diff sudo-1.6.8p1/CHANGES sudo-1.6.8p2/CHANGES --- sudo-1.6.8p1/CHANGES Wed Sep 15 13:18:35 2004 +++ sudo-1.6.8p2/CHANGES Thu Nov 11 14:28:12 2004 @@ -1731,3 +1731,10 @@ 547) Updated sample.pam to a current version. 548) Better detection of unchanged files in sudoedit. + +Sudo 1.6.8p1 released. + +549) Bash exported functions and the CDPATH variable are now stripped from + the environment passed to the program to be executed. + +Sudo 1.6.8p2 released. diff sudo-1.6.8p1/Makefile.in sudo-1.6.8p2/Makefile.in --- sudo-1.6.8p1/Makefile.in Wed Sep 15 14:11:22 2004 +++ sudo-1.6.8p2/Makefile.in Thu Nov 11 14:27:52 2004 @@ -130,7 +130,7 @@ LIBOBJS = @LIBOBJS@ @ALLOCA@ -VERSION = 1.6.8p1 +VERSION = 1.6.8p2 DISTFILES = $(SRCS) $(HDRS) BUGS CHANGES HISTORY INSTALL INSTALL.configure \ LICENSE Makefile.in PORTING README README.LDAP RUNSON TODO \ diff sudo-1.6.8p1/env.c sudo-1.6.8p2/env.c --- sudo-1.6.8p1/env.c Wed Sep 8 09:57:49 2004 +++ sudo-1.6.8p2/env.c Thu Nov 11 14:27:25 2004 @@ -323,6 +323,13 @@ /* Pull in vars we want to keep from the old environment. */ for (ep = envp; *ep; ep++) { keepit = 0; + + /* Skip variables with values beginning with () (bash functions) */ + if ((cp = strchr(*ep, '=')) != NULL) { + if (strncmp(cp, "=() ", 3) == 0) + continue; + } + for (cur = def_env_keep; cur; cur = cur->next) { len = strlen(cur->value); /* Deal with '*' wildcard */ @@ -404,6 +411,12 @@ */ for (ep = envp; *ep; ep++) { okvar = 1; + + /* Skip variables with values beginning with () (bash functions) */ + if ((cp = strchr(*ep, '=')) != NULL) { + if (strncmp(cp, "=() ", 3) == 0) + continue; + } /* Skip anything listed in env_delete. */ for (cur = def_env_delete; cur && okvar; cur = cur->next) { diff sudo-1.6.8p1/sudo.cat sudo-1.6.8p2/sudo.cat --- sudo-1.6.8p1/sudo.cat Wed Sep 8 12:35:52 2004 +++ sudo-1.6.8p2/sudo.cat Thu Nov 11 14:30:42 2004 @@ -61,7 +61,7 @@ -1.6.8 September 8, 2004 1 +1.6.8p2 November 11, 2004 1 @@ -127,7 +127,7 @@ -1.6.8 September 8, 2004 2 +1.6.8p2 November 11, 2004 2 @@ -193,7 +193,7 @@ -1.6.8 September 8, 2004 3 +1.6.8p2 November 11, 2004 3 @@ -259,7 +259,7 @@ -1.6.8 September 8, 2004 4 +1.6.8p2 November 11, 2004 4 @@ -296,17 +296,20 @@ To combat this the LD_*, _RLD_*, SHLIB_PATH (HP-UX only), and LIBPATH (AIX only) environment variables are removed from the environment passed on to all commands executed. - ssuuddoo will also remove the IFS, ENV, BASH_ENV, KRB_CONF, - KRBCONFDIR, KRBTKFILE, KRB5_CONFIG, LOCALDOMAIN, + ssuuddoo will also remove the IFS, CDPATH, ENV, BASH_ENV, + KRB_CONF, KRBCONFDIR, KRBTKFILE, KRB5_CONFIG, LOCALDOMAIN, RES_OPTIONS, HOSTALIASES, NLSPATH, PATH_LOCALE, TERMINFO, TERMINFO_DIRS and TERMPATH variables as they too can pose a threat. If the TERMCAP variable is set and is a path­ name, it too is ignored. Additionally, if the LC_* or LANGUAGE variables contain the / or % characters, they are - ignored. If ssuuddoo has been compiled with SecurID support, - the VAR_ACE, USR_ACE and DLC_ACE variables are cleared as - well. The list of environment variables that ssuuddoo clears - is contained in the output of sudo -V when run as root. + ignored. Environment variables with a value beginning + with () are also removed as they could be interpreted as + bbaasshh functions. If ssuuddoo has been compiled with SecurID + support, the VAR_ACE, USR_ACE and DLC_ACE variables are + cleared as well. The list of environment variables that + ssuuddoo clears is contained in the output of sudo -V when run + as root. To prevent command spoofing, ssuuddoo checks "." and "" (both denoting current directory) last when searching for a com­ @@ -318,22 +321,22 @@ For security reasons, if your OS supports shared libraries and does not disable user-defined library search paths for setuid programs (most do), you should either use a linker - option that disables this behavior or link ssuuddoo stati­ - cally. + option that disables this behavior or link ssuuddoo - ssuuddoo will check the ownership of its timestamp directory +1.6.8p2 November 11, 2004 5 -1.6.8 September 8, 2004 5 - SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) + statically. + + ssuuddoo will check the ownership of its timestamp directory (_/_v_a_r_/_r_u_n_/_s_u_d_o by default) and ignore the directory's con­ tents if it is not owned by root and only writable by root. On systems that allow non-root users to give away @@ -386,20 +389,19 @@ SUDO_PROMPT Used as the default password prompt - SUDO_COMMAND Set to the command run by sudo +1.6.8p2 November 11, 2004 6 -1.6.8 September 8, 2004 6 - - SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) + SUDO_COMMAND Set to the command run by sudo + SUDO_USER Set to the login of the user who invoked sudo SUDO_UID Set to the uid of the user who invoked sudo @@ -455,14 +457,12 @@ +1.6.8p2 November 11, 2004 7 -1.6.8 September 8, 2004 7 - - SUDO(1m) MAINTENANCE COMMANDS SUDO(1m) @@ -523,7 +523,7 @@ -1.6.8 September 8, 2004 8 +1.6.8p2 November 11, 2004 8 @@ -589,6 +589,6 @@ -1.6.8 September 8, 2004 9 +1.6.8p2 November 11, 2004 9 diff sudo-1.6.8p1/sudo.man.in sudo-1.6.8p2/sudo.man.in --- sudo-1.6.8p1/sudo.man.in Wed Sep 8 12:35:53 2004 +++ sudo-1.6.8p2/sudo.man.in Thu Nov 11 14:30:41 2004 @@ -149,7 +149,7 @@ .\" ======================================================================== .\" .IX Title "SUDO @mansectsu@" -.TH SUDO @mansectsu@ "September 8, 2004" "1.6.8" "MAINTENANCE COMMANDS" +.TH SUDO @mansectsu@ "November 11, 2004" "1.6.8p2" "MAINTENANCE COMMANDS" .SH "NAME" sudo, sudoedit \- execute a command as another user .SH "SYNOPSIS" @@ -406,13 +406,15 @@ \&\f(CW\*(C`LD_*\*(C'\fR, \f(CW\*(C`_RLD_*\*(C'\fR, \f(CW\*(C`SHLIB_PATH\*(C'\fR (\s-1HP\-UX\s0 only), and \f(CW\*(C`LIBPATH\*(C'\fR (\s-1AIX\s0 only) environment variables are removed from the environment passed on to all commands executed. \fBsudo\fR will also remove the \f(CW\*(C`IFS\*(C'\fR, -\&\f(CW\*(C`ENV\*(C'\fR, \f(CW\*(C`BASH_ENV\*(C'\fR, \f(CW\*(C`KRB_CONF\*(C'\fR, \f(CW\*(C`KRBCONFDIR\*(C'\fR, \f(CW\*(C`KRBTKFILE\*(C'\fR, +\&\f(CW\*(C`CDPATH\*(C'\fR, \f(CW\*(C`ENV\*(C'\fR, \f(CW\*(C`BASH_ENV\*(C'\fR, \f(CW\*(C`KRB_CONF\*(C'\fR, \f(CW\*(C`KRBCONFDIR\*(C'\fR, \f(CW\*(C`KRBTKFILE\*(C'\fR, \&\f(CW\*(C`KRB5_CONFIG\*(C'\fR, \f(CW\*(C`LOCALDOMAIN\*(C'\fR, \f(CW\*(C`RES_OPTIONS\*(C'\fR, \f(CW\*(C`HOSTALIASES\*(C'\fR, \&\f(CW\*(C`NLSPATH\*(C'\fR, \f(CW\*(C`PATH_LOCALE\*(C'\fR, \f(CW\*(C`TERMINFO\*(C'\fR, \f(CW\*(C`TERMINFO_DIRS\*(C'\fR and \&\f(CW\*(C`TERMPATH\*(C'\fR variables as they too can pose a threat. If the \&\f(CW\*(C`TERMCAP\*(C'\fR variable is set and is a pathname, it too is ignored. Additionally, if the \f(CW\*(C`LC_*\*(C'\fR or \f(CW\*(C`LANGUAGE\*(C'\fR variables contain the -\&\f(CW\*(C`/\*(C'\fR or \f(CW\*(C`%\*(C'\fR characters, they are ignored. If \fBsudo\fR has been +\&\f(CW\*(C`/\*(C'\fR or \f(CW\*(C`%\*(C'\fR characters, they are ignored. Environment variables +with a value beginning with \f(CW\*(C`()\*(C'\fR are also removed as they could +be interpreted as \fBbash\fR functions. If \fBsudo\fR has been compiled with SecurID support, the \f(CW\*(C`VAR_ACE\*(C'\fR, \f(CW\*(C`USR_ACE\*(C'\fR and \&\f(CW\*(C`DLC_ACE\*(C'\fR variables are cleared as well. The list of environment variables that \fBsudo\fR clears is contained in the output of diff sudo-1.6.8p1/sudo.pod sudo-1.6.8p2/sudo.pod --- sudo-1.6.8p1/sudo.pod Wed Sep 8 12:34:38 2004 +++ sudo-1.6.8p2/sudo.pod Thu Nov 11 14:30:04 2004 @@ -313,13 +313,15 @@ C, C<_RLD_*>, C (HP-UX only), and C (AIX only) environment variables are removed from the environment passed on to all commands executed. B will also remove the C, -C, C, C, C, C, +C, C, C, C, C, C, C, C, C, C, C, C, C, C and C variables as they too can pose a threat. If the C variable is set and is a pathname, it too is ignored. Additionally, if the C or C variables contain the -C or C<%> characters, they are ignored. If B has been +C or C<%> characters, they are ignored. Environment variables +with a value beginning with C<()> are also removed as they could +be interpreted as B functions. If B has been compiled with SecurID support, the C, C and C variables are cleared as well. The list of environment variables that B clears is contained in the output of diff sudo-1.6.8p1/sudoers.cat sudo-1.6.8p2/sudoers.cat --- sudo-1.6.8p1/sudoers.cat Mon Sep 6 14:47:10 2004 +++ sudo-1.6.8p2/sudoers.cat Thu Nov 11 14:31:40 2004 @@ -61,7 +61,7 @@ -1.6.8 September 6, 2004 1 +1.6.8p2 November 11, 2004 1 @@ -127,7 +127,7 @@ -1.6.8 September 6, 2004 2 +1.6.8p2 November 11, 2004 2 @@ -193,7 +193,7 @@ -1.6.8 September 6, 2004 3 +1.6.8p2 November 11, 2004 3 @@ -259,7 +259,7 @@ -1.6.8 September 6, 2004 4 +1.6.8p2 November 11, 2004 4 @@ -325,7 +325,7 @@ -1.6.8 September 6, 2004 5 +1.6.8p2 November 11, 2004 5 @@ -391,7 +391,7 @@ -1.6.8 September 6, 2004 6 +1.6.8p2 November 11, 2004 6 @@ -457,7 +457,7 @@ -1.6.8 September 6, 2004 7 +1.6.8p2 November 11, 2004 7 @@ -523,7 +523,7 @@ -1.6.8 September 6, 2004 8 +1.6.8p2 November 11, 2004 8 @@ -589,7 +589,7 @@ -1.6.8 September 6, 2004 9 +1.6.8p2 November 11, 2004 9 @@ -655,7 +655,7 @@ -1.6.8 September 6, 2004 10 +1.6.8p2 November 11, 2004 10 @@ -721,7 +721,7 @@ -1.6.8 September 6, 2004 11 +1.6.8p2 November 11, 2004 11 @@ -787,7 +787,7 @@ -1.6.8 September 6, 2004 12 +1.6.8p2 November 11, 2004 12 @@ -853,7 +853,7 @@ -1.6.8 September 6, 2004 13 +1.6.8p2 November 11, 2004 13 @@ -919,7 +919,7 @@ -1.6.8 September 6, 2004 14 +1.6.8p2 November 11, 2004 14 @@ -985,7 +985,7 @@ -1.6.8 September 6, 2004 15 +1.6.8p2 November 11, 2004 15 @@ -1051,7 +1051,7 @@ -1.6.8 September 6, 2004 16 +1.6.8p2 November 11, 2004 16 @@ -1117,7 +1117,7 @@ -1.6.8 September 6, 2004 17 +1.6.8p2 November 11, 2004 17 @@ -1183,7 +1183,7 @@ -1.6.8 September 6, 2004 18 +1.6.8p2 November 11, 2004 18 @@ -1249,7 +1249,7 @@ -1.6.8 September 6, 2004 19 +1.6.8p2 November 11, 2004 19 @@ -1315,7 +1315,7 @@ -1.6.8 September 6, 2004 20 +1.6.8p2 November 11, 2004 20 @@ -1381,7 +1381,7 @@ -1.6.8 September 6, 2004 21 +1.6.8p2 November 11, 2004 21 @@ -1447,7 +1447,7 @@ -1.6.8 September 6, 2004 22 +1.6.8p2 November 11, 2004 22 @@ -1513,6 +1513,6 @@ -1.6.8 September 6, 2004 23 +1.6.8p2 November 11, 2004 23 diff sudo-1.6.8p1/sudoers.man.in sudo-1.6.8p2/sudoers.man.in --- sudo-1.6.8p1/sudoers.man.in Mon Sep 6 14:47:06 2004 +++ sudo-1.6.8p2/sudoers.man.in Thu Nov 11 14:31:38 2004 @@ -149,7 +149,7 @@ .\" ======================================================================== .\" .IX Title "SUDOERS @mansectform@" -.TH SUDOERS @mansectform@ "September 6, 2004" "1.6.8" "MAINTENANCE COMMANDS" +.TH SUDOERS @mansectform@ "November 11, 2004" "1.6.8p2" "MAINTENANCE COMMANDS" .SH "NAME" sudoers \- list of which users may execute what .SH "DESCRIPTION" diff sudo-1.6.8p1/version.h sudo-1.6.8p2/version.h --- sudo-1.6.8p1/version.h Wed Sep 15 13:18:38 2004 +++ sudo-1.6.8p2/version.h Thu Nov 11 14:27:55 2004 @@ -23,6 +23,6 @@ #ifndef _SUDO_VERSION_H #define _SUDO_VERSION_H -static const char version[] = "1.6.8p1"; +static const char version[] = "1.6.8p2"; #endif /* _SUDO_VERSION_H */ diff sudo-1.6.8p1/visudo.cat sudo-1.6.8p2/visudo.cat --- sudo-1.6.8p1/visudo.cat Mon Sep 6 14:47:10 2004 +++ sudo-1.6.8p2/visudo.cat Thu Nov 11 14:31:33 2004 @@ -61,7 +61,7 @@ -1.6.8 September 6, 2004 1 +1.6.8p2 November 11, 2004 1 @@ -127,7 +127,7 @@ -1.6.8 September 6, 2004 2 +1.6.8p2 November 11, 2004 2 @@ -193,6 +193,6 @@ -1.6.8 September 6, 2004 3 +1.6.8p2 November 11, 2004 3 diff sudo-1.6.8p1/visudo.man.in sudo-1.6.8p2/visudo.man.in --- sudo-1.6.8p1/visudo.man.in Mon Sep 6 14:47:06 2004 +++ sudo-1.6.8p2/visudo.man.in Thu Nov 11 14:31:31 2004 @@ -149,7 +149,7 @@ .\" ======================================================================== .\" .IX Title "VISUDO @mansectsu@" -.TH VISUDO @mansectsu@ "September 6, 2004" "1.6.8" "MAINTENANCE COMMANDS" +.TH VISUDO @mansectsu@ "November 11, 2004" "1.6.8p2" "MAINTENANCE COMMANDS" .SH "NAME" visudo \- edit the sudoers file .SH "SYNOPSIS"