[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

rpms/sudo/FC-4 sudo-1.6.8p8-safecmd.patch, NONE, 1.1 sudo.spec, 1.24, 1.25



Author: kzak

Update of /cvs/dist/rpms/sudo/FC-4
In directory cvs.devel.redhat.com:/tmp/cvs-serv27330

Modified Files:
	sudo.spec 
Added Files:
	sudo-1.6.8p8-safecmd.patch 
Log Message:
- fix #161116 - CAN-2005-1993 sudo trusted user arbitrary command execution

sudo-1.6.8p8-safecmd.patch:
 ldap.c     |    2 --
 parse.yacc |    4 ----
 sudo.c     |   10 ++--------
 sudo.tab.c |   44 ++++++++++++++++++++------------------------
 4 files changed, 22 insertions(+), 38 deletions(-)

--- NEW FILE sudo-1.6.8p8-safecmd.patch ---
--- sudo-1.6.8p8/sudo.tab.c.safecmd	2004-08-11 20:29:36.000000000 +0200
+++ sudo-1.6.8p8/sudo.tab.c	2005-06-21 11:13:19.051592608 +0200
@@ -674,7 +674,7 @@
 short *yysslim;
 YYSTYPE *yyvs;
 int yystacksize;
-#line 890 "parse.yacc"
+#line 886 "parse.yacc"
 
 #define MOREALIASES (32)
 aliasinfo *aliases = NULL;
@@ -1740,14 +1740,10 @@
 			    }
 
 			    yyval.BOOLEAN = TRUE;
-
-			    if (safe_cmnd)
-				free(safe_cmnd);
-			    safe_cmnd = estrdup(user_cmnd);
 			}
 break;
 case 61:
-#line 684 "parse.yacc"
+#line 680 "parse.yacc"
 {
 			    aliasinfo *aip;
 
@@ -1779,7 +1775,7 @@
 			}
 break;
 case 62:
-#line 713 "parse.yacc"
+#line 709 "parse.yacc"
 {
 			    if (printmatches == TRUE) {
 				if (in_alias == TRUE) {
@@ -1807,11 +1803,11 @@
 			}
 break;
 case 65:
-#line 744 "parse.yacc"
+#line 740 "parse.yacc"
 { push; }
 break;
 case 66:
-#line 744 "parse.yacc"
+#line 740 "parse.yacc"
 {
 			    if ((MATCHED(host_matches) || pedantic) &&
 				!add_alias(yyvsp[-3].string, HOST_ALIAS, host_matches)) {
@@ -1822,7 +1818,7 @@
 			}
 break;
 case 71:
-#line 762 "parse.yacc"
+#line 758 "parse.yacc"
 {
 			    push;
 			    if (printmatches == TRUE) {
@@ -1835,7 +1831,7 @@
 			}
 break;
 case 72:
-#line 771 "parse.yacc"
+#line 767 "parse.yacc"
 {
 			    if ((MATCHED(cmnd_matches) || pedantic) &&
 				!add_alias(yyvsp[-3].string, CMND_ALIAS, cmnd_matches)) {
@@ -1850,11 +1846,11 @@
 			}
 break;
 case 73:
-#line 785 "parse.yacc"
+#line 781 "parse.yacc"
 { ; }
 break;
 case 77:
-#line 793 "parse.yacc"
+#line 789 "parse.yacc"
 {
 			    if (printmatches == TRUE) {
 				in_alias = TRUE;
@@ -1866,7 +1862,7 @@
 			}
 break;
 case 78:
-#line 801 "parse.yacc"
+#line 797 "parse.yacc"
 {
 			    if ((yyvsp[0].BOOLEAN != NOMATCH || pedantic) &&
 				!add_alias(yyvsp[-3].string, RUNAS_ALIAS, yyvsp[0].BOOLEAN)) {
@@ -1880,11 +1876,11 @@
 			}
 break;
 case 81:
-#line 818 "parse.yacc"
+#line 814 "parse.yacc"
 { push; }
 break;
 case 82:
-#line 818 "parse.yacc"
+#line 814 "parse.yacc"
 {
 			    if ((MATCHED(user_matches) || pedantic) &&
 				!add_alias(yyvsp[-3].string, USER_ALIAS, user_matches)) {
@@ -1896,19 +1892,19 @@
 			}
 break;
 case 85:
-#line 833 "parse.yacc"
+#line 829 "parse.yacc"
 {
 			    SETMATCH(user_matches, yyvsp[0].BOOLEAN);
 			}
 break;
 case 86:
-#line 836 "parse.yacc"
+#line 832 "parse.yacc"
 {
 			    SETNMATCH(user_matches, yyvsp[0].BOOLEAN);
 			}
 break;
 case 87:
-#line 841 "parse.yacc"
+#line 837 "parse.yacc"
 {
 			    if (userpw_matches(yyvsp[0].string, user_name, sudo_user.pw))
 				yyval.BOOLEAN = TRUE;
@@ -1918,7 +1914,7 @@
 			}
 break;
 case 88:
-#line 848 "parse.yacc"
+#line 844 "parse.yacc"
 {
 			    if (usergr_matches(yyvsp[0].string, user_name, sudo_user.pw))
 				yyval.BOOLEAN = TRUE;
@@ -1928,7 +1924,7 @@
 			}
 break;
 case 89:
-#line 855 "parse.yacc"
+#line 851 "parse.yacc"
 {
 			    if (netgr_matches(yyvsp[0].string, NULL, NULL, user_name))
 				yyval.BOOLEAN = TRUE;
@@ -1938,7 +1934,7 @@
 			}
 break;
 case 90:
-#line 862 "parse.yacc"
+#line 858 "parse.yacc"
 {
 			    aliasinfo *aip = find_alias(yyvsp[0].string, USER_ALIAS);
 
@@ -1963,12 +1959,12 @@
 			}
 break;
 case 91:
-#line 884 "parse.yacc"
+#line 880 "parse.yacc"
 {
 			    yyval.BOOLEAN = TRUE;
 			}
 break;
-#line 1920 "sudo.tab.c"
+#line 1916 "sudo.tab.c"
     }
     yyssp -= yym;
     yystate = *yyssp;
--- sudo-1.6.8p8/parse.yacc.safecmd	2004-08-11 20:29:10.000000000 +0200
+++ sudo-1.6.8p8/parse.yacc	2005-06-21 11:13:19.045593520 +0200
@@ -676,10 +676,6 @@
 			    }
 
 			    $$ = TRUE;
-
-			    if (safe_cmnd)
-				free(safe_cmnd);
-			    safe_cmnd = estrdup(user_cmnd);
 			}
 		|	ALIAS {
 			    aliasinfo *aip;
--- sudo-1.6.8p8/ldap.c.safecmd	2004-12-01 04:28:46.000000000 +0100
+++ sudo-1.6.8p8/ldap.c	2005-06-21 11:13:19.043593824 +0200
@@ -278,8 +278,6 @@
     /* Match against ALL ? */
     if (!strcasecmp(*p,"ALL")) {
       ret=1;
-      if (safe_cmnd) free (safe_cmnd);
-      safe_cmnd=estrdup(user_cmnd);
       if (ldap_conf.debug>1) printf(" MATCH!\n");
       continue;
     }
--- sudo-1.6.8p8/sudo.c.safecmd	2005-06-21 11:13:14.683256696 +0200
+++ sudo-1.6.8p8/sudo.c	2005-06-21 11:13:19.049592912 +0200
@@ -429,6 +429,8 @@
 	/* Validate the user but don't search for pseudo-commands. */
 	validated = sudoers_lookup(pwflag);
     }
+    if (safe_cmnd == NULL)
+	safe_cmnd = user_cmnd;
 
     /*
      * If we are using set_perms_posix() and the stay_setuid flag was not set,
@@ -545,14 +547,6 @@
 	    exit(0);
 	}
 
-	/* This *must* have been set if we got a match but... */
-	if (safe_cmnd == NULL) {
-	    log_error(MSG_ONLY,
-		"internal error, safe_cmnd never got set for %s; %s",
-		user_cmnd,
-		"please report this error at http://courtesan.com/sudo/bugs/";);
-	}
-
 	/* Override user's umask if configured to do so. */
 	if (def_umask != 0777)
 	    (void) umask(def_umask);


Index: sudo.spec
===================================================================
RCS file: /cvs/dist/rpms/sudo/FC-4/sudo.spec,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- sudo.spec	15 Jun 2005 17:15:54 -0000	1.24
+++ sudo.spec	21 Jun 2005 09:11:07 -0000	1.25
@@ -4,7 +4,7 @@
 Summary: Allows restricted root access for specified users.
 Name: sudo
 Version: 1.6.8p8
-Release: 2.1
+Release: 2.2
 License: BSD
 Group: Applications/System
 Source: http://www.courtesan.com/sudo/dist/sudo-%{version}.tar.gz
@@ -19,6 +19,8 @@
 
 # 154511 – sudo does not use limits.conf
 Patch2: sudo-1.6.8p8-pam-sess.patch
+# 161116 - CAN-2005-1993 sudo trusted user arbitrary command execution
+Patch3: sudo-1.6.8p8-safecmd.patch
 
 %description
 Sudo (superuser do) allows a system administrator to give certain
@@ -39,6 +41,7 @@
 %endif
 
 %patch2 -p1 -b .sess
+%patch3 -p1 -b .safecmd
 
 %build
 %ifarch s390 s390x
@@ -105,6 +108,9 @@
 /bin/chmod 0440 /etc/sudoers || :
 
 %changelog
+* Tue Jun 21 2005 Karel Zak <kzak redhat com> 1.6.8p8-2.2
+- fix #161116 - CAN-2005-1993 sudo trusted user arbitrary command execution
+
 * Tue May 24 2005 Karel Zak <kzak redhat com> 1.6.8p8-2.1
 - fix #154511 – sudo does not use limits.conf
 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]