0644 super.5 \ + $(srcdir)/install-sh -c -o root -m 0644 super.5 \ $(DESTDIR)/$(MAN_FORMAT_DIR)/super.$(MAN_FORMAT_EXT) clean: -- debian/patches/05-Manpages.patch0000664000000000000000000000706712325570426013635 0ustar From: Robert Luberda Date: Sat, 19 Apr 2008 17:25:00 +0200 Subject: 05 Manpages. Man pages fixes. --- super.1.in | 13 ++++++------- super.5.in | 14 +++++++------- 2 files changed, 13 insertions(+), 14 deletions(-) diff --git a/super.1.in b/super.1.in index 0d38f6e..888c739 100644 --- a/super.1.in +++ b/super.1.in @@ -311,8 +311,7 @@ you can instead start the .supertab file with: .nf #! /bin/sh # Keep this backslash -> \\ - exec /long/path/to/the/super/executable -o $0 ${1+"$@"} -... + exec /long/path/to/the/super/executable \-o $0 ${1+"$@"} .fi .RE (The above takes advantage of the fact that super allows comments to @@ -321,7 +320,7 @@ be backslash-continued, but the shell doesn't.) Per-user .supertab linking works as follows: if .I /path/to/xyz is a symlink to some user's .supertab file, and the .supertab file -begins with \fI#! /path/to/super -o\fP, +begins with \fI#! /path/to/super \-o\fP, then the shell will invoke .I super with arguments something like @@ -472,9 +471,9 @@ that \fIsuper foo\fP is a valid command: .in +.5i .nf prog=\`basename $0\` -/usr/local/bin/super -t -r $0 $prog +/usr/local/bin/super \-t \-r $0 $prog case $? in -0 ) exec /usr/local/bin/super -t -r $0 $prog ;; +0 ) exec /usr/local/bin/super \-t \-r $0 $prog ;; * ) echo "Super $prog doesn't work!" ... So take appropriate action ... ;; @@ -656,7 +655,7 @@ itself by beginning the script in the following way: #!/bin/sh prog=\`basename $0\` test "X$SUPERCMD" = "X$prog" || - exec /usr/local/bin/super -r $0 $prog ${1+"$@"} + exec /usr/local/bin/super \-r $0 $prog ${1+"$@"} .fi .in -.5i Here, the path that is exec'd should be replaced with the @@ -689,7 +688,7 @@ into the .I super.tab file. .SH "SEE ALSO" -.BR super (5). +.BR super.tab (5). .SH AUTHOR Will Deich .br diff --git a/super.5.in b/super.5.in index 869c77d..9c9ca85 100644 --- a/super.5.in +++ b/super.5.in @@ -1,4 +1,4 @@ -.TH SUPER 5 local +.TH SUPER.TAB 5 local .\" .\" Copyright (c) 1993 by California Institute of Technology. .\" Written by William Deich. Not derived from licensed software. @@ -8,7 +8,7 @@ .\" .\" .SH NAME -super, super.tab \- database of restricted commands for super(1) +super.tab \- database of restricted commands for super(1) .SH DESCRIPTION The .I super.tab @@ -88,7 +88,7 @@ using effective uid root; unchanged real uid and gid; no supplementary groups; no open file descriptors save 0, 1, and 2; no environment variables except a few with safe values (see -.BR super.1 ); +.BR super (1)); and signal handling reset to the default. .PP When @@ -1551,7 +1551,7 @@ and .B syslog options. For instance, -\fImail="mail -s Super joeblow"\fR +\fImail="mail \-s Super joeblow"\fR will cause error messages to be mailed to user .I joeblow (on some systems you may need to substitute @@ -1641,7 +1641,7 @@ Super doesn't know what are sensible codes \(em it's up to the .I super.tab writer to choose meaningful values. For instance, if you put .ti +.5i -.B\ syslog_error="LOG_INFO\ |\ LOG_ERR"\ \fI(bad!)\fP +.B syslog_error="LOG_INFO\ |\ LOG_ERR"\ \fI(bad!)\fP .br then you will get both those values or'd together and passed to .I syslog(). @@ -1776,7 +1776,7 @@ The can be .B password or -.B PAM +.B pam (if PAM is supported on your system). The default is .BR password . @@ -2027,7 +2027,7 @@ For example, suppose you want to permit users to safely mount zip disks, and you use something like: .ti +.5i .B zipmount -"/etc/mount -o nosuid /dev/xz10 /zip" +"/etc/mount \-o nosuid /dev/xz10 /zip" .br This command will fail if .I /etc/mount -- debian/patches/10-FTBFS-Hurd-2.patch0000664000000000000000000000353412325570426013774 0ustar From: Robert Luberda Date: Mon, 21 Feb 2011 22:05:00 +0100 Subject: 10 FTBFS Hurd 2. Fix FTBFS on GNU/Hurd. --- configure | 5 +++++ configure.in | 3 +++ localsys.h | 2 +- super.h | 2 -- 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/configure b/configure index 9aeba2f..d10cccb 100755 --- a/configure +++ b/configure @@ -2180,6 +2180,11 @@ elif test "$Uname" = GNU/kFreeBSD ; then #define _BSD_SOURCE 1 _ACEOF +elif test "$Uname" = GNU ; then # Hurd + cat >>confdefs.h <<\_ACEOF +#define _BSD_SOURCE 1 +_ACEOF + elif test "$Uname" = OSF1 ; then cat >>confdefs.h <<\_ACEOF #define _OSF_SOURCE 1 diff --git a/configure.in b/configure.in index 95f10db..a605270 100644 --- a/configure.in +++ b/configure.in @@ -41,6 +41,9 @@ elif test "$Uname" = Linux ; then elif test "$Uname" = GNU/kFreeBSD ; then AC_DEFINE(_BSD_SOURCE) +elif test "$Uname" = GNU ; then # Hurd + AC_DEFINE(_BSD_SOURCE) + elif test "$Uname" = OSF1 ; then AC_DEFINE(_OSF_SOURCE) AC_DEFINE(Digital_UNIX) diff --git a/localsys.h b/localsys.h index 56e9216..53768c1 100644 --- a/localsys.h +++ b/localsys.h @@ -313,7 +313,7 @@ extern int sysinfo(); #endif /* type returned by setgrent() */ -#if defined(Digital_UNIX) || (defined(BSD) && (BSD >= 199306)) +#if defined(Digital_UNIX) || (defined(BSD) && (BSD >= 199306) && !defined(GNU)) typedef int SETGRENT_T; #else typedef void SETGRENT_T; diff --git a/super.h b/super.h index f5e5188..f737b32 100644 --- a/super.h +++ b/super.h @@ -488,9 +488,7 @@ int ARinsert P__((ArgRangePat *start, int arg1, int arg2, char *pat)); ArgRangePat * ARnext P__((ArgRangePat *start, int iarg)); void add_builtin_variables P__(( void )); -#ifdef HAVE_SYSINFO int add_sysinfo_variables P__(( void )); -#endif #ifdef HAVE_UNAME int add_uname_variables P__(( void )); #endif -- debian/patches/02-FTBFS-Alpha.patch0000664000000000000000000000131412325570426013753 0ustar From: Paul Slootman Date: Tue, 9 Jan 2001 16:07:36 +0100 Subject: 02 FTBFS Alpha. Fix build problem on Alpha (closes: #81678). --- localsys.h | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/localsys.h b/localsys.h index 3ac06e5..56e9216 100644 --- a/localsys.h +++ b/localsys.h @@ -243,12 +243,14 @@ int misc_conv(int num_msg, const struct pam_message **msgm, #if !(defined(BSD) && (BSD >= 199306)) #if !(defined(SUNOS5) && SUNOS_MINOR >= 6) #if !(defined(_AIX) && AIX_MAJOR >= 4) +#if !(defined(__linux__)) extern int gethostname P__((char *, size_t size)); #endif #endif #endif #endif #endif +#endif #ifdef HAVE_SYS_SYSINFO_H #include -- debian/patches/01-FTBFS-Hurd.patch0000664000000000000000000000167512325570426013641 0ustar From: =?UTF-8?q?G=C3=B6ran=20Weinholt?= Date: Mon, 28 Jun 2004 10:50:38 +0200 Subject: 01 FTBFS Hurd. Fix FTBFS on hurd (#256634). --- utils.c | 11 ++++++----- 1 files changed, 6 insertions(+), 5 deletions(-) diff --git a/utils.c b/utils.c index 3ec70b6..a063f8f 100644 --- a/utils.c +++ b/utils.c @@ -2001,7 +2001,8 @@ int n; } #endif -#ifdef HAVE_SYS_ERRLIST +/*#ifdef HAVE_SYS_ERRLIST*/ +#if 0 extern char *sys_errlist[]; extern int sys_nerr; #endif @@ -2014,6 +2015,9 @@ char *Strerror(errnum) int errnum; { +#ifdef HAVE_STRERROR + return strerror(errnum); +#else static char buf[500]; #ifndef HAVE_SYS_ERRLIST sprintf(buf, "Error %d", errnum); @@ -2023,13 +2027,10 @@ int errnum; sprintf(buf, "Error %d (!)", errnum); return buf; } else { -#ifdef HAVE_STRERROR - return strerror(errnum); -#else return sys_errlist[errnum]; -#endif } #endif +#endif } #ifndef HAVE_STRDUP -- debian/patches/04-Examples.patch0000664000000000000000000000672112325570426013653 0ustar From: Robert Luberda Date: Mon, 4 Jun 2001 21:00:00 +0200 Subject: 04 Examples. Update paths in examples. --- sample.cdmount | 29 +++++++++++++---------------- sample.cdumount | 12 ++++++------ sample.tab | 5 +++-- 3 files changed, 22 insertions(+), 24 deletions(-) diff --git a/sample.cdmount b/sample.cdmount index 09ccb4f..d5d88f0 100644 --- a/sample.cdmount +++ b/sample.cdmount @@ -2,37 +2,34 @@ prog=`basename $0` # If script invoked w/o super, then exec super to run this script. -test "X$SUPERCMD" = "X$prog" || exec /usr/local/bin/super $prog ${1+"$@"} +test "X$SUPERCMD" = "X$prog" || exec /usr/bin/super $prog ${1+"$@"} usage() { cat <<-END Use: - $prog hsfs | 4.2 + $prog Purpose: Mounts a cdrom on /cdrom. - Argument: the cdrom type; specify one of - hsfs - cdrom is High Sierra File System - 4.2 - usual Unix disk format END } case $# in - 1 ) ;; + 0 ) ;; * ) usage ; exit 1 ;; esac -type="$1" -case "$type" in - 4.2 | hsfs ) ;; - -h ) usage ; exit 0 ;; - * ) echo "$prog: unknown cd type $1" ; usage ; exit 1 ;; -esac +type="iso9660" +# case "$type" in +# 4.2 | hsfs ) ;; +# -h ) usage ; exit 0 ;; +# * ) echo "$prog: unknown cd type $1" ; usage ; exit 1 ;; +# esac -PATH=$PATH:/usr/etc # SunOS 4.x needs this to understand type hsfs -export PATH +# PATH=$PATH:/usr/etc # SunOS 4.x needs this to understand type hsfs +# export PATH -echo /etc/mount -v -r -t $type -o nosuid /dev/sr0 /cdrom - /etc/mount -v -r -t $type -o nosuid /dev/sr0 /cdrom +echo /bin/mount -v -r -t $type -o nosuid /dev/cdrom /cdrom + /bin/mount -v -r -t $type -o nosuid /dev/cdrom /cdrom diff --git a/sample.cdumount b/sample.cdumount index c9b5248..adafcba 100644 --- a/sample.cdumount +++ b/sample.cdumount @@ -5,7 +5,7 @@ prog=`basename $0` # If script invoked w/o super, then exec super to run this script. -test "X$SUPERCMD" = "X$prog" || exec /usr/local/bin/super $prog ${1+"$@"} +test "X$SUPERCMD" = "X$prog" || exec /usr/bin/super $prog ${1+"$@"} usage() { cat <<-END @@ -22,9 +22,9 @@ case $# in * ) usage ; exit 1 ;; esac -PATH=$PATH:/usr/etc # SunOS 4.x needs this for mount; not sure - # if needed for umount. -export PATH +# PATH=$PATH:/usr/etc # SunOS 4.x needs this for mount; not sure +# # if needed for umount. +# export PATH -echo /etc/umount -v /cdrom - /etc/umount -v /cdrom +echo /bin/umount -v /cdrom + /bin/umount -v /cdrom diff --git a/sample.tab b/sample.tab index 7ac78e6..2284d9f 100644 --- a/sample.tab +++ b/sample.tab @@ -1,6 +1,6 @@ # This file lists commands that super(1) will execute for you as root. -# See the super.5 man page for information. +# See the super.tab(5) man page for information. # Global options ========================================================= # @@ -19,7 +19,7 @@ # Log super actions to a file, under uid=sysmgr. (Note that loguid has to # be part of same :global_options entry as logfile.) -:global logfile=/usr/adm/super.log loguid=sysmgr +:global logfile=/var/log/super.log loguid=sysmgr # Mail msgs regarding super errors to user joeblow (default is no mail): # :global mail="/usr/bin/mailx -s '*** super ***' joeblow" @@ -84,6 +84,7 @@ restart /usr/local/bin/restart $TimeoutUsers \ # host in the netgroup "india" may mount a CD on the "india" machines. cdmount /usr/local/bin/cdmount \ + uid=root \ info="Mounts a CD-ROM on /cdrom" \ tas@elgar \ :xyz@{alpha,delta} \ -- debian/patches/12-Use-vnsprintf.patch0000664000000000000000000000266312325570426014660 0ustar From: Robert Luberda Date: Sun, 4 Dec 2011 16:56:57 +0100 Subject: 12 Use vnsprintf. error.c: Use vsnprintf() instead of vprintf() to fix a crash occurring when syslog logging is enabled and total length of arguments passed to super is greater then 1300 characters. rsyslog.c: Do the same just in case. --- error.c | 4 ++-- rsyslog.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/error.c b/error.c index 0b91ad9..30529fa 100644 --- a/error.c +++ b/error.c @@ -346,7 +346,7 @@ Error( if (tag) StrLCat(newfmt, tag, sizeof(newfmt)); va_start(ap, fmt); - (void) vsprintf(buf, newfmt, ap); + (void) vsnprintf(buf, sizeof(buf), newfmt, ap); va_end(ap); if (show_perror) StrLCat(buf, Strerror(error), sizeof(buf)); @@ -515,7 +515,7 @@ va_dcl StrLCat(newfmt, fmt, sizeof(newfmt)); if (tag) StrLCat(newfmt, tag, sizeof(newfmt)); - (void) vsprintf(buf, newfmt, ap); + (void) vsnprintf(buf, sizeof(buf), newfmt, ap); va_end(ap); SysLog(error_priority, buf); } diff --git a/rsyslog.c b/rsyslog.c index ed478d8..af1e571 100644 --- a/rsyslog.c +++ b/rsyslog.c @@ -103,7 +103,7 @@ static struct { (void) sprintf(msg,"(%d) ", getpid()); if (*loginfo.ident) (void) sprintf(msg+strlen(msg),"%s: ", loginfo.ident); - (void) vsprintf(msg+strlen(msg), fmt, args); + (void) vsnprintf(msg+strlen(msg), sizeof(msg)-strlen(msg), fmt, args); va_end(args); /* -- debian/patches/13-Potential-format-string-vulnerability.patch0000664000000000000000000000425312325570426021513 0ustar From: Robert Luberda Date: Sat, 7 Jan 2012 12:53:33 +0100 Subject: 13 Potential format string vulnerability. Fix potential format string vulnerability that might occur if the user of file name or file name used in the tag contains a '%' character. --- error.c | 26 ++++++++++---------------- 1 files changed, 10 insertions(+), 16 deletions(-) diff --git a/error.c b/error.c index 30529fa..c9a5cc0 100644 --- a/error.c +++ b/error.c @@ -188,14 +188,16 @@ int fac; } void -SysLog(pri, buf) +SysLog(pri, user, buf, tag) int pri; +char *user; char *buf; +char *tag; { if (using_rsyslog) { - rsyslog(pri, "%s", buf); + rsyslog(pri, "(%s) %s%s", user, buf, (tag ? tag : "")); } else { - syslog(pri, "%s", buf); + syslog(pri, "(%s) %s%s", user, buf, (tag ? tag : "")); } } @@ -336,21 +338,17 @@ Error( #ifdef HAVE_SYSLOG_H if (error_syslog) { - char newfmt[MAXPRINT], buf[MAXPRINT]; + char buf[MAXPRINT]; if (!openlog_done) { OpenLog(error_prog ? error_prog : "", 0, error_facility); openlog_done = 1; } - sprintf(newfmt, "(%s) ", error_user ? error_user : user); - StrLCat(newfmt, fmt, sizeof(newfmt)); - if (tag) - StrLCat(newfmt, tag, sizeof(newfmt)); va_start(ap, fmt); - (void) vsnprintf(buf, sizeof(buf), newfmt, ap); + (void) vsnprintf(buf, sizeof(buf), fmt, ap); va_end(ap); if (show_perror) StrLCat(buf, Strerror(error), sizeof(buf)); - SysLog(error_priority, buf); + SysLog(error_priority, (error_user ? error_user : user), buf, tag); } #endif @@ -502,7 +500,7 @@ va_dcl #ifdef HAVE_SYSLOG_H if (error_syslog) { - char newfmt[MAXPRINT], buf[MAXPRINT]; + char buf[MAXPRINT]; va_start(ap); show_perror = va_arg(ap, int); die = va_arg(ap, int); @@ -511,13 +509,9 @@ va_dcl OpenLog(error_prog ? error_prog : "", 0, error_facility); openlog_done = 1; } - sprintf(newfmt, "(%s) ", error_user ? error_user : user); - StrLCat(newfmt, fmt, sizeof(newfmt)); - if (tag) - StrLCat(newfmt, tag, sizeof(newfmt)); (void) vsnprintf(buf, sizeof(buf), newfmt, ap); va_end(ap); - SysLog(error_priority, buf); + SysLog(error_priority, (error_user ? error_user : user), buf, tag); } #endif -- debian/patches/06-gcc-warnings.patch0000664000000000000000000000535712325570426014465 0ustar From: Robert Luberda Date: Sat, 19 Apr 2008 18:01:00 +0200 Subject: 06 gcc warnings. Fix warnings from `gcc -Wall'. --- approve.c | 4 ++-- checks.c | 12 +++++++----- super.c | 4 ++-- 3 files changed, 11 insertions(+), 9 deletions(-) diff --git a/approve.c b/approve.c index 3c27764..2e3a2a9 100644 --- a/approve.c +++ b/approve.c @@ -754,8 +754,8 @@ void printhelp(verbosity) int verbosity; { - char **p, *s; - int i, j, n; + char **p; + int i, j; ArgRangePat *arp; if (verbosity == HELP_BASIC) { diff --git a/checks.c b/checks.c index f74b7ea..e965adb 100644 --- a/checks.c +++ b/checks.c @@ -26,7 +26,7 @@ static char *NO = "N"; */ static int created_user_table = 0; -static netgrp_u_compare(pattern, user) +static int netgrp_u_compare(pattern, user) char *pattern; char *user; { @@ -50,7 +50,7 @@ static netgrp_u_compare(pattern, user) } item.key = keybuf; - if (found_item = s_hsearch(HS_USER, item, FIND)) { + if ((found_item = s_hsearch(HS_USER, item, FIND))) { return found_item->data == YES? 1: 0; } passed = innetgr(pattern, NULL, user, NULL); @@ -73,7 +73,7 @@ static netgrp_u_compare(pattern, user) } static int created_host_table = 0; -static netgrp_h_compare(pattern, host) +static int netgrp_h_compare(pattern, host) char *pattern; char *host; { @@ -97,7 +97,7 @@ static netgrp_h_compare(pattern, host) } item.key = keybuf; - if (found_item = s_hsearch(HS_HOST, item, FIND)) { + if ((found_item = s_hsearch(HS_HOST, item, FIND))) { return found_item->data == YES? 1: 0; } passed = innetgr(pattern, host, NULL, NULL); @@ -1086,6 +1086,8 @@ char *cmd; char mkdirMsg[1000]; char *authuser; + file_exists = 0; + if (!localinfo.authinfo.required) return 0; /* don't need authentication */ @@ -1924,7 +1926,7 @@ char *gp_pat; /* pattern to match */ } item.key = keybuf; - if (found_item = s_hsearch(HS_GROUP, item, FIND)) { + if ((found_item = s_hsearch(HS_GROUP, item, FIND))) { return found_item->data == YES? 1: 0; } diff --git a/super.c b/super.c index 0902702..abea061 100644 --- a/super.c +++ b/super.c @@ -900,7 +900,7 @@ char **arglist; char **envp; int n_builtin; { - char *s, *t, **p, **sp; + char *t, **p, **sp; char *cdpath; int isglobal, j, iarg; ArgRangePat *argpats, *arp; @@ -1750,7 +1750,7 @@ rcl_umask() } /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ -/* Check if -r path matches actual path. +/* Check if -r path matches actual path. */ /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ int check_rpath(r_path, xpath) -- debian/watch0000664000000000000000000000015312325570426010226 0ustar # control file for the uscan(1) tool version=2 ftp://ftp.ucolick.org/pub/users/will/super-([\d\.]+)-tar.gz debian/compat0000664000000000000000000000000212325570426010374 0ustar 8 debian/prerm0000664000000000000000000000015012325570426010242 0ustar #! /bin/sh set -e if [ "$1" = "remove" ] ; then rm -rf /var/run/superstamps fi #DEBHELPER# exit 0 debian/dirs0000664000000000000000000000006212325570426010060 0ustar etc usr/bin usr/share/man/man1 usr/share/man/man5 debian/logrotate0000664000000000000000000000020012325570426011111 0ustar # Logrotate file for super.log /var/log/super.log { notifempty rotate 4 weekly compress missingok create 0640 root adm } debian/source/0000775000000000000000000000000012325570426010476 5ustar debian/source/format0000664000000000000000000000001412325570426011704 0ustar 3.0 (quilt) debian/examples0000664000000000000000000000010312325570426010731 0ustar debian/_tmp_/super.tab debian/_tmp_/cdmount debian/_tmp_/cdumount debian/pam0000664000000000000000000000033412325570426007676 0ustar # # The PAM configuration file for super # # Please note, that you should enable PAM authentication by using # `auth=y', `authtype=pam' options in your super.tab(5) file. # @include common-auth @include common-account