diff options
| -rw-r--r-- | config/sudo/sudo.inc | 26 | ||||
| -rw-r--r-- | pkg_config.10.xml | 2 | ||||
| -rw-r--r-- | pkg_config.8.xml | 2 | ||||
| -rw-r--r-- | pkg_config.8.xml.amd64 | 2 |
4 files changed, 26 insertions, 6 deletions
diff --git a/config/sudo/sudo.inc b/config/sudo/sudo.inc index 68cf4a00..a69d9211 100644 --- a/config/sudo/sudo.inc +++ b/config/sudo/sudo.inc @@ -33,16 +33,30 @@ switch ($pfs_version) { case "1.2": case "2.0": define('SUDO_BASE','/usr/local'); + define('SUDO_LIBEXEC_DIR', '/usr/local/libexec/sudo'); break; - default: + case "2.1": // Hackish way to detect if someone manually did pkg_add rather than use pbi. - if (is_dir('/usr/pbi/sudo-' . php_uname("m"))) + if (is_dir('/usr/pbi/sudo-' . php_uname("m"))) { define('SUDO_BASE', '/usr/pbi/sudo-' . php_uname("m")); - else + define('SUDO_LIBEXEC_DIR', '/usr/local/libexec/'); + } else { define('SUDO_BASE','/usr/local'); + define('SUDO_LIBEXEC_DIR', '/usr/local/libexec/sudo'); + } + break; + default: + define('SUDO_BASE','/usr/local'); + // Hackish way to detect if someone manually did pkg_add rather than use pbi. + if (is_dir('/usr/pbi/sudo-' . php_uname("m"))) { + define('SUDO_LIBEXEC_DIR', '/usr/pbi/sudo-' . php_uname("m") . '/local/libexec/sudo'); + } else { + define('SUDO_LIBEXEC_DIR', '/usr/local/libexec/sudo'); + } } define('SUDO_CONFIG_DIR', SUDO_BASE . '/etc'); +define('SUDO_CONF', SUDO_CONFIG_DIR . '/sudo.conf'); define('SUDO_SUDOERS', SUDO_CONFIG_DIR . '/sudoers'); function sudo_install() { @@ -73,6 +87,12 @@ function sudo_write_config() { global $config; $sudoers = ""; conf_mount_rw(); + + $sudoconf = "Plugin sudoers_policy " . SUDO_LIBEXEC_DIR . "/sudoers.so\n"; + $sudoconf .= "Plugin sudoers_io " . SUDO_LIBEXEC_DIR . "/sudoers.so\n"; + $sudoconf .= "Path noexec " . SUDO_LIBEXEC_DIR . "/sudo_noexec.so\n"; + file_put_contents(SUDO_CONF, $sudoconf); + if (!is_array($config['installedpackages']['sudo']['config'][0]['row'])) { /* No config, wipe sudoers file and bail. */ unlink(SUDO_SUDOERS); diff --git a/pkg_config.10.xml b/pkg_config.10.xml index 5a00da13..1310f1e2 100644 --- a/pkg_config.10.xml +++ b/pkg_config.10.xml @@ -1426,7 +1426,7 @@ <pkginfolink>https://doc.pfsense.org/index.php/Sudo_Package</pkginfolink> <descr><![CDATA[sudo allows delegation of privileges to users in the shell so commands can be run as other users, such as root.]]></descr> <category>Security</category> - <version>0.2.2</version> + <version>0.2.3</version> <status>Beta</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/sudo/sudo.xml</config_file> diff --git a/pkg_config.8.xml b/pkg_config.8.xml index 8d7bcd94..e1f6cc24 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -1831,7 +1831,7 @@ <pkginfolink>https://doc.pfsense.org/index.php/Sudo_Package</pkginfolink> <descr><![CDATA[sudo allows delegation of privileges to users in the shell so commands can be run as other users, such as root.]]></descr> <category>Security</category> - <version>0.2.1</version> + <version>0.2.3</version> <status>Beta</status> <required_version>2.0.2</required_version> <config_file>https://packages.pfsense.org/packages/config/sudo/sudo.xml</config_file> diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 88792d6a..87cc2107 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -1818,7 +1818,7 @@ <pkginfolink>https://doc.pfsense.org/index.php/Sudo_Package</pkginfolink> <descr><![CDATA[sudo allows delegation of privileges to users in the shell so commands can be run as other users, such as root.]]></descr> <category>Security</category> - <version>0.2.1</version> + <version>0.2.3</version> <status>Beta</status> <required_version>2.0.2</required_version> <config_file>https://packages.pfsense.org/packages/config/sudo/sudo.xml</config_file> |