The FreeBSD Ports Archive

Freebsd | Contact
Welcome to FreeBSD Software


FreeBSD security : super

Allow others to run commands as root

 Super is a setuid-root program that offers:

    o  restricted setuid-root access to executables, adjustable
	on a per-program and per-user basis;

    o  a relatively secure environment for scripts, so that well-written
	scripts can be run as root (or some other uid/gid), without
	unduly compromising security.

The design philosophy behind super is two-fold:

    (a) some users can be trusted when executing certain commands;
    (b) there are some commands, such as a script to mount CDROM's,
	which you'd like to be safely executable even by users who
	are NOT trusted.  Although setuid-root scripts are insecure,
	a good setuid-root wrapper around a sensible non-setuid script
	can be hard to break, and super provides that wrapper so that
	even a non-trusted user can use the scripts. 

http://www.ucolick.org/~will/#super



super history


v. 1.30
date: 2006/12/16 11:53:53;  author: miwi;  state: Exp;  lines: +1 -1
- Updatre to 3.26.2

Submitted by:	farrokhi

v. 1.29 date: 2006/11/08 09:28:29; author: farrokhi; state: Exp; lines: +1 -1 Change my email address to farrokhi@ in all ports that I maintain. Approved by: miwi (mentor)
v. 1.28 date: 2006/07/24 12:12:42; author: jmelo; state: Exp; lines: +2 -1 - Update mastersite. - Update pkg-descr. PR: ports/100715 Submitted by: Babak Farrokhi (maintainer)
v. 1.27 date: 2006/07/16 15:18:24; author: clsung; state: Exp; lines: +2 -2 - update to 3.26.1 - take maintainership - pet portlint PR: ports/100387 Submitted by: maintainer (Babak Farrokhi)
v. 1.26 date: 2005/10/11 19:04:39; author: erwin; state: Exp; lines: +4 -10 - Update to 3.26.0 to fix fetching [1] - Reset maintainer - Remove now useless check for FreeBSD 3.x - Make sure the example configuration file only gets deinstalled if not changed. PR: 74263 Submitted by: freebsd@simplerezo.com [1], distsurvey [1] Approved by: maintainer timeout (11 months)
v. 1.25 date: 2004/09/03 17:55:00; author: obrien; state: Exp; lines: +1 -1 Update to 3.23.0. This release of super fixes a potential root exploit: http://xforce.iss.net/xforce/xfdb/16458 PR: 71328 Submitted by: Piet Delport
v. 1.24 date: 2003/09/24 09:36:57; author: osa; state: Exp; lines: +1 -1 Make portlint(1) happy by changing strip to ${STRIP_CMD} Submitted by: Oleg Karachevtsev PR: 56998
v. 1.23 date: 2003/07/24 18:43:52; author: obrien; state: Exp; lines: +1 -1 Upgrade to version 3.20.1.
v. 1.22 date: 2003/03/07 06:10:50; author: ade; state: Exp; lines: +1 -0 Clear moonlight beckons. Requiem mors pacem pkg-comment, And be calm ports tree. E Nomini Patri, E Fili, E Spiritu Sancti.
v. 1.21 date: 2002/08/04 07:43:00; author: obrien; state: Exp; lines: +8 -12 Update to 3.20.0. Parts taken from PR below. PR: 40869 Submitted by: Seamus Venasse
v. 1.20 date: 2002/08/02 13:21:41; author: nectar; state: Exp; lines: +3 -1 Mark FORBIDDEN due to local root exploit.
v. 1.19 date: 2001/04/22 05:35:14; author: fenner; state: Exp; lines: +2 -2 phobos.caltech.edu asks people to use ftp.astro.caltech.edu instead.
v. 1.18 date: 2000/05/16 16:58:31; author: obrien; state: Exp; lines: +4 -4 Update to version 3.14.0.
v. 1.17 date: 2000/04/21 08:19:08; author: mharo; state: Exp; lines: +2 -2 Correct whitespace introduced during PORTNAME conversion and portlint
v. 1.16 date: 2000/04/09 18:30:39; author: cpiazza; state: Exp; lines: +3 -3 Update with the new PORTNAME/PORTVERSION variables
v. 1.15 date: 2000/03/22 00:27:49; author: obrien; state: Exp; lines: +2 -1 Restore useless version required comments.
v. 1.14 date: 2000/03/20 02:37:21; author: obrien; state: Exp; lines: +1 -2 Remove the "version required" line.
v. 1.13 date: 2000/02/13 03:24:23; author: obrien; state: Exp; lines: +3 -3 Style nits in the ports I maintain.
v. 1.12 date: 1999/08/31 01:51:53; author: peter; state: Exp; lines: +1 -1 $Id$ -> $FreeBSD$
v. 1.11 date: 1999/02/28 21:42:55; author: asami; state: Exp; lines: +2 -2 Remove trailing whitespace.
v. 1.10 date: 1999/02/26 13:00:44; author: obrien; state: Exp; lines: +2 -2 upgrade to 3.12.1 This version fixes the Brazilian Information Security Team Security Advisor on "buffer overflow condition if the syslog option is enabled".
v. 1.9 date: 1999/02/19 02:33:45; author: obrien; state: Exp; lines: +2 -2 Updated to super-3.11.9
v. 1.8 date: 1999/02/18 22:59:28; author: obrien; state: Exp; lines: +1 -1 vesion 3.11.{7,8} fixes the February 15, 1999 ISS Security Advisory on buffer overflow in the Super program.
v. 1.7 date: 1999/02/18 22:57:42; author: obrien; state: Exp; lines: +2 -2 update to 3.11.8
v. 1.6 date: 1998/12/02 06:37:33; author: obrien; state: Exp; lines: +5 -3 Need to do a little bsd.port.pre.mk action to avoid a syntax error. Noticed by: Bill Fenner
v. 1.5 date: 1998/12/01 10:17:44; author: obrien; state: Exp; lines: +5 -1 return breakage status (but only for 2.2.x) Requested by: Satoshi
v. 1.4 date: 1998/12/01 09:50:50; author: obrien; state: Exp; lines: +1 -3 Mark unbroken. 2.2 is dead, 3.0 is the current and future. :-)
v. 1.3 date: 1998/11/23 09:02:19; author: asami; state: Exp; lines: +3 -1 Mark it broken, doesn't build on 2.2-stable. ======= ===> Building for super-3.11.6 cc -c -DSUPERFILE=\"/usr/local/etc/super.tab\" -DTIMESTAMP_DIR=\"/usr/local/var/superstamps\" -DSYSLOG_PRIORITY=LOG_ERR -DHAVE_CONFIG_H -I. -O -pipe super.c In file included from localsys.h:166, from super.h:18, from super.c:12: /usr/include/prot.h:60: parse error before `create_auth_reply' /usr/include/prot.h:62: parse error before `KTEXT' /usr/include/prot.h:62: warning: data definition has no type or storage class *** Error code 1 Stop.
v. 1.2 date: 1998/11/19 09:19:18; author: obrien; state: Exp; lines: +10 -12 Update to version 3.11.6. (currently the "password=y" feature to requre a password to be entered before running a command only works on DES passwords)
v. 1.1 date: 1997/04/24 08:02:43; author: obrien; state: Exp; branches: 1.1.1; Initial revision
v. 1.1.1.1 date: 1997/04/24 08:02:43; author: obrien; state: Exp; lines: +0 -0 Super is a setuid-root program that offers o restricted setuid-root access to executables, adjustable on a per-program and per-user basis; o a relatively secure environment for scripts, so that well-written scripts can be run as root (or some other uid/gid), without unduly compromising security. See pkg/DESCR for a comparson w/sudo. ============================================================================= v. 1.30 date: 2006/12/16 11:53:53; author: miwi; state: Exp; lines: +1 -1 - Updatre to 3.26.2 Submitted by: farrokhi
v. 1.29 date: 2006/11/08 09:28:29; author: farrokhi; state: Exp; lines: +1 -1 Change my email address to farrokhi@ in all ports that I maintain. Approved by: miwi (mentor)
v. 1.28 date: 2006/07/24 12:12:42; author: jmelo; state: Exp; lines: +2 -1 - Update mastersite. - Update pkg-descr. PR: ports/100715 Submitted by: Babak Farrokhi (maintainer)
v. 1.27 date: 2006/07/16 15:18:24; author: clsung; state: Exp; lines: +2 -2 - update to 3.26.1 - take maintainership - pet portlint PR: ports/100387 Submitted by: maintainer (Babak Farrokhi)
v. 1.26 date: 2005/10/11 19:04:39; author: erwin; state: Exp; lines: +4 -10 - Update to 3.26.0 to fix fetching [1] - Reset maintainer - Remove now useless check for FreeBSD 3.x - Make sure the example configuration file only gets deinstalled if not changed. PR: 74263 Submitted by: freebsd@simplerezo.com [1], distsurvey [1] Approved by: maintainer timeout (11 months)
v. 1.25 date: 2004/09/03 17:55:00; author: obrien; state: Exp; lines: +1 -1 Update to 3.23.0. This release of super fixes a potential root exploit: http://xforce.iss.net/xforce/xfdb/16458 PR: 71328 Submitted by: Piet Delport
v. 1.24 date: 2003/09/24 09:36:57; author: osa; state: Exp; lines: +1 -1 Make portlint(1) happy by changing strip to ${STRIP_CMD} Submitted by: Oleg Karachevtsev PR: 56998
v. 1.23 date: 2003/07/24 18:43:52; author: obrien; state: Exp; lines: +1 -1 Upgrade to version 3.20.1.
v. 1.22 date: 2003/03/07 06:10:50; author: ade; state: Exp; lines: +1 -0 Clear moonlight beckons. Requiem mors pacem pkg-comment, And be calm ports tree. E Nomini Patri, E Fili, E Spiritu Sancti.
v. 1.21 date: 2002/08/04 07:43:00; author: obrien; state: Exp; lines: +8 -12 Update to 3.20.0. Parts taken from PR below. PR: 40869 Submitted by: Seamus Venasse
v. 1.20 date: 2002/08/02 13:21:41; author: nectar; state: Exp; lines: +3 -1 Mark FORBIDDEN due to local root exploit.
v. 1.19 date: 2001/04/22 05:35:14; author: fenner; state: Exp; lines: +2 -2 phobos.caltech.edu asks people to use ftp.astro.caltech.edu instead.
v. 1.18 date: 2000/05/16 16:58:31; author: obrien; state: Exp; lines: +4 -4 Update to version 3.14.0.
v. 1.17 date: 2000/04/21 08:19:08; author: mharo; state: Exp; lines: +2 -2 Correct whitespace introduced during PORTNAME conversion and portlint
v. 1.16 date: 2000/04/09 18:30:39; author: cpiazza; state: Exp; lines: +3 -3 Update with the new PORTNAME/PORTVERSION variables
v. 1.15 date: 2000/03/22 00:27:49; author: obrien; state: Exp; lines: +2 -1 Restore useless version required comments.
v. 1.14 date: 2000/03/20 02:37:21; author: obrien; state: Exp; lines: +1 -2 Remove the "version required" line.
v. 1.13 date: 2000/02/13 03:24:23; author: obrien; state: Exp; lines: +3 -3 Style nits in the ports I maintain.
v. 1.12 date: 1999/08/31 01:51:53; author: peter; state: Exp; lines: +1 -1 $Id$ -> $FreeBSD$
v. 1.11 date: 1999/02/28 21:42:55; author: asami; state: Exp; lines: +2 -2 Remove trailing whitespace.
v. 1.10 date: 1999/02/26 13:00:44; author: obrien; state: Exp; lines: +2 -2 upgrade to 3.12.1 This version fixes the Brazilian Information Security Team Security Advisor on "buffer overflow condition if the syslog option is enabled".
v. 1.9 date: 1999/02/19 02:33:45; author: obrien; state: Exp; lines: +2 -2 Updated to super-3.11.9
v. 1.8 date: 1999/02/18 22:59:28; author: obrien; state: Exp; lines: +1 -1 vesion 3.11.{7,8} fixes the February 15, 1999 ISS Security Advisory on buffer overflow in the Super program.
v. 1.7 date: 1999/02/18 22:57:42; author: obrien; state: Exp; lines: +2 -2 update to 3.11.8
v. 1.6 date: 1998/12/02 06:37:33; author: obrien; state: Exp; lines: +5 -3 Need to do a little bsd.port.pre.mk action to avoid a syntax error. Noticed by: Bill Fenner
v. 1.5 date: 1998/12/01 10:17:44; author: obrien; state: Exp; lines: +5 -1 return breakage status (but only for 2.2.x) Requested by: Satoshi
v. 1.4 date: 1998/12/01 09:50:50; author: obrien; state: Exp; lines: +1 -3 Mark unbroken. 2.2 is dead, 3.0 is the current and future. :-)
v. 1.3 date: 1998/11/23 09:02:19; author: asami; state: Exp; lines: +3 -1 Mark it broken, doesn't build on 2.2-stable. ======= ===> Building for super-3.11.6 cc -c -DSUPERFILE=\"/usr/local/etc/super.tab\" -DTIMESTAMP_DIR=\"/usr/local/var/superstamps\" -DSYSLOG_PRIORITY=LOG_ERR -DHAVE_CONFIG_H -I. -O -pipe super.c In file included from localsys.h:166, from super.h:18, from super.c:12: /usr/include/prot.h:60: parse error before `create_auth_reply' /usr/include/prot.h:62: parse error before `KTEXT' /usr/include/prot.h:62: warning: data definition has no type or storage class *** Error code 1 Stop.
v. 1.2 date: 1998/11/19 09:19:18; author: obrien; state: Exp; lines: +10 -12 Update to version 3.11.6. (currently the "password=y" feature to requre a password to be entered before running a command only works on DES passwords)
v. 1.1 date: 1997/04/24 08:02:43; author: obrien; state: Exp; branches: 1.1.1; Initial revision
v. 1.1.1.1 date: 1997/04/24 08:02:43; author: obrien; state: Exp; lines: +0 -0 Super is a setuid-root program that offers o restricted setuid-root access to executables, adjustable on a per-program and per-user basis; o a relatively secure environment for scripts, so that well-written scripts can be run as root (or some other uid/gid), without unduly compromising security. See pkg/DESCR for a comparson w/sudo. ============================================================================= v. 1.30 date: 2006/12/16 11:53:53; author: miwi; state: Exp; lines: +1 -1 - Updatre to 3.26.2 Submitted by: farrokhi
v. 1.29 date: 2006/11/08 09:28:29; author: farrokhi; state: Exp; lines: +1 -1 Change my email address to farrokhi@ in all ports that I maintain. Approved by: miwi (mentor)
v. 1.28 date: 2006/07/24 12:12:42; author: jmelo; state: Exp; lines: +2 -1 - Update mastersite. - Update pkg-descr. PR: ports/100715 Submitted by: Babak Farrokhi (maintainer)
v. 1.27 date: 2006/07/16 15:18:24; author: clsung; state: Exp; lines: +2 -2 - update to 3.26.1 - take maintainership - pet portlint PR: ports/100387 Submitted by: maintainer (Babak Farrokhi)
v. 1.26 date: 2005/10/11 19:04:39; author: erwin; state: Exp; lines: +4 -10 - Update to 3.26.0 to fix fetching [1] - Reset maintainer - Remove now useless check for FreeBSD 3.x - Make sure the example configuration file only gets deinstalled if not changed. PR: 74263 Submitted by: freebsd@simplerezo.com [1], distsurvey [1] Approved by: maintainer timeout (11 months)
v. 1.25 date: 2004/09/03 17:55:00; author: obrien; state: Exp; lines: +1 -1 Update to 3.23.0. This release of super fixes a potential root exploit: http://xforce.iss.net/xforce/xfdb/16458 PR: 71328 Submitted by: Piet Delport
v. 1.24 date: 2003/09/24 09:36:57; author: osa; state: Exp; lines: +1 -1 Make portlint(1) happy by changing strip to ${STRIP_CMD} Submitted by: Oleg Karachevtsev PR: 56998
v. 1.23 date: 2003/07/24 18:43:52; author: obrien; state: Exp; lines: +1 -1 Upgrade to version 3.20.1.
v. 1.22 date: 2003/03/07 06:10:50; author: ade; state: Exp; lines: +1 -0 Clear moonlight beckons. Requiem mors pacem pkg-comment, And be calm ports tree. E Nomini Patri, E Fili, E Spiritu Sancti.
v. 1.21 date: 2002/08/04 07:43:00; author: obrien; state: Exp; lines: +8 -12 Update to 3.20.0. Parts taken from PR below. PR: 40869 Submitted by: Seamus Venasse
v. 1.20 date: 2002/08/02 13:21:41; author: nectar; state: Exp; lines: +3 -1 Mark FORBIDDEN due to local root exploit.
v. 1.19 date: 2001/04/22 05:35:14; author: fenner; state: Exp; lines: +2 -2 phobos.caltech.edu asks people to use ftp.astro.caltech.edu instead.
v. 1.18 date: 2000/05/16 16:58:31; author: obrien; state: Exp; lines: +4 -4 Update to version 3.14.0.
v. 1.17 date: 2000/04/21 08:19:08; author: mharo; state: Exp; lines: +2 -2 Correct whitespace introduced during PORTNAME conversion and portlint
v. 1.16 date: 2000/04/09 18:30:39; author: cpiazza; state: Exp; lines: +3 -3 Update with the new PORTNAME/PORTVERSION variables
v. 1.15 date: 2000/03/22 00:27:49; author: obrien; state: Exp; lines: +2 -1 Restore useless version required comments.
v. 1.14 date: 2000/03/20 02:37:21; author: obrien; state: Exp; lines: +1 -2 Remove the "version required" line.
v. 1.13 date: 2000/02/13 03:24:23; author: obrien; state: Exp; lines: +3 -3 Style nits in the ports I maintain.
v. 1.12 date: 1999/08/31 01:51:53; author: peter; state: Exp; lines: +1 -1 $Id$ -> $FreeBSD$
v. 1.11 date: 1999/02/28 21:42:55; author: asami; state: Exp; lines: +2 -2 Remove trailing whitespace.
v. 1.10 date: 1999/02/26 13:00:44; author: obrien; state: Exp; lines: +2 -2 upgrade to 3.12.1 This version fixes the Brazilian Information Security Team Security Advisor on "buffer overflow condition if the syslog option is enabled".
v. 1.9 date: 1999/02/19 02:33:45; author: obrien; state: Exp; lines: +2 -2 Updated to super-3.11.9
v. 1.8 date: 1999/02/18 22:59:28; author: obrien; state: Exp; lines: +1 -1 vesion 3.11.{7,8} fixes the February 15, 1999 ISS Security Advisory on buffer overflow in the Super program.
v. 1.7 date: 1999/02/18 22:57:42; author: obrien; state: Exp; lines: +2 -2 update to 3.11.8
v. 1.6 date: 1998/12/02 06:37:33; author: obrien; state: Exp; lines: +5 -3 Need to do a little bsd.port.pre.mk action to avoid a syntax error. Noticed by: Bill Fenner
v. 1.5 date: 1998/12/01 10:17:44; author: obrien; state: Exp; lines: +5 -1 return breakage status (but only for 2.2.x) Requested by: Satoshi
v. 1.4 date: 1998/12/01 09:50:50; author: obrien; state: Exp; lines: +1 -3 Mark unbroken. 2.2 is dead, 3.0 is the current and future. :-)
v. 1.3 date: 1998/11/23 09:02:19; author: asami; state: Exp; lines: +3 -1 Mark it broken, doesn't build on 2.2-stable. ======= ===> Building for super-3.11.6 cc -c -DSUPERFILE=\"/usr/local/etc/super.tab\" -DTIMESTAMP_DIR=\"/usr/local/var/superstamps\" -DSYSLOG_PRIORITY=LOG_ERR -DHAVE_CONFIG_H -I. -O -pipe super.c In file included from localsys.h:166, from super.h:18, from super.c:12: /usr/include/prot.h:60: parse error before `create_auth_reply' /usr/include/prot.h:62: parse error before `KTEXT' /usr/include/prot.h:62: warning: data definition has no type or storage class *** Error code 1 Stop.
v. 1.2 date: 1998/11/19 09:19:18; author: obrien; state: Exp; lines: +10 -12 Update to version 3.11.6. (currently the "password=y" feature to requre a password to be entered before running a command only works on DES passwords)
v. 1.1 date: 1997/04/24 08:02:43; author: obrien; state: Exp; branches: 1.1.1; Initial revision
v. 1.1.1.1 date: 1997/04/24 08:02:43; author: obrien; state: Exp; lines: +0 -0 Super is a setuid-root program that offers o restricted setuid-root access to executables, adjustable on a per-program and per-user basis; o a relatively secure environment for scripts, so that well-written scripts can be run as root (or some other uid/gid), without unduly compromising security. See pkg/DESCR for a comparson w/sudo. =============================================================================



Main menu

FreeBSD

Program categories

Freebsd accessibility
Freebsd archivers
Freebsd astro
Freebsd audio
Freebsd benchmarks
Freebsd biology
Freebsd cad
Freebsd chinese
Freebsd comms
Freebsd converters
Freebsd databases
Freebsd deskutils
Freebsd devel
Freebsd dns
Freebsd editors
Freebsd emulators
Freebsd finance
Freebsd french
Freebsd ftp
Freebsd games
Freebsd german
Freebsd graphics
Freebsd hebrew
Freebsd hungarian
Freebsd irc
Freebsd japanese
Freebsd java
Freebsd korean
Freebsd lang
Freebsd mail
Freebsd math
Freebsd mbone
Freebsd misc
Freebsd multimedia
Freebsd net
Freebsd net-im
Freebsd net-mgmt
Freebsd net-p2p
Freebsd news
Freebsd palm
Freebsd polish
Freebsd ports-mgmt
Freebsd portuguese
Freebsd print
Freebsd russian
Freebsd science
Freebsd security
Freebsd shells
Freebsd sysutils
Freebsd textproc
Freebsd ukrainian
Freebsd vietnamese
Freebsd www
Freebsd x11
Freebsd x11-clocks
Freebsd x11-drivers
Freebsd x11-fm
Freebsd x11-fonts
Freebsd x11-servers
Freebsd x11-themes
Freebsd x11-toolkits
Freebsd x11-wm