f8883a97a0
- Rebase to 1.9.5p2 - CVE-2023-28486 sudo: Sudo does not escape control characters in log messages Resolves: RHEL-21825 - CVE-2023-28487 sudo: Sudo does not escape control characters in sudoreplay output Resolves: RHEL-21831 - CVE-2023-42465 sudo: Targeted Corruption of Register and Stack Variables Resolves: RHEL-21820 Signed-off-by: Radovan Sroka <rsroka@redhat.com>
57 lines
2.2 KiB
Diff
57 lines
2.2 KiB
Diff
From 4e4b506f22006c485c7ce557c9905dae16c5c12e Mon Sep 17 00:00:00 2001
|
|
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
|
|
Date: Fri, 1 Oct 2021 10:33:55 -0600
|
|
Subject: [PATCH] Sync "sudo -l" output with normal sudo log format. It now
|
|
prints runchroot and runcwd (falling back on cwd). As a result, submithost is
|
|
now printed first, matching sudo. Also avoid printing NULL pointers and skip
|
|
entries that don't have at least command, submituser and runuser set.
|
|
|
|
---
|
|
plugins/sudoers/sudoreplay.c | 22 ++++++++++++++++------
|
|
1 file changed, 16 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/plugins/sudoers/sudoreplay.c b/plugins/sudoers/sudoreplay.c
|
|
index f32d44eb5..786aae30d 100644
|
|
--- a/plugins/sudoers/sudoreplay.c
|
|
+++ b/plugins/sudoers/sudoreplay.c
|
|
@@ -1388,6 +1388,11 @@ list_session(char *log_dir, regex_t *re, const char *user, const char *tty)
|
|
if ((evlog = iolog_parse_loginfo(-1, log_dir)) == NULL)
|
|
goto done;
|
|
|
|
+ if (evlog->command == NULL || evlog->submituser == NULL ||
|
|
+ evlog->runuser == NULL) {
|
|
+ goto done;
|
|
+ }
|
|
+
|
|
/* Match on search expression if there is one. */
|
|
if (!STAILQ_EMPTY(&search_expr) && !match_expr(&search_expr, evlog, true))
|
|
goto done;
|
|
@@ -1409,13 +1414,18 @@ list_session(char *log_dir, regex_t *re, const char *user, const char *tty)
|
|
}
|
|
/* XXX - print lines + cols? */
|
|
timestr = get_timestr(evlog->submit_time.tv_sec, 1);
|
|
- printf("%s : %s : TTY=%s ; CWD=%s ; USER=%s ; ",
|
|
- timestr ? timestr : "invalid date",
|
|
- evlog->submituser, evlog->ttyname, evlog->cwd, evlog->runuser);
|
|
- if (evlog->rungroup)
|
|
- printf("GROUP=%s ; ", evlog->rungroup);
|
|
- if (evlog->submithost)
|
|
+ printf("%s : %s : ", timestr ? timestr : "invalid date", evlog->submituser);
|
|
+ if (evlog->submithost != NULL)
|
|
printf("HOST=%s ; ", evlog->submithost);
|
|
+ if (evlog->ttyname != NULL)
|
|
+ printf("TTY=%s ; ", evlog->ttyname);
|
|
+ if (evlog->runchroot != NULL)
|
|
+ printf("CHROOT=%s ; ", evlog->runchroot);
|
|
+ if (evlog->runcwd != NULL || evlog->cwd != NULL)
|
|
+ printf("CWD=%s ; ", evlog->runcwd ? evlog->runcwd : evlog->cwd);
|
|
+ printf("USER=%s ; ", evlog->runuser);
|
|
+ if (evlog->rungroup != NULL)
|
|
+ printf("GROUP=%s ; ", evlog->rungroup);
|
|
printf("TSID=%s ; COMMAND=%s\n", idstr, evlog->command);
|
|
|
|
ret = 0;
|
|
--
|
|
2.43.0
|
|
|