RHEL 10.0 ERRATUM

- sudo-1.9.15-2.p5.el10: RHEL SAST Automation: address 4 High impact true positive(s) Resolves: RHEL-44436 - sudo subpackage sudo-logsrvd should not be built Resolves: RHEL-52864 Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2024-08-21 10:35:32 +02:00 · 2024-08-21 10:35:32 +02:00 · d4a9729056
commit d4a9729056
parent 5f2cd4f939
2 changed files with 27 additions and 2 deletions
--- a/sudo-conf.patch
+++ b/sudo-conf.patch
@ -0,0 +1,25 @@
+diff -up ./examples/sudo.conf.in.fix ./examples/sudo.conf.in
+--- ./examples/sudo.conf.in.fix	2024-08-20 16:32:04.223791138 +0200
+++ ./examples/sudo.conf.in	2024-08-20 16:33:02.470003955 +0200
+@@ -11,9 +11,9 @@
+ # The plugin_options are optional.
+ #
+ # The sudoers plugin is used by default if no Plugin lines are present.
+-#Plugin sudoers_policy @sudoers_plugin@
+-#Plugin sudoers_io @sudoers_plugin@
+-#Plugin sudoers_audit @sudoers_plugin@
+Plugin sudoers_policy @sudoers_plugin@
+Plugin sudoers_io @sudoers_plugin@
+Plugin sudoers_audit @sudoers_plugin@
+ 
+ #
+ # Sudo askpass:
+@@ -85,7 +85,7 @@
+ # To aid in debugging sudo problems, you may wish to enable core
+ # dumps by setting "disable_coredump" to false.
+ #
+-#Set disable_coredump false
+Set disable_coredump false
+ 
+ #
+ # User groups:
--- a/sudo.spec
+++ b/sudo.spec
@ -33,6 +33,7 @@ BuildRequires: zlib-devel


 Patch1: coverity.patch
+Patch2: sudo-conf.patch

 %description
 Sudo (superuser do) allows a system administrator to give certain
@ -161,13 +162,12 @@ cat sudo.lang sudoers.lang > sudo_all.lang
 rm sudo.lang sudoers.lang

 mkdir -p $RPM_BUILD_ROOT/etc/pam.d
+
 cat > $RPM_BUILD_ROOT/etc/pam.d/sudo << EOF
 #%%PAM-1.0
 auth       include      system-auth
 account    include      system-auth
 password   include      system-auth
-session    optional     pam_keyinit.so revoke
-session    required     pam_limits.so
 session    include      system-auth
 EOF