sudo/sme9/sudo-1.8.6p3-CVE-2013-2777_2776_1775.patch

diff -up sudo-1.8.6p3/plugins/sudoers/check.c.CVE-2013 sudo-1.8.6p3/plugins/sudoers/check.c
--- sudo-1.8.6p3/plugins/sudoers/check.c.CVE-2013       2013-10-07 14:28:55.946568106 +0200
+++ sudo-1.8.6p3/plugins/sudoers/check.c        2013-10-07 14:29:51.157768333 +0200
@@ -82,6 +82,7 @@ static struct tty_info {
     dev_t rdev;                        /* tty device ID */
     ino_t ino;                 /* tty inode number */
     struct timeval ctime;      /* tty inode change time */
+    pid_t sid;                 /* ID of session with controlling tty */
 } tty_info;
 
 static int   build_timestamp(char **, char **);
@@ -138,13 +139,14 @@ check_user(int validated, int mode)
     if (ISSET(mode, MODE_IGNORE_TICKET))
        SET(validated, FLAG_CHECK_USER);
 
-    /* Stash the tty's ctime for tty ticket comparison. */
+    /* Stash the tty's device, session ID and ctime for ticket comparison. */
     if (def_tty_tickets && user_ttypath && stat(user_ttypath, &sb) == 0) {
        tty_info.dev = sb.st_dev;
        tty_info.ino = sb.st_ino;
        tty_info.rdev = sb.st_rdev;
        if (tty_is_devpts(user_ttypath))
            ctim_get(&sb, &tty_info.ctime);
+       tty_info.sid = user_sid;
     }
 
     if (build_timestamp(&timestampdir, &timestampfile) == -1) {
@@ -627,31 +629,34 @@ timestamp_status(char *timestampdir, cha
      */
     if (status == TS_OLD && !ISSET(flags, TS_REMOVE)) {
        mtim_get(&sb, &mtime);
-       /* Negative timeouts only expire manually (sudo -k). */
-       if (def_timestamp_timeout < 0 && mtime.tv_sec != 0)
-           status = TS_CURRENT;
-       else {
-           now = time(NULL);
-           if (def_timestamp_timeout &&
-               now - mtime.tv_sec < 60 * def_timestamp_timeout) {
-               /*
-                * Check for bogus time on the stampfile.  The clock may
-                * have been set back or someone could be trying to spoof us.
-                */
-               if (mtime.tv_sec > now + 60 * def_timestamp_timeout * 2) {
-                   time_t tv_sec = (time_t)mtime.tv_sec;
-                   log_error(0,
-                       _("timestamp too far in the future: %20.20s"),
-                       4 + ctime(&tv_sec));
-                   if (timestampfile)
-                       (void) unlink(timestampfile);
-                   else
-                       (void) rmdir(timestampdir);
-                   status = TS_MISSING;
-               } else if (get_boottime(&boottime) && timevalcmp(&mtime, &boottime, <)) {
-                   status = TS_OLD;
-               } else {
-                   status = TS_CURRENT;
+       if (timevalisset(&mtime)) {
+           /* Negative timeouts only expire manually (sudo -k). */
+           if (def_timestamp_timeout < 0) {
+               status = TS_CURRENT;
+           } else {
+               now = time(NULL);
+               if (def_timestamp_timeout &&
+                   now - mtime.tv_sec < 60 * def_timestamp_timeout) {
+                   /*
+                    * Check for bogus time on the stampfile.  The clock may
+                    * have been set back or user could be trying to spoof us.
+                    */
+                   if (mtime.tv_sec > now + 60 * def_timestamp_timeout * 2) {
+                       time_t tv_sec = (time_t)mtime.tv_sec;
+                       log_error(0,
+                           _("timestamp too far in the future: %20.20s"),
+                           4 + ctime(&tv_sec));
+                       if (timestampfile)
+                           (void) unlink(timestampfile);
+                       else
+                           (void) rmdir(timestampdir);
+                       status = TS_MISSING;
+                   } else if (get_boottime(&boottime) &&
+                       timevalcmp(&mtime, &boottime, <)) {
+                       status = TS_OLD;
+                   } else {
+                       status = TS_CURRENT;
+                   }
                }
            }
        }
diff -up sudo-1.8.6p3/plugins/sudoers/sudoers.c.CVE-2013 sudo-1.8.6p3/plugins/sudoers/sudoers.c
--- sudo-1.8.6p3/plugins/sudoers/sudoers.c.CVE-2013     2013-10-07 14:29:09.758620785 +0200
+++ sudo-1.8.6p3/plugins/sudoers/sudoers.c      2013-10-07 14:29:40.710731072 +0200
@@ -1429,6 +1429,10 @@ deserialize_info(char * const args[], ch
            sudo_user.cols = atoi(*cur + sizeof("cols=") - 1);
            continue;
        }
+       if (MATCHES(*cur, "sid=")) {
+           sudo_user.sid = atoi(*cur + sizeof("sid=") - 1);
+           continue;
+       }
     }
     if (user_cwd == NULL)
        user_cwd = "unknown";
diff -up sudo-1.8.6p3/plugins/sudoers/sudoers.h.CVE-2013 sudo-1.8.6p3/plugins/sudoers/sudoers.h
--- sudo-1.8.6p3/plugins/sudoers/sudoers.h.CVE-2013     2013-10-07 14:29:21.401662293 +0200
+++ sudo-1.8.6p3/plugins/sudoers/sudoers.h      2013-10-07 14:29:40.711731073 +0200
@@ -95,6 +95,7 @@ struct sudo_user {
     int   flags;
     uid_t uid;
     uid_t gid;
+    pid_t sid;
 };
 
 /*
@@ -172,8 +173,8 @@ struct sudo_user {
 #define user_name              (sudo_user.name)
 #define user_uid               (sudo_user.uid)
 #define user_gid               (sudo_user.gid)
+#define user_sid               (sudo_user.sid)
 #define user_passwd            (sudo_user.pw->pw_passwd)
-#define user_uuid              (sudo_user.uuid)
 #define user_dir               (sudo_user.pw->pw_dir)
 #define user_gids              (sudo_user.gids)
 #define user_ngids             (sudo_user.ngids)
diff -up sudo-1.8.6p3/src/ttyname.c.CVE-2013 sudo-1.8.6p3/src/ttyname.c
--- sudo-1.8.6p3/src/ttyname.c.CVE-2013 2013-10-07 14:28:12.969413189 +0200
+++ sudo-1.8.6p3/src/ttyname.c  2013-10-07 14:29:34.954709709 +0200
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2012-2013 Todd C. Miller <Todd.Miller@courtesan.com>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -377,14 +377,6 @@ get_process_ttyname(void)
     }
     efree(ki_proc);
 
-    /* If all else fails, fall back on ttyname(). */
-    if (tty == NULL) {
-       if ((tty = ttyname(STDIN_FILENO)) != NULL ||
-           (tty = ttyname(STDOUT_FILENO)) != NULL ||
-           (tty = ttyname(STDERR_FILENO)) != NULL)
-           tty = estrdup(tty);
-    }
-
     debug_return_str(tty);
 }
 #elif defined(HAVE_STRUCT_PSINFO_PR_TTYDEV)
@@ -416,14 +408,6 @@ get_process_ttyname(void)
        }
     }
 
-    /* If all else fails, fall back on ttyname(). */
-    if (tty == NULL) {
-       if ((tty = ttyname(STDIN_FILENO)) != NULL ||
-           (tty = ttyname(STDOUT_FILENO)) != NULL ||
-           (tty = ttyname(STDERR_FILENO)) != NULL)
-           tty = estrdup(tty);
-    }
-
     debug_return_str(tty);
 }
 #elif defined(__linux__)
@@ -442,7 +426,7 @@ get_process_ttyname(void)
     int i;
     debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL)
 
-    /* Try to determine the tty from pr_ttydev in /proc/pid/psinfo. */
+    /* Try to determine the tty from tty_nr in /proc/pid/stat. */
     for (i = 0; tty == NULL && i < 2; i++) {
        FILE *fp;
        char path[PATH_MAX];
@@ -470,14 +454,6 @@ get_process_ttyname(void)
     }
     efree(line);
 
-    /* If all else fails, fall back on ttyname(). */
-    if (tty == NULL) {
-       if ((tty = ttyname(STDIN_FILENO)) != NULL ||
-           (tty = ttyname(STDOUT_FILENO)) != NULL ||
-           (tty = ttyname(STDERR_FILENO)) != NULL)
-           tty = estrdup(tty);
-    }
-
     debug_return_str(tty);
 }
 #else
1	jpp	1.1	diff -up sudo-1.8.6p3/plugins/sudoers/check.c.CVE-2013 sudo-1.8.6p3/plugins/sudoers/check.c
2			--- sudo-1.8.6p3/plugins/sudoers/check.c.CVE-2013 2013-10-07 14:28:55.946568106 +0200
3			+++ sudo-1.8.6p3/plugins/sudoers/check.c 2013-10-07 14:29:51.157768333 +0200
4			@@ -82,6 +82,7 @@ static struct tty_info {
5			dev_t rdev; /* tty device ID */
6			ino_t ino; /* tty inode number */
7			struct timeval ctime; /* tty inode change time */
8			+ pid_t sid; /* ID of session with controlling tty */
9			} tty_info;
10
11			static int build_timestamp(char , char );
12			@@ -138,13 +139,14 @@ check_user(int validated, int mode)
13			if (ISSET(mode, MODE_IGNORE_TICKET))
14			SET(validated, FLAG_CHECK_USER);
15
16			- /* Stash the tty's ctime for tty ticket comparison. */
17			+ /* Stash the tty's device, session ID and ctime for ticket comparison. */
18			if (def_tty_tickets && user_ttypath && stat(user_ttypath, &sb) == 0) {
19			tty_info.dev = sb.st_dev;
20			tty_info.ino = sb.st_ino;
21			tty_info.rdev = sb.st_rdev;
22			if (tty_is_devpts(user_ttypath))
23			ctim_get(&sb, &tty_info.ctime);
24			+ tty_info.sid = user_sid;
25			}
26
27			if (build_timestamp(&timestampdir, &timestampfile) == -1) {
28			@@ -627,31 +629,34 @@ timestamp_status(char *timestampdir, cha
29			*/
30			if (status == TS_OLD && !ISSET(flags, TS_REMOVE)) {
31			mtim_get(&sb, &mtime);
32			- /* Negative timeouts only expire manually (sudo -k). */
33			- if (def_timestamp_timeout < 0 && mtime.tv_sec != 0)
34			- status = TS_CURRENT;
35			- else {
36			- now = time(NULL);
37			- if (def_timestamp_timeout &&
38			- now - mtime.tv_sec < 60 * def_timestamp_timeout) {
39			- /*
40			- * Check for bogus time on the stampfile. The clock may
41			- * have been set back or someone could be trying to spoof us.
42			- */
43			- if (mtime.tv_sec > now + 60 * def_timestamp_timeout * 2) {
44			- time_t tv_sec = (time_t)mtime.tv_sec;
45			- log_error(0,
46			- _("timestamp too far in the future: %20.20s"),
47			- 4 + ctime(&tv_sec));
48			- if (timestampfile)
49			- (void) unlink(timestampfile);
50			- else
51			- (void) rmdir(timestampdir);
52			- status = TS_MISSING;
53			- } else if (get_boottime(&boottime) && timevalcmp(&mtime, &boottime, <)) {
54			- status = TS_OLD;
55			- } else {
56			- status = TS_CURRENT;
57			+ if (timevalisset(&mtime)) {
58			+ /* Negative timeouts only expire manually (sudo -k). */
59			+ if (def_timestamp_timeout < 0) {
60			+ status = TS_CURRENT;
61			+ } else {
62			+ now = time(NULL);
63			+ if (def_timestamp_timeout &&
64			+ now - mtime.tv_sec < 60 * def_timestamp_timeout) {
65			+ /*
66			+ * Check for bogus time on the stampfile. The clock may
67			+ * have been set back or user could be trying to spoof us.
68			+ */
69			+ if (mtime.tv_sec > now + 60 * def_timestamp_timeout * 2) {
70			+ time_t tv_sec = (time_t)mtime.tv_sec;
71			+ log_error(0,
72			+ _("timestamp too far in the future: %20.20s"),
73			+ 4 + ctime(&tv_sec));
74			+ if (timestampfile)
75			+ (void) unlink(timestampfile);
76			+ else
77			+ (void) rmdir(timestampdir);
78			+ status = TS_MISSING;
79			+ } else if (get_boottime(&boottime) &&
80			+ timevalcmp(&mtime, &boottime, <)) {
81			+ status = TS_OLD;
82			+ } else {
83			+ status = TS_CURRENT;
84			+ }
85			}
86			}
87			}
88			diff -up sudo-1.8.6p3/plugins/sudoers/sudoers.c.CVE-2013 sudo-1.8.6p3/plugins/sudoers/sudoers.c
89			--- sudo-1.8.6p3/plugins/sudoers/sudoers.c.CVE-2013 2013-10-07 14:29:09.758620785 +0200
90			+++ sudo-1.8.6p3/plugins/sudoers/sudoers.c 2013-10-07 14:29:40.710731072 +0200
91			@@ -1429,6 +1429,10 @@ deserialize_info(char * const args[], ch
92			sudo_user.cols = atoi(*cur + sizeof("cols=") - 1);
93			continue;
94			}
95			+ if (MATCHES(*cur, "sid=")) {
96			+ sudo_user.sid = atoi(*cur + sizeof("sid=") - 1);
97			+ continue;
98			+ }
99			}
100			if (user_cwd == NULL)
101			user_cwd = "unknown";
102			diff -up sudo-1.8.6p3/plugins/sudoers/sudoers.h.CVE-2013 sudo-1.8.6p3/plugins/sudoers/sudoers.h
103			--- sudo-1.8.6p3/plugins/sudoers/sudoers.h.CVE-2013 2013-10-07 14:29:21.401662293 +0200
104			+++ sudo-1.8.6p3/plugins/sudoers/sudoers.h 2013-10-07 14:29:40.711731073 +0200
105			@@ -95,6 +95,7 @@ struct sudo_user {
106			int flags;
107			uid_t uid;
108			uid_t gid;
109			+ pid_t sid;
110			};
111
112			/*
113			@@ -172,8 +173,8 @@ struct sudo_user {
114			#define user_name (sudo_user.name)
115			#define user_uid (sudo_user.uid)
116			#define user_gid (sudo_user.gid)
117			+#define user_sid (sudo_user.sid)
118			#define user_passwd (sudo_user.pw->pw_passwd)
119			-#define user_uuid (sudo_user.uuid)
120			#define user_dir (sudo_user.pw->pw_dir)
121			#define user_gids (sudo_user.gids)
122			#define user_ngids (sudo_user.ngids)
123			diff -up sudo-1.8.6p3/src/ttyname.c.CVE-2013 sudo-1.8.6p3/src/ttyname.c
124			--- sudo-1.8.6p3/src/ttyname.c.CVE-2013 2013-10-07 14:28:12.969413189 +0200
125			+++ sudo-1.8.6p3/src/ttyname.c 2013-10-07 14:29:34.954709709 +0200
126			@@ -1,5 +1,5 @@
127			/*
128			- * Copyright (c) 2012 Todd C. Miller <Todd.Miller@courtesan.com>
129			+ * Copyright (c) 2012-2013 Todd C. Miller <Todd.Miller@courtesan.com>
130			*
131			* Permission to use, copy, modify, and distribute this software for any
132			* purpose with or without fee is hereby granted, provided that the above
133			@@ -377,14 +377,6 @@ get_process_ttyname(void)
134			}
135			efree(ki_proc);
136
137			- /* If all else fails, fall back on ttyname(). */
138			- if (tty == NULL) {
139			- if ((tty = ttyname(STDIN_FILENO)) != NULL \|\|
140			- (tty = ttyname(STDOUT_FILENO)) != NULL \|\|
141			- (tty = ttyname(STDERR_FILENO)) != NULL)
142			- tty = estrdup(tty);
143			- }
144			-
145			debug_return_str(tty);
146			}
147			#elif defined(HAVE_STRUCT_PSINFO_PR_TTYDEV)
148			@@ -416,14 +408,6 @@ get_process_ttyname(void)
149			}
150			}
151
152			- /* If all else fails, fall back on ttyname(). */
153			- if (tty == NULL) {
154			- if ((tty = ttyname(STDIN_FILENO)) != NULL \|\|
155			- (tty = ttyname(STDOUT_FILENO)) != NULL \|\|
156			- (tty = ttyname(STDERR_FILENO)) != NULL)
157			- tty = estrdup(tty);
158			- }
159			-
160			debug_return_str(tty);
161			}
162			#elif defined(__linux__)
163			@@ -442,7 +426,7 @@ get_process_ttyname(void)
164			int i;
165			debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL)
166
167			- /* Try to determine the tty from pr_ttydev in /proc/pid/psinfo. */
168			+ /* Try to determine the tty from tty_nr in /proc/pid/stat. */
169			for (i = 0; tty == NULL && i < 2; i++) {
170			FILE *fp;
171			char path[PATH_MAX];
172			@@ -470,14 +454,6 @@ get_process_ttyname(void)
173			}
174			efree(line);
175
176			- /* If all else fails, fall back on ttyname(). */
177			- if (tty == NULL) {
178			- if ((tty = ttyname(STDIN_FILENO)) != NULL \|\|
179			- (tty = ttyname(STDOUT_FILENO)) != NULL \|\|
180			- (tty = ttyname(STDERR_FILENO)) != NULL)
181			- tty = estrdup(tty);
182			- }
183			-
184			debug_return_str(tty);
185			}
186			#else