--- embedaddon/sudo/doc/sudo.cat	2012/10/09 09:29:52	1.1.1.3
+++ embedaddon/sudo/doc/sudo.cat	2013/07/22 10:46:11	1.1.1.4
@@ -24,7 +24,7 @@ DDEESSCCRRIIPPTTIIOONN
      input/output logging.  Third parties can develop and distribute their own
      policy and I/O logging plugins to work seamlessly with the ssuuddoo front
      end.  The default security policy is _s_u_d_o_e_r_s, which is configured via the
-     file _/_e_t_c_/_s_u_d_o_e_r_s, or via LDAP.  See the _P_L_U_G_I_N_S section for more
+     file _/_e_t_c_/_s_u_d_o_e_r_s, or via LDAP.  See the _P_l_u_g_i_n_s section for more
      information.
 
      The security policy determines what privileges, if any, a user has to run
@@ -54,7 +54,7 @@ DDEESSCCRRIIPPTTIIOONN
                  to read the user's password and output the password to the
                  standard output.  If the SUDO_ASKPASS environment variable is
                  set, it specifies the path to the helper program.  Otherwise,
-                 if _/_e_t_c_/_s_u_d_o_._c_o_n_f contains a line specifying the askpass
+                 if sudo.conf(4) contains a line specifying the askpass
                  program, that value will be used.  For example:
 
                      # Path to askpass helper program
@@ -299,7 +299,7 @@ DDEESSCCRRIIPPTTIIOONN
 
 CCOOMMMMAANNDD EEXXEECCUUTTIIOONN
      When ssuuddoo executes a command, the security policy specifies the execution
-     envionment for the command.  Typically, the real and effective uid and
+     environment for the command.  Typically, the real and effective uid and
      gid are set to match those of the target user, as specified in the
      password database, and the group vector is initialized based on the group
      database (unless the --PP option was specified).
@@ -333,13 +333,16 @@ CCOOMMMMAANNDD EEXXEECCUUTTIIOONN
      environment as described above, and calls the execve system call in the
      child process.  The main ssuuddoo process waits until the command has
      completed, then passes the command's exit status to the security policy's
-     close method and exits.  If an I/O logging plugin is configured, a new
-     pseudo-terminal (``pty'') is created and a second ssuuddoo process is used to
-     relay job control signals between the user's existing pty and the new pty
-     the command is being run in.  This extra process makes it possible to,
-     for example, suspend and resume the command.  Without it, the command
-     would be in what POSIX terms an ``orphaned process group'' and it would
-     not receive any job control signals.
+     close function and exits.  If an I/O logging plugin is configured or if
+     the security policy explicitly requests it, a new  pseudo-terminal
+     (``pty'') is created and a second ssuuddoo process is used to relay job
+     control signals between the user's existing pty and the new pty the
+     command is being run in.  This extra process makes it possible to, for
+     example, suspend and resume the command.  Without it, the command would
+     be in what POSIX terms an ``orphaned process group'' and it would not
+     receive any job control signals.  As a special case, if the policy plugin
+     does not define a close function and no pty is required, ssuuddoo will
+     execute the command directly instead of calling fork(2) first.
 
    SSiiggnnaall hhaannddlliinngg
      Because the command is run as a child of the ssuuddoo process, ssuuddoo will
@@ -354,7 +357,7 @@ CCOOMMMMAANNDD EEXXEECCUUTTIIOONN
      As a special case, ssuuddoo will not relay signals that were sent by the
      command it is running.  This prevents the command from accidentally
      killing itself.  On some systems, the reboot(1m) command sends SIGTERM to
-     all non-system processes other than itself before rebooting the systyem.
+     all non-system processes other than itself before rebooting the system.
      This prevents ssuuddoo from relaying the SIGTERM signal it received back to
      reboot(1m), which might then exit before the system was actually rebooted,
      leaving it in a half-dead state similar to single user mode.  Note,
@@ -365,125 +368,19 @@ CCOOMMMMAANNDD EEXXEECCUUTTIIOONN
      run using the eexxeecc() family of functions instead of ssyysstteemm() (which
      interposes a shell between the command and the calling process).
 
-PPLLUUGGIINNSS
-     Plugins are dynamically loaded based on the contents of the
-     _/_e_t_c_/_s_u_d_o_._c_o_n_f file.  If no _/_e_t_c_/_s_u_d_o_._c_o_n_f file is present, or it
-     contains no Plugin lines, ssuuddoo will use the traditional _s_u_d_o_e_r_s security
-     policy and I/O logging, which corresponds to the following _/_e_t_c_/_s_u_d_o_._c_o_n_f
-     file.
+     If no I/O logging plugins are loaded and the policy plugin has not
+     defined a cclloossee() function, set a command timeout or required that the
+     command be run in a new pty, ssuuddoo may execute the command directly
+     instead of running it as a child process.
 
-     #
-     # Default /etc/sudo.conf file
-     #
-     # Format:
-     #   Plugin plugin_name plugin_path plugin_options ...
-     #   Path askpass /path/to/askpass
-     #   Path noexec /path/to/sudo_noexec.so
-     #   Debug sudo /var/log/sudo_debug all@warn
-     #   Set disable_coredump true
-     #
-     # The plugin_path is relative to /usr/local/libexec unless
-     #   fully qualified.
-     # The plugin_name corresponds to a global symbol in the plugin
-     #   that contains the plugin interface structure.
-     # The plugin_options are optional.
-     #
-     Plugin policy_plugin sudoers.so
-     Plugin io_plugin sudoers.so
+   PPlluuggiinnss
+     Plugins are dynamically loaded based on the contents of the sudo.conf(4)
+     file.  If no sudo.conf(4) file is present, or it contains no Plugin
+     lines, ssuuddoo will use the traditional _s_u_d_o_e_r_s security policy and I/O
+     logging.  See the sudo.conf(4) manual for details of the _/_e_t_c_/_s_u_d_o_._c_o_n_f
+     file and the sudo_plugin(1m) manual for more information about the ssuuddoo
+     plugin architecture.
 
-     A Plugin line consists of the Plugin keyword, followed by the _s_y_m_b_o_l___n_a_m_e
-     and the _p_a_t_h to the shared object containing the plugin.  The _s_y_m_b_o_l___n_a_m_e
-     is the name of the struct policy_plugin or struct io_plugin in the plugin
-     shared object.  The _p_a_t_h may be fully qualified or relative.  If not
-     fully qualified it is relative to the _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c directory.  Any
-     additional parameters after the _p_a_t_h are passed as arguments to the
-     plugin's _o_p_e_n function.  Lines that don't begin with Plugin, Path, Debug,
-     or Set are silently ignored.
-
-     For more information, see the sudo_plugin(1m) manual.
-
-PPAATTHHSS
-     A Path line consists of the Path keyword, followed by the name of the
-     path to set and its value.  E.g.
-
-           Path noexec /usr/local/libexec/sudo_noexec.so
-           Path askpass /usr/X11R6/bin/ssh-askpass
-
-     The following plugin-agnostic paths may be set in the _/_e_t_c_/_s_u_d_o_._c_o_n_f
-     file:
-
-     askpass   The fully qualified path to a helper program used to read the
-               user's password when no terminal is available.  This may be the
-               case when ssuuddoo is executed from a graphical (as opposed to
-               text-based) application.  The program specified by _a_s_k_p_a_s_s
-               should display the argument passed to it as the prompt and
-               write the user's password to the standard output.  The value of
-               _a_s_k_p_a_s_s may be overridden by the SUDO_ASKPASS environment
-               variable.
-
-     noexec    The fully-qualified path to a shared library containing dummy
-               versions of the eexxeeccvv(), eexxeeccvvee() and ffeexxeeccvvee() library
-               functions that just return an error.  This is used to implement
-               the _n_o_e_x_e_c functionality on systems that support LD_PRELOAD or
-               its equivalent.  Defaults to _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o___n_o_e_x_e_c_._s_o.
-
-DDEEBBUUGG FFLLAAGGSS
-     ssuuddoo versions 1.8.4 and higher support a flexible debugging framework
-     that can help track down what ssuuddoo is doing internally if there is a
-     problem.
-
-     A Debug line consists of the Debug keyword, followed by the name of the
-     program to debug (ssuuddoo, vviissuuddoo, ssuuddoorreeppllaayy), the debug file name and a
-     comma-separated list of debug flags.  The debug flag syntax used by ssuuddoo
-     and the _s_u_d_o_e_r_s plugin is _s_u_b_s_y_s_t_e_m@_p_r_i_o_r_i_t_y but the plugin is free to
-     use a different format so long as it does not include a comma (`,').
-
-     For instance:
-
-           Debug sudo /var/log/sudo_debug all@warn,plugin@info
-
-     would log all debugging statements at the _w_a_r_n level and higher in
-     addition to those at the _i_n_f_o level for the plugin subsystem.
-
-     Currently, only one Debug entry per program is supported.  The ssuuddoo Debug
-     entry is shared by the ssuuddoo front end, ssuuddooeeddiitt and the plugins.  A
-     future release may add support for per-plugin Debug lines and/or support
-     for multiple debugging files for a single program.
-
-     The priorities used by the ssuuddoo front end, in order of decreasing
-     severity, are: _c_r_i_t, _e_r_r, _w_a_r_n, _n_o_t_i_c_e, _d_i_a_g, _i_n_f_o, _t_r_a_c_e and _d_e_b_u_g.
-     Each priority, when specified, also includes all priorities higher than
-     it.  For example, a priority of _n_o_t_i_c_e would include debug messages
-     logged at _n_o_t_i_c_e and higher.
-
-     The following subsystems are used by the ssuuddoo front-end:
-
-     _a_l_l         matches every subsystem
-
-     _a_r_g_s        command line argument processing
-
-     _c_o_n_v        user conversation
-
-     _e_d_i_t        sudoedit
-
-     _e_x_e_c        command execution
-
-     _m_a_i_n        ssuuddoo main function
-
-     _n_e_t_i_f       network interface handling
-
-     _p_c_o_m_m       communication with the plugin
-
-     _p_l_u_g_i_n      plugin configuration
-
-     _p_t_y         pseudo-tty related code
-
-     _s_e_l_i_n_u_x     SELinux-specific handling
-
-     _u_t_i_l        utility functions
-
-     _u_t_m_p        utmp handling
-
 EEXXIITT VVAALLUUEE
      Upon successful execution of a program, the exit status from _s_u_d_o will
      simply be the exit status of the program that was executed.
@@ -524,15 +421,11 @@ SSEECCUURRIITTYY NNOOTTEESS
      disables core dumps by default while it is executing (they are re-enabled
      for the command that is run).  To aid in debugging ssuuddoo crashes, you may
      wish to re-enable core dumps by setting ``disable_coredump'' to false in
-     the _/_e_t_c_/_s_u_d_o_._c_o_n_f file as follows:
+     the sudo.conf(4) file as follows:
 
            Set disable_coredump false
 
-     Note that by default, most operating systems disable core dumps from
-     setuid programs, which includes ssuuddoo.  To actually get a ssuuddoo core file
-     you may need to enable core dumps for setuid processes.  On BSD and Linux
-     systems this is accomplished via the sysctl command, on Solaris the
-     coreadm command can be used.
+     See the sudo.conf(4) manual for more information.
 
 EENNVVIIRROONNMMEENNTT
      ssuuddoo utilizes the following environment variables.  The security policy
@@ -617,7 +510,7 @@ EEXXAAMMPPLLEESS
            $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
 
 SSEEEE AALLSSOO
-     grep(1), su(1), stat(2), login_cap(3), passwd(4), sudoers(4),
+     su(1), stat(2), login_cap(3), passwd(4), sudo.conf(4), sudoers(4),
      sudo_plugin(1m), sudoreplay(1m), visudo(1m)
 
 HHIISSTTOORRYY
@@ -668,4 +561,4 @@ DDIISSCCLLAAIIMMEERR
      file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for
      complete details.
 
-Sudo 1.8.6                       July 10, 2012                      Sudo 1.8.6
+Sudo 1.8.7                      March 13, 2013                      Sudo 1.8.7