without O_NOFOLLOW, it must be done relative to dfd. Previously
the lstat() would always fail, p...

sudo_edit_open() whether the path to be opened is symlink before
opening it. This is racey but w...

Remove unused variables when O_NOFOLLOW is not present.

from check_defaults() to validate the defaults value. In visudo,
suppress warnings from update_d...

default_binding_matches(). We can now use default_type_matches()
in check_defaults().

first parse of sudoers.

up locale changes. The init_defaults() function will now re-init
the sudoers locale.

to restore the user's locale since warnings are displayed in the
user's locale anyway.

user's locale afterward. Also set the warn/fatal locale helper
function so warning messages duri...

so warning messages during sudoers loading are displayed in the
user's own locale.

visudo and testsudoers.

its name. Otherwise, it won't take effect until sudoers lookup time.

set multiple times.

variable is set in sudoers. This avoids running an early callback
more than once. For example, ...

not modified.

of a char *.

influence how other defaults are parsed. Currently, runas_default
and sudoers_locale are process...

in fill_args(). Bug #752

on them.

is set.

unlink a shared library that is in use.

otherwise sudo will not treat it as a fatal error.

Previously the sudoers locale was used when evaluating sudoers
but not during the inital parse. ...

if we don't need to.

static.

_XOPEN_SOURCE_EXTENDED is defined. Only define _XOPEN_SOURCE_EXTENDED
if we can still compile ne...

empty.

returned an error.

policy_init_session(). Bug #749

arguments after the plugin path.

user_cmnd first if it is fully-qualified. This avoids a lot of
needless stat(2) calls and avoids...

an exec error. We don't want to overwrite the error status but we
do need to indicate that the c...

in /etc/security/limits. When 64-bit resource limits are supported
we can use the default value ...

instead of the system hostname.

Only check username as part of the netgroup when netgroup_tuple is
enabled.

in sudo. The rules may contain mixed sudoUser specification so we have to
check not only for netg...

NULL or the user pressed ^C.

Caught by regress checks.

From Daniel Kopecek.

Also fix the section for ldap.conf cross-references.

Add missing word "order" in a sentence describing sudoOrder.

for the LDAP backend. Adapted from sudo-1.8.6p3-sssdrulenames.patch

next reboot. Adapted from a RedHat patch.

explicitly zero. Fixes a failure on glibc.

apparently happen on systems using Solaris-derived PAM. Other
errors from pam_open_session() are...

Reading from the pipe can block too if the other end is not closed.

it is legal to escape a forward slash, it is not required.

domain on Solaris.

mode. We now do two passes, one with SUDO_EVLOOP_NONBLOCK and
another that could block if stdin ...

so the event loop will exit after a single run through. Otherwise,
we may hang at exit on non-BS...

for this because that corresponds to the value for atomic pipe
writes. The actual pipe buffer is...

time, only when the user suspends sudo. Fixes a problem where all
buffers might not get flushed ...

is NULL, which can happen on the error path.

succeed if there is already a controlling tty.

first open like a physical terminal. By definition, if you have a
controlling tty, the first ope...