f8883a97a0
- Rebase to 1.9.5p2 - CVE-2023-28486 sudo: Sudo does not escape control characters in log messages Resolves: RHEL-21825 - CVE-2023-28487 sudo: Sudo does not escape control characters in sudoreplay output Resolves: RHEL-21831 - CVE-2023-42465 sudo: Targeted Corruption of Register and Stack Variables Resolves: RHEL-21820 Signed-off-by: Radovan Sroka <rsroka@redhat.com>
32 lines
1.1 KiB
Diff
32 lines
1.1 KiB
Diff
From e5c1778e7dd32ff3ed8cf969540404c9c0e6d5a1 Mon Sep 17 00:00:00 2001
|
|
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
|
|
Date: Thu, 18 Feb 2021 08:32:13 -0700
|
|
Subject: [PATCH] When logging JSON to syslog, wrap the contents in a "sudo"
|
|
object. This makes it easier for log parsers to identify what is a sudo log
|
|
entry.
|
|
|
|
---
|
|
lib/eventlog/eventlog.c | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/lib/eventlog/eventlog.c b/lib/eventlog/eventlog.c
|
|
index 1f0183b1b..e6f744da5 100644
|
|
--- a/lib/eventlog/eventlog.c
|
|
+++ b/lib/eventlog/eventlog.c
|
|
@@ -950,10 +950,10 @@ do_syslog_json(int pri, int event_type, const char *reason,
|
|
if (json_str == NULL)
|
|
debug_return_bool(false);
|
|
|
|
- /* Syslog it with a @cee: prefix */
|
|
+ /* Syslog it in a sudo object with a @cee: prefix. */
|
|
/* TODO: use evl_conf.syslog_maxlen to break up long messages. */
|
|
evl_conf.open_log(EVLOG_SYSLOG, NULL);
|
|
- syslog(pri, "@cee:{%s}", json_str);
|
|
+ syslog(pri, "@cee:{\"sudo\":{%s}}", json_str);
|
|
evl_conf.close_log(EVLOG_SYSLOG, NULL);
|
|
free(json_str);
|
|
debug_return_bool(true);
|
|
--
|
|
2.43.0
|
|
|