Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP3:GA
sudo.26708
sudo-CVE-2021-3156.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File sudo-CVE-2021-3156.patch of Package sudo.26708
# HG changeset patch # Parent 2dbbab94d4b60ae05cb2aebf5bad1b9e18cdbb11 Reset valid_flags to MODE_NONINTERACTIVE for sudoedit. This is consistent with how the -e option is handled. Also reject -H and -P flags for sudoedit as was done in sudo 1.7. Found by Qualys. Index: sudo-1.8.10p3/src/parse_args.c =================================================================== --- sudo-1.8.10p3.orig/src/parse_args.c +++ sudo-1.8.10p3/src/parse_args.c @@ -122,6 +122,9 @@ static struct sudo_settings { * Default flags allowed when running a command. */ #define DEFAULT_VALID_FLAGS (MODE_BACKGROUND|MODE_PRESERVE_ENV|MODE_RESET_HOME|MODE_LOGIN_SHELL|MODE_NONINTERACTIVE|MODE_SHELL) +#define EDIT_VALID_FLAGS MODE_NONINTERACTIVE +#define LIST_VALID_FLAGS (MODE_NONINTERACTIVE|MODE_LONG_LIST) +#define VALIDATE_VALID_FLAGS MODE_NONINTERACTIVE /* Option number for the --host long option due to ambiguity of the -h flag. */ #define OPT_HOSTNAME 256 @@ -192,6 +195,7 @@ parse_args(int argc, char **argv, int *n if (strcmp(getprogname(), "sudoedit") == 0) { mode = MODE_EDIT; sudo_settings[ARG_SUDOEDIT].value = "true"; + valid_flags = EDIT_VALID_FLAGS; } /* Load local IP addresses and masks. */ @@ -264,7 +268,7 @@ parse_args(int argc, char **argv, int *n usage_excl(1); mode = MODE_EDIT; sudo_settings[ARG_SUDOEDIT].value = "true"; - valid_flags = MODE_NONINTERACTIVE; + valid_flags = EDIT_VALID_FLAGS; break; case 'g': runas_group = optarg; @@ -272,6 +276,7 @@ parse_args(int argc, char **argv, int *n break; case 'H': sudo_settings[ARG_SET_HOME].value = "true"; + SET(flags, MODE_RESET_HOME); break; case 'h': if (optarg == NULL) { @@ -319,7 +324,7 @@ parse_args(int argc, char **argv, int *n usage_excl(1); } mode = MODE_LIST; - valid_flags = MODE_NONINTERACTIVE|MODE_LONG_LIST; + valid_flags = LIST_VALID_FLAGS; break; case 'n': SET(flags, MODE_NONINTERACTIVE); @@ -327,6 +332,7 @@ parse_args(int argc, char **argv, int *n break; case 'P': sudo_settings[ARG_PRESERVE_GROUPS].value = "true"; + SET(flags, MODE_PRESERVE_GROUPS); break; case 'p': sudo_settings[ARG_PROMPT].value = optarg; @@ -357,7 +363,7 @@ parse_args(int argc, char **argv, int *n if (mode && mode != MODE_VALIDATE) usage_excl(1); mode = MODE_VALIDATE; - valid_flags = MODE_NONINTERACTIVE; + valid_flags = VALIDATE_VALID_FLAGS; break; case 'V': if (mode && mode != MODE_VERSION) @@ -390,7 +396,7 @@ parse_args(int argc, char **argv, int *n if (!mode) { /* Defer -k mode setting until we know whether it is a flag or not */ if (sudo_settings[ARG_IGNORE_TICKET].value != NULL) { - if (argc == 0 && !(flags & (MODE_SHELL|MODE_LOGIN_SHELL))) { + if (argc == 0 && !ISSET(flags, MODE_SHELL|MODE_LOGIN_SHELL)) { mode = MODE_INVALIDATE; /* -k by itself */ sudo_settings[ARG_IGNORE_TICKET].value = NULL; valid_flags = 0; Index: sudo-1.8.10p3/plugins/sudoers/policy.c =================================================================== --- sudo-1.8.10p3.orig/plugins/sudoers/policy.c +++ sudo-1.8.10p3/plugins/sudoers/policy.c @@ -85,6 +85,7 @@ extern char *login_style; int sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group) { + const int edit_mask = MODE_EDIT|MODE_IGNORE_TICKET|MODE_NONINTERACTIVE; struct sudoers_policy_open_info *info = v; char * const *cur; const char *p, *errstr, *groups = NULL; @@ -265,6 +266,12 @@ sudoers_policy_deserialize_info(void *v, } } + /* Sudo front-end should restrict mode flags for sudoedit. */ + if (ISSET(flags, MODE_EDIT) && (flags & edit_mask) != flags) { + warningx(U_("invalid mode flags from sudo front end: 0x%x"), flags); + goto bad; + } + for (cur = info->user_info; *cur != NULL; cur++) { if (MATCHES(*cur, "user=")) { user_name = estrdup(*cur + sizeof("user=") - 1); @@ -356,6 +363,9 @@ sudoers_policy_deserialize_info(void *v, #undef MATCHES debug_return_int(flags); + +bad: + debug_return_int(MODE_ERROR); } /* Index: sudo-1.8.10p3/plugins/sudoers/sudoers.c =================================================================== --- sudo-1.8.10p3.orig/plugins/sudoers/sudoers.c +++ sudo-1.8.10p3/plugins/sudoers/sudoers.c @@ -137,6 +137,8 @@ sudoers_policy_init(void *info, char * c /* Parse info from front-end. */ sudo_mode = sudoers_policy_deserialize_info(info, &runas_user, &runas_group); + if (ISSET(sudo_mode, MODE_ERROR)) + debug_return_int(-1); init_vars(envp); /* XXX - move this later? */ @@ -351,7 +353,7 @@ sudoers_policy_main(int argc, char * con /* If run as root with SUDO_USER set, set sudo_user.pw to that user. */ /* XXX - causes confusion when root is not listed in sudoers */ - if (sudo_mode & (MODE_RUN | MODE_EDIT) && prev_user != NULL) { + if (ISSET(sudo_mode, MODE_RUN|MODE_EDIT) && prev_user != NULL) { if (user_uid == 0 && strcmp(prev_user, "root") != 0) { struct passwd *pw; @@ -608,8 +610,8 @@ set_cmnd(void) if (user_cmnd == NULL) user_cmnd = NewArgv[0]; - if (sudo_mode & (MODE_RUN | MODE_EDIT | MODE_CHECK)) { - if (ISSET(sudo_mode, MODE_RUN | MODE_CHECK)) { + if (ISSET(sudo_mode, MODE_RUN|MODE_EDIT|MODE_CHECK)) { + if (!ISSET(sudo_mode, MODE_EDIT)) { if (def_secure_path && !user_is_exempt()) path = def_secure_path; set_perms(PERM_RUNAS); @@ -634,18 +636,30 @@ set_cmnd(void) for (size = 0, av = NewArgv + 1; *av; av++) size += strlen(*av) + 1; user_args = emalloc(size); - if (ISSET(sudo_mode, MODE_SHELL|MODE_LOGIN_SHELL)) { - /* + if (ISSET(sudo_mode, MODE_SHELL|MODE_LOGIN_SHELL) && + ISSET(sudo_mode, MODE_RUN)) { /* * When running a command via a shell, the sudo front-end * escapes potential meta chars. We unescape non-spaces * for sudoers matching and logging purposes. */ for (to = user_args, av = NewArgv + 1; (from = *av); av++) { while (*from) { - if (from[0] == '\\' && !isspace((unsigned char)from[1])) + if (from[0] == '\\' && from[1] != '\0' && + !isspace((unsigned char)from[1])) { from++; + } + if (size - (to - user_args) < 1) { + warningx(U_("internal error, %s overflow"), + __func__); + debug_return_int(NOT_FOUND_ERROR); + } *to++ = *from++; } + if (size - (to - user_args) < 1) { + warningx(U_("internal error, %s overflow"), + __func__); + debug_return_int(NOT_FOUND_ERROR); + } *to++ = ' '; } *--to = '\0'; Index: sudo-1.8.10p3/plugins/sudoers/sudoers.h =================================================================== --- sudo-1.8.10p3.orig/plugins/sudoers/sudoers.h +++ sudo-1.8.10p3/plugins/sudoers/sudoers.h @@ -133,6 +133,7 @@ struct sudo_user { #define FOUND 0 #define NOT_FOUND 1 #define NOT_FOUND_DOT 2 +#define NOT_FOUND_ERROR 3 /* * Various modes sudo can be in (based on arguments) in hex @@ -147,6 +148,8 @@ struct sudo_user { #define MODE_LIST 0x00000080 #define MODE_CHECK 0x00000100 #define MODE_LISTDEFS 0x00000200 +/* Npte this is defined as 0x00000200 in later versions */ +#define MODE_ERROR 0x00000400 #define MODE_MASK 0x0000ffff /* Mode flags */ Index: sudo-1.8.10p3/src/sudo_edit.c =================================================================== --- sudo-1.8.10p3.orig/src/sudo_edit.c +++ sudo-1.8.10p3/src/sudo_edit.c @@ -55,6 +55,20 @@ static char edit_tmpdir[MAX(sizeof(_PATH_VARTMP), sizeof(_PATH_TMP))]; +/* + * Directory open flags for use with openat(2). + * Use O_SEARCH/O_PATH and/or O_DIRECTORY where possible. + */ +#if defined(O_SEARCH) +# define DIR_OPEN_FLAGS (O_SEARCH|O_DIRECTORY) +#elif defined(O_PATH) +# define DIR_OPEN_FLAGS (O_PATH|O_DIRECTORY) +#elif defined(O_DIRECTORY) +# define DIR_OPEN_FLAGS (O_RDONLY|O_DIRECTORY) +#else +# define DIR_OPEN_FLAGS (O_RDONLY|O_NONBLOCK) +#endif + static void switch_user(uid_t euid, gid_t egid, int ngroups, GETGROUPS_T *groups) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
