| 1 |
diff -up sudo-1.8.6p3/plugins/sudoers/check.c.CVE-2013 sudo-1.8.6p3/plugins/sudoers/check.c |
| 2 |
--- sudo-1.8.6p3/plugins/sudoers/check.c.CVE-2013 2013-10-07 14:28:55.946568106 +0200 |
| 3 |
+++ sudo-1.8.6p3/plugins/sudoers/check.c 2013-10-07 14:29:51.157768333 +0200 |
| 4 |
@@ -82,6 +82,7 @@ static struct tty_info { |
| 5 |
dev_t rdev; /* tty device ID */ |
| 6 |
ino_t ino; /* tty inode number */ |
| 7 |
struct timeval ctime; /* tty inode change time */ |
| 8 |
+ pid_t sid; /* ID of session with controlling tty */ |
| 9 |
} tty_info; |
| 10 |
|
| 11 |
static int build_timestamp(char **, char **); |
| 12 |
@@ -138,13 +139,14 @@ check_user(int validated, int mode) |
| 13 |
if (ISSET(mode, MODE_IGNORE_TICKET)) |
| 14 |
SET(validated, FLAG_CHECK_USER); |
| 15 |
|
| 16 |
- /* Stash the tty's ctime for tty ticket comparison. */ |
| 17 |
+ /* Stash the tty's device, session ID and ctime for ticket comparison. */ |
| 18 |
if (def_tty_tickets && user_ttypath && stat(user_ttypath, &sb) == 0) { |
| 19 |
tty_info.dev = sb.st_dev; |
| 20 |
tty_info.ino = sb.st_ino; |
| 21 |
tty_info.rdev = sb.st_rdev; |
| 22 |
if (tty_is_devpts(user_ttypath)) |
| 23 |
ctim_get(&sb, &tty_info.ctime); |
| 24 |
+ tty_info.sid = user_sid; |
| 25 |
} |
| 26 |
|
| 27 |
if (build_timestamp(×tampdir, ×tampfile) == -1) { |
| 28 |
@@ -627,31 +629,34 @@ timestamp_status(char *timestampdir, cha |
| 29 |
*/ |
| 30 |
if (status == TS_OLD && !ISSET(flags, TS_REMOVE)) { |
| 31 |
mtim_get(&sb, &mtime); |
| 32 |
- /* Negative timeouts only expire manually (sudo -k). */ |
| 33 |
- if (def_timestamp_timeout < 0 && mtime.tv_sec != 0) |
| 34 |
- status = TS_CURRENT; |
| 35 |
- else { |
| 36 |
- now = time(NULL); |
| 37 |
- if (def_timestamp_timeout && |
| 38 |
- now - mtime.tv_sec < 60 * def_timestamp_timeout) { |
| 39 |
- /* |
| 40 |
- * Check for bogus time on the stampfile. The clock may |
| 41 |
- * have been set back or someone could be trying to spoof us. |
| 42 |
- */ |
| 43 |
- if (mtime.tv_sec > now + 60 * def_timestamp_timeout * 2) { |
| 44 |
- time_t tv_sec = (time_t)mtime.tv_sec; |
| 45 |
- log_error(0, |
| 46 |
- _("timestamp too far in the future: %20.20s"), |
| 47 |
- 4 + ctime(&tv_sec)); |
| 48 |
- if (timestampfile) |
| 49 |
- (void) unlink(timestampfile); |
| 50 |
- else |
| 51 |
- (void) rmdir(timestampdir); |
| 52 |
- status = TS_MISSING; |
| 53 |
- } else if (get_boottime(&boottime) && timevalcmp(&mtime, &boottime, <)) { |
| 54 |
- status = TS_OLD; |
| 55 |
- } else { |
| 56 |
- status = TS_CURRENT; |
| 57 |
+ if (timevalisset(&mtime)) { |
| 58 |
+ /* Negative timeouts only expire manually (sudo -k). */ |
| 59 |
+ if (def_timestamp_timeout < 0) { |
| 60 |
+ status = TS_CURRENT; |
| 61 |
+ } else { |
| 62 |
+ now = time(NULL); |
| 63 |
+ if (def_timestamp_timeout && |
| 64 |
+ now - mtime.tv_sec < 60 * def_timestamp_timeout) { |
| 65 |
+ /* |
| 66 |
+ * Check for bogus time on the stampfile. The clock may |
| 67 |
+ * have been set back or user could be trying to spoof us. |
| 68 |
+ */ |
| 69 |
+ if (mtime.tv_sec > now + 60 * def_timestamp_timeout * 2) { |
| 70 |
+ time_t tv_sec = (time_t)mtime.tv_sec; |
| 71 |
+ log_error(0, |
| 72 |
+ _("timestamp too far in the future: %20.20s"), |
| 73 |
+ 4 + ctime(&tv_sec)); |
| 74 |
+ if (timestampfile) |
| 75 |
+ (void) unlink(timestampfile); |
| 76 |
+ else |
| 77 |
+ (void) rmdir(timestampdir); |
| 78 |
+ status = TS_MISSING; |
| 79 |
+ } else if (get_boottime(&boottime) && |
| 80 |
+ timevalcmp(&mtime, &boottime, <)) { |
| 81 |
+ status = TS_OLD; |
| 82 |
+ } else { |
| 83 |
+ status = TS_CURRENT; |
| 84 |
+ } |
| 85 |
} |
| 86 |
} |
| 87 |
} |
| 88 |
diff -up sudo-1.8.6p3/plugins/sudoers/sudoers.c.CVE-2013 sudo-1.8.6p3/plugins/sudoers/sudoers.c |
| 89 |
--- sudo-1.8.6p3/plugins/sudoers/sudoers.c.CVE-2013 2013-10-07 14:29:09.758620785 +0200 |
| 90 |
+++ sudo-1.8.6p3/plugins/sudoers/sudoers.c 2013-10-07 14:29:40.710731072 +0200 |
| 91 |
@@ -1429,6 +1429,10 @@ deserialize_info(char * const args[], ch |
| 92 |
sudo_user.cols = atoi(*cur + sizeof("cols=") - 1); |
| 93 |
continue; |
| 94 |
} |
| 95 |
+ if (MATCHES(*cur, "sid=")) { |
| 96 |
+ sudo_user.sid = atoi(*cur + sizeof("sid=") - 1); |
| 97 |
+ continue; |
| 98 |
+ } |
| 99 |
} |
| 100 |
if (user_cwd == NULL) |
| 101 |
user_cwd = "unknown"; |
| 102 |
diff -up sudo-1.8.6p3/plugins/sudoers/sudoers.h.CVE-2013 sudo-1.8.6p3/plugins/sudoers/sudoers.h |
| 103 |
--- sudo-1.8.6p3/plugins/sudoers/sudoers.h.CVE-2013 2013-10-07 14:29:21.401662293 +0200 |
| 104 |
+++ sudo-1.8.6p3/plugins/sudoers/sudoers.h 2013-10-07 14:29:40.711731073 +0200 |
| 105 |
@@ -95,6 +95,7 @@ struct sudo_user { |
| 106 |
int flags; |
| 107 |
uid_t uid; |
| 108 |
uid_t gid; |
| 109 |
+ pid_t sid; |
| 110 |
}; |
| 111 |
|
| 112 |
/* |
| 113 |
@@ -172,8 +173,8 @@ struct sudo_user { |
| 114 |
#define user_name (sudo_user.name) |
| 115 |
#define user_uid (sudo_user.uid) |
| 116 |
#define user_gid (sudo_user.gid) |
| 117 |
+#define user_sid (sudo_user.sid) |
| 118 |
#define user_passwd (sudo_user.pw->pw_passwd) |
| 119 |
-#define user_uuid (sudo_user.uuid) |
| 120 |
#define user_dir (sudo_user.pw->pw_dir) |
| 121 |
#define user_gids (sudo_user.gids) |
| 122 |
#define user_ngids (sudo_user.ngids) |
| 123 |
diff -up sudo-1.8.6p3/src/ttyname.c.CVE-2013 sudo-1.8.6p3/src/ttyname.c |
| 124 |
--- sudo-1.8.6p3/src/ttyname.c.CVE-2013 2013-10-07 14:28:12.969413189 +0200 |
| 125 |
+++ sudo-1.8.6p3/src/ttyname.c 2013-10-07 14:29:34.954709709 +0200 |
| 126 |
@@ -1,5 +1,5 @@ |
| 127 |
/* |
| 128 |
- * Copyright (c) 2012 Todd C. Miller <Todd.Miller@courtesan.com> |
| 129 |
+ * Copyright (c) 2012-2013 Todd C. Miller <Todd.Miller@courtesan.com> |
| 130 |
* |
| 131 |
* Permission to use, copy, modify, and distribute this software for any |
| 132 |
* purpose with or without fee is hereby granted, provided that the above |
| 133 |
@@ -377,14 +377,6 @@ get_process_ttyname(void) |
| 134 |
} |
| 135 |
efree(ki_proc); |
| 136 |
|
| 137 |
- /* If all else fails, fall back on ttyname(). */ |
| 138 |
- if (tty == NULL) { |
| 139 |
- if ((tty = ttyname(STDIN_FILENO)) != NULL || |
| 140 |
- (tty = ttyname(STDOUT_FILENO)) != NULL || |
| 141 |
- (tty = ttyname(STDERR_FILENO)) != NULL) |
| 142 |
- tty = estrdup(tty); |
| 143 |
- } |
| 144 |
- |
| 145 |
debug_return_str(tty); |
| 146 |
} |
| 147 |
#elif defined(HAVE_STRUCT_PSINFO_PR_TTYDEV) |
| 148 |
@@ -416,14 +408,6 @@ get_process_ttyname(void) |
| 149 |
} |
| 150 |
} |
| 151 |
|
| 152 |
- /* If all else fails, fall back on ttyname(). */ |
| 153 |
- if (tty == NULL) { |
| 154 |
- if ((tty = ttyname(STDIN_FILENO)) != NULL || |
| 155 |
- (tty = ttyname(STDOUT_FILENO)) != NULL || |
| 156 |
- (tty = ttyname(STDERR_FILENO)) != NULL) |
| 157 |
- tty = estrdup(tty); |
| 158 |
- } |
| 159 |
- |
| 160 |
debug_return_str(tty); |
| 161 |
} |
| 162 |
#elif defined(__linux__) |
| 163 |
@@ -442,7 +426,7 @@ get_process_ttyname(void) |
| 164 |
int i; |
| 165 |
debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL) |
| 166 |
|
| 167 |
- /* Try to determine the tty from pr_ttydev in /proc/pid/psinfo. */ |
| 168 |
+ /* Try to determine the tty from tty_nr in /proc/pid/stat. */ |
| 169 |
for (i = 0; tty == NULL && i < 2; i++) { |
| 170 |
FILE *fp; |
| 171 |
char path[PATH_MAX]; |
| 172 |
@@ -470,14 +454,6 @@ get_process_ttyname(void) |
| 173 |
} |
| 174 |
efree(line); |
| 175 |
|
| 176 |
- /* If all else fails, fall back on ttyname(). */ |
| 177 |
- if (tty == NULL) { |
| 178 |
- if ((tty = ttyname(STDIN_FILENO)) != NULL || |
| 179 |
- (tty = ttyname(STDOUT_FILENO)) != NULL || |
| 180 |
- (tty = ttyname(STDERR_FILENO)) != NULL) |
| 181 |
- tty = estrdup(tty); |
| 182 |
- } |
| 183 |
- |
| 184 |
debug_return_str(tty); |
| 185 |
} |
| 186 |
#else |
Parent Directory
| 
Revision Log
| 
Revision Graph
