rpms
/
sudo
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import sudo-1.8.29-5.el8

This commit is contained in:
CentOS Sources 2020-04-28 05:34:17 -04:00 committed by Andrew Lukoshko
parent c6383df712
commit d3ad6b3add
21 changed files with 713 additions and 2125 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/sudo-1.8.25p1.tar.gz
SOURCES/sudo-1.8.29.tar.gz

2
.sudo.metadata
View File

@ -1 +1 @@
dc49b91ffbd9cd5e1d1eaaf001c42f71f869f377 SOURCES/sudo-1.8.25p1.tar.gz
fdce342856f1803478eb549479190370001dca95 SOURCES/sudo-1.8.29.tar.gz

70
SOURCES/sudo-1.8.23-fix-double-quote-parsing-for-Defaults-values.patch
View File

@ -1,70 +0,0 @@
diff -up sudo-1.8.23/plugins/sudoers/regress/sudoers/test2.json.ok.defaults-double-quote-fix sudo-1.8.23/plugins/sudoers/regress/sudoers/test2.json.ok
--- sudo-1.8.23/plugins/sudoers/regress/sudoers/test2.json.ok.defaults-double-quote-fix 2018-09-24 18:10:37.235000000 +0200
+++ sudo-1.8.23/plugins/sudoers/regress/sudoers/test2.json.ok 2018-09-24 18:11:40.153000000 +0200
@@ -34,7 +34,7 @@
},
{
"Binding": [
- { "username": "%them" }
+ { "usergroup": "them" }
],
"Options": [
{ "set_home": true }
@@ -42,7 +42,7 @@
},
{
"Binding": [
- { "username": "%: non UNIX 0 c" }
+ { "nonunixgroup": " non UNIX 0 c" }
],
"Options": [
{ "set_home": true }
@@ -50,7 +50,7 @@
},
{
"Binding": [
- { "username": "+net" }
+ { "netgroup": "net" }
],
"Options": [
{ "set_home": true }
diff -up sudo-1.8.23/plugins/sudoers/regress/sudoers/test2.toke.ok.defaults-double-quote-fix sudo-1.8.23/plugins/sudoers/regress/sudoers/test2.toke.ok
--- sudo-1.8.23/plugins/sudoers/regress/sudoers/test2.toke.ok.defaults-double-quote-fix 2018-09-24 18:10:25.216000000 +0200
+++ sudo-1.8.23/plugins/sudoers/regress/sudoers/test2.toke.ok 2018-09-24 18:11:45.213000000 +0200
@@ -29,9 +29,9 @@ DEFAULTS_HOST BEGINSTR STRBODY ENDSTR WO
#
DEFAULTS_USER BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR
DEFAULTS_USER BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR
-DEFAULTS_USER BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR
-DEFAULTS_USER BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR
-DEFAULTS_USER BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR
+DEFAULTS_USER BEGINSTR STRBODY ENDSTR USERGROUP DEFVAR
+DEFAULTS_USER BEGINSTR STRBODY ENDSTR USERGROUP DEFVAR
+DEFAULTS_USER BEGINSTR STRBODY ENDSTR NETGROUP DEFVAR
#
DEFAULTS_RUNAS BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR
diff -up sudo-1.8.23/plugins/sudoers/toke.c.defaults-double-quote-fix sudo-1.8.23/plugins/sudoers/toke.c
--- sudo-1.8.23/plugins/sudoers/toke.c.defaults-double-quote-fix 2018-04-29 21:59:23.000000000 +0200
+++ sudo-1.8.23/plugins/sudoers/toke.c 2018-09-24 18:06:15.527000000 +0200
@@ -2395,7 +2395,7 @@ YY_RULE_SETUP
LEXTRACE("ERROR "); /* empty string */
LEXRETURN(ERROR);
}
- if (prev_state == INITIAL) {
+ if (prev_state == INITIAL || prev_state == GOTDEFS) {
switch (sudoerslval.string[0]) {
case '%':
if (sudoerslval.string[1] == '\0' ||
diff -up sudo-1.8.23/plugins/sudoers/toke.l.defaults-double-quote-fix sudo-1.8.23/plugins/sudoers/toke.l
--- sudo-1.8.23/plugins/sudoers/toke.l.defaults-double-quote-fix 2018-04-29 21:59:23.000000000 +0200
+++ sudo-1.8.23/plugins/sudoers/toke.l 2018-09-24 18:06:15.528000000 +0200
@@ -187,7 +187,7 @@ DEFVAR [a-z_]+
LEXTRACE("ERROR "); /* empty string */
LEXRETURN(ERROR);
}
- if (prev_state == INITIAL) {
+ if (prev_state == INITIAL || prev_state == GOTDEFS) {
switch (sudoerslval.string[0]) {
case '%':
if (sudoerslval.string[1] == '\0' ||

27
SOURCES/sudo-1.8.23-ldapsearchuidfix.patch
View File

@ -1,27 +0,0 @@
diff -up sudo-1.8.23/plugins/sudoers/ldap.c.ldapsearchuidfix sudo-1.8.23/plugins/sudoers/ldap.c
--- sudo-1.8.23/plugins/sudoers/ldap.c.ldapsearchuidfix 2018-04-29 21:59:31.000000000 +0200
+++ sudo-1.8.23/plugins/sudoers/ldap.c 2018-06-18 08:34:01.202686941 +0200
@@ -1189,8 +1189,8 @@ sudo_ldap_build_pass1(LDAP *ld, struct p
if (ldap_conf.search_filter)
sz += strlen(ldap_conf.search_filter);
- /* Then add (|(sudoUser=USERNAME)(sudoUser=ALL)) + NUL */
- sz += 29 + sudo_ldap_value_len(pw->pw_name);
+ /* Then add (|(sudoUser=USERNAME)(sudoUser=#uid)(sudoUser=ALL)) + NUL */
+ sz += 29 + (12 + MAX_UID_T_LEN) + sudo_ldap_value_len(pw->pw_name);
/* Add space for primary and supplementary groups and gids */
if ((grp = sudo_getgrgid(pw->pw_gid)) != NULL) {
@@ -1253,6 +1253,12 @@ sudo_ldap_build_pass1(LDAP *ld, struct p
CHECK_LDAP_VCAT(buf, pw->pw_name, sz);
CHECK_STRLCAT(buf, ")", sz);
+ /* Append user uid */
+ (void) snprintf(gidbuf, sizeof(gidbuf), "%u", (unsigned int)pw->pw_uid);
+ (void) strlcat(buf, "(sudoUser=#", sz);
+ (void) strlcat(buf, gidbuf, sz);
+ (void) strlcat(buf, ")", sz);
+
/* Append primary group and gid */
if (grp != NULL) {
CHECK_STRLCAT(buf, "(sudoUser=%", sz);

52
SOURCES/sudo-1.8.23-legacy-group-processing.patch
View File

@ -1,7 +1,7 @@
diff -up ./plugins/sudoers/cvtsudoers.c.legacy-processing ./plugins/sudoers/cvtsudoers.c
--- ./plugins/sudoers/cvtsudoers.c.legacy-processing 2018-09-26 12:27:13.087680204 +0200
+++ ./plugins/sudoers/cvtsudoers.c 2018-09-26 12:30:59.222466620 +0200
@@ -321,6 +321,15 @@ main(int argc, char *argv[])
--- ./plugins/sudoers/cvtsudoers.c.legacy-processing 2019-10-28 13:28:52.000000000 +0100
+++ ./plugins/sudoers/cvtsudoers.c 2019-10-30 13:32:43.309480623 +0100
@@ -347,6 +347,15 @@ main(int argc, char *argv[])
sudo_fatalx("error: unhandled input %d", input_format);
}
@ -18,9 +18,9 @@ diff -up ./plugins/sudoers/cvtsudoers.c.legacy-processing ./plugins/sudoers/cvts
filter_userspecs(&parsed_policy, conf);
filter_defaults(&parsed_policy, conf);
diff -up ./plugins/sudoers/defaults.c.legacy-processing ./plugins/sudoers/defaults.c
--- ./plugins/sudoers/defaults.c.legacy-processing 2018-09-02 14:30:08.000000000 +0200
+++ ./plugins/sudoers/defaults.c 2018-09-26 12:27:13.087680204 +0200
@@ -86,6 +86,7 @@ static struct early_default early_defaul
--- ./plugins/sudoers/defaults.c.legacy-processing 2019-10-28 13:28:52.000000000 +0100
+++ ./plugins/sudoers/defaults.c 2019-10-30 13:32:43.309480623 +0100
@@ -93,6 +93,7 @@ static struct early_default early_defaul
{ I_FQDN },
#endif
{ I_MATCH_GROUP_BY_GID },
@ -28,7 +28,7 @@ diff -up ./plugins/sudoers/defaults.c.legacy-processing ./plugins/sudoers/defaul
{ I_GROUP_PLUGIN },
{ I_RUNAS_DEFAULT },
{ I_SUDOERS_LOCALE },
@@ -487,6 +488,8 @@ init_defaults(void)
@@ -494,6 +495,8 @@ init_defaults(void)
}
/* First initialize the flags. */
@ -38,10 +38,10 @@ diff -up ./plugins/sudoers/defaults.c.legacy-processing ./plugins/sudoers/defaul
def_long_otp_prompt = true;
#endif
diff -up ./plugins/sudoers/def_data.c.legacy-processing ./plugins/sudoers/def_data.c
--- ./plugins/sudoers/def_data.c.legacy-processing 2018-08-18 16:10:15.000000000 +0200
+++ ./plugins/sudoers/def_data.c 2018-09-26 12:27:13.087680204 +0200
@@ -494,6 +494,10 @@ struct sudo_defs_types sudo_defs_table[]
N_("Ignore case when matching group names"),
--- ./plugins/sudoers/def_data.c.legacy-processing 2019-10-30 13:32:43.309480623 +0100
+++ ./plugins/sudoers/def_data.c 2019-10-30 13:37:25.914602825 +0100
@@ -506,6 +506,10 @@ struct sudo_defs_types sudo_defs_table[]
N_("Log when a command is denied by sudoers"),
NULL,
}, {
+ "legacy_group_processing", T_FLAG,
@ -52,31 +52,31 @@ diff -up ./plugins/sudoers/def_data.c.legacy-processing ./plugins/sudoers/def_da
}
};
diff -up ./plugins/sudoers/def_data.h.legacy-processing ./plugins/sudoers/def_data.h
--- ./plugins/sudoers/def_data.h.legacy-processing 2018-08-18 16:10:15.000000000 +0200
+++ ./plugins/sudoers/def_data.h 2018-09-26 12:27:13.087680204 +0200
@@ -226,6 +226,8 @@
#define def_case_insensitive_user (sudo_defs_table[I_CASE_INSENSITIVE_USER].sd_un.flag)
#define I_CASE_INSENSITIVE_GROUP 113
#define def_case_insensitive_group (sudo_defs_table[I_CASE_INSENSITIVE_GROUP].sd_un.flag)
+#define I_LEGACY_GROUP_PROCESSING 114
--- ./plugins/sudoers/def_data.h.legacy-processing 2019-10-30 13:32:43.310480638 +0100
+++ ./plugins/sudoers/def_data.h 2019-10-30 13:40:59.651713757 +0100
@@ -232,6 +232,8 @@
#define def_log_allowed (sudo_defs_table[I_LOG_ALLOWED].sd_un.flag)
#define I_LOG_DENIED 116
#define def_log_denied (sudo_defs_table[I_LOG_DENIED].sd_un.flag)
+#define I_LEGACY_GROUP_PROCESSING 117
+#define def_legacy_group_processing (sudo_defs_table[I_LEGACY_GROUP_PROCESSING].sd_un.flag)
enum def_tuple {
never,
diff -up ./plugins/sudoers/def_data.in.legacy-processing ./plugins/sudoers/def_data.in
--- ./plugins/sudoers/def_data.in.legacy-processing 2018-08-18 16:10:15.000000000 +0200
+++ ./plugins/sudoers/def_data.in 2018-09-26 12:27:13.088680212 +0200
@@ -357,3 +357,6 @@ case_insensitive_user
case_insensitive_group
--- ./plugins/sudoers/def_data.in.legacy-processing 2019-10-30 13:32:43.310480638 +0100
+++ ./plugins/sudoers/def_data.in 2019-10-30 13:42:20.915896239 +0100
@@ -366,3 +366,6 @@ log_allowed
log_denied
T_FLAG
"Ignore case when matching group names"
"Log when a command is denied by sudoers"
+legacy_group_processing
+ T_FLAG
+ "Don't pre-resolve all group names"
diff -up ./plugins/sudoers/sudoers.c.legacy-processing ./plugins/sudoers/sudoers.c
--- ./plugins/sudoers/sudoers.c.legacy-processing 2018-08-18 16:10:25.000000000 +0200
+++ ./plugins/sudoers/sudoers.c 2018-09-26 12:27:13.088680212 +0200
@@ -212,6 +212,10 @@ sudoers_policy_init(void *info, char * c
--- ./plugins/sudoers/sudoers.c.legacy-processing 2019-10-28 13:28:53.000000000 +0100
+++ ./plugins/sudoers/sudoers.c 2019-10-30 13:32:43.310480638 +0100
@@ -221,6 +221,10 @@ sudoers_policy_init(void *info, char * c
if (set_loginclass(runas_pw ? runas_pw : sudo_user.pw))
ret = true;

39
SOURCES/sudo-1.8.23-nowaitopt.patch
View File

@ -1,7 +1,7 @@
diff -up sudo-1.8.23/plugins/sudoers/def_data.c.nowaitopt sudo-1.8.23/plugins/sudoers/def_data.c
--- sudo-1.8.23/plugins/sudoers/def_data.c.nowaitopt 2018-06-18 09:36:34.249307795 +0200
+++ sudo-1.8.23/plugins/sudoers/def_data.c 2018-06-18 09:43:12.122986032 +0200
@@ -498,6 +498,10 @@ struct sudo_defs_types sudo_defs_table[]
diff -up ./plugins/sudoers/def_data.c.nowait ./plugins/sudoers/def_data.c
--- ./plugins/sudoers/def_data.c.nowait 2019-10-30 13:43:48.376168944 +0100
+++ ./plugins/sudoers/def_data.c 2019-10-30 13:43:48.378168973 +0100
@@ -510,6 +510,10 @@ struct sudo_defs_types sudo_defs_table[]
N_("Don't pre-resolve all group names"),
NULL,
}, {
@ -12,33 +12,32 @@ diff -up sudo-1.8.23/plugins/sudoers/def_data.c.nowaitopt sudo-1.8.23/plugins/su
NULL, 0, NULL
}
};
diff -up sudo-1.8.23/plugins/sudoers/def_data.h.nowaitopt sudo-1.8.23/plugins/sudoers/def_data.h
--- sudo-1.8.23/plugins/sudoers/def_data.h.nowaitopt 2018-06-18 09:36:34.250307792 +0200
+++ sudo-1.8.23/plugins/sudoers/def_data.h 2018-06-18 09:43:44.541878327 +0200
@@ -228,6 +228,8 @@
#define def_case_insensitive_group (sudo_defs_table[I_CASE_INSENSITIVE_GROUP].sd_un.flag)
#define I_LEGACY_GROUP_PROCESSING 114
diff -up ./plugins/sudoers/def_data.h.nowait ./plugins/sudoers/def_data.h
--- ./plugins/sudoers/def_data.h.nowait 2019-10-30 13:43:48.378168973 +0100
+++ ./plugins/sudoers/def_data.h 2019-10-30 13:45:38.425770365 +0100
@@ -234,6 +234,8 @@
#define def_log_denied (sudo_defs_table[I_LOG_DENIED].sd_un.flag)
#define I_LEGACY_GROUP_PROCESSING 117
#define def_legacy_group_processing (sudo_defs_table[I_LEGACY_GROUP_PROCESSING].sd_un.flag)
+#define I_CMND_NO_WAIT 115
+#define I_CMND_NO_WAIT 118
+#define def_cmnd_no_wait (sudo_defs_table[I_CMND_NO_WAIT].sd_un.flag)
enum def_tuple {
never,
diff -up sudo-1.8.23/plugins/sudoers/def_data.in.nowaitopt sudo-1.8.23/plugins/sudoers/def_data.in
--- sudo-1.8.23/plugins/sudoers/def_data.in.nowaitopt 2018-06-18 09:36:34.250307792 +0200
+++ sudo-1.8.23/plugins/sudoers/def_data.in 2018-06-18 09:45:00.076627403 +0200
@@ -360,3 +360,6 @@ case_insensitive_group
diff -up ./plugins/sudoers/def_data.in.nowait ./plugins/sudoers/def_data.in
--- ./plugins/sudoers/def_data.in.nowait 2019-10-30 13:43:48.376168944 +0100
+++ ./plugins/sudoers/def_data.in 2019-10-30 13:43:48.379168987 +0100
@@ -369,3 +369,6 @@ log_denied
legacy_group_processing
T_FLAG
"Don't pre-resolve all group names"
+cmnd_no_wait
+ T_FLAG
+ "Don't fork and wait for the command to finish, just exec it"
diff -up sudo-1.8.23/plugins/sudoers/policy.c.nowaitopt sudo-1.8.23/plugins/sudoers/policy.c
diff -up sudo-1.8.23/plugins/sudoers/sudoers.c.nowaitopt sudo-1.8.23/plugins/sudoers/sudoers.c
--- sudo-1.8.23/plugins/sudoers/sudoers.c.nowaitopt 2018-06-18 11:31:51.883751328 +0200
+++ sudo-1.8.23/plugins/sudoers/sudoers.c 2018-06-18 11:31:03.670899166 +0200
@@ -213,6 +213,20 @@ sudoers_policy_init(void *info, char * c
diff -up ./plugins/sudoers/sudoers.c.nowait ./plugins/sudoers/sudoers.c
--- ./plugins/sudoers/sudoers.c.nowait 2019-10-30 13:43:48.376168944 +0100
+++ ./plugins/sudoers/sudoers.c 2019-10-30 13:43:48.379168987 +0100
@@ -225,6 +225,20 @@ sudoers_policy_init(void *info, char * c
def_match_group_by_gid = false;
def_legacy_group_processing = false;
}

103
SOURCES/sudo-1.8.23-pam-expired-passwords.patch
View File

@ -1,103 +0,0 @@
# HG changeset patch
# User Todd C. Miller <Todd.Miller@sudo.ws>
# Date 1544201494 25200
# Node ID 656aa910fbaf0be517e012c9271c51eb85c1cca5
# Parent ef83f35c9cb090a8b4fd36942f1e47e65c285dce
The fix for bug #843 was incomplete and caused pam_end() to be called early.
sudo_pam_approval() must not set the global pam status to an error
value if it returns AUTH_SUCCESS. Otherwise, sudo_pam_cleanup()
will call pam_end() before sudo_pam_begin_session(). This resulted
in a NULL PAM handle being used in sudo_pam_begin_session().
diff -r ef83f35c9cb0 -r 656aa910fbaf plugins/sudoers/auth/pam.c
--- a/plugins/sudoers/auth/pam.c Wed Dec 05 10:43:14 2018 -0700
+++ b/plugins/sudoers/auth/pam.c Fri Dec 07 09:51:34 2018 -0700
@@ -210,59 +210,68 @@
sudo_pam_approval(struct passwd *pw, sudo_auth *auth, bool exempt)
{
const char *s;
+ int rc, status = AUTH_SUCCESS;
int *pam_status = (int *) auth->data;
debug_decl(sudo_pam_approval, SUDOERS_DEBUG_AUTH)
- *pam_status = pam_acct_mgmt(pamh, PAM_SILENT);
- switch (*pam_status) {
+ rc = pam_acct_mgmt(pamh, PAM_SILENT);
+ switch (rc) {
case PAM_SUCCESS:
- debug_return_int(AUTH_SUCCESS);
+ break;
case PAM_AUTH_ERR:
log_warningx(0, N_("account validation failure, "
"is your account locked?"));
- debug_return_int(AUTH_FATAL);
+ status = AUTH_FATAL;
+ break;
case PAM_NEW_AUTHTOK_REQD:
/* Ignore if user is exempt from password restrictions. */
if (exempt)
- debug_return_int(AUTH_SUCCESS);
+ break;
/* New password required, try to change it. */
log_warningx(0, N_("Account or password is "
"expired, reset your password and try again"));
- *pam_status = pam_chauthtok(pamh,
- PAM_CHANGE_EXPIRED_AUTHTOK);
- if (*pam_status == PAM_SUCCESS)
- debug_return_int(AUTH_SUCCESS);
- if ((s = pam_strerror(pamh, *pam_status)) == NULL)
+ rc = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
+ if (rc == PAM_SUCCESS)
+ break;
+ if ((s = pam_strerror(pamh, rc)) == NULL)
s = "unknown error";
log_warningx(0,
N_("unable to change expired password: %s"), s);
- debug_return_int(AUTH_FAILURE);
+ status = AUTH_FAILURE;
+ break;
case PAM_AUTHTOK_EXPIRED:
/* Ignore if user is exempt from password restrictions. */
if (exempt)
- debug_return_int(AUTH_SUCCESS);
+ break;
/* Password expired, cannot be updated by user. */
log_warningx(0,
N_("Password expired, contact your system administrator"));
- debug_return_int(AUTH_FATAL);
+ status = AUTH_FATAL;
+ break;
case PAM_ACCT_EXPIRED:
log_warningx(0,
N_("Account expired or PAM config lacks an \"account\" "
"section for sudo, contact your system administrator"));
- debug_return_int(AUTH_FATAL);
+ status = AUTH_FATAL;
+ break;
case PAM_AUTHINFO_UNAVAIL:
case PAM_MAXTRIES:
case PAM_PERM_DENIED:
- s = pam_strerror(pamh, *pam_status);
+ s = pam_strerror(pamh, rc);
log_warningx(0, N_("PAM account management error: %s"),
s ? s : "unknown error");
- debug_return_int(AUTH_FAILURE);
+ status = AUTH_FAILURE;
+ break;
default:
- s = pam_strerror(pamh, *pam_status);
+ s = pam_strerror(pamh, rc);
log_warningx(0, N_("PAM account management error: %s"),
s ? s : "unknown error");
- debug_return_int(AUTH_FATAL);
+ status = AUTH_FATAL;
+ break;
}
+ /* Ignore errors if user is exempt from password restrictions. */
+ *pam_status = exempt ? PAM_SUCCESS : rc;
+ debug_return_int(status);
}
int

56
SOURCES/sudo-1.8.23-who-am-i.patch
View File

@ -1,56 +0,0 @@
commit b2f7983c84fd01e0b29895d7df776b4b162fd8a5
Author: Todd C. Miller <Todd.Miller@sudo.ws>
Date: Wed Jan 2 07:39:33 2019 -0700
Fix setting of utmp entry when running command in a pty.
Regression introduced in sudo 1.8.22.
diff --git a/src/exec_pty.c b/src/exec_pty.c
index cbcccca3..68312a98 100644
--- a/src/exec_pty.c
+++ b/src/exec_pty.c
@@ -140,7 +140,7 @@ pty_cleanup(void)
* and slavename globals.
*/
static bool
-pty_setup(uid_t uid, const char *tty)
+pty_setup(struct command_details *details, const char *tty)
{
debug_decl(pty_setup, SUDO_DEBUG_EXEC);
@@ -152,12 +152,15 @@ pty_setup(uid_t uid, const char *tty)
}
if (!get_pty(&io_fds[SFD_MASTER], &io_fds[SFD_SLAVE],
- slavename, sizeof(slavename), uid))
+ slavename, sizeof(slavename), details->euid))
sudo_fatal(U_("unable to allocate pty"));
/* Add entry to utmp/utmpx? */
- if (utmp_user != NULL)
+ if (ISSET(details->flags, CD_SET_UTMP)) {
+ utmp_user =
+ details->utmp_user ? details->utmp_user : user_details.username;
utmp_login(tty, slavename, io_fds[SFD_SLAVE], utmp_user);
+ }
sudo_debug_printf(SUDO_DEBUG_INFO,
"%s: %s fd %d, pty master fd %d, pty slave fd %d",
@@ -1302,12 +1305,11 @@ exec_pty(struct command_details *details, struct command_status *cstat)
/*
* Allocate a pty.
*/
- if (pty_setup(details->euid, user_details.tty)) {
- if (ISSET(details->flags, CD_SET_UTMP))
- utmp_user = details->utmp_user ? details->utmp_user : user_details.username;
- } else if (TAILQ_EMPTY(&io_plugins)) {
- /* Not logging I/O and didn't allocate a pty. */
- debug_return_bool(false);
+ if (!pty_setup(details, user_details.tty)) {
+ if (TAILQ_EMPTY(&io_plugins)) {
+ /* Not logging I/O and didn't allocate a pty. */
+ debug_return_bool(false);
+ }
}
/*

25
SOURCES/sudo-1.8.25-c-option-help.patch
View File

@ -1,25 +0,0 @@
From 142b370c1f928549db3b357a495d151c7cd87f65 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Tue, 11 Dec 2018 09:05:04 -0700
Subject: [PATCH 2/4] The -c option was missing from the help info; from
Radovan Sroka
---
plugins/sudoers/cvtsudoers.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/plugins/sudoers/cvtsudoers.c b/plugins/sudoers/cvtsudoers.c
index 795936c1..0221314b 100644
--- a/plugins/sudoers/cvtsudoers.c
+++ b/plugins/sudoers/cvtsudoers.c
@@ -1315,6 +1315,7 @@ help(void)
usage(0);
(void) puts(_("\nOptions:\n"
" -b, --base=dn the base DN for sudo LDAP queries\n"
+ " -c, --config=conf_file the path to the configuration file\n"
" -d, --defaults=deftypes only convert Defaults of the specified types\n"
" -e, --expand-aliases expand aliases when converting\n"
" -f, --output-format=format set output format: JSON, LDIF or sudoers\n"
--
2.17.2

1063
SOURCES/sudo-1.8.25-ipa-hostname.patch
View File

File diff suppressed because it is too large Load Diff

65
SOURCES/sudo-1.8.25-ldap-backend-parsing-1.patch
View File

@ -1,65 +0,0 @@
From e1a402f1d65f4f107a40237bc19384e43b334546 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Tue, 16 Oct 2018 12:49:34 -0600
Subject: [PATCH] sudo_ldap_parse_option() never returns '=' as the operator.
When parsing command_timeout, role, type, privs and limitprivs, check that
val is non-NULL instead. Found by PVS Studio.
---
plugins/sudoers/ldap_util.c | 37 ++++++++++++++-----------------------
1 file changed, 14 insertions(+), 23 deletions(-)
diff --git a/plugins/sudoers/ldap_util.c b/plugins/sudoers/ldap_util.c
index d9be95a61..fecb7a6c5 100644
--- a/plugins/sudoers/ldap_util.c
+++ b/plugins/sudoers/ldap_util.c
@@ -405,32 +405,23 @@ sudo_ldap_role_to_priv(const char *cn, void *hosts, void *runasusers,
int op;
op = sudo_ldap_parse_option(opt, &var, &val);
- if (strcmp(var, "command_timeout") == 0) {
- if (op == '=')
- cmndspec->timeout = parse_timeout(val);
+ if (strcmp(var, "command_timeout") == 0 && val != NULL) {
+ cmndspec->timeout = parse_timeout(val);
#ifdef HAVE_SELINUX
- } else if (strcmp(var, "role") == 0) {
- if (op == '=') {
- if ((cmndspec->role = strdup(val)) == NULL)
- goto oom;
- }
- } else if (strcmp(var, "type") == 0) {
- if (op == '=') {
- if ((cmndspec->type = strdup(val)) == NULL)
- goto oom;
- }
+ } else if (strcmp(var, "role") == 0 && val != NULL) {
+ if ((cmndspec->role = strdup(val)) == NULL)
+ goto oom;
+ } else if (strcmp(var, "type") == 0 && val != NULL) {
+ if ((cmndspec->type = strdup(val)) == NULL)
+ goto oom;
#endif /* HAVE_SELINUX */
#ifdef HAVE_PRIV_SET
- } else if (strcmp(var, "privs") == 0) {
- if (op == '=') {
- if ((cmndspec->privs = strdup(val)) == NULL)
- goto oom;
- }
- } else if (strcmp(var, "limitprivs") == 0) {
- if (op == '=') {
- if ((cmndspec->limitprivs = strdup(val)) == NULL)
- goto oom;
- }
+ } else if (strcmp(var, "privs") == 0 && val != NULL) {
+ if ((cmndspec->privs = strdup(val)) == NULL)
+ goto oom;
+ } else if (strcmp(var, "limitprivs") == 0 && val != NULL) {
+ if ((cmndspec->limitprivs = strdup(val)) == NULL)
+ goto oom;
#endif /* HAVE_PRIV_SET */
} else if (store_options) {
if (!sudo_ldap_add_default(var, val, op, source,
--
2.21.0

57
SOURCES/sudo-1.8.25-ldap-backend-parsing-2.patch
View File

@ -1,57 +0,0 @@
From 60f0d65e22ba93988229453eb013728e47e5f84e Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Wed, 17 Oct 2018 06:57:06 -0600
Subject: [PATCH] Fix expected test output now that command_timeout is parsed
correctly in LDIF.
---
.../regress/sudoers/test17.ldif2sudo.ok | 20 +++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/plugins/sudoers/regress/sudoers/test17.ldif2sudo.ok b/plugins/sudoers/regress/sudoers/test17.ldif2sudo.ok
index 6bc2a36ed..608f52fc4 100644
--- a/plugins/sudoers/regress/sudoers/test17.ldif2sudo.ok
+++ b/plugins/sudoers/regress/sudoers/test17.ldif2sudo.ok
@@ -1,29 +1,29 @@
Defaults command_timeout=2d8h10m59s
# sudoRole user0
-user0 ALL = /usr/bin/id, /usr/bin/who, /bin/ls
+user0 ALL = TIMEOUT=619830 /usr/bin/id, /usr/bin/who, /bin/ls
# sudoRole user1
-user1 ALL = /usr/bin/id
+user1 ALL = TIMEOUT=619830 /usr/bin/id
# sudoRole user2
-user2 ALL = /usr/bin/id
+user2 ALL = TIMEOUT=15030 /usr/bin/id
# sudoRole user3
-user3 ALL = /usr/bin/id
+user3 ALL = TIMEOUT=630 /usr/bin/id
# sudoRole user4
-user4 ALL = /usr/bin/id
+user4 ALL = TIMEOUT=1209600 /usr/bin/id
# sudoRole user5
-user5 ALL = /usr/bin/id
+user5 ALL = TIMEOUT=300 /usr/bin/id
# sudoRole user6
-user6 ALL = /usr/bin/id
+user6 ALL = TIMEOUT=30 /usr/bin/id
# sudoRole user7
-user7 ALL = /usr/bin/id
+user7 ALL = TIMEOUT=45 /usr/bin/id
# sudoRole user8
-user8 ALL = /usr/bin/id, /usr/bin/id, /usr/bin/id, /usr/bin/id, /usr/bin/id,\
- /usr/bin/id
+user8 ALL = TIMEOUT=619830 /usr/bin/id, /usr/bin/id, /usr/bin/id, /usr/bin/id,\
+ /usr/bin/id, /usr/bin/id
--
2.21.0

27
SOURCES/sudo-1.8.25-sudoreplay-missing-options-help.patch
View File

@ -1,27 +0,0 @@
diff -up ./plugins/sudoers/sudoreplay.c.sudoreplay-help ./plugins/sudoers/sudoreplay.c
--- ./plugins/sudoers/sudoreplay.c.sudoreplay-help 2018-12-11 18:12:56.715098760 +0100
+++ ./plugins/sudoers/sudoreplay.c 2018-12-11 18:18:34.345184173 +0100
@@ -1582,13 +1582,16 @@ help(void)
(void) printf(_("%s - replay sudo session logs\n\n"), getprogname());
usage(0);
(void) puts(_("\nOptions:\n"
- " -d, --directory=dir specify directory for session logs\n"
- " -f, --filter=filter specify which I/O type(s) to display\n"
- " -h, --help display help message and exit\n"
- " -l, --list list available session IDs, with optional expression\n"
- " -m, --max-wait=num max number of seconds to wait between events\n"
- " -s, --speed=num speed up or slow down output\n"
- " -V, --version display version information and exit"));
+ " -d, --directory=dir specify directory for session logs\n"
+ " -f, --filter=filter specify which I/O type(s) to display\n"
+ " -h, --help display help message and exit\n"
+ " -l, --list list available session IDs, with optional expression\n"
+ " -m, --max-wait=num max number of seconds to wait between events\n"
+ " -n, --non-interactive no prompts, session is sent to the standard output\n"
+ " -R, --no-resize do not attempt to re-size the terminal\n"
+ " -S, --suspend-wait wait while the command was suspended\n"
+ " -s, --speed=num speed up or slow down output\n"
+ " -V, --version display version information and exit"));
exit(0);
}

80
SOURCES/sudo-1.8.25-typos-manpages.patch
View File

@ -1,80 +0,0 @@
From 04a4b3c1fcc1526ff1ea73597a1764cb160d400b Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Tue, 11 Dec 2018 09:02:30 -0700
Subject: [PATCH 1/4] Fix some typos; reported by Radovan Sroka
---
doc/cvtsudoers.cat | 6 +++---
doc/cvtsudoers.man.in | 6 +++---
doc/cvtsudoers.mdoc.in | 6 +++---
3 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/doc/cvtsudoers.cat b/doc/cvtsudoers.cat
index 61bf3a28..9c1ef140 100644
--- a/doc/cvtsudoers.cat
+++ b/doc/cvtsudoers.cat
@@ -24,7 +24,7 @@ DDEESSCCRRIIPPTTIIOONN
--bb _d_n, ----bbaassee=_d_n
The base DN (distinguished name) that will be used when
performing LDAP queries. Typically this is of the form
- ou=SUDOers,dc=-mydomain,dc=com for the domain my-domain.com.
+ ou=SUDOers,dc=my-domain,dc=com for the domain my-domain.com.
If this option is not specified, the value of the
SUDOERS_BASE environment variable will be used instead. Only
necessary when converting to LDIF format.
@@ -60,7 +60,7 @@ DDEESSCCRRIIPPTTIIOONN
Expand aliases in _i_n_p_u_t___f_i_l_e. Aliases are preserved by
default when the output _f_o_r_m_a_t is JSON or sudoers.
- --ff _o_u_t_p_u_t___f_o_r_m_a_t, ----ffoorrmmaatt=_o_u_t_p_u_t___f_o_r_m_a_t
+ --ff _o_u_t_p_u_t___f_o_r_m_a_t, ----oouuttppuutt--ffoorrmmaatt=_o_u_t_p_u_t___f_o_r_m_a_t
Specify the output format (case-insensitive). The following
formats are supported:
diff --git a/doc/cvtsudoers.man.in b/doc/cvtsudoers.man.in
index b159ee5d..2f45ee1d 100644
--- a/doc/cvtsudoers.man.in
+++ b/doc/cvtsudoers.man.in
@@ -59,7 +59,7 @@ The options are as follows:
The base DN (distinguished name) that will be used when performing
LDAP queries.
Typically this is of the form
-\fRou=SUDOers,dc=-mydomain,dc=com\fR
+\fRou=SUDOers,dc=my-domain,dc=com\fR
for the domain
\fRmy-domain.com\fR.
If this option is not specified, the value of the
@@ -125,7 +125,7 @@ Aliases are preserved by default when the output
\fIformat\fR
is JSON or sudoers.
.TP 12n
-\fB\-f\fR \fIoutput_format\fR, \fB\--format\fR=\fIoutput_format\fR
+\fB\-f\fR \fIoutput_format\fR, \fB\--output-format\fR=\fIoutput_format\fR
Specify the output format (case-insensitive).
The following formats are supported:
.PP
diff --git a/doc/cvtsudoers.mdoc.in b/doc/cvtsudoers.mdoc.in
index 1812bc67..8261ddc6 100644
--- a/doc/cvtsudoers.mdoc.in
+++ b/doc/cvtsudoers.mdoc.in
@@ -57,7 +57,7 @@ The options are as follows:
The base DN (distinguished name) that will be used when performing
LDAP queries.
Typically this is of the form
-.Li ou=SUDOers,dc=-mydomain,dc=com
+.Li ou=SUDOers,dc=my-domain,dc=com
for the domain
.Li my-domain.com .
If this option is not specified, the value of the
@@ -110,7 +110,7 @@ Expand aliases in
Aliases are preserved by default when the output
.Ar format
is JSON or sudoers.
-.It Fl f Ar output_format , Fl -format Ns = Ns Ar output_format
+.It Fl f Ar output_format , Fl -output-format Ns = Ns Ar output_format
Specify the output format (case-insensitive).
The following formats are supported:
.Bl -tag -width 8n
--
2.17.2

96
SOURCES/sudo-1.8.28-CVE-strtouid-test.patch
View File

@ -1,96 +0,0 @@
diff -up ./lib/util/regress/atofoo/atofoo_test.c.CVE-strtouid-test ./lib/util/regress/atofoo/atofoo_test.c
--- ./lib/util/regress/atofoo/atofoo_test.c.CVE-strtouid-test 2018-04-29 21:59:23.000000000 +0200
+++ ./lib/util/regress/atofoo/atofoo_test.c 2019-10-16 09:38:31.851404545 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2014 Todd C. Miller <Todd.Miller@sudo.ws>
+ * Copyright (c) 2014-2019 Todd C. Miller <Todd.Miller@sudo.ws>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -24,6 +24,7 @@
#else
# include "compat/stdbool.h"
#endif
+#include <errno.h>
#include "sudo_compat.h"
#include "sudo_util.h"
@@ -78,15 +79,20 @@ static struct strtoid_data {
id_t id;
const char *sep;
const char *ep;
+ int errnum;
} strtoid_data[] = {
- { "0,1", 0, ",", "," },
- { "10", 10, NULL, NULL },
- { "-2", -2, NULL, NULL },
+ { "0,1", 0, ",", ",", 0 },
+ { "10", 10, NULL, NULL, 0 },
+ { "-1", 0, NULL, NULL, EINVAL },
+ { "4294967295", 0, NULL, NULL, EINVAL },
+ { "4294967296", 0, NULL, NULL, ERANGE },
+ { "-2147483649", 0, NULL, NULL, ERANGE },
+ { "-2", -2, NULL, NULL, 0 },
#if SIZEOF_ID_T != SIZEOF_LONG_LONG
- { "-2", (id_t)4294967294U, NULL, NULL },
+ { "-2", (id_t)4294967294U, NULL, NULL, 0 },
#endif
- { "4294967294", (id_t)4294967294U, NULL, NULL },
- { NULL, 0, NULL, NULL }
+ { "4294967294", (id_t)4294967294U, NULL, NULL, 0 },
+ { NULL, 0, NULL, NULL, 0 }
};
static int
@@ -102,11 +108,23 @@ test_strtoid(int *ntests)
(*ntests)++;
errstr = "some error";
value = sudo_strtoid(d->idstr, d->sep, &ep, &errstr);
- if (errstr != NULL) {
- if (d->id != (id_t)-1) {
- sudo_warnx_nodebug("FAIL: %s: %s", d->idstr, errstr);
+ if (d->errnum != 0) {
+ if (errstr == NULL) {
+ sudo_warnx_nodebug("FAIL: %s: missing errstr for errno %d",
+ d->idstr, d->errnum);
+ errors++;
+ } else if (value != 0) {
+ sudo_warnx_nodebug("FAIL: %s should return 0 on error",
+ d->idstr);
+ errors++;
+ } else if (errno != d->errnum) {
+ sudo_warnx_nodebug("FAIL: %s: errno mismatch, %d != %d",
+ d->idstr, errno, d->errnum);
errors++;
}
+ } else if (errstr != NULL) {
+ sudo_warnx_nodebug("FAIL: %s: %s", d->idstr, errstr);
+ errors++;
} else if (value != d->id) {
sudo_warnx_nodebug("FAIL: %s != %u", d->idstr, (unsigned int)d->id);
errors++;
diff -up ./plugins/sudoers/regress/testsudoers/test5.out.ok.CVE-strtouid-test ./plugins/sudoers/regress/testsudoers/test5.out.ok
--- ./plugins/sudoers/regress/testsudoers/test5.out.ok.CVE-strtouid-test 2018-04-29 21:59:23.000000000 +0200
+++ ./plugins/sudoers/regress/testsudoers/test5.out.ok 2019-10-16 09:29:50.246761680 +0200
@@ -4,7 +4,7 @@ Parse error in sudoers near line 1.
Entries for user root:
Command unmatched
-testsudoers: test5.inc should be owned by gid 4294967295
+testsudoers: test5.inc should be owned by gid 4294967294
Parse error in sudoers near line 1.
Entries for user root:
diff -up ./plugins/sudoers/regress/testsudoers/test5.sh.CVE-strtouid-test ./plugins/sudoers/regress/testsudoers/test5.sh
--- ./plugins/sudoers/regress/testsudoers/test5.sh.CVE-strtouid-test 2018-04-29 21:59:23.000000000 +0200
+++ ./plugins/sudoers/regress/testsudoers/test5.sh 2019-10-16 09:29:50.246761680 +0200
@@ -24,7 +24,7 @@ EOF
# Test group writable
chmod 664 $TESTFILE
-./testsudoers -U $MYUID -G -1 root id <<EOF
+./testsudoers -U $MYUID -G -2 root id <<EOF
#include $TESTFILE
EOF

172
SOURCES/sudo-1.8.28-CVE-strtouid.patch
View File

@ -1,172 +0,0 @@
Treat an ID of -1 as invalid since that means "no change".
Fixes CVE-2019-14287.
Found by Joe Vennix from Apple Information Security.
diff -r fcd7a6d8330e lib/util/strtoid.c
--- a/lib/util/strtoid.c Fri Jan 11 13:31:15 2019 -0700
+++ b/lib/util/strtoid.c Thu Oct 10 09:52:12 2019 -0600
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2016 Todd C. Miller <Todd.Miller@sudo.ws>
+ * Copyright (c) 2013-2019 Todd C. Miller <Todd.Miller@sudo.ws>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -47,6 +47,27 @@
#include "sudo_util.h"
/*
+ * Make sure that the ID ends with a valid separator char.
+ */
+static bool
+valid_separator(const char *p, const char *ep, const char *sep)
+{
+ bool valid = false;
+ debug_decl(valid_separator, SUDO_DEBUG_UTIL)
+
+ if (ep != p) {
+ /* check for valid separator (including '\0') */
+ if (sep == NULL)
+ sep = "";
+ do {
+ if (*ep == *sep)
+ valid = true;
+ } while (*sep++ != '\0');
+ }
+ debug_return_bool(valid);
+}
+
+/*
* Parse a uid/gid in string form.
* If sep is non-NULL, it contains valid separator characters (e.g. comma, space)
* If endp is non-NULL it is set to the next char after the ID.
@@ -60,38 +81,35 @@ sudo_strtoid_v1(const char *p, const cha
char *ep;
id_t ret = 0;
long long llval;
- bool valid = false;
debug_decl(sudo_strtoid, SUDO_DEBUG_UTIL)
/* skip leading space so we can pick up the sign, if any */
while (isspace((unsigned char)*p))
p++;
- if (sep == NULL)
- sep = "";
+
+ /* While id_t may be 64-bit signed, uid_t and gid_t are 32-bit unsigned. */
errno = 0;
llval = strtoll(p, &ep, 10);
- if (ep != p) {
- /* check for valid separator (including '\0') */
- do {
- if (*ep == *sep)
- valid = true;
- } while (*sep++ != '\0');
+ if ((errno == ERANGE && llval == LLONG_MAX) || llval > (id_t)UINT_MAX) {
+ errno = ERANGE;
+ if (errstr != NULL)
+ *errstr = N_("value too large");
+ goto done;
}
- if (!valid) {
+ if ((errno == ERANGE && llval == LLONG_MIN) || llval < INT_MIN) {
+ errno = ERANGE;
+ if (errstr != NULL)
+ *errstr = N_("value too small");
+ goto done;
+ }
+
+ /* Disallow id -1, which means "no change". */
+ if (!valid_separator(p, ep, sep) || llval == -1 || llval == (id_t)UINT_MAX) {
if (errstr != NULL)
*errstr = N_("invalid value");
errno = EINVAL;
goto done;
}
- if (errno == ERANGE) {
- if (errstr != NULL) {
- if (llval == LLONG_MAX)
- *errstr = N_("value too large");
- else
- *errstr = N_("value too small");
- }
- goto done;
- }
ret = (id_t)llval;
if (errstr != NULL)
*errstr = NULL;
@@ -106,30 +124,15 @@ sudo_strtoid_v1(const char *p, const cha
{
char *ep;
id_t ret = 0;
- bool valid = false;
debug_decl(sudo_strtoid, SUDO_DEBUG_UTIL)
/* skip leading space so we can pick up the sign, if any */
while (isspace((unsigned char)*p))
p++;
- if (sep == NULL)
- sep = "";
+
errno = 0;
if (*p == '-') {
long lval = strtol(p, &ep, 10);
- if (ep != p) {
- /* check for valid separator (including '\0') */
- do {
- if (*ep == *sep)
- valid = true;
- } while (*sep++ != '\0');
- }
- if (!valid) {
- if (errstr != NULL)
- *errstr = N_("invalid value");
- errno = EINVAL;
- goto done;
- }
if ((errno == ERANGE && lval == LONG_MAX) || lval > INT_MAX) {
errno = ERANGE;
if (errstr != NULL)
@@ -142,28 +145,31 @@ sudo_strtoid_v1(const char *p, const cha
*errstr = N_("value too small");
goto done;
}
- ret = (id_t)lval;
- } else {
- unsigned long ulval = strtoul(p, &ep, 10);
- if (ep != p) {
- /* check for valid separator (including '\0') */
- do {
- if (*ep == *sep)
- valid = true;
- } while (*sep++ != '\0');
- }
- if (!valid) {
+
+ /* Disallow id -1, which means "no change". */
+ if (!valid_separator(p, ep, sep) || lval == -1) {
if (errstr != NULL)
*errstr = N_("invalid value");
errno = EINVAL;
goto done;
}
+ ret = (id_t)lval;
+ } else {
+ unsigned long ulval = strtoul(p, &ep, 10);
if ((errno == ERANGE && ulval == ULONG_MAX) || ulval > UINT_MAX) {
errno = ERANGE;
if (errstr != NULL)
*errstr = N_("value too large");
goto done;
}
+
+ /* Disallow id -1, which means "no change". */
+ if (!valid_separator(p, ep, sep) || ulval == UINT_MAX) {
+ if (errstr != NULL)
+ *errstr = N_("invalid value");
+ errno = EINVAL;
+ goto done;
+ }
ret = (id_t)ulval;
}
if (errstr != NULL)

158
SOURCES/sudo-1.8.29-CVE-2019-18634-part1.patch
View File

@ -1,158 +0,0 @@
diff -up ./src/tgetpass.c.bla ./src/tgetpass.c
--- ./src/tgetpass.c.bla 2018-08-18 16:10:15.000000000 +0200
+++ ./src/tgetpass.c 2020-02-05 17:15:16.216904891 +0100
@@ -44,11 +44,18 @@
#include "sudo.h"
#include "sudo_plugin.h"
+enum tgetpass_errval {
+ TGP_ERRVAL_NOERROR,
+ TGP_ERRVAL_TIMEOUT,
+ TGP_ERRVAL_NOPASSWORD,
+ TGP_ERRVAL_READERROR
+};
+
static volatile sig_atomic_t signo[NSIG];
static bool tty_present(void);
static void tgetpass_handler(int);
-static char *getln(int, char *, size_t, int);
+static char *getln(int, char *, size_t, int, enum tgetpass_errval *);
static char *sudo_askpass(const char *, const char *);
static int
@@ -77,6 +84,27 @@ suspend(int signo, struct sudo_conv_call
debug_return_int(ret);
}
+static void
+tgetpass_display_error(enum tgetpass_errval errval)
+{
+ debug_decl(tgetpass_display_error, SUDO_DEBUG_CONV)
+
+ switch (errval) {
+ case TGP_ERRVAL_NOERROR:
+ break;
+ case TGP_ERRVAL_TIMEOUT:
+ sudo_warnx(U_("timed out reading password"));
+ break;
+ case TGP_ERRVAL_NOPASSWORD:
+ sudo_warnx(U_("no password was provided"));
+ break;
+ case TGP_ERRVAL_READERROR:
+ sudo_warn(U_("unable to read password"));
+ break;
+ }
+ debug_return;
+}
+
/*
* Like getpass(3) but with timeout and echo flags.
*/
@@ -90,6 +118,7 @@ tgetpass(const char *prompt, int timeout
static const char *askpass;
static char buf[SUDO_CONV_REPL_MAX + 1];
int i, input, output, save_errno, neednl = 0, need_restart;
+ enum tgetpass_errval errval;
debug_decl(tgetpass, SUDO_DEBUG_CONV)
(void) fflush(stdout);
@@ -175,7 +204,7 @@ restart:
if (timeout > 0)
alarm(timeout);
- pass = getln(input, buf, sizeof(buf), ISSET(flags, TGP_MASK));
+ pass = getln(input, buf, sizeof(buf), ISSET(flags, TGP_MASK), &errval);
alarm(0);
save_errno = errno;
@@ -183,6 +212,7 @@ restart:
if (write(output, "\n", 1) == -1)
goto restore;
}
+ tgetpass_display_error(errval);
restore:
/* Restore old signal handlers. */
@@ -210,6 +240,8 @@ restore:
for (i = 0; i < NSIG; i++) {
if (signo[i]) {
switch (i) {
+ case SIGALRM:
+ break;
case SIGTSTP:
case SIGTTIN:
case SIGTTOU:
@@ -239,6 +271,7 @@ sudo_askpass(const char *askpass, const
{
static char buf[SUDO_CONV_REPL_MAX + 1], *pass;
struct sigaction sa, savechld;
+ enum tgetpass_errval errval;
int pfd[2], status;
pid_t child;
debug_decl(sudo_askpass, SUDO_DEBUG_CONV)
@@ -281,9 +314,11 @@ sudo_askpass(const char *askpass, const
/* Get response from child (askpass). */
(void) close(pfd[1]);
- pass = getln(pfd[0], buf, sizeof(buf), 0);
+ pass = getln(pfd[0], buf, sizeof(buf), 0, &errval);
(void) close(pfd[0]);
+ tgetpass_display_error(errval);
+
/* Wait for child to exit. */
for (;;) {
pid_t rv = waitpid(child, &status, 0);
@@ -305,7 +340,8 @@ sudo_askpass(const char *askpass, const
extern int sudo_term_erase, sudo_term_kill;
static char *
-getln(int fd, char *buf, size_t bufsiz, int feedback)
+getln(int fd, char *buf, size_t bufsiz, int feedback,
+ enum tgetpass_errval *errval)
{
size_t left = bufsiz;
ssize_t nr = -1;
@@ -313,7 +349,10 @@ getln(int fd, char *buf, size_t bufsiz,
char c = '\0';
debug_decl(getln, SUDO_DEBUG_CONV)
+ *errval = TGP_ERRVAL_NOERROR;
+
if (left == 0) {
+ *errval = TGP_ERRVAL_READERROR;
errno = EINVAL;
debug_return_str(NULL); /* sanity */
}
@@ -354,14 +393,27 @@ getln(int fd, char *buf, size_t bufsiz,
}
}
- debug_return_str_masked(nr == 1 ? buf : NULL);
+ if (nr != 1) {
+ if (nr == 0) {
+ *errval = TGP_ERRVAL_NOPASSWORD;
+ } else if (nr == -1) {
+ if (errno == EINTR) {
+ if (signo[SIGALRM] == 1)
+ *errval = TGP_ERRVAL_TIMEOUT;
+ } else {
+ *errval = TGP_ERRVAL_READERROR;
+ }
+ }
+ debug_return_str(NULL);
+ }
+
+ debug_return_str_masked(buf);
}
static void
tgetpass_handler(int s)
{
- if (s != SIGALRM)
- signo[s] = 1;
+ signo[s] = 1;
}
static bool

28
SOURCES/sudo-1.8.29-CVE-2019-18634-part2.patch → SOURCES/sudo-1.8.29-CVE-2019-18634.patch
View File

@ -1,24 +1,24 @@
diff -up ./src/tgetpass.c.CVE-2019-18634 ./src/tgetpass.c
--- ./src/tgetpass.c.CVE-2019-18634 2020-02-05 17:16:07.601420697 +0100
+++ ./src/tgetpass.c 2020-02-05 17:22:34.206301510 +0100
@@ -55,7 +55,7 @@ static volatile sig_atomic_t signo[NSIG]
--- ./src/tgetpass.c.CVE-2019-18634 2019-10-28 13:27:39.000000000 +0100
+++ ./src/tgetpass.c 2020-02-05 14:08:27.516101197 +0100
@@ -61,7 +61,7 @@ enum tgetpass_errval {
static volatile sig_atomic_t signo[NSIG];
static bool tty_present(void);
static void tgetpass_handler(int);
-static char *getln(int, char *, size_t, int, enum tgetpass_errval *);
+static char *getln(int, char *, size_t, bool, enum tgetpass_errval *);
static char *sudo_askpass(const char *, const char *);
static int
@@ -118,6 +118,7 @@ tgetpass(const char *prompt, int timeout
static const char *askpass;
@@ -125,6 +125,7 @@ tgetpass(const char *prompt, int timeout
static char buf[SUDO_CONV_REPL_MAX + 1];
int i, input, output, save_errno, neednl = 0, need_restart;
int i, input, output, save_errno, ttyfd;
bool need_restart, neednl = false;
+ bool feedback = ISSET(flags, TGP_MASK);
enum tgetpass_errval errval;
debug_decl(tgetpass, SUDO_DEBUG_CONV)
@@ -165,7 +166,7 @@ restart:
@@ -180,7 +181,7 @@ restart:
*/
if (!ISSET(flags, TGP_ECHO)) {
for (;;) {
@ -27,7 +27,7 @@ diff -up ./src/tgetpass.c.CVE-2019-18634 ./src/tgetpass.c
neednl = sudo_term_cbreak(input);
else
neednl = sudo_term_noecho(input);
@@ -179,6 +180,9 @@ restart:
@@ -194,6 +195,9 @@ restart:
}
}
}
@ -37,7 +37,7 @@ diff -up ./src/tgetpass.c.CVE-2019-18634 ./src/tgetpass.c
/*
* Catch signals that would otherwise cause the user to end
@@ -204,7 +208,7 @@ restart:
@@ -224,7 +228,7 @@ restart:
if (timeout > 0)
alarm(timeout);
@ -46,16 +46,16 @@ diff -up ./src/tgetpass.c.CVE-2019-18634 ./src/tgetpass.c
alarm(0);
save_errno = errno;
@@ -340,7 +344,7 @@ sudo_askpass(const char *askpass, const
extern int sudo_term_erase, sudo_term_kill;
@@ -360,7 +364,7 @@ sudo_askpass(const char *askpass, const
extern int sudo_term_eof, sudo_term_erase, sudo_term_kill;
static char *
-getln(int fd, char *buf, size_t bufsiz, int feedback,
+getln(int fd, char *buf, size_t bufsiz, bool feedback,
enum tgetpass_errval *errval)
enum tgetpass_errval *errval)
{
size_t left = bufsiz;
@@ -366,15 +370,15 @@ getln(int fd, char *buf, size_t bufsiz,
@@ -389,15 +393,15 @@ getln(int fd, char *buf, size_t bufsiz,
while (cp > buf) {
if (write(fd, "\b \b", 3) == -1)
break;

169
SOURCES/sudo-1.8.29-CVE-2019-19232.patch Normal file
View File

@ -0,0 +1,169 @@
diff -up ./doc/sudoers.man.in.CVE-2019-19232 ./doc/sudoers.man.in
--- ./doc/sudoers.man.in.CVE-2019-19232 2019-10-28 13:28:52.000000000 +0100
+++ ./doc/sudoers.man.in 2020-01-14 15:34:46.908027286 +0100
@@ -2942,6 +2942,23 @@ This flag is
\fIoff\fR
by default.
.TP 18n
+runas_allow_unknown_id
+If enabled, allow matching of runas user and group IDs that are
+not present in the password or group databases.
+In addition to explicitly matching unknown user or group IDs in a
+\fRRunas_List\fR,
+this option also allows the
+\fBALL\fR
+alias to match unknown IDs.
+This flag is
+\fIoff\fR
+by default.
+.sp
+This setting is only supported by version 1.8.29 or higher.
+Older versions of
+\fBsudo\fR
+always allowed matching of unknown user and group IDs.
+.TP 18n
runaspw
If set,
\fBsudo\fR
diff -up ./doc/sudoers.mdoc.in.CVE-2019-19232 ./doc/sudoers.mdoc.in
--- ./doc/sudoers.mdoc.in.CVE-2019-19232 2019-10-28 13:28:52.000000000 +0100
+++ ./doc/sudoers.mdoc.in 2020-01-14 15:34:46.908027286 +0100
@@ -2768,6 +2768,22 @@ when running a command or editing a file
This flag is
.Em off
by default.
+.It runas_allow_unknown_id
+If enabled, allow matching of runas user and group IDs that are
+not present in the password or group databases.
+In addition to explicitly matching unknown user or group IDs in a
+.Li Runas_List ,
+this option also allows the
+.Sy ALL
+alias to match unknown IDs.
+This flag is
+.Em off
+by default.
+.Pp
+This setting is only supported by version 1.8.29 or higher.
+Older versions of
+.Nm sudo
+always allowed matching of unknown user and group IDs.
.It runaspw
If set,
.Nm sudo
diff -up ./plugins/sudoers/defaults.c.CVE-2019-19232 ./plugins/sudoers/defaults.c
--- ./plugins/sudoers/defaults.c.CVE-2019-19232 2020-01-14 15:34:46.902027246 +0100
+++ ./plugins/sudoers/defaults.c 2020-01-14 15:34:46.909027293 +0100
@@ -581,6 +581,7 @@ init_defaults(void)
def_fdexec = digest_only;
def_log_allowed = true;
def_log_denied = true;
+ def_runas_allow_unknown_id = false;
/* Syslog options need special care since they both strings and ints */
#if (LOGGING & SLOG_SYSLOG)
diff -up ./plugins/sudoers/def_data.c.CVE-2019-19232 ./plugins/sudoers/def_data.c
--- ./plugins/sudoers/def_data.c.CVE-2019-19232 2020-01-14 15:34:46.908027286 +0100
+++ ./plugins/sudoers/def_data.c 2020-01-14 15:40:19.441555509 +0100
@@ -514,6 +514,10 @@ struct sudo_defs_types sudo_defs_table[]
N_("Don't fork and wait for the command to finish, just exec it"),
NULL,
}, {
+ "runas_allow_unknown_id", T_FLAG,
+ N_("Allow the use of unknown runas user and/or group ID"),
+ NULL,
+ }, {
NULL, 0, NULL
}
};
diff -up ./plugins/sudoers/def_data.h.CVE-2019-19232 ./plugins/sudoers/def_data.h
--- ./plugins/sudoers/def_data.h.CVE-2019-19232 2020-01-14 15:34:46.909027293 +0100
+++ ./plugins/sudoers/def_data.h 2020-01-14 15:41:33.658012401 +0100
@@ -236,6 +236,8 @@
#define def_legacy_group_processing (sudo_defs_table[I_LEGACY_GROUP_PROCESSING].sd_un.flag)
#define I_CMND_NO_WAIT 118
#define def_cmnd_no_wait (sudo_defs_table[I_CMND_NO_WAIT].sd_un.flag)
+#define I_RUNAS_ALLOW_UNKNOWN_ID 119
+#define def_runas_allow_unknown_id (sudo_defs_table[I_RUNAS_ALLOW_UNKNOWN_ID].sd_un.flag)
enum def_tuple {
never,
diff -up ./plugins/sudoers/def_data.in.CVE-2019-19232 ./plugins/sudoers/def_data.in
--- ./plugins/sudoers/def_data.in.CVE-2019-19232 2020-01-14 15:34:46.909027293 +0100
+++ ./plugins/sudoers/def_data.in 2020-01-14 15:42:42.176481484 +0100
@@ -372,3 +372,6 @@ legacy_group_processing
cmnd_no_wait
T_FLAG
"Don't fork and wait for the command to finish, just exec it"
+runas_allow_unknown_id
+ T_FLAG
+ "Allow the use of unknown runas user and/or group ID"
diff -up ./plugins/sudoers/sudoers.c.CVE-2019-19232 ./plugins/sudoers/sudoers.c
--- ./plugins/sudoers/sudoers.c.CVE-2019-19232 2020-01-14 15:34:46.905027266 +0100
+++ ./plugins/sudoers/sudoers.c 2020-01-14 15:34:46.910027299 +0100
@@ -105,6 +105,8 @@ static char *prev_user;
static char *runas_user;
static char *runas_group;
static struct sudo_nss_list *snl;
+static bool unknown_runas_uid;
+static bool unknown_runas_gid;
#ifdef __linux__
static struct rlimit nproclimit;
@@ -354,6 +356,22 @@ sudoers_policy_main(int argc, char * con
}
}
+ /* Defer uid/gid checks until after defaults have been updated. */
+ if (unknown_runas_uid && !def_runas_allow_unknown_id) {
+ audit_failure(NewArgc, NewArgv, N_("unknown user: %s"),
+ runas_pw->pw_name);
+ sudo_warnx(U_("unknown user: %s"), runas_pw->pw_name);
+ goto done;
+ }
+ if (runas_gr != NULL) {
+ if (unknown_runas_gid && !def_runas_allow_unknown_id) {
+ audit_failure(NewArgc, NewArgv, N_("unknown group: %s"),
+ runas_gr->gr_name);
+ sudo_warnx(U_("unknown group: %s"), runas_gr->gr_name);
+ goto done;
+ }
+ }
+
/*
* Look up the timestamp dir owner if one is specified.
*/
@@ -1167,12 +1185,15 @@ set_runaspw(const char *user, bool quiet
struct passwd *pw = NULL;
debug_decl(set_runaspw, SUDOERS_DEBUG_PLUGIN)
+ unknown_runas_uid = false;
if (*user == '#') {
const char *errstr;
uid_t uid = sudo_strtoid(user + 1, &errstr);
if (errstr == NULL) {
- if ((pw = sudo_getpwuid(uid)) == NULL)
+ if ((pw = sudo_getpwuid(uid)) == NULL) {
+ unknown_runas_uid = true;
pw = sudo_fakepwnam(user, user_gid);
+ }
}
}
if (pw == NULL) {
@@ -1198,12 +1219,15 @@ set_runasgr(const char *group, bool quie
struct group *gr = NULL;
debug_decl(set_runasgr, SUDOERS_DEBUG_PLUGIN)
+ unknown_runas_gid = false;
if (*group == '#') {
const char *errstr;
gid_t gid = sudo_strtoid(group + 1, &errstr);
if (errstr == NULL) {
- if ((gr = sudo_getgrgid(gid)) == NULL)
+ if ((gr = sudo_getgrgid(gid)) == NULL) {
+ unknown_runas_gid = true;
gr = sudo_fakegrnam(group);
+ }
}
}
if (gr == NULL) {

439
SOURCES/sudo-1.8.29-CVE-2019-19234.patch Normal file
View File

@ -0,0 +1,439 @@
diff -up ./config.h.in.CVE-2019-19234 ./config.h.in
--- ./config.h.in.CVE-2019-19234 2019-10-28 13:28:52.000000000 +0100
+++ ./config.h.in 2020-01-14 15:53:40.506988064 +0100
@@ -334,6 +334,9 @@
/* Define to 1 if you have the `getuserattr' function. */
#undef HAVE_GETUSERATTR
+/* Define to 1 if you have the `getusershell' function. */
+#undef HAVE_GETUSERSHELL
+
/* Define to 1 if you have the `getutid' function. */
#undef HAVE_GETUTID
diff -up ./configure.ac.CVE-2019-19234 ./configure.ac
--- ./configure.ac.CVE-2019-19234 2020-01-14 15:53:40.496987995 +0100
+++ ./configure.ac 2020-01-14 15:53:40.509988084 +0100
@@ -2562,6 +2562,10 @@ AC_CHECK_FUNCS([getdelim], [], [
SUDO_APPEND_COMPAT_EXP(sudo_getdelim)
COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }getdelim_test"
])
+AC_CHECK_FUNCS([getusershell], [], [
+ AC_LIBOBJ(getusershell)
+ SUDO_APPEND_COMPAT_EXP(sudo_getusershell)
+])
AC_CHECK_FUNCS([reallocarray], [], [
AC_LIBOBJ(reallocarray)
SUDO_APPEND_COMPAT_EXP(sudo_reallocarray)
diff -up ./configure.CVE-2019-19234 ./configure
--- ./configure.CVE-2019-19234 2019-10-28 13:29:14.000000000 +0100
+++ ./configure 2020-01-14 15:53:40.509988084 +0100
@@ -19395,6 +19395,32 @@ esac
fi
done
+for ac_func in getusershell
+do :
+ ac_fn_c_check_func "$LINENO" "getusershell" "ac_cv_func_getusershell"
+if test "x$ac_cv_func_getusershell" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_GETUSERSHELL 1
+_ACEOF
+
+else
+
+ case " $LIBOBJS " in
+ *" getusershell.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS getusershell.$ac_objext"
+ ;;
+esac
+
+
+ for _sym in sudo_getusershell; do
+ COMPAT_EXP="${COMPAT_EXP}${_sym}
+"
+ done
+
+
+fi
+done
+
for ac_func in reallocarray
do :
ac_fn_c_check_func "$LINENO" "reallocarray" "ac_cv_func_reallocarray"
diff -up ./doc/sudoers.man.in.CVE-2019-19234 ./doc/sudoers.man.in
--- ./doc/sudoers.man.in.CVE-2019-19234 2020-01-14 15:53:40.503988043 +0100
+++ ./doc/sudoers.man.in 2020-01-14 15:53:40.510988091 +0100
@@ -2959,6 +2959,28 @@ Older versions of
\fBsudo\fR
always allowed matching of unknown user and group IDs.
.TP 18n
+runas_check_shell
+.br
+If enabled,
+\fBsudo\fR
+will only run commands as a user whose shell appears in the
+\fI/etc/shells\fR
+file, even if the invoking user's
+\fRRunas_List\fR
+would otherwise permit it.
+If no
+\fI/etc/shells\fR
+file is present, a system-dependent list of built-in default shells is used.
+On many operating systems, system users such as
+\(lqbin\(rq,
+do not have a valid shell and this flag can be used to prevent
+commands from being run as those users.
+This flag is
+\fIoff\fR
+by default.
+.sp
+This setting is only supported by version 1.8.29 or higher.
+.TP 18n
runaspw
If set,
\fBsudo\fR
diff -up ./doc/sudoers.mdoc.in.CVE-2019-19234 ./doc/sudoers.mdoc.in
--- ./doc/sudoers.mdoc.in.CVE-2019-19234 2020-01-14 15:53:40.504988050 +0100
+++ ./doc/sudoers.mdoc.in 2020-01-14 15:53:40.510988091 +0100
@@ -2784,6 +2784,26 @@ This setting is only supported by versio
Older versions of
.Nm sudo
always allowed matching of unknown user and group IDs.
+.It runas_check_shell
+If enabled,
+.Nm sudo
+will only run commands as a user whose shell appears in the
+.Pa /etc/shells
+file, even if the invoking user's
+.Li Runas_List
+would otherwise permit it.
+If no
+.Pa /etc/shells
+file is present, a system-dependent list of built-in default shells is used.
+On many operating systems, system users such as
+.Dq bin ,
+do not have a valid shell and this flag can be used to prevent
+commands from being run as those users.
+This flag is
+.Em off
+by default.
+.Pp
+This setting is only supported by version 1.8.29 or higher.
.It runaspw
If set,
.Nm sudo
diff -up ./include/sudo_compat.h.CVE-2019-19234 ./include/sudo_compat.h
--- ./include/sudo_compat.h.CVE-2019-19234 2019-10-28 13:28:52.000000000 +0100
+++ ./include/sudo_compat.h 2020-01-14 15:53:40.511988098 +0100
@@ -407,6 +407,17 @@ __dso_public ssize_t sudo_getdelim(char
# undef getdelim
# define getdelim(_a, _b, _c, _d) sudo_getdelim((_a), (_b), (_c), (_d))
#endif /* HAVE_GETDELIM */
+#ifndef HAVE_GETUSERSHELL
+__dso_public char *sudo_getusershell(void);
+# undef getusershell
+# define getusershell() sudo_getusershell()
+__dso_public void sudo_setusershell(void);
+# undef setusershell
+# define setusershell() sudo_setusershell()
+__dso_public void sudo_endusershell(void);
+# undef endusershell
+# define endusershell() sudo_endusershell()
+#endif /* HAVE_GETUSERSHELL */
#ifndef HAVE_UTIMENSAT
__dso_public int sudo_utimensat(int fd, const char *file, const struct timespec *times, int flag);
# undef utimensat
diff -up ./lib/util/getusershell.c.CVE-2019-19234 ./lib/util/getusershell.c
--- ./lib/util/getusershell.c.CVE-2019-19234 2020-01-14 15:53:40.511988098 +0100
+++ ./lib/util/getusershell.c 2020-01-14 15:53:40.511988098 +0100
@@ -0,0 +1,138 @@
+/*
+ * SPDX-License-Identifier: ISC
+ *
+ * Copyright (c) 2019 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * This is an open source non-commercial project. Dear PVS-Studio, please check it.
+ * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <errno.h>
+
+#define DEFAULT_TEXT_DOMAIN "sudo"
+#include "sudo_gettext.h" /* must be included before sudo_compat.h */
+
+#include "sudo_compat.h"
+#include "sudo_debug.h"
+#include "sudo_util.h"
+
+static char **allowed_shells, **current_shell;
+static char *default_shells[] = {
+ "/bin/sh",
+ "/bin/ksh",
+ "/bin/ksh93",
+ "/bin/bash",
+ "/bin/dash",
+ "/bin/zsh",
+ "/bin/csh",
+ "/bin/tcsh",
+ NULL
+};
+
+static char **
+read_shells(void)
+{
+ size_t maxshells = 16, nshells = 0;
+ size_t linesize = 0;
+ char *line = NULL;
+ FILE *fp;
+ debug_decl(read_shells, SUDO_DEBUG_UTIL)
+
+ if ((fp = fopen("/etc/shells", "r")) == NULL)
+ goto bad;
+
+ free(allowed_shells);
+ allowed_shells = reallocarray(NULL, maxshells, sizeof(char *));
+ if (allowed_shells == NULL)
+ goto bad;
+
+ while (sudo_parseln(&line, &linesize, NULL, fp, PARSELN_CONT_IGN) != -1) {
+ if (nshells + 1 >= maxshells) {
+ char **new_shells;
+
+ new_shells = reallocarray(NULL, maxshells + 16, sizeof(char *));
+ if (new_shells == NULL)
+ goto bad;
+ allowed_shells = new_shells;
+ maxshells += 16;
+ }
+ if ((allowed_shells[nshells] = strdup(line)) == NULL)
+ goto bad;
+ nshells++;
+ }
+ allowed_shells[nshells] = NULL;
+
+ free(line);
+ fclose(fp);
+ debug_return_ptr(allowed_shells);
+bad:
+ free(line);
+ if (fp != NULL)
+ fclose(fp);
+ while (nshells != 0)
+ free(allowed_shells[--nshells]);
+ free(allowed_shells);
+ allowed_shells = NULL;
+ debug_return_ptr(default_shells);
+}
+
+void
+sudo_setusershell(void)
+{
+ debug_decl(setusershell, SUDO_DEBUG_UTIL)
+
+ current_shell = read_shells();
+
+ debug_return;
+}
+
+void
+sudo_endusershell(void)
+{
+ debug_decl(endusershell, SUDO_DEBUG_UTIL)
+
+ if (allowed_shells != NULL) {
+ char **shell;
+
+ for (shell = allowed_shells; *shell != NULL; shell++)
+ free(*shell);
+ free(allowed_shells);
+ allowed_shells = NULL;
+ }
+ current_shell = NULL;
+
+ debug_return;
+}
+
+char *
+sudo_getusershell(void)
+{
+ debug_decl(getusershell, SUDO_DEBUG_UTIL)
+
+ if (current_shell == NULL)
+ current_shell = read_shells();
+
+ debug_return_str(*current_shell++);
+}
diff -up ./lib/util/Makefile.in.CVE-2019-19234 ./lib/util/Makefile.in
--- ./lib/util/Makefile.in.CVE-2019-19234 2019-10-28 13:28:53.000000000 +0100
+++ ./lib/util/Makefile.in 2020-01-14 15:53:40.511988098 +0100
@@ -678,6 +678,18 @@ gettime.i: $(srcdir)/gettime.c $(incdir)
$(CC) -E -o $@ $(CPPFLAGS) $<
gettime.plog: gettime.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/gettime.c --i-file $< --output-file $@
+getusershell.lo: $(srcdir)/getusershell.c $(incdir)/compat/stdbool.h \
+ $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
+ $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \
+ $(incdir)/sudo_util.h $(top_builddir)/config.h
+ $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/getusershell.c
+getusershell.i: $(srcdir)/getusershell.c $(incdir)/compat/stdbool.h \
+ $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
+ $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \
+ $(incdir)/sudo_util.h $(top_builddir)/config.h
+ $(CC) -E -o $@ $(CPPFLAGS) $<
+getusershell.plog: getusershell.i
+ rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/getusershell.c --i-file $< --output-file $@
gidlist.lo: $(srcdir)/gidlist.c $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
diff -up ./MANIFEST.CVE-2019-19234 ./MANIFEST
--- ./MANIFEST.CVE-2019-19234 2019-10-28 13:28:52.000000000 +0100
+++ ./MANIFEST 2020-01-14 15:53:40.506988064 +0100
@@ -103,6 +103,7 @@ lib/util/getgrouplist.c
lib/util/gethostname.c
lib/util/getopt_long.c
lib/util/gettime.c
+lib/util/getusershell.c
lib/util/gidlist.c
lib/util/glob.c
lib/util/inet_ntop.c
diff -up ./mkdep.pl.CVE-2019-19234 ./mkdep.pl
--- ./mkdep.pl.CVE-2019-19234 2019-10-28 13:28:52.000000000 +0100
+++ ./mkdep.pl 2020-01-14 15:53:40.511988098 +0100
@@ -116,7 +116,7 @@ sub mkdep {
# XXX - fill in AUTH_OBJS from contents of the auth dir instead
$makefile =~ s:\@AUTH_OBJS\@:afs.lo aix_auth.lo bsdauth.lo dce.lo fwtk.lo getspwuid.lo kerb5.lo pam.lo passwd.lo rfc1938.lo secureware.lo securid5.lo sia.lo:;
$makefile =~ s:\@DIGEST\@:digest.lo digest_openssl.lo digest_gcrypt.lo:;
- $makefile =~ s:\@LTLIBOBJS\@:arc4random.lo arc4random_uniform.lo closefrom.lo fnmatch.lo getaddrinfo.lo getcwd.lo getentropy.lo getgrouplist.lo getdelim.lo getopt_long.lo glob.lo inet_ntop_lo inet_pton.lo isblank.lo memrchr.lo memset_s.lo mksiglist.lo mksigname.lo mktemp.lo nanosleep.lo pw_dup.lo reallocarray.lo sha2.lo sig2str.lo siglist.lo signame.lo snprintf.lo str2sig.lo strlcat.lo strlcpy.lo strndup.lo strnlen.lo strsignal.lo utimens.lo vsyslog.lo pipe2.lo:;
+ $makefile =~ s:\@LTLIBOBJS\@:arc4random.lo arc4random_uniform.lo closefrom.lo fnmatch.lo getaddrinfo.lo getcwd.lo getentropy.lo getgrouplist.lo getdelim.lo getopt_long.lo getusershell.lo glob.lo inet_ntop_lo inet_pton.lo isblank.lo memrchr.lo memset_s.lo mksiglist.lo mksigname.lo mktemp.lo nanosleep.lo pw_dup.lo reallocarray.lo sha2.lo sig2str.lo siglist.lo signame.lo snprintf.lo str2sig.lo strlcat.lo strlcpy.lo strndup.lo strnlen.lo strsignal.lo utimens.lo vsyslog.lo pipe2.lo:;
# Parse OBJS lines
my %objs;
diff -up ./plugins/sudoers/check.c.CVE-2019-19234 ./plugins/sudoers/check.c
--- ./plugins/sudoers/check.c.CVE-2019-19234 2019-10-28 13:27:45.000000000 +0100
+++ ./plugins/sudoers/check.c 2020-01-14 15:53:40.511988098 +0100
@@ -333,3 +333,28 @@ get_authpw(int mode)
debug_return_ptr(pw);
}
+
+/*
+ * Returns true if the specified shell is allowed by /etc/shells, else false.
+ */
+bool
+check_user_shell(const struct passwd *pw)
+{
+ const char *shell;
+ debug_decl(check_user_shell, SUDOERS_DEBUG_AUTH)
+
+ if (!def_runas_check_shell)
+ debug_return_bool(true);
+
+ sudo_debug_printf(SUDO_DEBUG_INFO,
+ "%s: checking /etc/shells for %s", __func__, pw->pw_shell);
+
+ setusershell();
+ while ((shell = getusershell()) != NULL) {
+ if (strcmp(shell, pw->pw_shell) == 0)
+ debug_return_bool(true);
+ }
+ endusershell();
+
+ debug_return_bool(false);
+}
diff -up ./plugins/sudoers/def_data.c.CVE-2019-19234 ./plugins/sudoers/def_data.c
--- ./plugins/sudoers/def_data.c.CVE-2019-19234 2020-01-14 15:53:40.504988050 +0100
+++ ./plugins/sudoers/def_data.c 2020-01-14 15:53:40.511988098 +0100
@@ -518,6 +518,10 @@ struct sudo_defs_types sudo_defs_table[]
N_("Allow the use of unknown runas user and/or group ID"),
NULL,
}, {
+ "runas_check_shell", T_FLAG,
+ N_("Only permit running commands as a user with a valid shell"),
+ NULL,
+ }, {
NULL, 0, NULL
}
};
diff -up ./plugins/sudoers/def_data.h.CVE-2019-19234 ./plugins/sudoers/def_data.h
--- ./plugins/sudoers/def_data.h.CVE-2019-19234 2020-01-14 15:53:40.512988105 +0100
+++ ./plugins/sudoers/def_data.h 2020-01-14 15:58:06.927808982 +0100
@@ -238,6 +238,8 @@
#define def_cmnd_no_wait (sudo_defs_table[I_CMND_NO_WAIT].sd_un.flag)
#define I_RUNAS_ALLOW_UNKNOWN_ID 119
#define def_runas_allow_unknown_id (sudo_defs_table[I_RUNAS_ALLOW_UNKNOWN_ID].sd_un.flag)
+#define I_RUNAS_CHECK_SHELL 120
+#define def_runas_check_shell (sudo_defs_table[I_RUNAS_CHECK_SHELL].sd_un.flag)
enum def_tuple {
never,
diff -up ./plugins/sudoers/def_data.in.CVE-2019-19234 ./plugins/sudoers/def_data.in
--- ./plugins/sudoers/def_data.in.CVE-2019-19234 2020-01-14 15:53:40.505988057 +0100
+++ ./plugins/sudoers/def_data.in 2020-01-14 15:53:40.512988105 +0100
@@ -375,3 +375,7 @@ cmnd_no_wait
runas_allow_unknown_id
T_FLAG
"Allow the use of unknown runas user and/or group ID"
+runas_check_shell
+ T_FLAG
+ "Only permit running commands as a user with a valid shell"
+
diff -up ./plugins/sudoers/sudoers.c.CVE-2019-19234 ./plugins/sudoers/sudoers.c
--- ./plugins/sudoers/sudoers.c.CVE-2019-19234 2020-01-14 15:53:40.505988057 +0100
+++ ./plugins/sudoers/sudoers.c 2020-01-14 15:53:40.512988105 +0100
@@ -273,7 +273,7 @@ sudoers_policy_main(int argc, char * con
/* Not an audit event. */
sudo_warnx(U_("sudoers specifies that root is not allowed to sudo"));
goto bad;
- }
+ }
if (!set_perms(PERM_INITIAL))
goto bad;
@@ -412,6 +412,13 @@ sudoers_policy_main(int argc, char * con
goto bad;
}
+ /* Check runas user's shell. */
+ if (!check_user_shell(runas_pw)) {
+ log_warningx(SLOG_RAW_MSG, N_("invalid shell for user %s: %s"),
+ runas_pw->pw_name, runas_pw->pw_shell);
+ goto bad;
+ }
+
/*
* We don't reset the environment for sudoedit or if the user
* specified the -E command line flag and they have setenv privs.
diff -up ./plugins/sudoers/sudoers.h.CVE-2019-19234 ./plugins/sudoers/sudoers.h
--- ./plugins/sudoers/sudoers.h.CVE-2019-19234 2020-01-14 15:53:40.502988036 +0100
+++ ./plugins/sudoers/sudoers.h 2020-01-14 15:53:40.512988105 +0100
@@ -264,6 +264,7 @@ int find_path(const char *infile, char *
/* check.c */
int check_user(int validate, int mode);
+bool check_user_shell(const struct passwd *pw);
bool user_is_exempt(void);
/* prompt.c */

108
SPECS/sudo.spec
View File

@ -1,7 +1,7 @@
Summary: Allows restricted root access for specified users
Name: sudo
Version: 1.8.25p1
Release: 8%{?dist}.1
Version: 1.8.29
Release: 5%{?dist}
License: ISC
Group: Applications/System
URL: http://www.courtesan.com/sudo/
@ -39,44 +39,18 @@ Patch2: sudo-1.8.23-sudoldapconfman.patch
Patch3: sudo-1.7.2p1-envdebug.patch
# 1247591 - Sudo taking a long time when user information is stored externally.
Patch4: sudo-1.8.23-legacy-group-processing.patch
# 1135539 - sudo with ldap doesn't work with 'user id' in sudoUser option
Patch5: sudo-1.8.23-ldapsearchuidfix.patch
# 840980 - sudo creates a new parent process
# Adds cmnd_no_wait Defaults option
Patch6: sudo-1.8.23-nowaitopt.patch
Patch5: sudo-1.8.23-nowaitopt.patch
# 1312486 - RHEL7 sudo logs username "root" instead of realuser in /var/log/secure
Patch7: sudo-1.8.6p7-logsudouser.patch
# 1547974 - (sudo-rhel-7.6-rebase) Rebase sudo to latest stable upstream version
Patch8: sudo-1.8.23-fix-double-quote-parsing-for-Defaults-values.patch
# 1613327 - Man page scan results for sudo
Patch9: sudo-1.8.25-typos-manpages.patch
Patch10: sudo-1.8.25-c-option-help.patch
Patch11: sudo-1.8.25-sudoreplay-missing-options-help.patch
# RHEL 8.1
# 1673886 - Problem with sudo-1.8.23 and 'who am i'
Patch12: sudo-1.8.23-who-am-i.patch
# 1676819 - Backporting sudo bug with expired passwords
Patch13: sudo-1.8.23-pam-expired-passwords.patch
# 1738326 - The LDAP backend is not properly parsing sudoOptions, resulting in
# selinux roles not being applied
# https://www.sudo.ws/repos/sudo/rev/10f8cff7cce7
Patch14: sudo-1.8.25-ldap-backend-parsing-1.patch
# 1738326 - The LDAP backend is not properly parsing sudoOptions, resulting in
# selinux roles not being applied
# https://www.sudo.ws/repos/sudo/rev/ba6cfd26330e
Patch15: sudo-1.8.25-ldap-backend-parsing-2.patch
# 738662 - sudo ipa_hostname not honored
# Fix special handling of ipa_hostname that was lost in sudo
Patch16: sudo-1.8.25-ipa-hostname.patch
# 1760696 - CVE-2019-14287 sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword [rhel-7.8]
Patch17: sudo-1.8.28-CVE-strtouid.patch
Patch18: sudo-1.8.28-CVE-strtouid-test.patch
# 1798092 - CVE-2019-18634 sudo: Stack based buffer overflow in when pwfeedback is enabled [rhel-8.1.0.z]
Patch19: sudo-1.8.29-CVE-2019-18634-part1.patch
Patch20: sudo-1.8.29-CVE-2019-18634-part2.patch
Patch6: sudo-1.8.6p7-logsudouser.patch
# 1786987 - CVE-2019-19232 sudo: attacker with access to a Runas ALL sudoer account
# can impersonate a nonexistent user [rhel-8]
Patch7: sudo-1.8.29-CVE-2019-19232.patch
# 1796518 - [RFE] add optional check for the target user shell
Patch8: sudo-1.8.29-CVE-2019-19234.patch
# 1798093 - CVE-2019-18634 sudo: Stack based buffer overflow in when pwfeedback is enabled [rhel-8.2.0]
Patch9: sudo-1.8.29-CVE-2019-18634.patch
%description
Sudo (superuser do) allows a system administrator to give certain
@ -105,26 +79,11 @@ plugins that use %{name}.
%patch2 -p1 -b .sudoldapconfman
%patch3 -p1 -b .env-debug
%patch4 -p1 -b .legacy-processing
%patch5 -p1 -b .ldap-search-uid
%patch6 -p1 -b .nowait
%patch7 -p1 -b .logsudouser
%patch8 -p1 -b .double-quote
%patch9 -p1 -b .typos
%patch10 -p1 -b .c-option
%patch11 -p1 -b .sudoreplay-help
%patch12 -p1 -b .whoami
%patch13 -p1 -b .pam-expired
%patch14 -p1 -b .ldap-backend1
%patch15 -p1 -b .ldap-backend2
%patch16 -p1 -b .ipa-hostname
%patch17 -p1 -b .cve-strtouid
%patch18 -p1 -b .cve-strtouid-test
%patch19 -p1 -b .CVE-2019-18634-part1
%patch20 -p1 -b .CVE-2019-18634-part2
%patch5 -p1 -b .nowait
%patch6 -p1 -b .logsudouser
%patch7 -p1 -b .CVE-2019-19232
%patch8 -p1 -b .target-shell
%patch9 -p1 -b .CVE-2019-18634
%build
# Remove bundled copy of zlib
@ -284,15 +243,36 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man8/sudo_plugin.8*
%changelog
* Wed Feb 05 2020 Radovan Sroka <rsroka@redhat.com> - 1.8.25p1-8.1
- RHEL 8.1.0.Z ERRATUM
* Wed Feb 05 2020 Radovan Sroka <rsroka@redhat.com> - 1.8.29-5
- RHEL 8.2 ERRATUM
- CVE-2019-18634
Resolves: rhbz#1798092
Resolves: rhbz#1798093
* Fri Oct 18 2019 Marek Tamaskovic <mtamasko@redhat.com> - 1.8.25p1-8
- RHEL-8.1.0
- fixed CVE-2019-14287
Resolves: rhbz#1760696
* Tue Jan 14 2020 Radovan Sroka <rsroka@redhat.com> - 1.8.29-4
- RHEL 8.2 ERRATUM
- CVE-2019-19232
Resolves: rhbz#1786987
Resolves: rhbz#1796518
* Wed Oct 30 2019 Radovan Sroka <rsroka@redhat.com> - 1.8.29-2
- RHEL 8.2 ERRATUM
- rebase to 1.8.29
Resolves: rhbz#1733961
Resolves: rhbz#1651662
* Fri Oct 25 2019 Radovan Sroka <rsroka@redhat.com> - 1.8.28p1-1
- RHEL 8.2 ERRATUM
- rebase to 1.8.28p1
Resolves: rhbz#1733961
- fixed man page for always_set_home
Resolves: rhbz#1576880
- sudo does not work with notbefore/after
Resolves: rhbz#1679508
- NOTBEFORE showing value of sudoNotAfter Ldap attribute
Resolves: rhbz#1715516
- CVE-2019-14287 sudo
- Privilege escalation via 'Runas' specification with 'ALL' keyword
Resolves: rhbz#1760697
* Fri Aug 16 2019 Radovan Sroka <rsroka@redhat.com> - 1.8.25-7
- RHEL 8.1 ERRATUM