diff -up sudo-1.8.6p3/plugins/sudoers/check.c.CVE-2013 sudo-1.8.6p3/plugins/sudoers/check.c --- sudo-1.8.6p3/plugins/sudoers/check.c.CVE-2013 2013-10-07 14:28:55.946568106 +0200 +++ sudo-1.8.6p3/plugins/sudoers/check.c 2013-10-07 14:29:51.157768333 +0200 @@ -82,6 +82,7 @@ static struct tty_info { dev_t rdev; /* tty device ID */ ino_t ino; /* tty inode number */ struct timeval ctime; /* tty inode change time */ + pid_t sid; /* ID of session with controlling tty */ } tty_info; static int build_timestamp(char **, char **); @@ -138,13 +139,14 @@ check_user(int validated, int mode) if (ISSET(mode, MODE_IGNORE_TICKET)) SET(validated, FLAG_CHECK_USER); - /* Stash the tty's ctime for tty ticket comparison. */ + /* Stash the tty's device, session ID and ctime for ticket comparison. */ if (def_tty_tickets && user_ttypath && stat(user_ttypath, &sb) == 0) { tty_info.dev = sb.st_dev; tty_info.ino = sb.st_ino; tty_info.rdev = sb.st_rdev; if (tty_is_devpts(user_ttypath)) ctim_get(&sb, &tty_info.ctime); + tty_info.sid = user_sid; } if (build_timestamp(×tampdir, ×tampfile) == -1) { @@ -627,31 +629,34 @@ timestamp_status(char *timestampdir, cha */ if (status == TS_OLD && !ISSET(flags, TS_REMOVE)) { mtim_get(&sb, &mtime); - /* Negative timeouts only expire manually (sudo -k). */ - if (def_timestamp_timeout < 0 && mtime.tv_sec != 0) - status = TS_CURRENT; - else { - now = time(NULL); - if (def_timestamp_timeout && - now - mtime.tv_sec < 60 * def_timestamp_timeout) { - /* - * Check for bogus time on the stampfile. The clock may - * have been set back or someone could be trying to spoof us. - */ - if (mtime.tv_sec > now + 60 * def_timestamp_timeout * 2) { - time_t tv_sec = (time_t)mtime.tv_sec; - log_error(0, - _("timestamp too far in the future: %20.20s"), - 4 + ctime(&tv_sec)); - if (timestampfile) - (void) unlink(timestampfile); - else - (void) rmdir(timestampdir); - status = TS_MISSING; - } else if (get_boottime(&boottime) && timevalcmp(&mtime, &boottime, <)) { - status = TS_OLD; - } else { - status = TS_CURRENT; + if (timevalisset(&mtime)) { + /* Negative timeouts only expire manually (sudo -k). */ + if (def_timestamp_timeout < 0) { + status = TS_CURRENT; + } else { + now = time(NULL); + if (def_timestamp_timeout && + now - mtime.tv_sec < 60 * def_timestamp_timeout) { + /* + * Check for bogus time on the stampfile. The clock may + * have been set back or user could be trying to spoof us. + */ + if (mtime.tv_sec > now + 60 * def_timestamp_timeout * 2) { + time_t tv_sec = (time_t)mtime.tv_sec; + log_error(0, + _("timestamp too far in the future: %20.20s"), + 4 + ctime(&tv_sec)); + if (timestampfile) + (void) unlink(timestampfile); + else + (void) rmdir(timestampdir); + status = TS_MISSING; + } else if (get_boottime(&boottime) && + timevalcmp(&mtime, &boottime, <)) { + status = TS_OLD; + } else { + status = TS_CURRENT; + } } } } diff -up sudo-1.8.6p3/plugins/sudoers/sudoers.c.CVE-2013 sudo-1.8.6p3/plugins/sudoers/sudoers.c --- sudo-1.8.6p3/plugins/sudoers/sudoers.c.CVE-2013 2013-10-07 14:29:09.758620785 +0200 +++ sudo-1.8.6p3/plugins/sudoers/sudoers.c 2013-10-07 14:29:40.710731072 +0200 @@ -1429,6 +1429,10 @@ deserialize_info(char * const args[], ch sudo_user.cols = atoi(*cur + sizeof("cols=") - 1); continue; } + if (MATCHES(*cur, "sid=")) { + sudo_user.sid = atoi(*cur + sizeof("sid=") - 1); + continue; + } } if (user_cwd == NULL) user_cwd = "unknown"; diff -up sudo-1.8.6p3/plugins/sudoers/sudoers.h.CVE-2013 sudo-1.8.6p3/plugins/sudoers/sudoers.h --- sudo-1.8.6p3/plugins/sudoers/sudoers.h.CVE-2013 2013-10-07 14:29:21.401662293 +0200 +++ sudo-1.8.6p3/plugins/sudoers/sudoers.h 2013-10-07 14:29:40.711731073 +0200 @@ -95,6 +95,7 @@ struct sudo_user { int flags; uid_t uid; uid_t gid; + pid_t sid; }; /* @@ -172,8 +173,8 @@ struct sudo_user { #define user_name (sudo_user.name) #define user_uid (sudo_user.uid) #define user_gid (sudo_user.gid) +#define user_sid (sudo_user.sid) #define user_passwd (sudo_user.pw->pw_passwd) -#define user_uuid (sudo_user.uuid) #define user_dir (sudo_user.pw->pw_dir) #define user_gids (sudo_user.gids) #define user_ngids (sudo_user.ngids) diff -up sudo-1.8.6p3/src/ttyname.c.CVE-2013 sudo-1.8.6p3/src/ttyname.c --- sudo-1.8.6p3/src/ttyname.c.CVE-2013 2013-10-07 14:28:12.969413189 +0200 +++ sudo-1.8.6p3/src/ttyname.c 2013-10-07 14:29:34.954709709 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012 Todd C. Miller + * Copyright (c) 2012-2013 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -377,14 +377,6 @@ get_process_ttyname(void) } efree(ki_proc); - /* If all else fails, fall back on ttyname(). */ - if (tty == NULL) { - if ((tty = ttyname(STDIN_FILENO)) != NULL || - (tty = ttyname(STDOUT_FILENO)) != NULL || - (tty = ttyname(STDERR_FILENO)) != NULL) - tty = estrdup(tty); - } - debug_return_str(tty); } #elif defined(HAVE_STRUCT_PSINFO_PR_TTYDEV) @@ -416,14 +408,6 @@ get_process_ttyname(void) } } - /* If all else fails, fall back on ttyname(). */ - if (tty == NULL) { - if ((tty = ttyname(STDIN_FILENO)) != NULL || - (tty = ttyname(STDOUT_FILENO)) != NULL || - (tty = ttyname(STDERR_FILENO)) != NULL) - tty = estrdup(tty); - } - debug_return_str(tty); } #elif defined(__linux__) @@ -442,7 +426,7 @@ get_process_ttyname(void) int i; debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL) - /* Try to determine the tty from pr_ttydev in /proc/pid/psinfo. */ + /* Try to determine the tty from tty_nr in /proc/pid/stat. */ for (i = 0; tty == NULL && i < 2; i++) { FILE *fp; char path[PATH_MAX]; @@ -470,14 +454,6 @@ get_process_ttyname(void) } efree(line); - /* If all else fails, fall back on ttyname(). */ - if (tty == NULL) { - if ((tty = ttyname(STDIN_FILENO)) != NULL || - (tty = ttyname(STDOUT_FILENO)) != NULL || - (tty = ttyname(STDERR_FILENO)) != NULL) - tty = estrdup(tty); - } - debug_return_str(tty); } #else