diff --git a/.cvsignore b/.cvsignore index d497c72..b062bed 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,2 +1,2 @@ -sudo-1.6.9p4.tar.gz sudo-1.6.8p12-sudoers +sudo-1.6.9p12.tar.gz diff --git a/sources b/sources index 48eb9d9..033787a 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -5439d24b48db69d2b6b42e97b47fdfd6 sudo-1.6.9p4.tar.gz 3dad7cdd28925f9bdf387510961f8e9f sudo-1.6.8p12-sudoers +a5795c292e5c64dd9f7bcba8c1c712c9 sudo-1.6.9p12.tar.gz diff --git a/sudo-1.6.9p12-noPam.patch b/sudo-1.6.9p12-noPam.patch new file mode 100644 index 0000000..c57e171 --- /dev/null +++ b/sudo-1.6.9p12-noPam.patch @@ -0,0 +1,12 @@ +diff -up sudo-1.6.9p12/configure.in.noPam sudo-1.6.9p12/configure.in +--- sudo-1.6.9p12/configure.in.noPam 2008-02-05 13:52:07.000000000 +0100 ++++ sudo-1.6.9p12/configure.in 2008-02-05 13:52:25.000000000 +0100 +@@ -1842,7 +1842,7 @@ if test ${with_pam-"no"} != "no"; then + yes) AC_MSG_RESULT(yes) + ;; + no) AC_MSG_RESULT(no) +- AC_DEFINE(NO_PAM_SESSION) ++ AC_DEFINE([NO_PAM_SESSION], [], [PAM session support disabled]) + ;; + *) AC_MSG_RESULT(no) + AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval]) diff --git a/sudo-1.6.9p12-selinux.patch b/sudo-1.6.9p12-selinux.patch new file mode 100644 index 0000000..aecd865 --- /dev/null +++ b/sudo-1.6.9p12-selinux.patch @@ -0,0 +1,672 @@ +diff -up /dev/null sudo-1.6.9p12/sesh.c +--- /dev/null 2008-02-05 17:16:01.642928004 +0100 ++++ sudo-1.6.9p12/sesh.c 2008-02-06 13:06:50.000000000 +0100 +@@ -0,0 +1,46 @@ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++main (int argc, char **argv) { ++ char buf[PATH_MAX]; ++ pid_t pid; ++ if ( argc < 2 ) { ++ fprintf(stderr,"%s: Requires at least one argument\n", argv[0]); ++ exit(-1); ++ } ++ ++ if ((pid = fork()) < 0) { ++ snprintf(buf, sizeof(buf), "%s: Couldn't fork",argv[0]); ++ perror(buf); ++ exit(-1); ++ } else if (pid > 0) { ++ /* Parent */ ++ int status; ++ int ret; ++ ++ do { ++ if ((ret = waitpid(pid, &status, 0)) < 0 && errno == EINTR) ++ continue; ++ else if (ret < 0) { ++ perror("waitpid failed"); ++ exit(1); ++ } ++ } while (0); ++ ++ if (WIFEXITED(status)) ++ exit(WEXITSTATUS(status)); ++ else ++ exit(1); ++ } else { ++ /* Child */ ++ execv(argv[1], &argv[1]); ++ ++ snprintf(buf, sizeof(buf), "%s: Error execing %s", argv[0], argv[1]); ++ perror(buf); ++ exit(-1); ++ } ++} +diff -up sudo-1.6.9p12/configure.in.selinux sudo-1.6.9p12/configure.in +--- sudo-1.6.9p12/configure.in.selinux 2008-02-06 12:45:07.000000000 +0100 ++++ sudo-1.6.9p12/configure.in 2008-02-06 13:06:50.000000000 +0100 +@@ -102,7 +102,7 @@ dnl + dnl Initial values for Makefile variables listed above + dnl May be overridden by environment variables.. + dnl +-PROGS="sudo visudo" ++PROGS="sudo visudo sesh" + : ${MANTYPE='man'} + : ${mansrcdir='.'} + : ${SUDOERS_MODE='0440'} +diff -up /dev/null sudo-1.6.9p12/selinux.c +--- /dev/null 2008-02-05 17:16:01.642928004 +0100 ++++ sudo-1.6.9p12/selinux.c 2008-02-06 13:06:50.000000000 +0100 +@@ -0,0 +1,425 @@ ++/* ++ * Copyright (c) 2008 Dan Walsh ++ * ++ * Borrowed heavily from newrole source code ++ * Authors: ++ * Anthony Colatrella ++ * Tim Fraser ++ * Steve Grubb ++ * Darrel Goeddel ++ * Michael Thompson ++ * Dan Walsh ++ * ++ * Permission to use, copy, modify, and distribute this software for any ++ * purpose with or without fee is hereby granted, provided that the above ++ * copyright notice and this permission notice appear in all copies. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES ++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF ++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES ++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF ++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ++ * ++ */ ++#ifdef WITH_SELINUX ++#include ++#include ++#include ++#ifdef STDC_HEADERS ++# include ++# include ++#else ++# ifdef HAVE_STDLIB_H ++# include ++# endif ++#endif /* STDC_HEADERS */ ++#ifdef HAVE_STRING_H ++# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS) ++# include ++# endif ++# include ++#else ++# ifdef HAVE_STRINGS_H ++# include ++# endif ++#endif /* HAVE_STRING_H */ ++#ifdef HAVE_UNISTD_H ++# include ++#endif /* HAVE_UNISTD_H */ ++#include ++#include ++#include ++ ++#ifdef WITH_AUDIT ++#include ++#endif ++ ++#include "sudo.h" ++ ++#include ++ ++#ifdef USE_AUDIT ++#include ++#endif ++ ++#include /* for SECCLASS_CHR_FILE */ ++#include /* for is_selinux_enabled() */ ++#include /* for context-mangling functions */ ++#include ++#include ++ ++/** ++ * This function attempts to revert the relabeling done to the tty. ++ * fd - referencing the opened ttyn ++ * ttyn - name of tty to restore ++ * tty_context - original context of the tty ++ * new_tty_context - context tty was relabeled to ++ * ++ * Returns zero on success, non-zero otherwise ++ */ ++static int restore_tty_label(int fd, const char *ttyn, ++ security_context_t tty_context, ++ security_context_t new_tty_context) ++{ ++ int rc = 0; ++ security_context_t chk_tty_context = NULL; ++ ++ if (!ttyn) ++ goto skip_relabel; ++ ++ if (!new_tty_context) ++ goto skip_relabel; ++ ++ /* Verify that the tty still has the context set by newrole. */ ++ if ((rc = fgetfilecon(fd, &chk_tty_context)) < 0) { ++ fprintf(stderr, "Could not fgetfilecon %s.\n", ttyn); ++ goto skip_relabel; ++ } ++ ++ if ((rc = strcmp(chk_tty_context, new_tty_context))) { ++ fprintf(stderr, "%s changed labels.\n", ttyn); ++ goto skip_relabel; ++ } ++ ++ if ((rc = fsetfilecon(fd, tty_context)) < 0) ++ fprintf(stderr, ++ "Warning! Could not restore context for %s\n", ttyn); ++ skip_relabel: ++ freecon(chk_tty_context); ++ return rc; ++} ++ ++/** ++ * This function attempts to relabel the tty. If this function fails, then ++ * the fd is closed, the contexts are free'd and -1 is returned. On success, ++ * a valid fd is returned and tty_context and new_tty_context are set. ++ * ++ * This function will not fail if it can not relabel the tty when selinux is ++ * in permissive mode. ++ */ ++static int relabel_tty(const char *ttyn, security_context_t new_context, ++ security_context_t * tty_context, ++ security_context_t * new_tty_context) ++{ ++ int fd; ++ int enforcing = security_getenforce(); ++ security_context_t tty_con = NULL; ++ security_context_t new_tty_con = NULL; ++ ++ if (!ttyn) ++ return 0; ++ ++ if (enforcing < 0) { ++ fprintf(stderr, "Could not determine enforcing mode.\n"); ++ return -1; ++ } ++ ++ /* Re-open TTY descriptor */ ++ fd = open(ttyn, O_RDWR | O_NONBLOCK); ++ if (fd < 0) { ++ fprintf(stderr, "Error! Could not open %s.\n", ttyn); ++ return fd; ++ } ++ fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); ++ ++ if (fgetfilecon(fd, &tty_con) < 0) { ++ fprintf(stderr, "%s! Could not get current context " ++ "for %s, not relabeling tty.\n", ++ enforcing ? "Error" : "Warning", ttyn); ++ if (enforcing) ++ goto close_fd; ++ } ++ ++ if (tty_con && ++ (security_compute_relabel(new_context, tty_con, ++ SECCLASS_CHR_FILE, &new_tty_con) < 0)) { ++ fprintf(stderr, "%s! Could not get new context for %s, " ++ "not relabeling tty.\n", ++ enforcing ? "Error" : "Warning", ttyn); ++ if (enforcing) ++ goto close_fd; ++ } ++ ++ if (new_tty_con) ++ if (fsetfilecon(fd, new_tty_con) < 0) { ++ fprintf(stderr, ++ "%s! Could not set new context for %s\n", ++ enforcing ? "Error" : "Warning", ttyn); ++ freecon(new_tty_con); ++ new_tty_con = NULL; ++ if (enforcing) ++ goto close_fd; ++ } ++ ++ *tty_context = tty_con; ++ *new_tty_context = new_tty_con; ++ return fd; ++ ++ close_fd: ++ freecon(tty_con); ++ close(fd); ++ return -1; ++} ++ ++security_context_t get_exec_context(security_context_t old_context, char *role_s, char *type_s) { ++ ++ /* our target security ID ("sid") */ ++ security_context_t new_context=NULL; ++ ++ /* manipulatable form of context_s */ ++ context_t context; ++ ++ if( !role_s ) { ++ fprintf(stderr,"You must specify a role.\n"); ++ return NULL; ++ } ++ ++ ++ /* ++ * Get the SID and context of the caller, and extract ++ * the username from the context. Don't rely on the Linux ++ * uid information - it isn't trustworthy. ++ */ ++ ++ /* ++ * Create a context structure so that we extract and modify ++ * components easily. ++ */ ++ context=context_new(old_context); ++ ++ /* ++ * ++ * Step 3: Construct a new SID based on our old SID and the ++ * arguments specified on the command line. ++ * ++ */ ++ ++ /* The first step in constructing a new SID for the new shell we * ++ * plan to exec is to take our old context in `context' as a * ++ * starting point, and modify it according to the options the user * ++ * specified on the command line. */ ++ ++ /* If the user specified a new role on the command line (if `role_s' * ++ * is set), then replace the old role in `context' with this new role. */ ++ if( !type_s ) { ++ if( get_default_type(role_s,&type_s) ) ++ { ++ fprintf(stderr,"Couldn't get default type.\n"); ++ goto err; ++ } ++ } ++ ++ if( context_role_set(context,role_s)) { ++ fprintf(stderr,"failed to set new role %s\n",role_s); ++ goto err; ++ } ++ ++ /* If the user specified a new type on the command line (if `type_s' * ++ * is set), then replace the old type in `context' with this new type. */ ++ if( type_s ) { ++ if( context_type_set(context,type_s)) { ++ fprintf(stderr,"failed to set new type %s\n",type_s); ++ goto err; ++ } ++ } /* if user specified new type */ ++ ++ /* The second step in creating the new SID is to convert our modified * ++ * `context' structure back to a context string and then to a SID. */ ++ ++ /* Make `context_s' point to a string version of the new `context'. */ ++ if( !(new_context=strdup(context_str(context)))) { ++ fprintf(stderr,"failed to convert new context to string\n" ); ++ goto err; ++ } ++ ++ if (security_check_context(new_context) < 0) { ++ fprintf(stderr, "%s is not a valid context\n", new_context); ++ goto err; ++ } ++ ++#ifdef DEBUG ++ printf("Your new context is %s\n",new_context); ++#endif ++ ++ context_free(context); ++ return new_context; ++ ++ err: ++ context_free(context); ++ freecon(new_context); ++ return NULL; ++ ++} ++ ++void selinux_exec(char *role_s, char *type_s, char *safe_cmd, int NewArgc, char **NewArgv, char **environ){ ++ pid_t childPid = 0; ++ int ttyfd = -1; ++ /* our original securiy ID ("old_context") */ ++ security_context_t old_context=NULL; ++ ++ /* security context to change to while running command*/ ++ security_context_t new_tty_context=NULL; ++ /* current security context of tty */ ++ security_context_t tty_context=NULL; ++ ++ char *ttyn = NULL; /* tty path */ ++ ++ /* our target security ID ("sid") */ ++ security_context_t new_context=NULL; ++ /* Put the caller's SID into `old_context'. */ ++ if (getprevcon(&old_context)) { ++ fprintf(stderr,"failed to get old_context.\n"); ++ exit(-1); ++ } ++ ++#ifdef DEBUG ++ printf( "Your old context was %s\n", old_context ); ++#endif ++ new_context=get_exec_context(old_context, role_s,type_s); ++ if (! new_context) { ++ fprintf(stderr, "Could not set exec context to %s.\n", new_context); ++ exit(-1); ++ } ++ ++ ttyn = ttyname(STDIN_FILENO); ++ if (!ttyn || *ttyn == '\0') { ++ fprintf(stderr, ++ "Warning! Could not retrieve tty information.\n"); ++ } ++ ++ ttyfd = relabel_tty(ttyn, new_context, &tty_context, &new_tty_context); ++ if (ttyfd < 0) { ++ fprintf(stderr, "Could not setup tty context for %s.\n", new_context); ++ exit(-1); ++ } ++ ++#ifdef DEBUG ++ printf("Your old tty context is %s\n",tty_context); ++ printf("Your new tty context is %s\n",new_tty_context); ++#endif ++ ++ ++ childPid = fork(); ++ if (childPid < 0) { ++ /* fork failed, no child to worry about */ ++ int errsv = errno; ++ fprintf(stderr, "newrole: failure forking: %s", ++ strerror(errsv)); ++ if (restore_tty_label(ttyfd, ttyn, tty_context, new_tty_context)) ++ fprintf(stderr, "Unable to restore tty label...\n"); ++ if (close(ttyfd)) ++ fprintf(stderr, "Failed to close tty properly\n"); ++ goto err; ++ } else if (childPid) { ++ /* PARENT ++ * It doesn't make senes to exit early on errors at this point, ++ * since we are doing cleanup which needs to be done. ++ * We can exit with a bad rc though ++ */ ++ pid_t pid; ++ int exit_code = 0; ++ int status; ++ ++ do { ++ pid = wait(&status); ++ } while (pid < 0 && errno == EINTR); ++ ++ /* Preserve child exit status, unless there is another error. */ ++ if (WIFEXITED(status)) ++ exit_code = WEXITSTATUS(status); ++ ++ if (restore_tty_label(ttyfd, ttyn, tty_context, new_tty_context)) { ++ fprintf(stderr, "Unable to restore tty label...\n"); ++ exit_code = -1; ++ } ++ freecon(tty_context); ++ freecon(new_tty_context); ++ if (close(ttyfd)) { ++ fprintf(stderr, "Failed to close tty properly\n"); ++ exit_code = -1; ++ } ++ exit(exit_code); ++ } ++ /* CHILD */ ++ /* Close the tty and reopen descriptors 0 through 2 */ ++ if (ttyn) { ++ if (close(ttyfd) || close(0) || close(1) || close(2)) { ++ fprintf(stderr, "Could not close descriptors.\n"); ++ goto err; ++ } ++ ttyfd = open(ttyn, O_RDONLY | O_NONBLOCK); ++ if (ttyfd != 0) ++ goto err; ++ fcntl(ttyfd, F_SETFL, fcntl(ttyfd, F_GETFL, 0) & ~O_NONBLOCK); ++ ttyfd = open(ttyn, O_RDWR | O_NONBLOCK); ++ if (ttyfd != 1) ++ goto err; ++ fcntl(ttyfd, F_SETFL, fcntl(ttyfd, F_GETFL, 0) & ~O_NONBLOCK); ++ ttyfd = open(ttyn, O_RDWR | O_NONBLOCK); ++ if (ttyfd != 2) ++ goto err; ++ fcntl(ttyfd, F_SETFL, fcntl(ttyfd, F_GETFL, 0) & ~O_NONBLOCK); ++ } ++ if (setexeccon(new_context)) { ++ fprintf(stderr, "Could not set exec context to %s.\n", ++ new_context); ++ goto err; ++ } ++ ++#ifdef USE_AUDIT ++ if (send_audit_message(1, old_context, new_context, ttyn)) ++ goto err; ++#endif ++ ++ { ++ /* ++ SELinux will only not transition properly with the following ++ code. Basically if the user chooses to use a different security ++ context. We need to start the selinux shell, before executing ++ the command. This way the process transition will happen ++ correctly. For example if they user wants to run rpm from ++ sysadm_r. Sudo will exec the /usr/sbin/sesh followed by the ++ specified command.*/ ++ char **dst, **src = NewArgv+1; ++ NewArgv = (char **) emalloc2((++NewArgc + 1), sizeof(char *)); ++ NewArgv[0] = estrdup("/usr/sbin/sesh"); ++ NewArgv[1] = safe_cmd; ++ safe_cmd = estrdup("/usr/sbin/sesh"); ++ /* copy the args from Argv */ ++ for (dst = NewArgv + 2; (*dst = *src) != NULL; ++src, ++dst) ++ ; ++ } ++ freecon(old_context); ++ freecon(new_context); ++ ++ execve(safe_cmd, NewArgv, environ); /* run the command */ ++ ++ perror("failed to exec shell\n"); ++ err: ++ freecon(old_context); ++ freecon(new_context); ++ exit(-1); ++} ++#endif /* WITH_SELINUX */ +diff -up sudo-1.6.9p12/Makefile.in.selinux sudo-1.6.9p12/Makefile.in +--- sudo-1.6.9p12/Makefile.in.selinux 2008-02-06 12:45:07.000000000 +0100 ++++ sudo-1.6.9p12/Makefile.in 2008-02-06 13:08:50.000000000 +0100 +@@ -43,7 +43,8 @@ INSTALL = $(SHELL) $(srcdir)/install-sh + # Libraries + LIBS = @LIBS@ + NET_LIBS = @NET_LIBS@ +-SUDO_LIBS = @SUDO_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ $(LIBS) $(NET_LIBS) ++SELINUX_LIBS = -lselinux ++SUDO_LIBS = @SUDO_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ $(LIBS) $(NET_LIBS) $(SELINUX_LIBS) + + # C preprocessor flags + CPPFLAGS = -I. -I$(srcdir) @CPPFLAGS@ +@@ -91,7 +92,7 @@ sudoers_gid = @SUDOERS_GID@ + sudoers_mode = @SUDOERS_MODE@ + + # Pass in paths and uid/gid + OS dependent defined +-DEFS = @OSDEFS@ -D_PATH_SUDOERS=\"$(sudoersdir)/sudoers\" -D_PATH_SUDOERS_TMP=\"$(sudoersdir)/sudoers.tmp\" -DSUDOERS_UID=$(sudoers_uid) -DSUDOERS_GID=$(sudoers_gid) -DSUDOERS_MODE=$(sudoers_mode) ++DEFS = @OSDEFS@ -D_PATH_SUDOERS=\"$(sudoersdir)/sudoers\" -D_PATH_SUDOERS_TMP=\"$(sudoersdir)/sudoers.tmp\" -DSUDOERS_UID=$(sudoers_uid) -DSUDOERS_GID=$(sudoers_gid) -DSUDOERS_MODE=$(sudoers_mode) -DWITH_SELINUX + + #### End of system configuration section. #### + +@@ -105,7 +106,7 @@ SRCS = alloc.c alloca.c check.c closefro + logging.c memrchr.c mkstemp.c parse.c parse.lex parse.yacc set_perms.c \ + sigaction.c snprintf.c strcasecmp.c strerror.c strlcat.c strlcpy.c \ + sudo.c sudo_noexec.c sudo.tab.c sudo_edit.c testsudoers.c tgetpass.c \ +- utimes.c visudo.c zero_bytes.c $(AUTH_SRCS) ++ utimes.c visudo.c zero_bytes.c $(AUTH_SRCS) selinux.c sesh.c + + AUTH_SRCS = auth/afs.c auth/aix_auth.c auth/bsdauth.c auth/dce.c auth/fwtk.c \ + auth/kerb4.c auth/kerb5.c auth/pam.c auth/passwd.c auth/rfc1938.c \ +@@ -124,11 +125,13 @@ AUDIT_OBJS = audit_help.o + PARSEOBJS = sudo.tab.o lex.yy.o alloc.o defaults.o + + SUDOBJS = check.o env.o getspwuid.o gettime.o goodpath.o fileops.o find_path.o \ +- interfaces.o logging.o parse.o set_perms.o sudo.o sudo_edit.o \ ++ interfaces.o logging.o parse.o set_perms.o sudo.o selinux.o sudo_edit.o \ + tgetpass.o zero_bytes.o @SUDO_OBJS@ $(AUTH_OBJS) $(PARSEOBJS) $(AUDIT_OBJS) + + VISUDOBJS = visudo.o fileops.o gettime.o goodpath.o find_path.o $(PARSEOBJS) + ++SESH_OBJS = sesh.o ++ + TESTOBJS = interfaces.o testsudoers.o $(PARSEOBJS) + + LIBOBJS = @LIBOBJS@ @ALLOCA@ +@@ -149,7 +152,7 @@ DISTFILES = $(SRCS) $(HDRS) BUGS CHANGES + BINFILES= BUGS CHANGES HISTORY LICENSE README TROUBLESHOOTING \ + UPGRADE install-sh mkinstalldirs sample.syslog.conf sample.sudoers \ + sudo sudo.cat sudo.man sudo.pod sudoers sudoers.cat sudoers.man \ +- sudoers.pod visudo visudo.cat visudo.man visudo.pod ++ sudoers.pod visudo visudo.cat visudo.man visudo.pod sesh + + BINSPECIAL= INSTALL.binary Makefile.binary libtool + +@@ -181,6 +184,9 @@ sudo: $(SUDOBJS) $(LIBOBJS) + visudo: $(VISUDOBJS) $(LIBOBJS) + $(CC) -o $@ $(VISUDOBJS) $(LIBOBJS) $(LDFLAGS) $(LIBS) $(NET_LIBS) + ++sesh: $(SESH_OBJS) ++ $(CC) -o $@ $(SESH_OBJS) $(LDFLAGS) $(LIBS) ++ + testsudoers: $(TESTOBJS) $(LIBOBJS) + $(CC) -o $@ $(TESTOBJS) $(LIBOBJS) $(LDFLAGS) $(LIBS) $(NET_LIBS) + +@@ -222,6 +228,7 @@ logging.o: logging.c $(SUDODEP) + set_perms.o: set_perms.c $(SUDODEP) + tgetpass.o: tgetpass.c $(SUDODEP) + visudo.o: visudo.c $(SUDODEP) version.h ++sesh.o: sesh.c + sudo.o: sudo.c $(SUDODEP) interfaces.h version.h + interfaces.o: interfaces.c $(SUDODEP) interfaces.h + testsudoers.o: testsudoers.c $(SUDODEP) parse.h interfaces.h +@@ -320,6 +327,7 @@ install-binaries: $(PROGS) + ln $(DESTDIR)$(sudodir)/sudo $(DESTDIR)$(sudodir)/sudoedit + + $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s visudo $(DESTDIR)$(visudodir)/visudo ++ $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s sesh $(DESTDIR)$(visudodir)/sesh + + install-noexec: sudo_noexec.la + $(LIBTOOL) --mode=install $(INSTALL) sudo_noexec.la $(DESTDIR)$(noexecdir) +diff -up sudo-1.6.9p12/sudo.c.selinux sudo-1.6.9p12/sudo.c +--- sudo-1.6.9p12/sudo.c.selinux 2008-02-06 12:45:07.000000000 +0100 ++++ sudo-1.6.9p12/sudo.c 2008-02-06 13:06:50.000000000 +0100 +@@ -101,6 +101,14 @@ + #include + #endif + ++#ifdef WITH_SELINUX ++#include ++static char *role_s = NULL; /* role spec'd by user in argv[] */ ++static char *type_s = NULL; /* type spec'd by user in argv[] */ ++extern void selinux_exec(char *role_s, char *type_s, char *safe_cmnd, int NewArgc, char **NewArgv, char **environ); ++ ++#endif ++ + #include "sudo.h" + #include "interfaces.h" + #include "version.h" +@@ -487,6 +495,12 @@ main(argc, argv, envp) + if (ISSET(sudo_mode, MODE_BACKGROUND) && fork() > 0) + exit(0); + else { ++#ifdef WITH_SELINUX ++ if( is_selinux_enabled() >0 && role_s) { ++ selinux_exec(role_s, type_s, safe_cmnd, NewArgc, NewArgv, environ); /* run the command */ ++ exit(-1); ++ } ++#endif + execve(safe_cmnd, NewArgv, environ); + } + #else +@@ -817,6 +831,30 @@ parse_args(argc, argv) + NewArgv++; + break; + #endif ++#ifdef WITH_SELINUX ++ case 'r': ++ /* Must have an associated SELinux role. */ ++ if (NewArgv[1] == NULL) ++ usage(1); ++ ++ role_s = NewArgv[1]; ++ ++ /* Shift Argv over and adjust Argc. */ ++ NewArgc--; ++ NewArgv++; ++ break; ++ case 't': ++ /* Must have an associated SELinux type. */ ++ if (NewArgv[1] == NULL) ++ usage(1); ++ ++ type_s = NewArgv[1]; ++ ++ /* Shift Argv over and adjust Argc. */ ++ NewArgc--; ++ NewArgv++; ++ break; ++#endif + #ifdef HAVE_LOGIN_CAP_H + case 'c': + /* Must have an associated login class. */ +@@ -1318,6 +1356,9 @@ usage(exit_val) + #ifdef HAVE_BSD_AUTH_H + " [-a auth_type]", + #endif ++#ifdef WITH_SELINUX ++ " [-r role] [-t type] ", ++#endif + #ifdef HAVE_LOGIN_CAP_H + " [-c class|-]", + #endif +diff -up sudo-1.6.9p12/sudo.man.in.selinux sudo-1.6.9p12/sudo.man.in +--- sudo-1.6.9p12/sudo.man.in.selinux 2008-01-14 13:22:57.000000000 +0100 ++++ sudo-1.6.9p12/sudo.man.in 2008-02-06 13:06:50.000000000 +0100 +@@ -159,6 +159,7 @@ sudo, sudoedit \- execute a command as a + .PP + \&\fBsudo\fR [\fB\-bEHPS\fR] [\fB\-a\fR\ \fIauth_type\fR] + [\fB\-c\fR\ \fIclass\fR|\fI\-\fR] [\fB\-p\fR\ \fIprompt\fR] [\fB\-u\fR\ \fIusername\fR|\fI#uid\fR] ++[\fB\-r\fR \fIrole\fR ] [\fB\-t\fR \fItype\fR ] + [\fB\s-1VAR\s0\fR=\fIvalue\fR] {\fB\-i\fR\ |\ \fB\-s\fR\ |\ \fIcommand\fR} + .PP + \&\fBsudoedit\fR [\fB\-S\fR] [\fB\-a\fR\ \fIauth_type\fR] [\fB\-c\fR\ \fIclass\fR|\fI\-\fR] +@@ -323,6 +324,16 @@ preserve the invoking user's group vecto + \&\fBsudo\fR will initialize the group vector to the list of groups the + target user is in. The real and effective group IDs, however, are + still set to match the target user. ++.IP "\-r" 4 ++.IX Item "-r" ++The \fB\-r\fR (\fRrole\fR) option causes the new (SELinux) security context to have the role specified by ++\fIROLE\fR. ++.IP "\-t" 4 ++.IX Item "-t" ++The \fB\-t\fR (\fRtype\fR) option causes the new (SELinux) security context to have the have the type (domain) ++specified by ++\fITYPE\fR. ++If no type is specified, the default type is derived from the specified role. + .IP "\-p" 4 + .IX Item "-p" + The \fB\-p\fR (\fIprompt\fR) option allows you to override the default diff --git a/sudo-1.6.9p4-audit.patch b/sudo-1.6.9p4-audit.patch index 0459b55..158dee0 100644 --- a/sudo-1.6.9p4-audit.patch +++ b/sudo-1.6.9p4-audit.patch @@ -1,6 +1,6 @@ -diff -up sudo-1.6.9p4/set_perms.c.audit sudo-1.6.9p4/set_perms.c ---- sudo-1.6.9p4/set_perms.c.audit 2007-07-06 16:16:22.000000000 +0200 -+++ sudo-1.6.9p4/set_perms.c 2008-01-07 19:52:41.000000000 +0100 +diff -up sudo-1.6.9p12/set_perms.c.audit sudo-1.6.9p12/set_perms.c +--- sudo-1.6.9p12/set_perms.c.audit 2007-11-28 00:41:23.000000000 +0100 ++++ sudo-1.6.9p12/set_perms.c 2008-02-05 14:09:29.000000000 +0100 @@ -53,6 +53,10 @@ #ifdef HAVE_LOGIN_CAP_H # include @@ -12,61 +12,10 @@ diff -up sudo-1.6.9p4/set_perms.c.audit sudo-1.6.9p4/set_perms.c #include "sudo.h" -@@ -101,22 +105,55 @@ set_perms(perm) - if (setresuid(user_uid, user_uid, user_uid)) - err(1, "setresuid(user_uid, user_uid, user_uid)"); - break; -- -+ -+ case PERM_FULL_RUNAS: -+#if defined(WITH_AUDIT) && defined(HAVE_LIBCAP) -+ { /* BEGIN CAP BLOCK */ -+ cap_t new_caps; -+ cap_value_t cap_list[] = { CAP_AUDIT_WRITE }; -+ -+ if (runas_pw->pw_uid != ROOT_UID) { -+ new_caps = cap_init (); -+ if (!new_caps) -+ err(1, "Error initing capabilities, aborting.\n"); -+ -+ if(cap_set_flag(new_caps, CAP_PERMITTED, 1, cap_list, CAP_SET) || -+ cap_set_flag(new_caps, CAP_EFFECTIVE, 1, cap_list, CAP_SET)) { -+ err(1, "Error setting capabilities, aborting\n"); -+ } -+ -+ if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0)) -+ err(1, "Error setting KEEPCAPS, aborting\n"); -+ } -+#endif -+ /* headed for exec(), assume euid == ROOT_UID */ -+ runas_setup (); -+ if (setresuid(def_stay_setuid ? -+ user_uid : runas_pw->pw_uid, -+ runas_pw->pw_uid, runas_pw->pw_uid)) -+ err(1, "unable to change to runas uid"); -+ -+#if defined(WITH_AUDIT) && defined(HAVE_LIBCAP) -+ if (runas_pw->pw_uid != ROOT_UID) { -+ if (prctl(PR_SET_KEEPCAPS, 0, 0, 0, 0) < 0) -+ err(1, "Error resetting KEEPCAPS, aborting\n"); -+ -+ if (cap_set_proc(new_caps)) -+ err(1, "Error dropping capabilities, aborting\n"); -+ -+ if (cap_free (new_caps)) -+ err(1, "Error freeing caps\n"); -+ } -+ } /* END CAP BLOCK */ -+#endif -+ break; -+ - case PERM_RUNAS: - (void) setresgid(-1, runas_pw->pw_gid, -1); - if (setresuid(-1, runas_pw->pw_uid, -1)) - err(1, "unable to change to runas uid"); +@@ -119,13 +123,46 @@ set_perms(perm) break; -- case PERM_FULL_RUNAS: + case PERM_FULL_RUNAS: - /* headed for exec(), assume euid == ROOT_UID */ - runas_setup(); - if (setresuid(def_stay_setuid ? @@ -74,13 +23,52 @@ diff -up sudo-1.6.9p4/set_perms.c.audit sudo-1.6.9p4/set_perms.c - runas_pw->pw_uid, runas_pw->pw_uid)) - err(1, "unable to change to runas uid"); - break; -- ++#if defined(WITH_AUDIT) && defined(HAVE_LIBCAP) ++ { /* BEGIN CAP BLOCK */ ++ cap_t new_caps; ++ cap_value_t cap_list[] = { CAP_AUDIT_WRITE }; ++ ++ if (runas_pw->pw_uid != ROOT_UID) { ++ new_caps = cap_init (); ++ if (!new_caps) ++ err(1, "Error initing capabilities, aborting.\n"); ++ ++ if(cap_set_flag(new_caps, CAP_PERMITTED, 1, cap_list, CAP_SET) || ++ cap_set_flag(new_caps, CAP_EFFECTIVE, 1, cap_list, CAP_SET)) { ++ err(1, "Error setting capabilities, aborting\n"); ++ } ++ ++ if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0)) ++ err(1, "Error setting KEEPCAPS, aborting\n"); ++ } ++#endif ++ /* headed for exec(), assume euid == ROOT_UID */ ++ runas_setup (); ++ if (setresuid(def_stay_setuid ? ++ user_uid : runas_pw->pw_uid, ++ runas_pw->pw_uid, runas_pw->pw_uid)) ++ err(1, "unable to change to runas uid"); ++ ++#if defined(WITH_AUDIT) && defined(HAVE_LIBCAP) ++ if (runas_pw->pw_uid != ROOT_UID) { ++ if (prctl(PR_SET_KEEPCAPS, 0, 0, 0, 0) < 0) ++ err(1, "Error resetting KEEPCAPS, aborting\n"); ++ ++ if (cap_set_proc(new_caps)) ++ err(1, "Error dropping capabilities, aborting\n"); ++ ++ if (cap_free (new_caps)) ++ err(1, "Error freeing caps\n"); ++ } ++ } /* END CAP BLOCK */ ++#endif ++ break; + case PERM_SUDOERS: /* assume euid == ROOT_UID, ruid == user */ - if (setresgid(-1, SUDOERS_GID, -1)) -diff -up sudo-1.6.9p4/sudo.c.audit sudo-1.6.9p4/sudo.c ---- sudo-1.6.9p4/sudo.c.audit 2008-01-07 19:52:41.000000000 +0100 -+++ sudo-1.6.9p4/sudo.c 2008-01-07 19:52:41.000000000 +0100 +diff -up sudo-1.6.9p12/sudo.c.audit sudo-1.6.9p12/sudo.c +--- sudo-1.6.9p12/sudo.c.audit 2008-02-05 13:57:21.000000000 +0100 ++++ sudo-1.6.9p12/sudo.c 2008-02-05 13:57:21.000000000 +0100 @@ -97,6 +97,10 @@ # include #endif @@ -220,10 +208,10 @@ diff -up sudo-1.6.9p4/sudo.c.audit sudo-1.6.9p4/sudo.c warn("unable to execute %s", safe_cmnd); exit(127); } else if (ISSET(validated, FLAG_NO_USER) || (validated & FLAG_NO_HOST)) { -diff -up sudo-1.6.9p4/configure.in.audit sudo-1.6.9p4/configure.in ---- sudo-1.6.9p4/configure.in.audit 2008-01-07 19:52:41.000000000 +0100 -+++ sudo-1.6.9p4/configure.in 2008-01-07 19:52:41.000000000 +0100 -@@ -150,6 +150,10 @@ dnl +diff -up sudo-1.6.9p12/configure.in.audit sudo-1.6.9p12/configure.in +--- sudo-1.6.9p12/configure.in.audit 2008-02-05 13:57:21.000000000 +0100 ++++ sudo-1.6.9p12/configure.in 2008-02-05 13:57:21.000000000 +0100 +@@ -154,6 +154,10 @@ dnl dnl Options for --with dnl @@ -234,7 +222,7 @@ diff -up sudo-1.6.9p4/configure.in.audit sudo-1.6.9p4/configure.in AC_ARG_WITH(CC, [ --with-CC C compiler to use], [case $with_CC in yes) AC_MSG_ERROR(["must give --with-CC an argument."]) -@@ -1579,6 +1583,25 @@ dnl +@@ -1588,6 +1592,25 @@ dnl : ${mansectsu='8'} : ${mansectform='5'} @@ -260,9 +248,9 @@ diff -up sudo-1.6.9p4/configure.in.audit sudo-1.6.9p4/configure.in dnl dnl Add in any libpaths or libraries specified via configure dnl -diff -up /dev/null sudo-1.6.9p4/audit_help.c ---- /dev/null 2008-01-04 00:33:16.572612675 +0100 -+++ sudo-1.6.9p4/audit_help.c 2008-01-07 19:55:40.000000000 +0100 +diff -up /dev/null sudo-1.6.9p12/audit_help.c +--- /dev/null 2008-02-05 11:01:55.583821645 +0100 ++++ sudo-1.6.9p12/audit_help.c 2008-02-05 13:57:21.000000000 +0100 @@ -0,0 +1,88 @@ +/* + * Audit helper functions used throughout sudo @@ -352,10 +340,10 @@ diff -up /dev/null sudo-1.6.9p4/audit_help.c +#endif /* WITH_AUDIT */ + + -diff -up sudo-1.6.9p4/Makefile.in.audit sudo-1.6.9p4/Makefile.in ---- sudo-1.6.9p4/Makefile.in.audit 2007-08-15 16:16:57.000000000 +0200 -+++ sudo-1.6.9p4/Makefile.in 2008-01-07 19:52:41.000000000 +0100 -@@ -118,11 +118,13 @@ HDRS = compat.h def_data.h defaults.h in +diff -up sudo-1.6.9p12/Makefile.in.audit sudo-1.6.9p12/Makefile.in +--- sudo-1.6.9p12/Makefile.in.audit 2008-01-14 13:22:57.000000000 +0100 ++++ sudo-1.6.9p12/Makefile.in 2008-02-05 13:57:21.000000000 +0100 +@@ -119,11 +119,13 @@ HDRS = compat.h def_data.h defaults.h in AUTH_OBJS = sudo_auth.o @AUTH_OBJS@ @@ -370,7 +358,7 @@ diff -up sudo-1.6.9p4/Makefile.in.audit sudo-1.6.9p4/Makefile.in VISUDOBJS = visudo.o fileops.o gettime.o goodpath.o find_path.o $(PARSEOBJS) -@@ -273,6 +275,9 @@ securid5.o: $(authdir)/securid5.c $(AUTH +@@ -274,6 +276,9 @@ securid5.o: $(authdir)/securid5.c $(AUTH sia.o: $(authdir)/sia.c $(AUTHDEP) $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/sia.c @@ -380,9 +368,9 @@ diff -up sudo-1.6.9p4/Makefile.in.audit sudo-1.6.9p4/Makefile.in sudo.man.in: $(srcdir)/sudo.pod @rm -f $(srcdir)/$@ ( cd $(srcdir); mansectsu=`echo @MANSECTSU@|tr A-Z a-z`; mansectform=`echo @MANSECTFORM@|tr A-Z a-z`; sed -n -e 1d -e '/^=pod/q' -e 's/^/.\\" /p' sudo.pod > $@; pod2man --quotes=none --date="`date '+%B %e, %Y'`" --section=$$mansectsu --release=$(VERSION) --center="MAINTENANCE COMMANDS" sudo.pod | sed -e "s/(5)/($$mansectform)/" -e "s/(8)/($$mansectsu)/" >> $@ ) -diff -up sudo-1.6.9p4/sudo.h.audit sudo-1.6.9p4/sudo.h ---- sudo-1.6.9p4/sudo.h.audit 2008-01-07 19:52:41.000000000 +0100 -+++ sudo-1.6.9p4/sudo.h 2008-01-07 19:52:41.000000000 +0100 +diff -up sudo-1.6.9p12/sudo.h.audit sudo-1.6.9p12/sudo.h +--- sudo-1.6.9p12/sudo.h.audit 2008-02-05 13:57:21.000000000 +0100 ++++ sudo-1.6.9p12/sudo.h 2008-02-05 13:57:21.000000000 +0100 @@ -23,6 +23,8 @@ #ifndef _SUDO_SUDO_H #define _SUDO_SUDO_H @@ -392,7 +380,7 @@ diff -up sudo-1.6.9p4/sudo.h.audit sudo-1.6.9p4/sudo.h #include #include #include "compat.h" -@@ -274,4 +276,10 @@ extern int sudo_mode; +@@ -278,4 +280,10 @@ extern int sudo_mode; extern int errno; #endif diff --git a/sudo-1.6.9p4-autotoolsRecursion.patch b/sudo-1.6.9p4-autotoolsRecursion.patch deleted file mode 100644 index 09e862d..0000000 --- a/sudo-1.6.9p4-autotoolsRecursion.patch +++ /dev/null @@ -1,41 +0,0 @@ -diff -up sudo-1.6.9p4/acsite.m4.autotoolsRecursion sudo-1.6.9p4/acsite.m4 ---- sudo-1.6.9p4/acsite.m4.autotoolsRecursion 2007-08-27 12:33:37.000000000 +0400 -+++ sudo-1.6.9p4/acsite.m4 2007-08-27 12:33:52.000000000 +0400 -@@ -6319,19 +6319,32 @@ m4_define([lt_join], - ]) - - -+# lt_car(LIST) -+# lt_cdr(LIST) -+# ------------ -+# Manipulate m4 lists. -+# These macros are necessary as long as will still need to support -+# Autoconf-2.59 which quotes differently. -+m4_define([lt_car], [[$1]]) -+m4_define([lt_cdr], -+[m4_if([$#], 0, [m4_fatal([$0: cannot be called without arguments])], -+ [$#], 1, [], -+ [m4_dquote(m4_shift($@))])]) -+ -+ - # lt_combine(SEP, PREFIX-LIST, INFIX, SUFFIX1, [SUFFIX2...]) - # ---------------------------------------------------------- - # Produce a SEP delimited list of all paired combinations of elements of - # PREFIX-LIST with SUFFIX1 through SUFFIXn. Each element of the list - # has the form PREFIXmINFIXSUFFIXn. - m4_define([lt_combine], --[m4_if([$2], [[]], [], -- [lt_join(m4_quote(m4_default([$1], [, ])), -- _$0([$1], m4_car($2)[$3], m4_shiftn(3, $@)), -- $0([$1], m4_cdr($2), m4_shiftn(2, $@)))])]) -+[m4_if([$2], [], [], -+ [lt_join(m4_quote(m4_default([$1], [[, ]])), -+ _$0([$1], lt_car($2)[$3], m4_shiftn(3, $@)), -+ $0([$1], lt_cdr($2), m4_shiftn(2, $@)))])]) - m4_define([_lt_combine], - [m4_if([$3], [], [], -- [lt_join(m4_quote(m4_default([$1], [, ])), -+ [lt_join(m4_quote(m4_default([$1], [[, ]])), - [$2$3], - $0([$1], [$2], m4_shiftn(3, $@)))])[]dnl - ]) diff --git a/sudo-1.6.9p4-getprpwnam.patch b/sudo-1.6.9p4-getprpwnam.patch deleted file mode 100644 index f99b6d9..0000000 --- a/sudo-1.6.9p4-getprpwnam.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up sudo-1.6.9p4/configure.in.getprpwnam sudo-1.6.9p4/configure.in ---- sudo-1.6.9p4/configure.in.getprpwnam 2007-08-27 13:24:54.000000000 +0400 -+++ sudo-1.6.9p4/configure.in 2007-08-27 13:25:48.000000000 +0400 -@@ -1975,7 +1975,7 @@ if test "$CHECKSHADOW" = "true"; then - AC_CHECK_FUNCS(getspnam, [CHECKSHADOW="false"], [AC_CHECK_LIB(gen, getspnam, AC_DEFINE(HAVE_GETSPNAM) [SUDO_LIBS="${SUDO_LIBS} -lgen"; LIBS="${LIBS} -lgen"])]) - fi - if test "$CHECKSHADOW" = "true"; then -- AC_CHECK_FUNC(getprpwnam, [AC_DEFINE(HAVE_GETPRPWNAM) [CHECKSHADOW="false"; SECUREWARE=1], AC_CHECK_LIB(sec, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) [CHECKSHADOW="false"; SECUREWARE=1; SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"], AC_CHECK_LIB(security, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) [CHECKSHADOW="false"; SECUREWARE=1; SUDO_LIBS="${SUDO_LIBS} -lsecurity"; LIBS="${LIBS} -lsecurity"], AC_CHECK_LIB(prot, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) [CHECKSHADOW="false"; SECUREWARE=1; SUDO_LIBS="${SUDO_LIBS} -lprot"; LIBS="${LIBS} -lprot"])))]) -+ AC_CHECK_FUNC(getprpwnam, [AC_DEFINE(HAVE_GETPRPWNAM) CHECKSHADOW="false"; SECUREWARE=1], [AC_CHECK_LIB(sec, getprpwnam, [AC_DEFINE(HAVE_GETPRPWNAM) CHECKSHADOW="false"; SECUREWARE=1; SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"], [AC_CHECK_LIB(security, getprpwnam, [AC_DEFINE(HAVE_GETPRPWNAM) CHECKSHADOW="false"; SECUREWARE=1; SUDO_LIBS="${SUDO_LIBS} -lsecurity"; LIBS="${LIBS} -lsecurity"], [AC_CHECK_LIB(prot, getprpwnam, [AC_DEFINE(HAVE_GETPRPWNAM) CHECKSHADOW="false"; SECUREWARE=1; SUDO_LIBS="${SUDO_LIBS} -lprot"; LIBS="${LIBS} -lprot"])])])]) - fi - if test -n "$SECUREWARE"; then - AC_CHECK_FUNCS(bigcrypt set_auth_parameters initprivs) diff --git a/sudo.spec b/sudo.spec index c29eea1..5525b39 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,7 +1,7 @@ Summary: Allows restricted root access for specified users Name: sudo -Version: 1.6.9p4 -Release: 6%{?dist} +Version: 1.6.9p12 +Release: 1%{?dist} License: BSD Group: Applications/System URL: http://www.courtesan.com/sudo/ @@ -24,9 +24,9 @@ Patch1: sudo-1.6.7p5-strip.patch Patch2: sudo-1.6.9p4-login.patch # the rest, see changelog Patch3: sudo-1.6.9p4-getgrouplist.patch -Patch4: sudo-1.6.9p4-autotoolsRecursion.patch -Patch5: sudo-1.6.9p4-getprpwnam.patch -Patch6: sudo-1.6.9p4-audit.patch +Patch4: sudo-1.6.9p12-noPam.patch +Patch5: sudo-1.6.9p4-audit.patch +Patch6: sudo-1.6.9p12-selinux.patch %description Sudo (superuser do) allows a system administrator to give certain @@ -44,9 +44,9 @@ on many different machines. %patch1 -p1 -b .strip %patch2 -p1 -b .login %patch3 -p1 -b .getgrouplist -%patch4 -p1 -b .autotoolsRecursion -%patch5 -p1 -b .getprpwnam -%patch6 -p1 -b .audit +%patch4 -p1 -b .noPam +%patch5 -p1 -b .audit +%patch6 -p1 -b .selinux autoreconf @@ -128,6 +128,10 @@ rm -rf $RPM_BUILD_ROOT /bin/chmod 0440 /etc/sudoers || : %changelog +* Wed Feb 06 2008 Peter Vrabec 1.6.9p12-1 +- upgrade to the latest upstream release +- add selinux support + * Mon Feb 02 2008 Dennis Gilmore 1.6.9p4-6 - sparc64 needs to be in the -fPIE list with s390