This patch will upgrade Sudo version 1.6.9 patchlevel 17 to Sudo version 1.6.9 patchlevel 18. To apply: $ cd sudo-1.6.9p17 $ patch -p1 < sudo-1.6.9p18.patch diff -ur sudo-1.6.9p17/CHANGES sudo-1.6.9p18/CHANGES --- sudo-1.6.9p17/CHANGES Wed Jun 25 14:51:44 2008 +++ sudo-1.6.9p18/CHANGES Fri Nov 14 05:59:10 2008 @@ -2110,3 +2110,33 @@ quoted strings. Sudo 1.6.9p17 released. + +665) Fixed a crash when the -i flag was used with a uid not in the password + database. + +666) Regenerated parser to pull in a yacc skeleton fix. + +667) Sudo now operates in the C locale again when doing a match against + sudoers. + +668) Fixed a potential crash when a glob matches a large number of files. + +669) Fixed compilation problem with certain versions of Heimdal krb5 related + to krb5_get_init_creds_opt_free(). + +670) When setting the umask, use the union of the user's umask and the + default value set in sudoers so that we never lower the user's + umask when running a command. + +671) Sudo now supports 64-character host names. + +672) Fixed a problem with the SELinux support for "sudo -l". + +673) When doing a wildcard match against a filename, sudo will now only + check the filesystem if the basename of the path matches, or if + the basename itself contains wildcards. + +674) Sudo will now unset the AUTHSTATE environment variable on AIX after + authenticating. + +Sudo 1.6.9p18 released. diff -ur sudo-1.6.9p17/Makefile.in sudo-1.6.9p18/Makefile.in --- sudo-1.6.9p17/Makefile.in Sun Jun 22 16:29:03 2008 +++ sudo-1.6.9p18/Makefile.in Wed Nov 12 21:50:17 2008 @@ -20,7 +20,7 @@ # # @configure_input@ # -# $Sudo: Makefile.in,v 1.246.2.32 2008/06/22 20:29:03 millert Exp $ +# $Sudo: Makefile.in,v 1.246.2.34 2008/11/13 02:50:17 millert Exp $ # #### Start of system configuration section. #### @@ -127,13 +127,14 @@ interfaces.o logging.o parse.o set_perms.o sudo.o sudo_edit.o \ tgetpass.o zero_bytes.o @SUDO_OBJS@ $(AUTH_OBJS) $(PARSEOBJS) -VISUDOBJS = visudo.o fileops.o gettime.o goodpath.o find_path.o $(PARSEOBJS) +VISUDOBJS = visudo.o fileops.o gettime.o goodpath.o find_path.o zero_bytes.o \ + $(PARSEOBJS) TESTOBJS = interfaces.o testsudoers.o $(PARSEOBJS) LIBOBJS = @LIBOBJS@ @ALLOCA@ -VERSION = 1.6.9p17 +VERSION = 1.6.9p18 DISTFILES = $(SRCS) $(HDRS) BUGS CHANGES HISTORY INSTALL INSTALL.configure \ LICENSE Makefile.in PORTING README README.LDAP \ diff -ur sudo-1.6.9p17/TROUBLESHOOTING sudo-1.6.9p18/TROUBLESHOOTING --- sudo-1.6.9p17/TROUBLESHOOTING Thu Oct 25 09:23:50 2007 +++ sudo-1.6.9p18/TROUBLESHOOTING Wed Nov 5 11:02:55 2008 @@ -158,9 +158,12 @@ Q) When I try to use "cd" with sudo the command completes without errors but nothing happens. -A) Some SVR4-derived OS's include a /usr/bin/cd command for reasons - unfathomable. A "cd" command is totally useless since a child process - cannot affect the current working directory of the parent (your shell). +A) Even though "cd" is a shell built-in command, some operating systems + include a /usr/bin/cd command for some reason. A standalone + "cd" command is totally useless since a child process (cd) cannot + affect the current working directory of the parent (your shell). + Thus, "sudo cd /foo" will start a child process, change the + directory and immediately exit without doing anything useful. Q) When I run sudo it says I am not allowed to run the command as root but I don't want to run it as root, I want to run it as another user. diff -ur sudo-1.6.9p17/auth/aix_auth.c sudo-1.6.9p18/auth/aix_auth.c --- sudo-1.6.9p17/auth/aix_auth.c Thu Jun 21 18:29:15 2007 +++ sudo-1.6.9p18/auth/aix_auth.c Fri Nov 14 05:50:45 2008 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2005 Todd C. Miller + * Copyright (c) 1999-2005, 2007-2008 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -47,7 +47,7 @@ #include "sudo_auth.h" #ifndef lint -__unused static const char rcsid[] = "$Sudo: aix_auth.c,v 1.18.2.3 2007/06/21 22:29:15 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: aix_auth.c,v 1.18.2.6 2008/11/14 10:50:45 millert Exp $"; #endif /* lint */ /* @@ -74,4 +74,15 @@ zero_bytes(pass, strlen(pass)); } return(rval); +} + +int +aixauth_cleanup(pw, auth) + struct passwd *pw; + sudo_auth *auth; +{ + /* Unset AUTHSTATE as it may not be correct for the runas user. */ + unsetenv("AUTHSTATE"); + + return(AUTH_SUCCESS); } diff -ur sudo-1.6.9p17/auth/kerb5.c sudo-1.6.9p18/auth/kerb5.c --- sudo-1.6.9p17/auth/kerb5.c Wed Feb 13 17:17:41 2008 +++ sudo-1.6.9p18/auth/kerb5.c Thu Oct 23 12:24:27 2008 @@ -54,7 +54,7 @@ #include "sudo_auth.h" #ifndef lint -__unused static const char rcsid[] = "$Sudo: kerb5.c,v 1.23.2.8 2008/02/13 22:17:41 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: kerb5.c,v 1.23.2.9 2008/10/23 16:24:27 millert Exp $"; #endif /* lint */ #ifdef HAVE_HEIMDAL @@ -74,6 +74,24 @@ } sudo_krb5_data = { NULL, NULL, NULL }; typedef struct _sudo_krb5_data *sudo_krb5_datap; +#ifndef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC +static krb5_error_code +krb5_get_init_creds_opt_alloc(context, opts) + krb5_context context; + krb5_get_init_creds_opt **opts; +{ + *opts = emalloc(sizeof(krb5_get_init_creds_opt)); + return 0; +} + +static void +krb5_get_init_creds_opt_free(opts) + krb5_get_init_creds_opt *opts; +{ + free(opts); +} +#endif + int kerb5_init(pw, promptp, auth) struct passwd *pw; @@ -220,10 +238,10 @@ done: if (opts) { -#ifdef HAVE_HEIMDAL - krb5_get_init_creds_opt_free(opts); -#else +#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS krb5_get_init_creds_opt_free(sudo_context, opts); +#else + krb5_get_init_creds_opt_free(opts); #endif } if (creds) diff -ur sudo-1.6.9p17/auth/sudo_auth.h sudo-1.6.9p18/auth/sudo_auth.h --- sudo-1.6.9p17/auth/sudo_auth.h Mon Jun 11 21:28:42 2007 +++ sudo-1.6.9p18/auth/sudo_auth.h Wed Nov 5 19:14:58 2008 @@ -13,7 +13,7 @@ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * - * $Sudo: sudo_auth.h,v 1.20.2.2 2007/06/12 01:28:42 millert Exp $ + * $Sudo: sudo_auth.h,v 1.20.2.3 2008/11/06 00:14:58 millert Exp $ */ #ifndef SUDO_AUTH_H @@ -99,7 +99,7 @@ #elif defined(HAVE_AIXAUTH) # define AUTH_STANDALONE \ AUTH_ENTRY(0, "aixauth", \ - NULL, NULL, aixauth_verify, NULL) + NULL, NULL, aixauth_verify, aixauth_cleanup) #elif defined(HAVE_FWTK) # define AUTH_STANDALONE \ AUTH_ENTRY(0, "fwtk", \ diff -ur sudo-1.6.9p17/config.h.in sudo-1.6.9p18/config.h.in --- sudo-1.6.9p17/config.h.in Sun Jun 22 16:19:54 2008 +++ sudo-1.6.9p18/config.h.in Thu Oct 23 12:19:00 2008 @@ -206,6 +206,12 @@ /* Define to 1 if you use Kerberos V. */ #undef HAVE_KERB5 +/* Define to 1 if you have the `krb5_get_init_creds_opt_alloc' function. */ +#undef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC + +/* Define to 1 if your `krb5_get_init_creds_opt_alloc' function takes two arguments. */ +#undef HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS + /* Define to 1 if you have the `krb5_init_secure_context' function. */ #undef HAVE_KRB5_INIT_SECURE_CONTEXT diff -ur sudo-1.6.9p17/configure sudo-1.6.9p18/configure --- sudo-1.6.9p17/configure Sun Jun 22 16:19:54 2008 +++ sudo-1.6.9p18/configure Thu Oct 23 12:23:27 2008 @@ -21560,7 +21560,8 @@ LIBS="${LIBS} ${SUDO_LIBS}" -for ac_func in krb5_verify_user krb5_init_secure_context + +for ac_func in krb5_verify_user krb5_init_secure_context krb5_get_init_creds_opt_alloc do as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` { echo "$as_me:$LINENO: checking for $ac_func" >&5 @@ -21653,6 +21654,69 @@ fi done + { echo "$as_me:$LINENO: checking whether krb5_get_init_creds_opt_free takes a two argument2" >&5 +echo $ECHO_N "checking whether krb5_get_init_creds_opt_free takes a two argument2... $ECHO_C" >&6; } +if test "${sudo_cv_krb5_get_init_creds_opt_free_two_args+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +int +main () +{ + + krb5_context context = NULL; + krb5_get_init_creds_opt *opts = NULL; + krb5_get_init_creds_opt_free(context, opts); + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + sudo_cv_krb5_get_init_creds_opt_free_two_args=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + sudo_cv_krb5_get_init_creds_opt_free_two_args=no + +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + + +fi +{ echo "$as_me:$LINENO: result: $sudo_cv_krb5_get_init_creds_opt_free_two_args" >&5 +echo "${ECHO_T}$sudo_cv_krb5_get_init_creds_opt_free_two_args" >&6; } + if test X"$sudo_cv_krb5_get_init_creds_opt_free_two_args" = X"yes"; then + cat >>confdefs.h <<\_ACEOF +#define HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS 1 +_ACEOF + + fi LIBS="$_LIBS" fi @@ -24529,6 +24593,14 @@ ;; esac fi + + + + + + + + diff -ur sudo-1.6.9p17/configure.in sudo-1.6.9p18/configure.in --- sudo-1.6.9p17/configure.in Sun Jun 22 16:23:56 2008 +++ sudo-1.6.9p18/configure.in Thu Oct 23 12:24:26 2008 @@ -1,6 +1,6 @@ dnl dnl Process this file with GNU autoconf to produce a configure script. -dnl $Sudo: configure.in,v 1.413.2.53 2008/06/22 20:23:56 millert Exp $ +dnl $Sudo: configure.in,v 1.413.2.54 2008/10/23 16:24:26 millert Exp $ dnl dnl Copyright (c) 1994-1996,1998-2007 Todd C. Miller dnl @@ -2103,7 +2103,23 @@ AUTH_OBJS="$AUTH_OBJS kerb5.o" _LIBS="$LIBS" LIBS="${LIBS} ${SUDO_LIBS}" - AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context) + AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context krb5_get_init_creds_opt_alloc) + AC_CACHE_CHECK(whether krb5_get_init_creds_opt_free takes a two argument2, + sudo_cv_krb5_get_init_creds_opt_free_two_args, [ + AC_TRY_COMPILE([#include ], + [ + krb5_context context = NULL; + krb5_get_init_creds_opt *opts = NULL; + krb5_get_init_creds_opt_free(context, opts); + ], + [sudo_cv_krb5_get_init_creds_opt_free_two_args=yes], + [sudo_cv_krb5_get_init_creds_opt_free_two_args=no] + ) + ] + ) + if test X"$sudo_cv_krb5_get_init_creds_opt_free_two_args" = X"yes"; then + AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS) + fi LIBS="$_LIBS" fi @@ -2470,6 +2486,10 @@ AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled)]) AH_TEMPLATE(HAVE_KERB4, [Define to 1 if you use Kerberos IV.]) AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.]) +AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC, [Define to 1 if you have the `krb5_get_init_creds_opt_alloc' function.]) +AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS, [Define to 1 if your `krb5_get_init_creds_opt_alloc' function takes two arguments.]) +AH_TEMPLATE(HAVE_KRB5_INIT_SECURE_CONTEXT, [Define to 1 if you have the `krb5_init_secure_context' function.]) +AH_TEMPLATE(HAVE_KRB5_VERIFY_USER, [Define to 1 if you have the `krb5_verify_user' function.]) AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs . (OpenLDAP does not)]) AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.]) AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.]) diff -ur sudo-1.6.9p17/env.c sudo-1.6.9p18/env.c --- sudo-1.6.9p17/env.c Sat Jun 21 15:04:07 2008 +++ sudo-1.6.9p18/env.c Wed Nov 5 19:08:36 2008 @@ -52,7 +52,7 @@ #include "sudo.h" #ifndef lint -__unused static const char rcsid[] = "$Sudo: env.c,v 1.39.2.19 2008/06/21 19:04:07 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: env.c,v 1.39.2.21 2008/11/06 00:08:36 millert Exp $"; #endif /* lint */ /* @@ -133,6 +133,7 @@ #ifdef _AIX "LDR_*", "LIBPATH", + "AUTHSTATE", #endif #ifdef __APPLE__ "DYLD_*", @@ -405,7 +406,7 @@ */ ps1 = NULL; didvar = 0; - memset(&env, 0, sizeof(env)); + zero_bytes(&env, sizeof(env)); if (def_env_reset || ISSET(sudo_mode, MODE_LOGIN_SHELL)) { /* Pull in vars we want to keep from the old environment. */ for (ep = envp; *ep; ep++) { diff -ur sudo-1.6.9p17/interfaces.c sudo-1.6.9p18/interfaces.c --- sudo-1.6.9p17/interfaces.c Tue Nov 27 12:06:53 2007 +++ sudo-1.6.9p18/interfaces.c Sun Nov 2 09:53:47 2008 @@ -89,7 +89,7 @@ #include "interfaces.h" #ifndef lint -__unused static const char rcsid[] = "$Sudo: interfaces.c,v 1.72.2.8 2007/11/27 17:06:53 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: interfaces.c,v 1.72.2.9 2008/11/02 14:53:47 millert Exp $"; #endif /* lint */ @@ -249,7 +249,7 @@ continue; #ifdef SIOCGIFFLAGS - memset(&ifr_tmp, 0, sizeof(ifr_tmp)); + zero_bytes(&ifr_tmp, sizeof(ifr_tmp)); strncpy(ifr_tmp.ifr_name, ifr->ifr_name, sizeof(ifr_tmp.ifr_name) - 1); if (ioctl(sock, SIOCGIFFLAGS, (caddr_t) &ifr_tmp) < 0) #endif @@ -267,7 +267,7 @@ previfname = ifr->ifr_name; /* Get the netmask. */ - (void) memset(&ifr_tmp, 0, sizeof(ifr_tmp)); + zero_bytes(&ifr_tmp, sizeof(ifr_tmp)); strncpy(ifr_tmp.ifr_name, ifr->ifr_name, sizeof(ifr_tmp.ifr_name) - 1); #ifdef SIOCGIFNETMASK #ifdef _ISC diff -ur sudo-1.6.9p17/logging.c sudo-1.6.9p18/logging.c --- sudo-1.6.9p17/logging.c Sun Jun 22 16:23:57 2008 +++ sudo-1.6.9p18/logging.c Sun Nov 2 09:45:50 2008 @@ -62,7 +62,7 @@ #include "sudo.h" #ifndef lint -__unused static const char rcsid[] = "$Sudo: logging.c,v 1.168.2.16 2008/06/22 20:23:57 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: logging.c,v 1.168.2.17 2008/11/02 14:45:50 millert Exp $"; #endif /* lint */ static void do_syslog __P((int, char *)); @@ -536,6 +536,7 @@ closefrom(STDERR_FILENO + 1); /* Ignore SIGPIPE in case mailer exits prematurely (or is missing). */ + zero_bytes(&sa, sizeof(sa)); sigemptyset(&sa.sa_mask); sa.sa_flags = 0; sa.sa_handler = SIG_IGN; diff -ur sudo-1.6.9p17/parse.c sudo-1.6.9p18/parse.c --- sudo-1.6.9p17/parse.c Sat Feb 9 09:44:48 2008 +++ sudo-1.6.9p18/parse.c Sun Nov 2 09:35:53 2008 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998-2005, 2007 + * Copyright (c) 1996, 1998-2005, 2007-2008 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -90,9 +90,11 @@ #endif /* HAVE_EXTENDED_GLOB */ #ifndef lint -__unused static const char rcsid[] = "$Sudo: parse.c,v 1.160.2.16 2008/02/09 14:44:48 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: parse.c,v 1.160.2.21 2008/11/02 14:35:53 millert Exp $"; #endif /* lint */ +static int command_matches_dir __P((char *, size_t)); + /* * Globals */ @@ -253,10 +255,9 @@ char *sudoers_args; { struct stat sudoers_stat; - struct dirent *dent; - char **ap, *base, buf[PATH_MAX]; + char **ap, *base, *cp; glob_t gl; - DIR *dirp; + size_t dlen; /* Check for pseudo-commands */ if (strchr(user_cmnd, '/') == NULL) { @@ -279,20 +280,31 @@ } else return(FALSE); } + dlen = strlen(sudoers_cmnd); /* - * If sudoers_cmnd has meta characters in it, use fnmatch(3) - * to do the matching. + * If sudoers_cmnd has meta characters in it, we may need to + * use glob(3) and fnmatch(3) to do the matching. */ if (has_meta(sudoers_cmnd)) { /* + * First check to see if we can avoid the call to glob(3). + * Short circuit if there are no meta chars in the command itself + * and user_base and basename(sudoers_cmnd) don't match. + */ + if (sudoers_cmnd[dlen - 1] != '/') { + if ((base = strrchr(sudoers_cmnd, '/')) != NULL) { + base++; + if (!has_meta(base) && strcmp(user_base, base) != 0) + return(FALSE); + } + } + /* * Return true if we find a match in the glob(3) results AND * a) there are no args in sudoers OR * b) there are no args on command line and none required by sudoers OR * c) there are args in sudoers and on command line and they match * else return false. - * - * Could optimize patterns ending in "/*" to "/user_base" */ #define GLOB_FLAGS (GLOB_NOSORT | GLOB_MARK | GLOB_BRACE | GLOB_TILDE) if (glob(sudoers_cmnd, GLOB_FLAGS, NULL, &gl) != 0) { @@ -300,24 +312,32 @@ return(FALSE); } /* For each glob match, compare basename, st_dev and st_ino. */ - for (ap = gl.gl_pathv; *ap != NULL; ap++) { - /* only stat if basenames are the same */ - if ((base = strrchr(*ap, '/')) != NULL) + for (ap = gl.gl_pathv; (cp = *ap) != NULL; ap++) { + /* If it ends in '/' it is a directory spec. */ + dlen = strlen(cp); + if (cp[dlen - 1] == '/') { + if (command_matches_dir(cp, dlen)) + return(TRUE); + continue; + } + + /* Only proceed if user_base and basename(cp) match */ + if ((base = strrchr(cp, '/')) != NULL) base++; else - base = *ap; + base = cp; if (strcmp(user_base, base) != 0 || - stat(*ap, &sudoers_stat) == -1) + stat(cp, &sudoers_stat) == -1) continue; if (user_stat->st_dev == sudoers_stat.st_dev && user_stat->st_ino == sudoers_stat.st_ino) { efree(safe_cmnd); - safe_cmnd = estrdup(*ap); + safe_cmnd = estrdup(cp); break; } } globfree(&gl); - if (*ap == NULL) + if (cp == NULL) return(FALSE); if (!sudoers_args || @@ -327,75 +347,85 @@ efree(safe_cmnd); safe_cmnd = estrdup(user_cmnd); return(TRUE); - } else - return(FALSE); + } + return(FALSE); } else { - size_t dlen = strlen(sudoers_cmnd); + /* If it ends in '/' it is a directory spec. */ + if (sudoers_cmnd[dlen - 1] == '/') + return(command_matches_dir(sudoers_cmnd, dlen)); - /* - * No meta characters - * Check to make sure this is not a directory spec (doesn't end in '/') - */ - if (sudoers_cmnd[dlen - 1] != '/') { - /* Only proceed if user_base and basename(sudoers_cmnd) match */ - if ((base = strrchr(sudoers_cmnd, '/')) == NULL) - base = sudoers_cmnd; - else - base++; - if (strcmp(user_base, base) != 0 || - stat(sudoers_cmnd, &sudoers_stat) == -1) - return(FALSE); + /* Only proceed if user_base and basename(sudoers_cmnd) match */ + if ((base = strrchr(sudoers_cmnd, '/')) == NULL) + base = sudoers_cmnd; + else + base++; + if (strcmp(user_base, base) != 0 || + stat(sudoers_cmnd, &sudoers_stat) == -1) + return(FALSE); - /* - * Return true if inode/device matches AND - * a) there are no args in sudoers OR - * b) there are no args on command line and none req by sudoers OR - * c) there are args in sudoers and on command line and they match - */ - if (user_stat->st_dev != sudoers_stat.st_dev || - user_stat->st_ino != sudoers_stat.st_ino) - return(FALSE); - if (!sudoers_args || - (!user_args && sudoers_args && !strcmp("\"\"", sudoers_args)) || - (sudoers_args && - fnmatch(sudoers_args, user_args ? user_args : "", 0) == 0)) { - efree(safe_cmnd); - safe_cmnd = estrdup(sudoers_cmnd); - return(TRUE); - } else - return(FALSE); - } - /* - * Grot through sudoers_cmnd's directory entries, looking for user_base. + * Return true if inode/device matches AND + * a) there are no args in sudoers OR + * b) there are no args on command line and none req by sudoers OR + * c) there are args in sudoers and on command line and they match */ - dirp = opendir(sudoers_cmnd); - if (dirp == NULL) + if (user_stat->st_dev != sudoers_stat.st_dev || + user_stat->st_ino != sudoers_stat.st_ino) return(FALSE); + if (!sudoers_args || + (!user_args && sudoers_args && !strcmp("\"\"", sudoers_args)) || + (sudoers_args && + fnmatch(sudoers_args, user_args ? user_args : "", 0) == 0)) { + efree(safe_cmnd); + safe_cmnd = estrdup(sudoers_cmnd); + return(TRUE); + } + return(FALSE); + } +} - if (strlcpy(buf, sudoers_cmnd, sizeof(buf)) >= sizeof(buf)) - return(FALSE); - while ((dent = readdir(dirp)) != NULL) { - /* ignore paths > PATH_MAX (XXX - log) */ - buf[dlen] = '\0'; - if (strlcat(buf, dent->d_name, sizeof(buf)) >= sizeof(buf)) - continue; +/* + * Return TRUE if user_cmnd names one of the inodes in dir, else FALSE. + */ +static int +command_matches_dir(sudoers_dir, dlen) + char *sudoers_dir; + size_t dlen; +{ + struct stat sudoers_stat; + struct dirent *dent; + char buf[PATH_MAX]; + DIR *dirp; - /* only stat if basenames are the same */ - if (strcmp(user_base, dent->d_name) != 0 || - stat(buf, &sudoers_stat) == -1) - continue; - if (user_stat->st_dev == sudoers_stat.st_dev && - user_stat->st_ino == sudoers_stat.st_ino) { - efree(safe_cmnd); - safe_cmnd = estrdup(buf); - break; - } - } + /* + * Grot through directory entries, looking for user_base. + */ + dirp = opendir(sudoers_dir); + if (dirp == NULL) + return(FALSE); - closedir(dirp); - return(dent != NULL); + if (strlcpy(buf, sudoers_dir, sizeof(buf)) >= sizeof(buf)) + return(FALSE); + while ((dent = readdir(dirp)) != NULL) { + /* ignore paths > PATH_MAX (XXX - log) */ + buf[dlen] = '\0'; + if (strlcat(buf, dent->d_name, sizeof(buf)) >= sizeof(buf)) + continue; + + /* only stat if basenames are the same */ + if (strcmp(user_base, dent->d_name) != 0 || + stat(buf, &sudoers_stat) == -1) + continue; + if (user_stat->st_dev == sudoers_stat.st_dev && + user_stat->st_ino == sudoers_stat.st_ino) { + efree(safe_cmnd); + safe_cmnd = estrdup(buf); + break; + } } + + closedir(dirp); + return(dent != NULL); } static int @@ -659,8 +689,8 @@ #ifdef HAVE_GETDOMAINNAME /* get the domain name (if any) */ if (!initialized) { - domain = (char *) emalloc(MAXHOSTNAMELEN); - if (getdomainname(domain, MAXHOSTNAMELEN) == -1 || *domain == '\0') { + domain = (char *) emalloc(MAXHOSTNAMELEN + 1); + if (getdomainname(domain, MAXHOSTNAMELEN + 1) == -1 || *domain == '\0') { efree(domain); domain = NULL; } diff -ur sudo-1.6.9p17/parse.yacc sudo-1.6.9p18/parse.yacc --- sudo-1.6.9p17/parse.yacc Wed Feb 27 15:34:42 2008 +++ sudo-1.6.9p18/parse.yacc Thu Oct 30 10:40:41 2008 @@ -70,7 +70,7 @@ #endif /* HAVE_LSEARCH */ #ifndef lint -__unused static const char rcsid[] = "$Sudo: parse.yacc,v 1.204.2.13 2008/02/27 20:34:42 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: parse.yacc,v 1.204.2.14 2008/10/30 14:40:04 millert Exp $"; #endif /* lint */ /* @@ -569,20 +569,24 @@ #ifdef HAVE_SELINUX if (printmatches == TRUE && host_matches == TRUE && user_matches == TRUE && runas_matches == TRUE) { - /* Inherit role. */ - cm_list[cm_list_len].role = - estrdup(cm_list[cm_list_len-1].role); - cm_list[cm_list_len].role_len = - cm_list[cm_list_len-1].role_len; - cm_list[cm_list_len].role_size = - cm_list[cm_list_len-1].role_len + 1; - /* Inherit type. */ - cm_list[cm_list_len].type = - estrdup(cm_list[cm_list_len-1].type); - cm_list[cm_list_len].type_len = - cm_list[cm_list_len-1].type_len; - cm_list[cm_list_len].type_size = - cm_list[cm_list_len-1].type_len + 1; + if (match[top-1].role != NULL) { + /* Inherit role. */ + cm_list[cm_list_len].role = + estrdup(cm_list[cm_list_len-1].role); + cm_list[cm_list_len].role_len = + cm_list[cm_list_len-1].role_len; + cm_list[cm_list_len].role_size = + cm_list[cm_list_len-1].role_len + 1; + } + if (match[top-1].type != NULL) { + /* Inherit type. */ + cm_list[cm_list_len].type = + estrdup(cm_list[cm_list_len-1].type); + cm_list[cm_list_len].type_len = + cm_list[cm_list_len-1].type_len; + cm_list[cm_list_len].type_size = + cm_list[cm_list_len-1].type_len + 1; + } } #endif /* HAVE_SELINUX */ $$.role = NULL; @@ -592,13 +596,15 @@ #ifdef HAVE_SELINUX if (printmatches == TRUE && host_matches == TRUE && user_matches == TRUE && runas_matches == TRUE) { - /* Inherit type. */ - cm_list[cm_list_len].type = - estrdup(cm_list[cm_list_len-1].type); - cm_list[cm_list_len].type_len = - cm_list[cm_list_len-1].type_len; - cm_list[cm_list_len].type_size = - cm_list[cm_list_len-1].type_len + 1; + if (match[top-1].type != NULL) { + /* Inherit type. */ + cm_list[cm_list_len].type = + estrdup(cm_list[cm_list_len-1].type); + cm_list[cm_list_len].type_len = + cm_list[cm_list_len-1].type_len; + cm_list[cm_list_len].type_size = + cm_list[cm_list_len-1].type_len + 1; + } } #endif /* HAVE_SELINUX */ $$.role = $1; @@ -608,13 +614,15 @@ #ifdef HAVE_SELINUX if (printmatches == TRUE && host_matches == TRUE && user_matches == TRUE && runas_matches == TRUE) { - /* Inherit role. */ - cm_list[cm_list_len].role = - estrdup(cm_list[cm_list_len-1].role); - cm_list[cm_list_len].role_len = - cm_list[cm_list_len-1].role_len; - cm_list[cm_list_len].role_size = - cm_list[cm_list_len-1].role_len + 1; + if (match[top-1].role != NULL) { + /* Inherit role. */ + cm_list[cm_list_len].role = + estrdup(cm_list[cm_list_len-1].role); + cm_list[cm_list_len].role_len = + cm_list[cm_list_len-1].role_len; + cm_list[cm_list_len].role_size = + cm_list[cm_list_len-1].role_len + 1; + } } #endif /* HAVE_SELINUX */ $$.type = $1; diff -ur sudo-1.6.9p17/pathnames.h.in sudo-1.6.9p18/pathnames.h.in --- sudo-1.6.9p17/pathnames.h.in Sat Feb 9 09:44:48 2008 +++ sudo-1.6.9p18/pathnames.h.in Mon Nov 10 08:07:50 2008 @@ -18,7 +18,7 @@ * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. * - * $Sudo: pathnames.h.in,v 1.51.2.4 2008/02/09 14:44:48 millert Exp $ + * $Sudo: pathnames.h.in,v 1.51.2.5 2008/11/10 13:07:50 millert Exp $ */ /* @@ -46,14 +46,14 @@ #endif /* _PATH_DEFPATH */ /* - * NOTE: _PATH_SUDOERS is usually overriden by the Makefile. + * NOTE: _PATH_SUDOERS is usually overridden by the Makefile. */ #ifndef _PATH_SUDOERS #define _PATH_SUDOERS "/etc/sudoers" #endif /* _PATH_SUDOERS */ /* - * NOTE: _PATH_SUDOERS_TMP is usually overriden by the Makefile. + * NOTE: _PATH_SUDOERS_TMP is usually overridden by the Makefile. * _PATH_SUDOERS_TMP *MUST* be on the same partition * as _PATH_SUDOERS! */ diff -ur sudo-1.6.9p17/sudo.c sudo-1.6.9p18/sudo.c --- sudo-1.6.9p17/sudo.c Sat Jun 21 15:04:07 2008 +++ sudo-1.6.9p18/sudo.c Mon Nov 10 08:07:49 2008 @@ -105,7 +105,7 @@ #include "version.h" #ifndef lint -__unused __unused static const char rcsid[] = "$Sudo: sudo.c,v 1.369.2.41 2008/06/21 19:04:07 millert Exp $"; +__unused __unused static const char rcsid[] = "$Sudo: sudo.c,v 1.369.2.50 2008/11/10 13:07:49 millert Exp $"; #endif /* lint */ /* @@ -198,6 +198,7 @@ * us at some point and avoid the logging. * Install handler to wait for children when they exit. */ + zero_bytes(&sa, sizeof(sa)); sigemptyset(&sa.sa_mask); sa.sa_flags = SA_RESTART; sa.sa_handler = SIG_IGN; @@ -267,6 +268,9 @@ cmnd_status = init_vars(sudo_mode, environ); +#ifdef HAVE_SETLOCALE + setlocale(LC_ALL, "C"); +#endif #ifdef HAVE_LDAP validated = sudo_ldap_check(pwflag); @@ -289,6 +293,9 @@ #endif if (safe_cmnd == NULL) safe_cmnd = estrdup(user_cmnd); +#ifdef HAVE_SETLOCALE + setlocale(LC_ALL, ""); +#endif /* * Look up the timestamp dir owner if one is specified. @@ -340,7 +347,7 @@ (void) close(fd); } - /* User may have overriden environment resetting via the -E flag. */ + /* User may have overridden environment resetting via the -E flag. */ if (ISSET(sudo_mode, MODE_PRESERVE_ENV) && ISSET(validated, FLAG_SETENV)) def_env_reset = FALSE; @@ -395,8 +402,12 @@ } /* Override user's umask if configured to do so. */ - if (def_umask != 0777) - (void) umask(def_umask); + if (def_umask != 0777) { + mode_t mask = umask(def_umask); + mask |= def_umask; + if (mask != def_umask) + umask(mask); + } /* Restore coredumpsize resource limit. */ #if defined(RLIMIT_CORE) && !defined(SUDO_DEVEL) @@ -501,7 +512,7 @@ int sudo_mode; char **envp; { - char *p, **ep, thost[MAXHOSTNAMELEN]; + char *p, **ep, thost[MAXHOSTNAMELEN + 1]; int nohostname, rval; /* Sanity check command from user. */ @@ -527,6 +538,7 @@ if (nohostname) user_host = user_shost = "localhost"; else { + thost[sizeof(thost) - 1] = '\0'; user_host = estrdup(thost); if (def_fqdn) { /* Defer call to set_fqdn() until log_error() is safe. */ @@ -613,8 +625,10 @@ log_error(USE_ERRNO|MSG_ONLY, "can't get hostname"); set_runaspw(*user_runas); /* may call log_error() */ - if (*user_runas[0] == '#' && runas_pw->pw_name && runas_pw->pw_name[0]) - *user_runas = estrdup(runas_pw->pw_name); + if (*user_runas[0] == '#') { + if (runas_pw->pw_name != *user_runas && runas_pw->pw_name[0]) + *user_runas = estrdup(runas_pw->pw_name); + } /* * Get current working directory. Try as user, fall back to root. @@ -1190,7 +1204,7 @@ char *p; #ifdef HAVE_GETADDRINFO - memset(&hint, 0, sizeof(hint)); + zero_bytes(&hint, sizeof(hint)); hint.ai_family = PF_UNSPEC; hint.ai_flags = AI_CANONNAME; if (getaddrinfo(user_host, NULL, &hint, &res0) != 0) { @@ -1236,8 +1250,13 @@ runas_pw = sudo_getpwuid(atoi(user + 1)); if (runas_pw == NULL) { runas_pw = emalloc(sizeof(struct passwd)); - (void) memset((VOID *)runas_pw, 0, sizeof(struct passwd)); + zero_bytes(runas_pw, sizeof(struct passwd)); runas_pw->pw_uid = atoi(user + 1); + runas_pw->pw_name = user; + runas_pw->pw_passwd = "*"; + runas_pw->pw_gecos = user; + runas_pw->pw_dir = "/"; + runas_pw->pw_shell = estrdup(_PATH_BSHELL); } } else { runas_pw = sudo_getpwnam(user); Binary files sudo-1.6.9p17/sudo.cat and sudo-1.6.9p18/sudo.cat differ diff -ur sudo-1.6.9p17/sudo.man.in sudo-1.6.9p18/sudo.man.in --- sudo-1.6.9p17/sudo.man.in Sun Jun 22 16:29:03 2008 +++ sudo-1.6.9p18/sudo.man.in Sun Oct 26 17:15:47 2008 @@ -18,8 +18,8 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.\" $Sudo: sudo.man.in,v 1.29.2.27 2008/06/22 20:29:03 millert Exp $ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 +.\" $Sudo: sudo.man.in,v 1.29.2.28 2008/10/26 21:15:47 millert Exp $ +.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) .\" .\" Standard preamble: .\" ======================================================================== @@ -46,11 +46,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -69,23 +69,26 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} +.el \{\ +. de IX +.. +.\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff @@ -150,7 +153,11 @@ .\" ======================================================================== .\" .IX Title "SUDO @mansectsu@" -.TH SUDO @mansectsu@ "Jun 21, 2008" "1.6.9p17" "MAINTENANCE COMMANDS" +.TH SUDO @mansectsu@ "October 26, 2008" "1.6.9p17" "MAINTENANCE COMMANDS" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" sudo, sudoedit \- execute a command as another user .SH "SYNOPSIS" @@ -224,7 +231,7 @@ @BAMAN@The \fB\-a\fR (\fIauthentication type\fR) option causes \fBsudo\fR to use the @BAMAN@specified authentication type when validating the user, as allowed @BAMAN@by \fI/etc/login.conf\fR. The system administrator may specify a list -@BAMAN@of sudo-specific authentication methods by adding an \*(L"auth\-sudo\*(R" +@BAMAN@of sudo-specific authentication methods by adding an \*(L"auth-sudo\*(R" @BAMAN@entry in \fI/etc/login.conf\fR. This option is only available on systems @BAMAN@that support \s-1BSD\s0 authentication. .IP "\-b" 4 @@ -559,10 +566,12 @@ Default editor to use in \fB\-e\fR (sudoedit) mode .SH "FILES" .IX Header "FILES" -.IP "\fI@sysconfdir@/sudoers\fR" 24 +.ie n .IP "\fI@sysconfdir@/sudoers\fR" 24 +.el .IP "\fI@sysconfdir@/sudoers\fR" 24 .IX Item "@sysconfdir@/sudoers" List of who can run what -.IP "\fI@timedir@\fR" 24 +.ie n .IP "\fI@timedir@\fR" 24 +.el .IP "\fI@timedir@\fR" 24 .IX Item "@timedir@" Directory containing timestamps .SH "EXAMPLES" @@ -579,19 +588,19 @@ file system holding ~yazza is not exported as root: .PP .Vb 1 -\& $ sudo -u yazza ls ~yazza +\& $ sudo \-u yazza ls ~yazza .Ve .PP To edit the \fIindex.html\fR file as user www: .PP .Vb 1 -\& $ sudo -u www vi ~www/htdocs/index.html +\& $ sudo \-u www vi ~www/htdocs/index.html .Ve .PP To shutdown a machine: .PP .Vb 1 -\& $ sudo shutdown -r +15 "quick reboot" +\& $ sudo shutdown \-r +15 "quick reboot" .Ve .PP To make a usage listing of the directories in the /home @@ -599,7 +608,7 @@ to make the \f(CW\*(C`cd\*(C'\fR and file redirection work. .PP .Vb 1 -\& $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE" +\& $ sudo sh \-c "cd /home ; du \-s * | sort \-rn > USAGE" .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" diff -ur sudo-1.6.9p17/sudo.tab.c sudo-1.6.9p18/sudo.tab.c --- sudo-1.6.9p17/sudo.tab.c Fri Apr 11 10:05:43 2008 +++ sudo-1.6.9p18/sudo.tab.c Thu Oct 30 10:40:42 2008 @@ -4,9 +4,10 @@ #if __GNUC__ >= 2 __attribute__ ((unused)) #endif /* __GNUC__ >= 2 */ - = "$OpenBSD: skeleton.c,v 1.28 2007/09/03 21:14:58 deraadt Exp $"; + = "$OpenBSD: skeleton.c,v 1.29 2008/07/08 15:06:50 otto Exp $"; #endif #include +#include #define YYBYACC 1 #define YYMAJOR 1 #define YYMINOR 9 @@ -88,7 +89,7 @@ #endif /* HAVE_LSEARCH */ #ifndef lint -__unused static const char rcsid[] = "$Sudo: sudo.tab.c,v 1.76.2.14 2008/02/27 20:34:42 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: sudo.tab.c,v 1.76.2.16 2008/10/30 14:40:28 millert Exp $"; #endif /* lint */ /* @@ -275,7 +276,7 @@ struct selinux_info seinfo; } YYSTYPE; #endif /* YYSTYPE_DEFINED */ -#line 279 "sudo.tab.c" +#line 280 "sudo.tab.c" #define COMMAND 257 #define ALIAS 258 #define DEFVAR 259 @@ -735,7 +736,7 @@ short *yysslim; YYSTYPE *yyvs; int yystacksize; -#line 1053 "parse.yacc" +#line 1061 "parse.yacc" #define MOREALIASES (32) aliasinfo *aliases = NULL; @@ -1102,7 +1103,7 @@ if (printmatches == TRUE) expand_match_list(); } -#line 1054 "sudo.tab.c" +#line 1055 "sudo.tab.c" /* allocate initial stack or double stack size, up to YYMAXDEPTH */ #if defined(__cplusplus) || defined(__STDC__) static int yygrowstack(void) @@ -1124,7 +1125,7 @@ #ifdef SIZE_MAX #define YY_SIZE_MAX SIZE_MAX #else -#define YY_SIZE_MAX 0x7fffffff +#define YY_SIZE_MAX 0xffffffffU #endif if (newsize && YY_SIZE_MAX / newsize < sizeof *newss) goto bail; @@ -1301,7 +1302,10 @@ YYPREFIX, yystate, yyn, yyrule[yyn]); #endif yym = yylen[yyn]; - yyval = yyvsp[1-yym]; + if (yym) + yyval = yyvsp[1-yym]; + else + memset(&yyval, 0, sizeof yyval); switch (yyn) { case 3: @@ -1638,20 +1642,24 @@ #ifdef HAVE_SELINUX if (printmatches == TRUE && host_matches == TRUE && user_matches == TRUE && runas_matches == TRUE) { - /* Inherit role. */ - cm_list[cm_list_len].role = - estrdup(cm_list[cm_list_len-1].role); - cm_list[cm_list_len].role_len = - cm_list[cm_list_len-1].role_len; - cm_list[cm_list_len].role_size = - cm_list[cm_list_len-1].role_len + 1; - /* Inherit type. */ - cm_list[cm_list_len].type = - estrdup(cm_list[cm_list_len-1].type); - cm_list[cm_list_len].type_len = - cm_list[cm_list_len-1].type_len; - cm_list[cm_list_len].type_size = - cm_list[cm_list_len-1].type_len + 1; + if (match[top-1].role != NULL) { + /* Inherit role. */ + cm_list[cm_list_len].role = + estrdup(cm_list[cm_list_len-1].role); + cm_list[cm_list_len].role_len = + cm_list[cm_list_len-1].role_len; + cm_list[cm_list_len].role_size = + cm_list[cm_list_len-1].role_len + 1; + } + if (match[top-1].type != NULL) { + /* Inherit type. */ + cm_list[cm_list_len].type = + estrdup(cm_list[cm_list_len-1].type); + cm_list[cm_list_len].type_len = + cm_list[cm_list_len-1].type_len; + cm_list[cm_list_len].type_size = + cm_list[cm_list_len-1].type_len + 1; + } } #endif /* HAVE_SELINUX */ yyval.seinfo.role = NULL; @@ -1659,18 +1667,20 @@ } break; case 47: -#line 591 "parse.yacc" +#line 595 "parse.yacc" { #ifdef HAVE_SELINUX if (printmatches == TRUE && host_matches == TRUE && user_matches == TRUE && runas_matches == TRUE) { - /* Inherit type. */ - cm_list[cm_list_len].type = - estrdup(cm_list[cm_list_len-1].type); - cm_list[cm_list_len].type_len = - cm_list[cm_list_len-1].type_len; - cm_list[cm_list_len].type_size = - cm_list[cm_list_len-1].type_len + 1; + if (match[top-1].type != NULL) { + /* Inherit type. */ + cm_list[cm_list_len].type = + estrdup(cm_list[cm_list_len-1].type); + cm_list[cm_list_len].type_len = + cm_list[cm_list_len-1].type_len; + cm_list[cm_list_len].type_size = + cm_list[cm_list_len-1].type_len + 1; + } } #endif /* HAVE_SELINUX */ yyval.seinfo.role = yyvsp[0].string; @@ -1678,18 +1688,20 @@ } break; case 48: -#line 607 "parse.yacc" +#line 613 "parse.yacc" { #ifdef HAVE_SELINUX if (printmatches == TRUE && host_matches == TRUE && user_matches == TRUE && runas_matches == TRUE) { - /* Inherit role. */ - cm_list[cm_list_len].role = - estrdup(cm_list[cm_list_len-1].role); - cm_list[cm_list_len].role_len = - cm_list[cm_list_len-1].role_len; - cm_list[cm_list_len].role_size = - cm_list[cm_list_len-1].role_len + 1; + if (match[top-1].role != NULL) { + /* Inherit role. */ + cm_list[cm_list_len].role = + estrdup(cm_list[cm_list_len-1].role); + cm_list[cm_list_len].role_len = + cm_list[cm_list_len-1].role_len; + cm_list[cm_list_len].role_size = + cm_list[cm_list_len-1].role_len + 1; + } } #endif /* HAVE_SELINUX */ yyval.seinfo.type = yyvsp[0].string; @@ -1697,21 +1709,21 @@ } break; case 49: -#line 623 "parse.yacc" +#line 631 "parse.yacc" { yyval.seinfo.role = yyvsp[-1].string; yyval.seinfo.type = yyvsp[0].string; } break; case 50: -#line 627 "parse.yacc" +#line 635 "parse.yacc" { yyval.seinfo.type = yyvsp[-1].string; yyval.seinfo.role = yyvsp[0].string; } break; case 51: -#line 633 "parse.yacc" +#line 641 "parse.yacc" { if (printmatches == TRUE && host_matches == TRUE && user_matches == TRUE) { @@ -1738,17 +1750,17 @@ } break; case 52: -#line 657 "parse.yacc" +#line 665 "parse.yacc" { runas_matches = yyvsp[0].BOOLEAN; } break; case 53: -#line 662 "parse.yacc" +#line 670 "parse.yacc" { ; } break; case 54: -#line 663 "parse.yacc" +#line 671 "parse.yacc" { /* Later entries override earlier ones. */ if (yyvsp[0].BOOLEAN != NOMATCH) @@ -1758,11 +1770,11 @@ } break; case 55: -#line 672 "parse.yacc" +#line 680 "parse.yacc" { ; } break; case 56: -#line 673 "parse.yacc" +#line 681 "parse.yacc" { if (printmatches == TRUE) { if (in_alias == TRUE) @@ -1774,14 +1786,14 @@ } break; case 57: -#line 681 "parse.yacc" +#line 689 "parse.yacc" { /* Set $$ to the negation of runasuser */ yyval.BOOLEAN = (yyvsp[0].BOOLEAN == NOMATCH ? NOMATCH : ! yyvsp[0].BOOLEAN); } break; case 58: -#line 687 "parse.yacc" +#line 695 "parse.yacc" { if (printmatches == TRUE) { if (in_alias == TRUE) @@ -1799,7 +1811,7 @@ } break; case 59: -#line 702 "parse.yacc" +#line 710 "parse.yacc" { if (printmatches == TRUE) { if (in_alias == TRUE) @@ -1817,7 +1829,7 @@ } break; case 60: -#line 717 "parse.yacc" +#line 725 "parse.yacc" { if (printmatches == TRUE) { if (in_alias == TRUE) @@ -1835,7 +1847,7 @@ } break; case 61: -#line 732 "parse.yacc" +#line 740 "parse.yacc" { aliasinfo *aip = find_alias(yyvsp[0].string, RUNAS_ALIAS); @@ -1868,7 +1880,7 @@ } break; case 62: -#line 762 "parse.yacc" +#line 770 "parse.yacc" { if (printmatches == TRUE) { if (in_alias == TRUE) @@ -1881,7 +1893,7 @@ } break; case 63: -#line 774 "parse.yacc" +#line 782 "parse.yacc" { /* Inherit {NO,}{PASSWD,EXEC,SETENV} status. */ if (printmatches == TRUE && host_matches == TRUE && @@ -1902,7 +1914,7 @@ } break; case 64: -#line 792 "parse.yacc" +#line 800 "parse.yacc" { no_passwd = TRUE; if (printmatches == TRUE && host_matches == TRUE && @@ -1911,7 +1923,7 @@ } break; case 65: -#line 798 "parse.yacc" +#line 806 "parse.yacc" { no_passwd = FALSE; if (printmatches == TRUE && host_matches == TRUE && @@ -1920,7 +1932,7 @@ } break; case 66: -#line 804 "parse.yacc" +#line 812 "parse.yacc" { no_execve = TRUE; if (printmatches == TRUE && host_matches == TRUE && @@ -1929,7 +1941,7 @@ } break; case 67: -#line 810 "parse.yacc" +#line 818 "parse.yacc" { no_execve = FALSE; if (printmatches == TRUE && host_matches == TRUE && @@ -1938,7 +1950,7 @@ } break; case 68: -#line 816 "parse.yacc" +#line 824 "parse.yacc" { setenv_ok = TRUE; if (printmatches == TRUE && host_matches == TRUE && @@ -1947,7 +1959,7 @@ } break; case 69: -#line 822 "parse.yacc" +#line 830 "parse.yacc" { setenv_ok = FALSE; if (printmatches == TRUE && host_matches == TRUE && @@ -1956,7 +1968,7 @@ } break; case 70: -#line 830 "parse.yacc" +#line 838 "parse.yacc" { if (printmatches == TRUE) { if (in_alias == TRUE) @@ -1977,7 +1989,7 @@ } break; case 71: -#line 848 "parse.yacc" +#line 856 "parse.yacc" { aliasinfo *aip; @@ -2009,7 +2021,7 @@ } break; case 72: -#line 877 "parse.yacc" +#line 885 "parse.yacc" { if (printmatches == TRUE) { if (in_alias == TRUE) { @@ -2036,11 +2048,11 @@ } break; case 75: -#line 907 "parse.yacc" +#line 915 "parse.yacc" { push; } break; case 76: -#line 907 "parse.yacc" +#line 915 "parse.yacc" { if ((MATCHED(host_matches) || pedantic) && !add_alias(yyvsp[-3].string, HOST_ALIAS, host_matches)) { @@ -2051,7 +2063,7 @@ } break; case 81: -#line 925 "parse.yacc" +#line 933 "parse.yacc" { push; if (printmatches == TRUE) { @@ -2064,7 +2076,7 @@ } break; case 82: -#line 934 "parse.yacc" +#line 942 "parse.yacc" { if ((MATCHED(cmnd_matches) || pedantic) && !add_alias(yyvsp[-3].string, CMND_ALIAS, cmnd_matches)) { @@ -2079,11 +2091,11 @@ } break; case 83: -#line 948 "parse.yacc" +#line 956 "parse.yacc" { ; } break; case 87: -#line 956 "parse.yacc" +#line 964 "parse.yacc" { if (printmatches == TRUE) { in_alias = TRUE; @@ -2095,7 +2107,7 @@ } break; case 88: -#line 964 "parse.yacc" +#line 972 "parse.yacc" { if ((yyvsp[0].BOOLEAN != NOMATCH || pedantic) && !add_alias(yyvsp[-3].string, RUNAS_ALIAS, yyvsp[0].BOOLEAN)) { @@ -2109,11 +2121,11 @@ } break; case 91: -#line 981 "parse.yacc" +#line 989 "parse.yacc" { push; } break; case 92: -#line 981 "parse.yacc" +#line 989 "parse.yacc" { if ((MATCHED(user_matches) || pedantic) && !add_alias(yyvsp[-3].string, USER_ALIAS, user_matches)) { @@ -2125,19 +2137,19 @@ } break; case 95: -#line 996 "parse.yacc" +#line 1004 "parse.yacc" { SETMATCH(user_matches, yyvsp[0].BOOLEAN); } break; case 96: -#line 999 "parse.yacc" +#line 1007 "parse.yacc" { SETNMATCH(user_matches, yyvsp[0].BOOLEAN); } break; case 97: -#line 1004 "parse.yacc" +#line 1012 "parse.yacc" { if (userpw_matches(yyvsp[0].string, user_name, sudo_user.pw)) yyval.BOOLEAN = TRUE; @@ -2147,7 +2159,7 @@ } break; case 98: -#line 1011 "parse.yacc" +#line 1019 "parse.yacc" { if (usergr_matches(yyvsp[0].string, user_name, sudo_user.pw)) yyval.BOOLEAN = TRUE; @@ -2157,7 +2169,7 @@ } break; case 99: -#line 1018 "parse.yacc" +#line 1026 "parse.yacc" { if (netgr_matches(yyvsp[0].string, NULL, NULL, user_name)) yyval.BOOLEAN = TRUE; @@ -2167,7 +2179,7 @@ } break; case 100: -#line 1025 "parse.yacc" +#line 1033 "parse.yacc" { aliasinfo *aip = find_alias(yyvsp[0].string, USER_ALIAS); @@ -2192,12 +2204,12 @@ } break; case 101: -#line 1047 "parse.yacc" +#line 1055 "parse.yacc" { yyval.BOOLEAN = TRUE; } break; -#line 2149 "sudo.tab.c" +#line 2161 "sudo.tab.c" } yyssp -= yym; yystate = *yyssp; diff -ur sudo-1.6.9p17/sudo_edit.c sudo-1.6.9p18/sudo_edit.c --- sudo-1.6.9p17/sudo_edit.c Fri Jun 20 20:47:52 2008 +++ sudo-1.6.9p18/sudo_edit.c Sun Nov 2 09:53:47 2008 @@ -62,7 +62,7 @@ #include "sudo.h" #ifndef lint -__unused static const char rcsid[] = "$Sudo: sudo_edit.c,v 1.6.2.9 2008/06/21 00:47:52 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: sudo_edit.c,v 1.6.2.11 2008/11/02 14:53:47 millert Exp $"; #endif /* lint */ extern sigaction_t saved_sa_int, saved_sa_quit, saved_sa_tstp; @@ -112,7 +112,7 @@ * and copy the contents of the original to it. */ tf = emalloc2(argc - 1, sizeof(*tf)); - memset(tf, 0, (argc - 1) * sizeof(*tf)); + zero_bytes(tf, (argc - 1) * sizeof(*tf)); for (i = 0, ap = argv + 1; i < argc - 1 && *ap != NULL; i++, ap++) { error = -1; set_perms(PERM_RUNAS); @@ -124,7 +124,7 @@ endpwent(); if ((ofd = open(*ap, O_RDONLY, 0644)) != -1 || errno == ENOENT) { if (ofd == -1) { - memset(&sb, 0, sizeof(sb)); /* new file */ + zero_bytes(&sb, sizeof(sb)); /* new file */ error = 0; } else { #ifdef HAVE_FSTAT @@ -232,6 +232,7 @@ nargv[ac] = NULL; /* Allow the editor to be suspended. */ + zero_bytes(&sa, sizeof(sa)); sigemptyset(&sa.sa_mask); sa.sa_flags = SA_RESTART; sa.sa_handler = SIG_DFL; Binary files sudo-1.6.9p17/sudoers.cat and sudo-1.6.9p18/sudoers.cat differ diff -ur sudo-1.6.9p17/sudoers.man.in sudo-1.6.9p18/sudoers.man.in --- sudo-1.6.9p17/sudoers.man.in Sun Jun 22 16:29:03 2008 +++ sudo-1.6.9p18/sudoers.man.in Sun Oct 26 17:15:47 2008 @@ -18,8 +18,8 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.\" $Sudo: sudoers.man.in,v 1.45.2.29 2008/06/22 20:29:03 millert Exp $ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 +.\" $Sudo: sudoers.man.in,v 1.45.2.30 2008/10/26 21:15:47 millert Exp $ +.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) .\" .\" Standard preamble: .\" ======================================================================== @@ -46,11 +46,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -69,23 +69,26 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} +.el \{\ +. de IX +.. +.\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff @@ -150,7 +153,11 @@ .\" ======================================================================== .\" .IX Title "SUDOERS @mansectform@" -.TH SUDOERS @mansectform@ "Jun 21, 2008" "1.6.9p17" "MAINTENANCE COMMANDS" +.TH SUDOERS @mansectform@ "October 26, 2008" "1.6.9p17" "MAINTENANCE COMMANDS" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" sudoers \- list of which users may execute what .SH "DESCRIPTION" @@ -205,32 +212,22 @@ \&\f(CW\*(C`Host_Alias\*(C'\fR and \f(CW\*(C`Cmnd_Alias\*(C'\fR. .PP .Vb 4 -\& Alias ::= 'User_Alias' User_Alias (':' User_Alias)* | -\& 'Runas_Alias' Runas_Alias (':' Runas_Alias)* | -\& 'Host_Alias' Host_Alias (':' Host_Alias)* | -\& 'Cmnd_Alias' Cmnd_Alias (':' Cmnd_Alias)* +\& Alias ::= \*(AqUser_Alias\*(Aq User_Alias (\*(Aq:\*(Aq User_Alias)* | +\& \*(AqRunas_Alias\*(Aq Runas_Alias (\*(Aq:\*(Aq Runas_Alias)* | +\& \*(AqHost_Alias\*(Aq Host_Alias (\*(Aq:\*(Aq Host_Alias)* | +\& \*(AqCmnd_Alias\*(Aq Cmnd_Alias (\*(Aq:\*(Aq Cmnd_Alias)* +\& +\& User_Alias ::= NAME \*(Aq=\*(Aq User_List +\& +\& Runas_Alias ::= NAME \*(Aq=\*(Aq Runas_List +\& +\& Host_Alias ::= NAME \*(Aq=\*(Aq Host_List +\& +\& Cmnd_Alias ::= NAME \*(Aq=\*(Aq Cmnd_List +\& +\& NAME ::= [A\-Z]([A\-Z][0\-9]_)* .Ve .PP -.Vb 1 -\& User_Alias ::= NAME '=' User_List -.Ve -.PP -.Vb 1 -\& Runas_Alias ::= NAME '=' Runas_List -.Ve -.PP -.Vb 1 -\& Host_Alias ::= NAME '=' Host_List -.Ve -.PP -.Vb 1 -\& Cmnd_Alias ::= NAME '=' Cmnd_List -.Ve -.PP -.Vb 1 -\& NAME ::= [A-Z]([A-Z][0-9]_)* -.Ve -.PP Each \fIalias\fR definition is of the form .PP .Vb 1 @@ -251,16 +248,14 @@ .PP .Vb 2 \& User_List ::= User | -\& User ',' User_List +\& User \*(Aq,\*(Aq User_List +\& +\& User ::= \*(Aq!\*(Aq* username | +\& \*(Aq!\*(Aq* \*(Aq%\*(Aqgroup | +\& \*(Aq!\*(Aq* \*(Aq+\*(Aqnetgroup | +\& \*(Aq!\*(Aq* User_Alias .Ve .PP -.Vb 4 -\& User ::= '!'* username | -\& '!'* '%'group | -\& '!'* '+'netgroup | -\& '!'* User_Alias -.Ve -.PP A \f(CW\*(C`User_List\*(C'\fR is made up of one or more usernames, system groups (prefixed with '%'), netgroups (prefixed with '+') and other aliases. Each list item may be prefixed with one or more '!' operators. @@ -269,17 +264,15 @@ .PP .Vb 2 \& Runas_List ::= Runas_User | -\& Runas_User ',' Runas_List +\& Runas_User \*(Aq,\*(Aq Runas_List +\& +\& Runas_User ::= \*(Aq!\*(Aq* username | +\& \*(Aq!\*(Aq* \*(Aq#\*(Aquid | +\& \*(Aq!\*(Aq* \*(Aq%\*(Aqgroup | +\& \*(Aq!\*(Aq* +netgroup | +\& \*(Aq!\*(Aq* Runas_Alias .Ve .PP -.Vb 5 -\& Runas_User ::= '!'* username | -\& '!'* '#'uid | -\& '!'* '%'group | -\& '!'* +netgroup | -\& '!'* Runas_Alias -.Ve -.PP A \f(CW\*(C`Runas_List\*(C'\fR is similar to a \f(CW\*(C`User_List\*(C'\fR except that it can also contain uids (prefixed with '#') and instead of \f(CW\*(C`User_Alias\*(C'\fRes it can contain \f(CW\*(C`Runas_Alias\*(C'\fRes. Note that usernames and groups @@ -290,17 +283,15 @@ .PP .Vb 2 \& Host_List ::= Host | -\& Host ',' Host_List +\& Host \*(Aq,\*(Aq Host_List +\& +\& Host ::= \*(Aq!\*(Aq* hostname | +\& \*(Aq!\*(Aq* ip_addr | +\& \*(Aq!\*(Aq* network(/netmask)? | +\& \*(Aq!\*(Aq* \*(Aq+\*(Aqnetgroup | +\& \*(Aq!\*(Aq* Host_Alias .Ve .PP -.Vb 5 -\& Host ::= '!'* hostname | -\& '!'* ip_addr | -\& '!'* network(/netmask)? | -\& '!'* '+'netgroup | -\& '!'* Host_Alias -.Ve -.PP A \f(CW\*(C`Host_List\*(C'\fR is made up of one or more hostnames, \s-1IP\s0 addresses, network numbers, netgroups (prefixed with '+') and other aliases. Again, the value of an item may be negated with the '!' operator. @@ -318,22 +309,18 @@ .PP .Vb 2 \& Cmnd_List ::= Cmnd | -\& Cmnd ',' Cmnd_List -.Ve -.PP -.Vb 3 +\& Cmnd \*(Aq,\*(Aq Cmnd_List +\& \& commandname ::= filename | \& filename args | -\& filename '""' +\& filename \*(Aq""\*(Aq +\& +\& Cmnd ::= \*(Aq!\*(Aq* commandname | +\& \*(Aq!\*(Aq* directory | +\& \*(Aq!\*(Aq* "sudoedit" | +\& \*(Aq!\*(Aq* Cmnd_Alias .Ve .PP -.Vb 4 -\& Cmnd ::= '!'* commandname | -\& '!'* directory | -\& '!'* "sudoedit" | -\& '!'* Cmnd_Alias -.Ve -.PP A \f(CW\*(C`Cmnd_List\*(C'\fR is a list of one or more commandnames, directories, and other aliases. A commandname is a fully qualified filename which may include shell-style wildcards (see the Wildcards section below). A simple @@ -361,28 +348,22 @@ specific user, or commands being run as a specific user. .PP .Vb 4 -\& Default_Type ::= 'Defaults' | -\& 'Defaults' '@' Host_List | -\& 'Defaults' ':' User_List | -\& 'Defaults' '>' Runas_List -.Ve -.PP -.Vb 1 +\& Default_Type ::= \*(AqDefaults\*(Aq | +\& \*(AqDefaults\*(Aq \*(Aq@\*(Aq Host_List | +\& \*(AqDefaults\*(Aq \*(Aq:\*(Aq User_List | +\& \*(AqDefaults\*(Aq \*(Aq>\*(Aq Runas_List +\& \& Default_Entry ::= Default_Type Parameter_List -.Ve -.PP -.Vb 2 +\& \& Parameter_List ::= Parameter | -\& Parameter ',' Parameter_List +\& Parameter \*(Aq,\*(Aq Parameter_List +\& +\& Parameter ::= Parameter \*(Aq=\*(Aq Value | +\& Parameter \*(Aq+=\*(Aq Value | +\& Parameter \*(Aq\-=\*(Aq Value | +\& \*(Aq!\*(Aq* Parameter .Ve .PP -.Vb 4 -\& Parameter ::= Parameter '=' Value | -\& Parameter '+=' Value | -\& Parameter '-=' Value | -\& '!'* Parameter -.Ve -.PP Parameters may be \fBflags\fR, \fBinteger\fR values, \fBstrings\fR, or \fBlists\fR. Flags are implicitly boolean and can be turned off via the '!' operator. Some integer, string and list parameters may also be @@ -399,28 +380,20 @@ .Sh "User Specification" .IX Subsection "User Specification" .Vb 2 -\& User_Spec ::= User_List Host_List '=' Cmnd_Spec_List \e -\& (':' Host_List '=' Cmnd_Spec_List)* -.Ve -.PP -.Vb 2 +\& User_Spec ::= User_List Host_List \*(Aq=\*(Aq Cmnd_Spec_List \e +\& (\*(Aq:\*(Aq Host_List \*(Aq=\*(Aq Cmnd_Spec_List)* +\& \& Cmnd_Spec_List ::= Cmnd_Spec | -\& Cmnd_Spec ',' Cmnd_Spec_List -.Ve -.PP -.Vb 1 +\& Cmnd_Spec \*(Aq,\*(Aq Cmnd_Spec_List +\& \& Cmnd_Spec ::= Runas_Spec? Tag_Spec* Cmnd +\& +\& Runas_Spec ::= \*(Aq(\*(Aq Runas_List \*(Aq)\*(Aq +\& +\& Tag_Spec ::= (\*(AqNOPASSWD:\*(Aq | \*(AqPASSWD:\*(Aq | \*(AqNOEXEC:\*(Aq | \*(AqEXEC:\*(Aq | +\& \*(AqSETENV:\*(Aq | \*(AqNOSETENV:\*(Aq) .Ve .PP -.Vb 1 -\& Runas_Spec ::= '(' Runas_List ')' -.Ve -.PP -.Vb 2 -\& Tag_Spec ::= ('NOPASSWD:' | 'PASSWD:' | 'NOEXEC:' | 'EXEC:' | -\& 'SETENV:' | 'NOSETENV:') -.Ve -.PP A \fBuser specification\fR determines which commands a user may run (and as what user) on specified hosts. By default, commands are run as \fBroot\fR, but this can be changed on a per-command basis. @@ -442,7 +415,7 @@ \&\fI/usr/bin/lprm\fR \*(-- but only as \fBoperator\fR. E.g., .PP .Vb 1 -\& $ sudo -u operator /bin/ls. +\& $ sudo \-u operator /bin/ls. .Ve .PP It is also possible to override a \f(CW\*(C`Runas_Spec\*(C'\fR later on in an @@ -479,7 +452,7 @@ .Ve .PP would allow the user \fBray\fR to run \fI/bin/kill\fR, \fI/bin/ls\fR, and -\&\fI/usr/bin/lprm\fR as root on the machine rushmore as \fBroot\fR without +\&\fI/usr/bin/lprm\fR as \fBroot\fR on the machine rushmore without authenticating himself. If we only want \fBray\fR to be able to run \fI/bin/kill\fR without a password the entry would be: .PP @@ -681,11 +654,11 @@ password. This flag is \fI@insults@\fR by default. .IP "log_host" 16 .IX Item "log_host" -If set, the hostname will be logged in the (non\-syslog) \fBsudo\fR log file. +If set, the hostname will be logged in the (non-syslog) \fBsudo\fR log file. This flag is \fIoff\fR by default. .IP "log_year" 16 .IX Item "log_year" -If set, the four-digit year will be logged in the (non\-syslog) \fBsudo\fR log file. +If set, the four-digit year will be logged in the (non-syslog) \fBsudo\fR log file. This flag is \fIoff\fR by default. .IP "long_otp_prompt" 16 .IX Item "long_otp_prompt" @@ -722,7 +695,8 @@ .IX Item "noexec" If set, all commands run via \fBsudo\fR will behave as if the \f(CW\*(C`NOEXEC\*(C'\fR tag has been set, unless overridden by a \f(CW\*(C`EXEC\*(C'\fR tag. See the -description of \fI\s-1NOEXEC\s0 and \s-1EXEC\s0\fR below as well as the \*(L"\s-1PREVENTING\s0 \s-1SHELL\s0 \s-1ESCAPES\s0\*(R" section at the end of this manual. This flag is \fIoff\fR by default. +description of \fI\s-1NOEXEC\s0 and \s-1EXEC\s0\fR below as well as the \*(L"\s-1PREVENTING\s0 \s-1SHELL\s0 +\&\s-1ESCAPES\s0\*(R" section at the end of this manual. This flag is \fIoff\fR by default. .IP "path_info" 16 .IX Item "path_info" Normally, \fBsudo\fR will tell the user when a command could not be @@ -862,7 +836,12 @@ .IP "umask" 16 .IX Item "umask" Umask to use when running the command. Negate this option or set -it to 0777 to preserve the user's umask. The default is \f(CW\*(C`@sudo_umask@\*(C'\fR. +it to 0777 to preserve the user's umask. The actual umask that is +used will be the union of the user's umask and \f(CW\*(C`@sudo_umask@\*(C'\fR. +This guarantees that \fBsudo\fR never lowers the umask when running a +command. Note on systems that use \s-1PAM\s0, the default \s-1PAM\s0 configuration +may specify its own umask which will override the value set in +\&\fIsudoers\fR. .PP \&\fBStrings\fR: .IP "badpass_message" 16 @@ -1072,8 +1051,8 @@ Environment variables to be removed from the user's environment if the variable's value contains \f(CW\*(C`%\*(C'\fR or \f(CW\*(C`/\*(C'\fR characters. This can be used to guard against printf-style format vulnerabilities in -poorly-written programs. The argument may be a double\-quoted, -space-separated list or a single value without double\-quotes. The +poorly-written programs. The argument may be a double-quoted, +space-separated list or a single value without double-quotes. The list can be replaced, added to, deleted from, or disabled by using the \f(CW\*(C`=\*(C'\fR, \f(CW\*(C`+=\*(C'\fR, \f(CW\*(C`\-=\*(C'\fR, and \f(CW\*(C`!\*(C'\fR operators respectively. Regardless of whether the \f(CW\*(C`env_reset\*(C'\fR option is enabled or disabled, variables @@ -1084,8 +1063,8 @@ .IP "env_delete" 16 .IX Item "env_delete" Environment variables to be removed from the user's environment. -The argument may be a double\-quoted, space-separated list or a -single value without double\-quotes. The list can be replaced, added +The argument may be a double-quoted, space-separated list or a +single value without double-quotes. The list can be replaced, added to, deleted from, or disabled by using the \f(CW\*(C`=\*(C'\fR, \f(CW\*(C`+=\*(C'\fR, \f(CW\*(C`\-=\*(C'\fR, and \&\f(CW\*(C`!\*(C'\fR operators respectively. The default list of environment variables to remove is displayed when \fBsudo\fR is run by root with the @@ -1097,8 +1076,8 @@ Environment variables to be preserved in the user's environment when the \fIenv_reset\fR option is in effect. This allows fine-grained control over the environment \fBsudo\fR\-spawned processes will receive. -The argument may be a double\-quoted, space-separated list or a -single value without double\-quotes. The list can be replaced, added +The argument may be a double-quoted, space-separated list or a +single value without double-quotes. The list can be replaced, added to, deleted from, or disabled by using the \f(CW\*(C`=\*(C'\fR, \f(CW\*(C`+=\*(C'\fR, \f(CW\*(C`\-=\*(C'\fR, and \&\f(CW\*(C`!\*(C'\fR operators respectively. The default list of variables to keep is displayed when \fBsudo\fR is run by root with the \fI\-V\fR option. @@ -1112,7 +1091,8 @@ \&\fBnotice\fR, and \fBwarning\fR. .SH "FILES" .IX Header "FILES" -.IP "\fI@sysconfdir@/sudoers\fR" 24 +.ie n .IP "\fI@sysconfdir@/sudoers\fR" 24 +.el .IP "\fI@sysconfdir@/sudoers\fR" 24 .IX Item "@sysconfdir@/sudoers" List of who can run what .IP "\fI/etc/group\fR" 24 @@ -1138,15 +1118,11 @@ \& User_Alias FULLTIMERS = millert, mikef, dowdy \& User_Alias PARTTIMERS = bostley, jwfox, crawl \& User_Alias WEBMASTERS = will, wendy, wim -.Ve -.PP -.Vb 3 +\& \& # Runas alias specification \& Runas_Alias OP = root, operator \& Runas_Alias DB = oracle, sybase -.Ve -.PP -.Vb 9 +\& \& # Host alias specification \& Host_Alias SPARC = bigtime, eclipse, moet, anchor :\e \& SGI = grolsch, dandelion, black :\e @@ -1156,9 +1132,7 @@ \& Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0 \& Host_Alias SERVERS = master, mail, www, ns \& Host_Alias CDROM = orion, perseus, hercules -.Ve -.PP -.Vb 13 +\& \& # Cmnd alias specification \& Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\e \& /usr/sbin/restore, /usr/sbin/rrestore @@ -1187,7 +1161,7 @@ (\fI/usr/bin/more\fR, \fI/usr/bin/pg\fR and \fI/usr/bin/less\fR). .PP .Vb 7 -\& # Override built-in defaults +\& # Override built\-in defaults \& Defaults syslog=auth \& Defaults>root !set_logname \& Defaults:FULLTIMERS !lecture @@ -1257,7 +1231,7 @@ The user \fBjoe\fR may only \fIsu\fR\|(1) to operator. .PP .Vb 1 -\& pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root +\& pete HPPA = /usr/bin/passwd [A\-z]*, !/usr/bin/passwd root .Ve .PP The user \fBpete\fR is allowed to change anyone's password except for @@ -1294,7 +1268,7 @@ (\fBoracle\fR or \fBsybase\fR) without giving a password. .PP .Vb 1 -\& john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root* +\& john ALPHA = /usr/bin/su [!\-]*, !/usr/bin/su *root* .Ve .PP On the \fI\s-1ALPHA\s0\fR machines, user \fBjohn\fR may su to anyone except root @@ -1339,7 +1313,7 @@ .PP .Vb 2 \& ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\e -\& /sbin/mount -o nosuid\e,nodev /dev/cd0a /CDROM +\& /sbin/mount \-o nosuid\e,nodev /dev/cd0a /CDROM .Ve .PP Any user may mount or unmount a CD-ROM on the machines in the \s-1CDROM\s0 @@ -1395,7 +1369,7 @@ the following as root: .Sp .Vb 1 -\& sudo -V | grep "dummy exec" +\& sudo \-V | grep "dummy exec" .Ve .Sp If the resulting output contains a line that begins with: @@ -1407,7 +1381,7 @@ then \fBsudo\fR may be able to replace the exec family of functions in the standard library with its own that simply return an error. Unfortunately, there is no foolproof way to know whether or not -\&\fInoexec\fR will work at compile\-time. \fInoexec\fR should work on +\&\fInoexec\fR will work at compile-time. \fInoexec\fR should work on SunOS, Solaris, *BSD, Linux, \s-1IRIX\s0, Tru64 \s-1UNIX\s0, MacOS X, and HP-UX 11.x. It is known \fBnot\fR to work on \s-1AIX\s0 and UnixWare. \fInoexec\fR is expected to work on most operating systems that support the diff -ur sudo-1.6.9p17/sudoers.pod sudo-1.6.9p18/sudoers.pod --- sudo-1.6.9p17/sudoers.pod Thu May 8 15:46:37 2008 +++ sudo-1.6.9p18/sudoers.pod Sun Oct 26 17:14:09 2008 @@ -18,7 +18,7 @@ Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F39502-99-1-0512. -$Sudo: sudoers.pod,v 1.95.2.26 2008/02/19 18:13:17 millert Exp $ +$Sudo: sudoers.pod,v 1.95.2.28 2008/10/26 21:14:09 millert Exp $ =pod =head1 NAME @@ -298,7 +298,7 @@ ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm would allow the user B to run F, F, and -F as root on the machine rushmore as B without +F as B on the machine rushmore without authenticating himself. If we only want B to be able to run F without a password the entry would be: @@ -733,7 +733,12 @@ =item umask Umask to use when running the command. Negate this option or set -it to 0777 to preserve the user's umask. The default is C<@sudo_umask@>. +it to 0777 to preserve the user's umask. The actual umask that is +used will be the union of the user's umask and C<@sudo_umask@>. +This guarantees that B never lowers the umask when running a +command. Note on systems that use PAM, the default PAM configuration +may specify its own umask which will override the value set in +I. =back diff -ur sudo-1.6.9p17/testsudoers.c sudo-1.6.9p18/testsudoers.c --- sudo-1.6.9p17/testsudoers.c Sat Feb 9 09:44:49 2008 +++ sudo-1.6.9p18/testsudoers.c Wed Oct 29 13:56:46 2008 @@ -75,7 +75,7 @@ #endif /* HAVE_FNMATCH */ #ifndef lint -__unused static const char rcsid[] = "$Sudo: testsudoers.c,v 1.88.2.7 2008/02/09 14:44:49 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: testsudoers.c,v 1.88.2.8 2008/10/29 17:31:58 millert Exp $"; #endif /* lint */ @@ -404,9 +404,9 @@ #ifdef HAVE_GETDOMAINNAME /* Get the domain name (if any). */ if (domain == (char *) -1) { - domain = (char *) emalloc(MAXHOSTNAMELEN); + domain = (char *) emalloc(MAXHOSTNAMELEN + 1); - if (getdomainname(domain, MAXHOSTNAMELEN) != 0 || *domain == '\0') { + if (getdomainname(domain, MAXHOSTNAMELEN + 1) != 0 || *domain == '\0') { efree(domain); domain = NULL; } diff -ur sudo-1.6.9p17/tgetpass.c sudo-1.6.9p18/tgetpass.c --- sudo-1.6.9p17/tgetpass.c Fri Jun 20 20:27:01 2008 +++ sudo-1.6.9p18/tgetpass.c Sun Nov 2 09:53:47 2008 @@ -70,7 +70,7 @@ #include "sudo.h" #ifndef lint -__unused static const char rcsid[] = "$Sudo: tgetpass.c,v 1.111.2.7 2008/06/21 00:27:01 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: tgetpass.c,v 1.111.2.9 2008/11/02 14:53:47 millert Exp $"; #endif /* lint */ #ifndef TCSASOFT @@ -147,6 +147,7 @@ * Catch signals that would otherwise cause the user to end * up with echo turned off in the shell. */ + zero_bytes(&sa, sizeof(sa)); sigemptyset(&sa.sa_mask); sa.sa_flags = SA_INTERRUPT; /* don't restart system calls */ sa.sa_handler = handler; @@ -169,8 +170,8 @@ #endif (void) tcsetattr(input, TCSAFLUSH|TCSASOFT, &term); } else { - memset(&term, 0, sizeof(term)); - memset(&oterm, 0, sizeof(oterm)); + zero_bytes(&term, sizeof(term)); + zero_bytes(&oterm, sizeof(oterm)); } /* No output if we are already backgrounded. */ diff -ur sudo-1.6.9p17/version.h sudo-1.6.9p18/version.h --- sudo-1.6.9p17/version.h Sun Jun 22 16:29:03 2008 +++ sudo-1.6.9p18/version.h Wed Nov 12 21:50:17 2008 @@ -17,12 +17,12 @@ * Agency (DARPA) and Air Force Research Laboratory, Air Force * Materiel Command, USAF, under agreement number F39502-99-1-0512. * - * $Sudo: version.h,v 1.66.2.20 2008/06/22 20:29:03 millert Exp $ + * $Sudo: version.h,v 1.66.2.21 2008/11/13 02:50:17 millert Exp $ */ #ifndef _SUDO_VERSION_H #define _SUDO_VERSION_H -static const char version[] = "1.6.9p17"; +static const char version[] = "1.6.9p18"; #endif /* _SUDO_VERSION_H */ diff -ur sudo-1.6.9p17/visudo.c sudo-1.6.9p18/visudo.c --- sudo-1.6.9p17/visudo.c Fri Jun 20 20:47:52 2008 +++ sudo-1.6.9p18/visudo.c Sun Nov 2 09:45:50 2008 @@ -78,7 +78,7 @@ #include "version.h" #ifndef lint -__unused static const char rcsid[] = "$Sudo: visudo.c,v 1.166.2.11 2008/06/21 00:47:52 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: visudo.c,v 1.166.2.12 2008/11/02 14:45:50 millert Exp $"; #endif /* lint */ struct sudoersfile { @@ -575,6 +575,7 @@ /* * Setup signal handlers to cleanup nicely. */ + zero_bytes(&sa, sizeof(sa)); sigemptyset(&sa.sa_mask); sa.sa_flags = SA_RESTART; sa.sa_handler = Exit; Binary files sudo-1.6.9p17/visudo.cat and sudo-1.6.9p18/visudo.cat differ diff -ur sudo-1.6.9p17/visudo.man.in sudo-1.6.9p18/visudo.man.in --- sudo-1.6.9p17/visudo.man.in Sun Jun 22 16:29:03 2008 +++ sudo-1.6.9p18/visudo.man.in Sun Oct 26 17:15:47 2008 @@ -17,8 +17,8 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.\" $Sudo: visudo.man.in,v 1.20.2.22 2008/06/22 20:29:03 millert Exp $ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32 +.\" $Sudo: visudo.man.in,v 1.20.2.23 2008/10/26 21:15:47 millert Exp $ +.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05) .\" .\" Standard preamble: .\" ======================================================================== @@ -45,11 +45,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -68,23 +68,26 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} +.el \{\ +. de IX +.. +.\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff @@ -149,7 +152,11 @@ .\" ======================================================================== .\" .IX Title "VISUDO @mansectsu@" -.TH VISUDO @mansectsu@ "Jun 21, 2008" "1.6.9p17" "MAINTENANCE COMMANDS" +.TH VISUDO @mansectsu@ "October 26, 2008" "1.6.9p17" "MAINTENANCE COMMANDS" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" visudo \- edit the sudoers file .SH "SYNOPSIS" @@ -203,7 +210,7 @@ .IX Item "-f" Specify and alternate \fIsudoers\fR file location. With this option \&\fBvisudo\fR will edit (or check) the \fIsudoers\fR file of your choice, -instead of the default, \fI@sysconfdir@/sudoers\fR. The lock file used +instead of the default, \fI\f(CI@sysconfdir\fI@/sudoers\fR. The lock file used is the specified \fIsudoers\fR file with \*(L".tmp\*(R" appended to it. .IP "\-q" 4 .IX Item "-q" @@ -235,10 +242,12 @@ Used by visudo if \s-1VISUAL\s0 is not set .SH "FILES" .IX Header "FILES" -.IP "\fI@sysconfdir@/sudoers\fR" 24 +.ie n .IP "\fI\fI@sysconfdir\fI@/sudoers\fR" 24 +.el .IP "\fI\f(CI@sysconfdir\fI@/sudoers\fR" 24 .IX Item "@sysconfdir@/sudoers" List of who can run what -.IP "\fI@sysconfdir@/sudoers.tmp\fR" 24 +.ie n .IP "\fI\fI@sysconfdir\fI@/sudoers.tmp\fR" 24 +.el .IP "\fI\f(CI@sysconfdir\fI@/sudoers.tmp\fR" 24 .IX Item "@sysconfdir@/sudoers.tmp" Lock file for visudo .SH "DIAGNOSTICS" @@ -246,7 +255,8 @@ .IP "sudoers file busy, try again later." 4 .IX Item "sudoers file busy, try again later." Someone else is currently editing the \fIsudoers\fR file. -.IP "@sysconfdir@/sudoers.tmp: Permission denied" 4 +.ie n .IP "@sysconfdir@/sudoers.tmp: Permission denied" 4 +.el .IP "\f(CW@sysconfdir\fR@/sudoers.tmp: Permission denied" 4 .IX Item "@sysconfdir@/sudoers.tmp: Permission denied" You didn't run \fBvisudo\fR as root. .IP "Can't find you in the passwd database" 4