rpms/sudo/devel sudo-1.6.8p8-selinux.patch, 1.2, 1.3 sudo.spec, 1.33, 1.34
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Mon Jan 23 14:37:34 UTC 2006
Author: dwalsh
Update of /cvs/dist/rpms/sudo/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv3247
Modified Files:
sudo-1.6.8p8-selinux.patch sudo.spec
Log Message:
* Mon Jan 23 2006 Dan Walsh <dwalsh at redhat.com> 1.6.8p12-3
- Remove selinux patch. It has been decided that the SELinux patch for sudo is
- no longer necessary. In tageted policy it had no effect. In strict/MLS policy
- We require the person using sudo to execute newrole before using sudo.
sudo-1.6.8p8-selinux.patch:
Makefile.in | 16 +++-
configure | 2
configure.in | 2
sesh.c | 61 ++++++++++++++++++
sudo.c | 196 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
sudo.man.in | 11 +++
6 files changed, 280 insertions(+), 8 deletions(-)
Index: sudo-1.6.8p8-selinux.patch
===================================================================
RCS file: /cvs/dist/rpms/sudo/devel/sudo-1.6.8p8-selinux.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- sudo-1.6.8p8-selinux.patch 11 Oct 2005 11:41:08 -0000 1.2
+++ sudo-1.6.8p8-selinux.patch 23 Jan 2006 14:37:30 -0000 1.3
@@ -1,5 +1,32 @@
---- sudo-1.6.8p9/configure.in.selinux 2004-11-25 18:31:20.000000000 +0100
-+++ sudo-1.6.8p9/configure.in 2005-10-11 11:48:24.000000000 +0200
+--- sudo-1.6.8p9/sudo.man.in.selinux 2005-06-19 16:05:34.000000000 -0400
++++ sudo-1.6.8p9/sudo.man.in 2005-10-14 17:31:09.000000000 -0400
+@@ -157,6 +157,7 @@
+ \&\fBsudo\fR \fB\-K\fR | \fB\-L\fR | \fB\-V\fR | \fB\-h\fR | \fB\-k\fR | \fB\-l\fR | \fB\-v\fR
+ .PP
+ \&\fBsudo\fR [\fB\-HPSb\fR] [\fB\-a\fR\ \fIauth_type\fR] [\fB\-c\fR\ \fIclass\fR|\fI\-\fR]
++[\fB\-r\fR \fIrole\fR ] [\fB\-t\fR \fItype\fR ]
+ [\fB\-p\fR\ \fIprompt\fR] [\fB\-u\fR\ \fIusername\fR|\fI#uid\fR]
+ {\fB\-e\fR\ file\ [...]\ |\ \fB\-i\fR\ |\ \fB\-s\fR\ |\ \fIcommand\fR}
+ .PP
+@@ -235,6 +236,16 @@
+ \&\fBsudo\fR will initialize the group vector to the list of groups the
+ target user is in. The real and effective group IDs, however, are
+ still set to match the target user.
++.IP "\-r" 4
++.IX Item "-r"
++The \fB\-r\fR (\fRrole\fR) option causes the new (SELinux) security context to have the role specified by
++\fIROLE\fR.
++.IP "\-t" 4
++.IX Item "-t"
++The \fB\-t\fR (\fRtype\fR) option causes the new (SELinux) security context to have the have the type (domain)
++specified by
++\fITYPE\fR.
++If no type is specified, the default type is derived from the specified role.
+ .IP "\-S" 4
+ .IX Item "-S"
+ The \fB\-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from
+--- sudo-1.6.8p9/configure.in.selinux 2004-11-25 12:31:20.000000000 -0500
++++ sudo-1.6.8p9/configure.in 2005-10-14 17:31:09.000000000 -0400
@@ -98,7 +98,7 @@
dnl Initial values for Makefile variables listed above
dnl May be overridden by environment variables..
@@ -9,8 +36,8 @@
test -n "$MANTYPE" || MANTYPE="man"
test -n "$mansrcdir" || mansrcdir="."
test -n "$SUDOERS_MODE" || SUDOERS_MODE=0440
---- sudo-1.6.8p9/Makefile.in.selinux 2005-06-19 22:03:50.000000000 +0200
-+++ sudo-1.6.8p9/Makefile.in 2005-10-11 11:48:24.000000000 +0200
+--- sudo-1.6.8p9/Makefile.in.selinux 2005-06-19 16:03:50.000000000 -0400
++++ sudo-1.6.8p9/Makefile.in 2005-10-14 17:31:09.000000000 -0400
@@ -43,7 +43,8 @@
# Libraries
LIBS = @LIBS@
@@ -83,35 +110,8 @@
install-noexec: sudo_noexec.la
$(LIBTOOL) --mode=install $(INSTALL) sudo_noexec.la $(DESTDIR)$(noexecdir)
---- sudo-1.6.8p9/sudo.man.in.selinux 2005-06-19 22:05:34.000000000 +0200
-+++ sudo-1.6.8p9/sudo.man.in 2005-10-11 11:48:24.000000000 +0200
-@@ -157,6 +157,7 @@
- \&\fBsudo\fR \fB\-K\fR | \fB\-L\fR | \fB\-V\fR | \fB\-h\fR | \fB\-k\fR | \fB\-l\fR | \fB\-v\fR
- .PP
- \&\fBsudo\fR [\fB\-HPSb\fR] [\fB\-a\fR\ \fIauth_type\fR] [\fB\-c\fR\ \fIclass\fR|\fI\-\fR]
-+[\fB\-r\fR \fIrole\fR ] [\fB\-t\fR \fItype\fR ]
- [\fB\-p\fR\ \fIprompt\fR] [\fB\-u\fR\ \fIusername\fR|\fI#uid\fR]
- {\fB\-e\fR\ file\ [...]\ |\ \fB\-i\fR\ |\ \fB\-s\fR\ |\ \fIcommand\fR}
- .PP
-@@ -235,6 +236,16 @@
- \&\fBsudo\fR will initialize the group vector to the list of groups the
- target user is in. The real and effective group IDs, however, are
- still set to match the target user.
-+.IP "\-r" 4
-+.IX Item "-r"
-+The \fB\-r\fR (\fRrole\fR) option causes the new (SELinux) security context to have the role specified by
-+\fIROLE\fR.
-+.IP "\-t" 4
-+.IX Item "-t"
-+The \fB\-t\fR (\fRtype\fR) option causes the new (SELinux) security context to have the have the type (domain)
-+specified by
-+\fITYPE\fR.
-+If no type is specified, the default type is derived from the specified role.
- .IP "\-S" 4
- .IX Item "-S"
- The \fB\-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from
---- sudo-1.6.8p9/configure.selinux 2004-11-26 21:04:30.000000000 +0100
-+++ sudo-1.6.8p9/configure 2005-10-11 11:48:24.000000000 +0200
+--- sudo-1.6.8p9/configure.selinux 2004-11-26 15:04:30.000000000 -0500
++++ sudo-1.6.8p9/configure 2005-10-14 17:31:09.000000000 -0400
@@ -1608,7 +1608,7 @@
insults=off
root_sudo=on
@@ -121,73 +121,9 @@
test -n "$MANTYPE" || MANTYPE="man"
test -n "$mansrcdir" || mansrcdir="."
test -n "$SUDOERS_MODE" || SUDOERS_MODE=0440
---- /dev/null 2005-10-07 17:17:17.781101976 +0200
-+++ sudo-1.6.8p9/sesh.c 2005-10-11 11:48:24.000000000 +0200
-@@ -0,0 +1,61 @@
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <unistd.h>
-+#include <limits.h>
-+#include <sys/types.h>
-+#include <sys/wait.h>
-+#include <errno.h>
-+
-+main (int argc, char **argv) {
-+ char buf[PATH_MAX];
-+ pid_t pid;
-+ if ( argc < 2 ) {
-+ fprintf(stderr,"%s: Requires at least one argument\n", argv[0]);
-+ exit(-1);
-+ }
-+
-+ if ((pid = fork()) < 0) {
-+ snprintf(buf, sizeof(buf), "%s: Couldn't fork",argv[0]);
-+ perror(buf);
-+ exit(-1);
-+ } else if (pid > 0) {
-+ /* Parent */
-+ int status;
-+ int ret;
-+
-+ while (1) {
-+ if ((ret = waitpid(pid, &status, WUNTRACED)) < 0 && errno == EINTR)
-+ continue;
-+ else if (ret < 0) {
-+ perror("waitpid failed");
-+ exit(1);
-+ }
-+
-+ if (!WIFSTOPPED(status))
-+ break;
-+
-+ /* Reset the handler in case it was inherited ignored,
-+ but the child reset it and stopped anyway. */
-+ signal(WSTOPSIG(status), SIG_DFL);
-+ raise(WSTOPSIG(status));
-+
-+ /* Now we stop until continued ourselves. */
-+ kill(getpgid(pid) == pid ? -pid : pid, SIGCONT);
-+ }
-+
-+ if (WIFEXITED(status))
-+ exit(WEXITSTATUS(status));
-+ else if (WIFSIGNALED(status))
-+ /* XXX print here like the shell would? */
-+ exit(128 + WTERMSIG(status));
-+ else
-+ exit(127); /* Should never happen. */
-+ } else {
-+ /* Child */
-+ execv(argv[1], &argv[1]);
-+
-+ snprintf(buf, sizeof(buf), "%s: Error execing %s", argv[0], argv[1]);
-+ perror(buf);
-+ exit(-1);
-+ }
-+}
---- sudo-1.6.8p9/sudo.c.selinux 2005-06-19 22:35:46.000000000 +0200
-+++ sudo-1.6.8p9/sudo.c 2005-10-11 12:25:52.000000000 +0200
-@@ -92,6 +92,17 @@
+--- sudo-1.6.8p9/sudo.c.selinux 2005-06-19 16:35:46.000000000 -0400
++++ sudo-1.6.8p9/sudo.c 2005-10-14 17:31:21.000000000 -0400
+@@ -92,6 +92,15 @@
#include "interfaces.h"
#include "version.h"
@@ -198,46 +134,16 @@
+#include <selinux/get_default_type.h>
+char *role_s = NULL; /* role spec'd by user in argv[] */
+char *type_s = NULL; /* type spec'd by user in argv[] */
-+security_context_t new_tty_context=NULL; /* security context to change to while running command*/
-+security_context_t tty_context=NULL; /* current security context of tty */
+#endif
+
#ifndef lint
static const char rcsid[] = "$Sudo: sudo.c,v 1.370 2004/08/24 18:01:13 millert Exp $";
#endif /* lint */
-@@ -141,7 +152,151 @@
+@@ -141,6 +150,130 @@
sigaction_t saved_sa_int, saved_sa_quit, saved_sa_tstp, saved_sa_chld;
void (*set_perms) __P((int));
+#ifdef WITH_SELINUX
-+security_context_t setup_tty_context(int fd, char *ttyn, security_context_t new_context) {
-+ security_context_t tty_context=NULL; /* current sid of tty */
-+
-+ tty_context = NULL;
-+ if (fgetfilecon(fd,&tty_context) <0 )
-+ fprintf(stderr, "Warning! Could not get current context for %s, not relabeling.\n", ttyn);
-+
-+#ifdef CANTSPELLGDB
-+ if (tty_context)
-+ printf("Your tty %s was labeled with context %s\n", ttyn, tty_context);
-+#endif
-+
-+ new_tty_context = NULL;
-+ if (tty_context && security_compute_relabel(new_context,tty_context,SECCLASS_CHR_FILE,&new_tty_context) < 0)
-+ fprintf(stderr, "Warning! Could not get new context for %s, not relabeling.\n", ttyn);
-+
-+#ifdef CANTSPELLGDB
-+ if (new_tty_context)
-+ printf("Relabeling tty %s to context %s\n", ttyn, new_tty_context);
-+#endif
-+
-+ if (new_tty_context) {
-+ if( fsetfilecon(fd,new_tty_context)!=0 ) {
-+ fprintf(stderr,"sudo: error: setfilecon on %s to %s",ttyn,new_tty_context);
-+ }
-+ }
-+ return tty_context;
-+}
+security_context_t get_exec_context(char *role_s, char *type_s) {
+
+ security_context_t old_context=NULL; /* our original securiy ID ("old_context") */
@@ -249,26 +155,20 @@
+ *
+ */
+
-+ security_context_t context_s; /* our security context as a string */
-+ int context_length;
-+ context_t context; /* manipulatable form of context_s */
++ context_t context; /* manipulatable form of new_context */
+
+
+ /*
-+ * Get the SID and context of the caller, and extract
++ * Get the context of the caller, and extract
+ * the username from the context. Don't rely on the Linux
+ * uid information - it isn't trustworthy.
+ */
+
-+ /* Put the caller's SID into `old_context'. */
+ if( 0!=(getprevcon(&old_context)) ) {
+ fprintf(stderr,"failed to get old_context.\n");
-+ exit(-1);
++ goto err;
+ }
+
-+#ifdef CANTSPELLGDB
-+ printf( "Your old context was %s\n", old_context );
-+#endif
+ /*
+ * Create a context structure so that we extract and modify
+ * components easily.
@@ -297,79 +197,80 @@
+ if( get_default_type(role_s,&type_s) )
+ {
+ fprintf(stderr,"Couldn't get default type.\n");
-+ exit(-1);
++ goto err;
+ }
-+#ifdef CANTSPELLGDB
-+ printf( "Your type will be %s.\n", type_s );
-+#endif
+ }
+
+ if( context_role_set(context,role_s)) {
+ fprintf(stderr,"failed to set new role %s\n",role_s);
-+ exit(-1);
++ goto err;
+ }
-+#ifdef CANTSPELLGDB
-+ printf("Your new role is %s\n",context_role_get(context));
-+#endif
+
+ /* If the user specified a new type on the command line (if `type_s' *
+ * is set), then replace the old type in `context' with this new type. */
+ if( type_s ) {
+ if( context_type_set(context,type_s)) {
+ fprintf(stderr,"failed to set new type %s\n",type_s);
-+ exit(-1);
++ goto err;
+ }
-+#ifdef CANTSPELLGDB
-+ printf("Your new type is %s\n",context_type_get(context));
-+#endif
+ } /* if user specified new type */
+
+ /* The second step in creating the new SID is to convert our modified *
+ * `context' structure back to a context string and then to a SID. */
+
-+ /* Make `context_s' point to a string version of the new `context'. */
++ /* Make `new_context' point to a string version of the new `context'. */
+ if( !(new_context=strdup(context_str(context)))) {
-+ fprintf(stderr,"failed to convert new context to string\n" );
++ fprintf(stderr,"failed to convert new context to string. out of memory\n" );
+ exit(-1);
+ }
+
+ } /* if user specified new role */
+ else {
-+ if (get_default_context(context_user_get(context),
-+ NULL,
-+ &new_context)) {
-+ fprintf(stderr,"failed to get default context\n" );
-+ exit(-1);
-+ }
++ int retval=0;
++ char *seuser=NULL;
++ char *level=NULL;
++ if (getseuserbyname(context_user_get(context), &seuser, &level) == 0) {
++ retval=get_default_context_with_level(seuser, level,
++ NULL,
++ &new_context);
++ free(seuser);
++ free(level);
++ if (retval) {
++ fprintf(stderr,"failed to get default context\n" );
++ goto err;
++ }
++ } else {
++ fprintf(stderr,"getseuserbyname failed\n" );
++ exit(-1);
++ }
+ }
-+ context_free(context);
-+ freecon(old_context);
-+
+ if (security_check_context(new_context) < 0) {
+ fprintf(stderr, "%s is not a valid context\n", new_context);
-+ exit(-1);
++ goto err;
+ }
+
++ context_free(context);
++ freecon(old_context);
++
+ return new_context;
++
++err:
++ if (old_context) {
++ context_free(context);
++ freecon(old_context);
++ }
++
++ if (security_getenforce()==1)
++ exit(-1);
++ else
++ return NULL;
++
+}
-
+#endif
+
int
main(argc, argv, envp)
- int argc;
-@@ -149,10 +304,10 @@
- char **envp;
- {
- int validated;
-- int fd;
- int cmnd_status;
- int sudo_mode;
- int pwflag;
-+ int fd;
- char **new_environ;
- sigaction_t sa;
- extern int printmatches;
-@@ -439,8 +594,44 @@
+@@ -439,8 +572,40 @@
#ifndef PROFILING
if (ISSET(sudo_mode, MODE_BACKGROUND) && fork() > 0)
exit(0);
@@ -380,16 +281,12 @@
+ int fd;
+ char *ttyn = NULL; /* tty path */
+ security_context_t new_context=NULL; /* our target security ID ("sid") */
-+ security_context_t chk_tty_context= NULL;
-+
+ new_context=get_exec_context(role_s,type_s);
-+#ifdef CANTSPELLGDB
-+ printf("Your new context is %s\n",new_context);
-+#endif
+
+ if (setexeccon(new_context) < 0) {
-+ fprintf(stderr, "Could not set exec context to %s.\n", new_context);
-+ exit(-1);
++ fprintf(stderr, "Could not set exec context to %s.\n", new_context);
++ if (security_getenforce()==1)
++ exit(-1);
+ }
+ freecon(new_context);
+ {
@@ -416,7 +313,7 @@
#else
exit(0);
#endif /* PROFILING */
-@@ -728,6 +919,30 @@
+@@ -728,6 +893,30 @@
NewArgv++;
break;
#endif
@@ -447,7 +344,7 @@
#ifdef HAVE_LOGIN_CAP_H
case 'c':
/* Must have an associated login class. */
-@@ -1113,6 +1328,9 @@
+@@ -1113,6 +1302,9 @@
#ifdef HAVE_BSD_AUTH_H
" [-a auth_type]",
#endif
@@ -457,3 +354,67 @@
#ifdef HAVE_LOGIN_CAP_H
" [-c class|-]",
#endif
+--- /dev/null 2005-10-14 14:26:47.001978750 -0400
++++ sudo-1.6.8p9/sesh.c 2005-10-14 17:31:09.000000000 -0400
+@@ -0,0 +1,61 @@
++#include <stdio.h>
++#include <stdlib.h>
++#include <unistd.h>
++#include <limits.h>
++#include <sys/types.h>
++#include <sys/wait.h>
++#include <errno.h>
++
++main (int argc, char **argv) {
++ char buf[PATH_MAX];
++ pid_t pid;
++ if ( argc < 2 ) {
++ fprintf(stderr,"%s: Requires at least one argument\n", argv[0]);
++ exit(-1);
++ }
++
++ if ((pid = fork()) < 0) {
++ snprintf(buf, sizeof(buf), "%s: Couldn't fork",argv[0]);
++ perror(buf);
++ exit(-1);
++ } else if (pid > 0) {
++ /* Parent */
++ int status;
++ int ret;
++
++ while (1) {
++ if ((ret = waitpid(pid, &status, WUNTRACED)) < 0 && errno == EINTR)
++ continue;
++ else if (ret < 0) {
++ perror("waitpid failed");
++ exit(1);
++ }
++
++ if (!WIFSTOPPED(status))
++ break;
++
++ /* Reset the handler in case it was inherited ignored,
++ but the child reset it and stopped anyway. */
++ signal(WSTOPSIG(status), SIG_DFL);
++ raise(WSTOPSIG(status));
++
++ /* Now we stop until continued ourselves. */
++ kill(getpgid(pid) == pid ? -pid : pid, SIGCONT);
++ }
++
++ if (WIFEXITED(status))
++ exit(WEXITSTATUS(status));
++ else if (WIFSIGNALED(status))
++ /* XXX print here like the shell would? */
++ exit(128 + WTERMSIG(status));
++ else
++ exit(127); /* Should never happen. */
++ } else {
++ /* Child */
++ execv(argv[1], &argv[1]);
++
++ snprintf(buf, sizeof(buf), "%s: Error execing %s", argv[0], argv[1]);
++ perror(buf);
++ exit(-1);
++ }
++}
Index: sudo.spec
===================================================================
RCS file: /cvs/dist/rpms/sudo/devel/sudo.spec,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -r1.33 -r1.34
--- sudo.spec 9 Dec 2005 22:43:21 -0000 1.33
+++ sudo.spec 23 Jan 2006 14:37:30 -0000 1.34
@@ -1,10 +1,7 @@
-%if %{?WITH_SELINUX:0}%{!?WITH_SELINUX:1}
-%define WITH_SELINUX 1
-%endif
Summary: Allows restricted root access for specified users.
Name: sudo
Version: 1.6.8p12
-Release: 1.1
+Release: 3
License: BSD
Group: Applications/System
Source: http://www.courtesan.com/sudo/dist/sudo-%{version}.tar.gz
@@ -12,11 +9,7 @@
BuildRoot: %{_tmppath}/%{name}-root
Requires: /etc/pam.d/system-auth, vim-minimal
BuildRequires: pam-devel, groff
-%if %{WITH_SELINUX}
-BuildRequires: libselinux-devel
-%endif
-Patch1: sudo-1.6.8p8-selinux.patch
# 154511 - sudo does not use limits.conf
Patch2: sudo-1.6.8p8-pam-sess.patch
# don't strip
@@ -35,11 +28,6 @@
%prep
%setup -q
-%if %{WITH_SELINUX}
-#SELinux
-%patch1 -p1 -b .selinux
-%endif
-
%patch2 -p1 -b .sess
%patch3 -p1 -b .strip
@@ -93,9 +81,6 @@
%attr(4111,root,root) %{_bindir}/sudo
%attr(4111,root,root) %{_bindir}/sudoedit
%attr(0755,root,root) %{_sbindir}/visudo
-%if %{WITH_SELINUX}
-%attr(0755,root,root) %{_sbindir}/sesh
-%endif
%{_libexecdir}/sudo_noexec.*
%{_mandir}/man5/sudoers.5*
%{_mandir}/man8/sudo.8*
@@ -107,6 +92,11 @@
/bin/chmod 0440 /etc/sudoers || :
%changelog
+* Mon Jan 23 2006 Dan Walsh <dwalsh at redhat.com> 1.6.8p12-3
+- Remove selinux patch. It has been decided that the SELinux patch for sudo is
+- no longer necessary. In tageted policy it had no effect. In strict/MLS policy
+- We require the person using sudo to execute newrole before using sudo.
+
* Fri Dec 09 2005 Jesse Keating <jkeating at redhat.com>
- rebuilt
More information about the fedora-cvs-commits
mailing list