rpms/sudo/FC-3 sudo-1.6.7p5-safecmd.patch, NONE, 1.1 sudo.spec, 1.21, 1.22
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Jun 21 08:56:53 UTC 2005
Author: kzak
Update of /cvs/dist/rpms/sudo/FC-3
In directory cvs.devel.redhat.com:/tmp/cvs-serv22348
Modified Files:
sudo.spec
Added Files:
sudo-1.6.7p5-safecmd.patch
Log Message:
- fix #161116 - CAN-2005-1993 sudo trusted user arbitrary command execution
sudo-1.6.7p5-safecmd.patch:
parse.yacc | 4 ----
sudo.c | 11 +++--------
sudo.tab.c | 44 ++++++++++++++++++++------------------------
3 files changed, 23 insertions(+), 36 deletions(-)
--- NEW FILE sudo-1.6.7p5-safecmd.patch ---
--- sudo-1.6.7p5/sudo.tab.c.safecmd 2003-03-13 21:02:20.000000000 +0100
+++ sudo-1.6.7p5/sudo.tab.c 2005-06-21 10:56:58.793614472 +0200
@@ -642,7 +642,7 @@
short *yysslim;
YYSTYPE *yyvs;
int yystacksize;
-#line 865 "parse.yacc"
+#line 861 "parse.yacc"
#define MOREALIASES (32)
aliasinfo *aliases = NULL;
@@ -1676,14 +1676,10 @@
}
yyval.BOOLEAN = TRUE;
-
- if (safe_cmnd)
- free(safe_cmnd);
- safe_cmnd = estrdup(user_cmnd);
}
break;
case 59:
-#line 656 "parse.yacc"
+#line 652 "parse.yacc"
{
aliasinfo *aip;
@@ -1715,7 +1711,7 @@
}
break;
case 60:
-#line 685 "parse.yacc"
+#line 681 "parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE) {
@@ -1744,11 +1740,11 @@
}
break;
case 63:
-#line 717 "parse.yacc"
+#line 713 "parse.yacc"
{ push; }
break;
case 64:
-#line 717 "parse.yacc"
+#line 713 "parse.yacc"
{
if ((host_matches != -1 || pedantic) &&
!add_alias(yyvsp[-3].string, HOST_ALIAS, host_matches)) {
@@ -1759,7 +1755,7 @@
}
break;
case 69:
-#line 735 "parse.yacc"
+#line 731 "parse.yacc"
{
push;
if (printmatches == TRUE) {
@@ -1772,7 +1768,7 @@
}
break;
case 70:
-#line 744 "parse.yacc"
+#line 740 "parse.yacc"
{
if ((cmnd_matches != -1 || pedantic) &&
!add_alias(yyvsp[-3].string, CMND_ALIAS, cmnd_matches)) {
@@ -1787,11 +1783,11 @@
}
break;
case 71:
-#line 758 "parse.yacc"
+#line 754 "parse.yacc"
{ ; }
break;
case 75:
-#line 766 "parse.yacc"
+#line 762 "parse.yacc"
{
if (printmatches == TRUE) {
in_alias = TRUE;
@@ -1803,7 +1799,7 @@
}
break;
case 76:
-#line 774 "parse.yacc"
+#line 770 "parse.yacc"
{
if ((yyvsp[0].BOOLEAN != -1 || pedantic) &&
!add_alias(yyvsp[-3].string, RUNAS_ALIAS, yyvsp[0].BOOLEAN)) {
@@ -1817,11 +1813,11 @@
}
break;
case 79:
-#line 791 "parse.yacc"
+#line 787 "parse.yacc"
{ push; }
break;
case 80:
-#line 791 "parse.yacc"
+#line 787 "parse.yacc"
{
if ((user_matches != -1 || pedantic) &&
!add_alias(yyvsp[-3].string, USER_ALIAS, user_matches)) {
@@ -1833,21 +1829,21 @@
}
break;
case 83:
-#line 806 "parse.yacc"
+#line 802 "parse.yacc"
{
if (yyvsp[0].BOOLEAN != -1)
user_matches = yyvsp[0].BOOLEAN;
}
break;
case 84:
-#line 810 "parse.yacc"
+#line 806 "parse.yacc"
{
if (yyvsp[0].BOOLEAN != -1)
user_matches = ! yyvsp[0].BOOLEAN;
}
break;
case 85:
-#line 816 "parse.yacc"
+#line 812 "parse.yacc"
{
if (strcmp(yyvsp[0].string, user_name) == 0)
yyval.BOOLEAN = TRUE;
@@ -1857,7 +1853,7 @@
}
break;
case 86:
-#line 823 "parse.yacc"
+#line 819 "parse.yacc"
{
if (usergr_matches(yyvsp[0].string, user_name))
yyval.BOOLEAN = TRUE;
@@ -1867,7 +1863,7 @@
}
break;
case 87:
-#line 830 "parse.yacc"
+#line 826 "parse.yacc"
{
if (netgr_matches(yyvsp[0].string, NULL, NULL, user_name))
yyval.BOOLEAN = TRUE;
@@ -1877,7 +1873,7 @@
}
break;
case 88:
-#line 837 "parse.yacc"
+#line 833 "parse.yacc"
{
aliasinfo *aip = find_alias(yyvsp[0].string, USER_ALIAS);
@@ -1902,12 +1898,12 @@
}
break;
case 89:
-#line 859 "parse.yacc"
+#line 855 "parse.yacc"
{
yyval.BOOLEAN = TRUE;
}
break;
-#line 1859 "sudo.tab.c"
+#line 1855 "sudo.tab.c"
}
yyssp -= yym;
yystate = *yyssp;
--- sudo-1.6.7p5/parse.yacc.safecmd 2003-04-16 02:39:14.000000000 +0200
+++ sudo-1.6.7p5/parse.yacc 2005-06-21 10:56:58.794614320 +0200
@@ -652,10 +652,6 @@
}
$$ = TRUE;
-
- if (safe_cmnd)
- free(safe_cmnd);
- safe_cmnd = estrdup(user_cmnd);
}
| ALIAS {
aliasinfo *aip;
--- sudo-1.6.7p5/sudo.c.safecmd 2005-06-21 10:56:33.760420096 +0200
+++ sudo-1.6.7p5/sudo.c 2005-06-21 10:56:58.796614016 +0200
@@ -417,6 +417,9 @@
/* Validate the user but don't search for pseudo-commands. */
validated = sudoers_lookup(pwflag);
+ if (safe_cmnd == NULL)
+ safe_cmnd = user_cmnd;
+
/*
* If we are using set_perms_posix() and the stay_setuid flag was not set,
* set the real, effective and saved uids to 0 and use set_perms_nosuid()
@@ -534,14 +537,6 @@
exit(0);
}
- /* This *must* have been set if we got a match but... */
- if (safe_cmnd == NULL) {
- log_error(MSG_ONLY,
- "internal error, safe_cmnd never got set for %s; %s",
- user_cmnd,
- "please report this error at http://courtesan.com/sudo/bugs/");
- }
-
/* Override user's umask if configured to do so. */
if (def_ival(I_UMASK) != 0777)
(void) umask(def_mode(I_UMASK));
Index: sudo.spec
===================================================================
RCS file: /cvs/dist/rpms/sudo/FC-3/sudo.spec,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- sudo.spec 24 May 2005 12:57:36 -0000 1.21
+++ sudo.spec 21 Jun 2005 08:56:50 -0000 1.22
@@ -4,7 +4,7 @@
Summary: Allows restricted root access for specified users.
Name: sudo
Version: 1.6.7p5
-Release: 30.2
+Release: 30.3
License: BSD
Group: Applications/System
Source: http://www.courtesan.com/sudo/dist/sudo-%{version}.tar.gz
@@ -20,6 +20,8 @@
# 154511 â sudo does not use limits.conf
# 144893 â sudo does not work with pam_tally correctly
Patch2: sudo-1.6.7p5-pam-session.patch
+# 161116 - CAN-2005-1993 sudo trusted user arbitrary command execution
+Patch3: sudo-1.6.7p5-safecmd.patch
%description
Sudo (superuser do) allows a system administrator to give certain
@@ -40,6 +42,7 @@
%endif
%patch2 -p1 -b .sess
+%patch3 -p1 -b .safecmd
%build
%ifarch s390 s390x
@@ -103,6 +106,9 @@
/bin/chmod 0440 /etc/sudoers || :
%changelog
+* Tue Jun 21 2005 Karel Zak <kzak at redhat.com> 1.6.7p5-30.3
+- fix #161116 - CAN-2005-1993 sudo trusted user arbitrary command execution
+
* Tue May 24 2005 Karel Zak <kzak at redhat.com> 1.6.7p5-30.2
- fix #154511 - sudo does not use limits.conf
- fix #144893 - sudo does not work with pam_tally correctly
More information about the fedora-cvs-commits
mailing list