--- embedaddon/sudo/doc/sudo.cat	2012/02/21 16:23:02	1.1.1.1
+++ embedaddon/sudo/doc/sudo.cat	2012/05/29 12:26:49	1.1.1.2
@@ -6,19 +6,19 @@ NNAAMMEE
        sudo, sudoedit - execute a command as another user
 
 SSYYNNOOPPSSIISS
-       ssuuddoo [--DD _l_e_v_e_l] --hh | --KK | --kk | --VV
+       ssuuddoo --hh | --KK | --kk | --VV
 
-       ssuuddoo --vv [--AAkknnSS] [--aa _a_u_t_h___t_y_p_e] [--DD _l_e_v_e_l] [--gg _g_r_o_u_p _n_a_m_e|_#_g_i_d]
-       [--pp _p_r_o_m_p_t] [--uu _u_s_e_r _n_a_m_e|_#_u_i_d]
+       ssuuddoo --vv [--AAkknnSS] [--aa _a_u_t_h___t_y_p_e] [--gg _g_r_o_u_p _n_a_m_e|_#_g_i_d] [--pp _p_r_o_m_p_t]
+       [--uu _u_s_e_r _n_a_m_e|_#_u_i_d]
 
-       ssuuddoo --ll[[ll]] [--AAkknnSS] [--aa _a_u_t_h___t_y_p_e] [--DD _l_e_v_e_l] [--gg _g_r_o_u_p _n_a_m_e|_#_g_i_d]
-       [--pp _p_r_o_m_p_t] [--UU _u_s_e_r _n_a_m_e] [--uu _u_s_e_r _n_a_m_e|_#_u_i_d] [_c_o_m_m_a_n_d]
+       ssuuddoo --ll[[ll]] [--AAkknnSS] [--aa _a_u_t_h___t_y_p_e] [--gg _g_r_o_u_p _n_a_m_e|_#_g_i_d] [--pp _p_r_o_m_p_t]
+       [--UU _u_s_e_r _n_a_m_e] [--uu _u_s_e_r _n_a_m_e|_#_u_i_d] [_c_o_m_m_a_n_d]
 
-       ssuuddoo [--AAbbEEHHnnPPSS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--DD _l_e_v_e_l] [--cc _c_l_a_s_s|_-]
+       ssuuddoo [--AAbbEEHHnnPPSS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--cc _c_l_a_s_s|_-]
        [--gg _g_r_o_u_p _n_a_m_e|_#_g_i_d] [--pp _p_r_o_m_p_t] [--rr _r_o_l_e] [--tt _t_y_p_e]
        [--uu _u_s_e_r _n_a_m_e|_#_u_i_d] [VVAARR=_v_a_l_u_e] [--ii | --ss] [_c_o_m_m_a_n_d]
 
-       ssuuddooeeddiitt [--AAnnSS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--cc _c_l_a_s_s|_-] [--DD _l_e_v_e_l]
+       ssuuddooeeddiitt [--AAnnSS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--cc _c_l_a_s_s|_-]
        [--gg _g_r_o_u_p _n_a_m_e|_#_g_i_d] [--pp _p_r_o_m_p_t] [--uu _u_s_e_r _n_a_m_e|_#_u_i_d] file ...
 
 DDEESSCCRRIIPPTTIIOONN
@@ -30,7 +30,7 @@ DDEESSCCRRIIPPTTIIOONN
 
        ssuuddoo supports a plugin architecture for security policies and
        input/output logging.  Third parties can develop and distribute their
-       own policy and I/O logging modules to work seemlessly with the ssuuddoo
+       own policy and I/O logging modules to work seamlessly with the ssuuddoo
        front end.  The default security policy is _s_u_d_o_e_r_s, which is configured
        via the file _/_e_t_c_/_s_u_d_o_e_r_s, or via LDAP.  See the PLUGINS section for
        more information.
@@ -110,9 +110,6 @@ OOPPTTIIOONNSS
                    is already root.  This option is only available on systems
                    with BSD login classes.
 
-       -D _l_e_v_e_l    Enable debugging of ssuuddoo plugins and ssuuddoo itself.  The
-                   _l_e_v_e_l may be a value from 1 through 9.
-
        -E          The --EE (_p_r_e_s_e_r_v_e _e_n_v_i_r_o_n_m_e_n_t) option indicates to the
                    security policy that the user wishes to preserve their
                    existing environment variables.  The security policy may
@@ -315,7 +312,7 @@ OOPPTTIIOONNSS
        line are subject to the same restrictions as normal environment
        variables with one important exception.  If the _s_e_t_e_n_v option is set in
        _s_u_d_o_e_r_s, the command to be run has the SETENV tag set or the command
-       matched is ALL, the user may set variables that would overwise be
+       matched is ALL, the user may set variables that would otherwise be
        forbidden.  See _s_u_d_o_e_r_s(4) for more information.
 
 PPLLUUGGIINNSS
@@ -329,14 +326,17 @@ PPLLUUGGIINNSS
         # Default /etc/sudo.conf file
         #
         # Format:
-        #   Plugin plugin_name plugin_path
+        #   Plugin plugin_name plugin_path plugin_options ...
         #   Path askpass /path/to/askpass
-        #   Path noexec /path/to/noexec.so
+        #   Path noexec /path/to/sudo_noexec.so
+        #   Debug sudo /var/log/sudo_debug all@warn
+        #   Set disable_coredump true
         #
         # The plugin_path is relative to /usr/local/libexec unless
         #   fully qualified.
         # The plugin_name corresponds to a global symbol in the plugin
         #   that contains the plugin interface structure.
+        # The plugin_options are optional.
         #
         Plugin policy_plugin sudoers.so
         Plugin io_plugin sudoers.so
@@ -347,8 +347,8 @@ PPLLUUGGIINNSS
        io_plugin in the plugin shared object.  The _p_a_t_h may be fully qualified
        or relative.  If not fully qualified it is relative to the
        _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c directory.  Any additional parameters after the _p_a_t_h
-       are ignored.  Lines that don't begin with Plugin or Path are silently
-       ignored
+       are passed as arguments to the plugin's _o_p_e_n function.  Lines that
+       don't begin with Plugin, Path, Debug or Set are silently ignored.
 
        For more information, see the _s_u_d_o___p_l_u_g_i_n(1m) manual.
 
@@ -379,6 +379,64 @@ PPAATTHHSS
                        that support LD_PRELOAD or its equivalent.  Defaults to
                        _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o___n_o_e_x_e_c_._s_o.
 
+DDEEBBUUGG FFLLAAGGSS
+       ssuuddoo versions 1.8.4 and higher support a flexible debugging framework
+       that can help track down what ssuuddoo is doing internally if there is a
+       problem.
+
+       A Debug line consists of the Debug keyword, followed by the name of the
+       program to debug (ssuuddoo, vviissuuddoo, ssuuddoorreeppllaayy), the debug file name and a
+       comma-separated list of debug flags.  The debug flag syntax used by
+       ssuuddoo and the _s_u_d_o_e_r_s plugin is _s_u_b_s_y_s_t_e_m@_p_r_i_o_r_i_t_y but the plugin is
+       free to use a different format so long as it does not include a command
+       ,.
+
+       For instance:
+
+        Debug sudo /var/log/sudo_debug all@warn,plugin@info
+
+       would log all debugging statements at the _w_a_r_n level and higher in
+       addition to those at the _i_n_f_o level for the plugin subsystem.
+
+       Currently, only one Debug entry per program is supported.  The sudo
+       Debug entry is shared by the ssuuddoo front end, ssuuddooeeddiitt and the plugins.
+       A future release may add support for per-plugin Debug lines and/or
+       support for multiple debugging files for a single program.
+
+       The priorities used by the ssuuddoo front end, in order of decreasing
+       severity, are: _c_r_i_t, _e_r_r, _w_a_r_n, _n_o_t_i_c_e, _d_i_a_g, _i_n_f_o, _t_r_a_c_e and _d_e_b_u_g.
+       Each priority, when specified, also includes all priorities higher than
+       it.  For example, a priority of _n_o_t_i_c_e would include debug messages
+       logged at _n_o_t_i_c_e and higher.
+
+       The following subsystems are used by ssuuddoo:
+
+       _a_l_l       matches every subsystem
+
+       _a_r_g_s      command line argument processing
+
+       _c_o_n_v      user conversation
+
+       _e_d_i_t      sudoedit
+
+       _e_x_e_c      command execution
+
+       _m_a_i_n      ssuuddoo main function
+
+       _n_e_t_i_f     network interface handling
+
+       _p_c_o_m_m     communication with the plugin
+
+       _p_l_u_g_i_n    plugin configuration
+
+       _p_t_y       pseudo-tty related code
+
+       _s_e_l_i_n_u_x   SELinux-specific handling
+
+       _u_t_i_l      utility functions
+
+       _u_t_m_p      utmp handling
+
 RREETTUURRNN VVAALLUUEESS
        Upon successful execution of a program, the exit status from ssuuddoo will
        simply be the exit status of the program that was executed.
@@ -415,6 +473,20 @@ SSEECCUURRIITTYY NNOOTTEESS
        information, please see the PREVENTING SHELL ESCAPES section in
        _s_u_d_o_e_r_s(4).
 
+       To prevent the disclosure of potentially sensitive information, ssuuddoo
+       disables core dumps by default while it is executing (they are re-
+       enabled for the command that is run).  To aid in debugging ssuuddoo
+       crashes, you may wish to re-enable core dumps by setting
+       "disable_coredump" to false in the _/_e_t_c_/_s_u_d_o_._c_o_n_f file.
+
+        Set disable_coredump false
+
+       Note that by default, most operating systems disable core dumps from
+       setuid programs, which includes ssuuddoo.  To actually get a ssuuddoo core file
+       you may need to enable core dumps for setuid processes.  On BSD and
+       Linux systems this is accomplished via the sysctl command, on Solaris
+       the coreadm command can be used.
+
 EENNVVIIRROONNMMEENNTT
        ssuuddoo utilizes the following environment variables.  The security policy
        has control over the content of the command's environment.
@@ -460,7 +532,7 @@ EENNVVIIRROONNMMEENNTT
                        SUDO_EDITOR is not set
 
 FFIILLEESS
-       _/_e_t_c_/_s_u_d_o_._c_o_n_f          ssuuddoo plugin and path configuration
+       _/_e_t_c_/_s_u_d_o_._c_o_n_f          ssuuddoo front end configuration
 
 EEXXAAMMPPLLEESS
        Note: the following examples assume a properly configured security
@@ -507,9 +579,14 @@ AAUUTTHHOORRSS
 
                Todd C. Miller
 
-       See the HISTORY file in the ssuuddoo distribution or visit
-       http://www.sudo.ws/sudo/history.html for a short history of ssuuddoo.
+       See the CONTRIBUTORS file in the ssuuddoo distribution
+       (http://www.sudo.ws/sudo/contributors.html) for a list of people who
+       have contributed to ssuuddoo.
 
+HHIISSTTOORRYY
+       See the HISTORY file in the ssuuddoo distribution
+       (http://www.sudo.ws/sudo/history.html) for a brief history of sudo.
+
 CCAAVVEEAATTSS
        There is no easy way to prevent a user from gaining a root shell if
        that user is allowed to run arbitrary commands via ssuuddoo.  Also, many
@@ -547,4 +624,4 @@ DDIISSCCLLAAIIMMEERR
 
 
 
-1.8.3                         September 16, 2011                      SUDO(1m)
+1.8.5                           March 15, 2012                        SUDO(1m)