23 lines
908 B
Diff
23 lines
908 B
Diff
diff -up ./plugins/sudoers/sudoers.c.cve-host ./plugins/sudoers/sudoers.c
|
|
--- ./plugins/sudoers/sudoers.c.cve-host 2025-06-25 14:10:11.369219892 +0200
|
|
+++ ./plugins/sudoers/sudoers.c 2025-06-25 14:11:48.395137626 +0200
|
|
@@ -393,6 +393,18 @@ sudoers_policy_main(int argc, char * con
|
|
}
|
|
}
|
|
|
|
+ /* The user may only specify a host for "sudo -l". */
|
|
+ if (!ISSET(sudo_mode, MODE_LIST|MODE_CHECK)) {
|
|
+ if (strcmp(user_runhost, user_host) != 0) {
|
|
+ log_warningx(SLOG_NO_STDERR|SLOG_AUDIT,
|
|
+ N_("user not allowed to set remote host for command"));
|
|
+ sudo_warnx("%s",
|
|
+ U_("a remote host may only be specified when listing privileges."));
|
|
+ ret = false;
|
|
+ goto done;
|
|
+ }
|
|
+ }
|
|
+
|
|
/* If given the -P option, set the "preserve_groups" flag. */
|
|
if (ISSET(sudo_mode, MODE_PRESERVE_GROUPS))
|
|
def_preserve_groups = true;
|