blob: 861e0c03ea7e88bd9ea2c120acb97a1dcdc74273 [file] [log] [blame] [edit]
Sudo porting hints
==================
Before trying to port sudo to a new architecture, please join the
sudo-workers mailing list (see the README file) and ask if anyone
has a port working or in-progress. Sudo should be fairly easy to
port. Since it uses a configure script, most of the work is often
done for you. As long as your operating system is reasonably POSIX
compliant porting should be easy. If your operating system has a
separate library for POSIX compatibility you may need to add it by
using configure's --with-libraries option.
If your OS is an SVR4 derivative (or some approximation thereof), it may
be sufficient to tell configure you are runnng SVR4, something like:
configure foo-bar-sysv4
where foo is the hardware architecture and bar is the vendor.
A possible pitfall is getdtablesize(2) which is used to get the
maximum number of open files the process can have. If an OS has
the POSIX sysconf(2) it will be used instead of getdtablesize(2).
ulimit(2) or getrlimit(2) can also be used on some OS's. If all
else fails you can use the value of NOFILE in <sys/param.h>.
Sudo tries to clear the environment of dangerous environment variables
such as LD_* to prevent shared library spoofing. If you are porting
sudo to a new OS that has shared libraries you'll want to mask out
the variables that allow one to change the shared library path.
See initial_badenv_table() in env.c to see how this is done for
various operating systems.
It is possible that on a really weird system, tgetpass() may not
compile. (The most common cause for this is that the "fd_set" type
is not defined in a place that sudo expects it to be. If you can
find the header file where "fd_set" is typedef'd, have tgetpass.c
include it and send in a bug report.)
Alternately, tgetpass.c may compile but not work (nothing happens
at the Password: prompt). It is possible that your C library
contains a broken or unusable crypt() function--try linking with
-lcrypt if that exists. Another possibility is that select() is
not fully functional; running configure with --with-password-timeout=0
will disable the use of select(). If sudo prompts you for a
password but never accepts it, see below.
Sudo detects and recognizes most common shadow password schemes
automatically. If you find that sudo is not accepting your password
and you are sure that it has been typed in correctly there are two
likely problems. One possibility is that your C library has a
broken crypt() function (see above). The other is that your operating
system is using shadow passwords and sudo has not detected that
fact. Look in config.h to see what, if any, shadow password scheme
was detected. The most common are SVR4 (HAVE_GETSPNAM will be
defined) and SecureWare (HAVE_GETPRPWNAM will be defined). Check
the manual pages on your system for "getspnam" and "getprpwnam".
If one of those exist but the appropriate define does not exist in
config.h then the problem is most likely that those routines live
in a library that sudo does not know to link against. The manual
page should tell you what library this is. You can then use the
--with-libraries option to configure to tell sudo to link with the
library in question. For example:
--with-libraries='-lgen'
would cause sudo to link in libgen which contains "getspnam" on SCO
systems.
If you are trying to port to a system without standard Berkeley
networking you may find that interfaces.c will not compile. This
is most likely on OS's with STREAMS-based networking. It should
be possible to make it work by modifying the ISC streams support
(see the _ISC #ifdef's). However, if you don't care about ip address
and network address support, you can just run configure with the
--without-interfaces flag to get a do-nothing load_interfaces()
stub function.
Sudo wants POSIX signals (sigaction and friends). If your system
lacks sigaction but has the 4.3BSD sigvec() function, sigvec() will
be used instead via the wrapper functions in sigaction.c. It is
not currently possible to use the old SVR3 and 4.2BSD signals, but
this is due more to my lack of a test machine than anything else.
If you port sudo to a new architecture, please send the output of
"configure", the config.log file and your changes to:
sudo@courtesan.com
If you are unable to get sudo working, and you are willing to
give me an account on a machine, send mail to sudo@courtesan.com.
Note, however, that I can't make any promises.