From owner-freebsd-bugs  Fri Jul 19 12:00:05 1996
Return-Path: owner-bugs
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id MAA13205
          for bugs-outgoing; Fri, 19 Jul 1996 12:00:05 -0700 (PDT)
Received: (from gnats@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id MAA13187;
          Fri, 19 Jul 1996 12:00:02 -0700 (PDT)
Resent-Date: Fri, 19 Jul 1996 12:00:02 -0700 (PDT)
Resent-Message-Id: <199607191900.MAA13187@freefall.freebsd.org>
Resent-From: gnats (GNATS Management)
Resent-To: freebsd-bugs
Resent-Reply-To: FreeBSD-gnats@freefall.FreeBSD.org, andrew@ugh.net.au
Received: from sally.ugh.net.au (celeste.hobart.tased.edu.au [147.41.41.101])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id LAA12748
          for <FreeBSD-gnats-submit@freebsd.org>; Fri, 19 Jul 1996 11:53:02 -0700 (PDT)
Received: (from andrew@localhost) by sally.ugh.net.au (8.7.5/8.7.3) id EAA02330; Sat, 20 Jul 1996 04:52:53 +1000 (EST)
Message-Id: <199607191852.EAA02330@sally.ugh.net.au>
Date: Sat, 20 Jul 1996 04:52:53 +1000 (EST)
From: andrew@ugh.net.au
Reply-To: andrew@ugh.net.au
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.2
Subject: ports/1405: Default sudoers file
Sender: owner-bugs@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


>Number:         1405
>Category:       ports
>Synopsis:       sudoers file that comes with the sudo package for 2.1.5 has users already added.
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jul 19 12:00:01 PDT 1996
>Last-Modified:
>Originator:     Andrew
>Organization:
>Release:        FreeBSD 2.1-STABLE i386
>Environment:

FreeBSD-2.1.5. sudo 1.4

>Description:

When adding the sudo package for 2.1.5 a sudoers file is installed that already contains certain users (jkh, gpalmer, asami). Admittedly quite respectable people but if someone had users with the same logins on their machine those users would presumably have root access between the time root installs sudo and root modifies the sudoers file.


>How-To-Repeat:

pkg-add sudo-1.4.tgz

The sudoers file is in /usr/local/etc.

>Fix:
	
Remove these users from the sudoers file before taring the port.
>Audit-Trail:
>Unformatted: