/[smeserver]/rpms/sudo/sme9/sudo-1.8.6p3-loggingperms.patch
ViewVC logotype

Annotation of /rpms/sudo/sme9/sudo-1.8.6p3-loggingperms.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Thu Feb 4 19:44:20 2021 UTC (3 years, 8 months ago) by jpp
Branch: MAIN
CVS Tags: sudo-1_8_6p3-30_el6_sme, sudo-1_8_6p3-29_el6_9, HEAD
Sudo

1 jpp 1.1 diff -up ./plugins/sudoers/logging.c.loggingperms ./plugins/sudoers/logging.c
2     --- ./plugins/sudoers/logging.c.loggingperms 2016-10-06 16:43:14.509092792 +0200
3     +++ ./plugins/sudoers/logging.c 2016-10-06 16:46:13.491679481 +0200
4     @@ -271,6 +271,9 @@ log_denial(int status, bool inform_user)
5    
6     logline = new_logline(message, 0);
7    
8     + /* Become root if we are not already. */
9     + set_perms(PERM_ROOT|PERM_NOEXIT);
10     +
11     if (should_mail(status))
12     send_mail("%s", logline); /* send mail based on status */
13    
14     @@ -305,6 +308,8 @@ log_denial(int status, bool inform_user)
15     if (def_logfile)
16     do_logfile(logline);
17    
18     + restore_perms();
19     +
20     efree(logline);
21     debug_return;
22     }
23     @@ -395,6 +400,9 @@ log_allowed(int status)
24    
25     logline = new_logline(NULL, 0);
26    
27     + /* Become root if we are not already. */
28     + set_perms(PERM_ROOT|PERM_NOEXIT);
29     +
30     if (should_mail(status))
31     send_mail("%s", logline); /* send mail based on status */
32    
33     @@ -406,6 +414,8 @@ log_allowed(int status)
34     if (def_logfile)
35     do_logfile(logline);
36    
37     + restore_perms();
38     +
39     efree(logline);
40     debug_return;
41     }
42     diff -up ./plugins/sudoers/set_perms.c.loggingperms ./plugins/sudoers/set_perms.c
43     --- ./plugins/sudoers/set_perms.c.loggingperms 2016-10-06 16:46:30.112083938 +0200
44     +++ ./plugins/sudoers/set_perms.c 2016-10-06 16:56:45.151045834 +0200
45     @@ -179,8 +179,16 @@ set_perms(int perm)
46     goto bad;
47     }
48     state->rgid = ostate->rgid;
49     - state->egid = ostate->egid;
50     + state->egid = ROOT_GID;
51     state->sgid = ostate->sgid;
52     + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: "
53     + "[%d, %d, %d] -> [%d, %d, %d]", __func__,
54     + (int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid,
55     + (int)state->rgid, (int)state->egid, (int)state->sgid);
56     + if (GID_CHANGED && setresgid(ID(rgid), ID(egid), ID(sgid))) {
57     + strlcpy(errbuf, _("unable to change to root gid"), sizeof(errbuf));
58     + goto bad;
59     + }
60     state->grlist = ostate->grlist;
61     sudo_grlist_addref(state->grlist);
62     break;
63     @@ -481,8 +489,16 @@ set_perms(int perm)
64     goto bad;
65     }
66     state->rgid = ostate->rgid;
67     - state->egid = ostate->egid;
68     + state->egid = ROOT_GID;
69     state->sgid = ostate->sgid;
70     + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: "
71     + "[%d, %d, %d] -> [%d, %d, %d]", __func__,
72     + (int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid,
73     + (int)state->rgid, (int)state->egid, (int)state->sgid);
74     + if (GID_CHANGED && setgidx(ID_EFFECTIVE, ROOT_GID)) {
75     + strlcpy(errbuf, _("unable to change to root gid"), sizeof(errbuf));
76     + goto bad;
77     + }
78     state->grlist = ostate->grlist;
79     sudo_grlist_addref(state->grlist);
80     break;
81     @@ -879,7 +895,15 @@ set_perms(int perm)
82     }
83     }
84     state->rgid = ostate->rgid;
85     - state->egid = ostate->rgid;
86     + state->egid = ROOT_GID;
87     + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: "
88     + "[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid,
89     + (int)ostate->egid, (int)state->rgid, (int)state->egid);
90     + if (GID_CHANGED && setregid(ID(rgid), ID(egid))) {
91     + snprintf(errbuf, sizeof(errbuf),
92     + "PERM_ROOT: setregid(%d, %d)", ID(rgid), ID(egid));
93     + goto bad;
94     + }
95     state->grlist = ostate->grlist;
96     sudo_grlist_addref(state->grlist);
97     break;
98     @@ -1165,7 +1189,14 @@ set_perms(int perm)
99     state->ruid = ROOT_UID;
100     state->euid = ROOT_UID;
101     state->rgid = ostate->rgid;
102     - state->egid = ostate->egid;
103     + state->egid = ROOT_GID;
104     + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: "
105     + "[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid,
106     + (int)ostate->egid, ROOT_GID, ROOT_GID);
107     + if (GID_CHANGED && setegid(ROOT_GID)) {
108     + strlcpy(errbuf, _("unable to change to root gid"), sizeof(errbuf));
109     + goto bad;
110     + }
111     state->grlist = ostate->grlist;
112     sudo_grlist_addref(state->grlist);
113     break;
114     @@ -1421,7 +1452,7 @@ set_perms(int perm)
115    
116     case PERM_ROOT:
117     state->ruid = ROOT_UID;
118     - state->rgid = ostate->rgid;
119     + state->rgid = ROOT_GID;
120     state->grlist = ostate->grlist;
121     sudo_grlist_addref(state->grlist);
122     sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: uid: "
123     @@ -1430,11 +1461,17 @@ set_perms(int perm)
124     snprintf(errbuf, sizeof(errbuf), "PERM_ROOT: setuid(%d)", ROOT_UID);
125     goto bad;
126     }
127     + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: "
128     + "[%d] -> [%d]", __func__, (int)ostate->rgid, (int)state->rgid);
129     + if (setgid(ROOT_GID)) {
130     + strlcpy(errbuf, _("unable to change to root gid"), sizeof(errbuf));
131     + goto bad;
132     + }
133     break;
134    
135     case PERM_FULL_USER:
136     state->rgid = user_gid;
137     - sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: "
138     + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_FULL_USER: gid: "
139     "[%d] -> [%d]", __func__, (int)ostate->rgid, (int)state->rgid);
140     (void) setgid(user_gid);
141     state->grlist = user_group_list;
142     @@ -1446,7 +1483,7 @@ set_perms(int perm)
143     }
144     }
145     state->ruid = user_uid;
146     - sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: uid: "
147     + sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_FULL_USER: uid: "
148     "[%d] -> [%d]", __func__, (int)ostate->ruid, (int)state->ruid);
149     if (setuid(user_uid)) {
150     snprintf(errbuf, sizeof(errbuf),
151     diff -up ./plugins/sudoers/sudoers.h.loggingperms ./plugins/sudoers/sudoers.h
152     --- ./plugins/sudoers/sudoers.h.loggingperms 2016-10-06 16:56:55.842662731 +0200
153     +++ ./plugins/sudoers/sudoers.h 2016-10-06 16:59:04.615048554 +0200
154     @@ -208,6 +208,7 @@ struct sudo_user {
155     #else
156     # define ROOT_UID 0
157     #endif
158     +#define ROOT_GID 0
159    
160     /*
161     * We used to use the system definition of PASS_MAX or _PASSWD_LEN,

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed