Skip to content

Commit 10d072a

Browse files
committed
Merge sudo 1.9.5 from tip
--HG-- branch : 1.9
2 parents a846623 + 9e111ea commit 10d072a

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

105 files changed

+6577
-5338
lines changed

MANIFEST

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -182,8 +182,10 @@ lib/util/nanosleep.c
182182
lib/util/openat.c
183183
lib/util/parseln.c
184184
lib/util/pipe2.c
185+
lib/util/pread.c
185186
lib/util/progname.c
186187
lib/util/pw_dup.c
188+
lib/util/pwrite.c
187189
lib/util/reallocarray.c
188190
lib/util/regress/fnmatch/fnm_test.c
189191
lib/util/regress/fnmatch/fnm_test.in
@@ -993,6 +995,7 @@ scripts/unanon
993995
src/Makefile.in
994996
src/conversation.c
995997
src/copy_file.c
998+
src/edit_open.c
996999
src/env_hooks.c
9971000
src/exec.c
9981001
src/exec_common.c
@@ -1017,6 +1020,7 @@ src/solaris.c
10171020
src/sudo.c
10181021
src/sudo.h
10191022
src/sudo_edit.c
1023+
src/sudo_edit.h
10201024
src/sudo_exec.h
10211025
src/sudo_noexec.c
10221026
src/sudo_plugin_int.h

Makefile.in

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -94,7 +94,7 @@ XGETTEXT_OPTS = -F -k_ -kN_ -kU_ --copyright-holder="Todd C. Miller" \
9494
--flag sudo_lbuf_append_quoted:3:c-format --foreign-user
9595

9696
# Default cppcheck options when run from the top-level Makefile
97-
CPPCHECK_OPTS = -q --force --enable=warning,performance,portability --suppress=constStatement --error-exitcode=1 --inline-suppr -Dva_copy=va_copy -U__cplusplus -UQUAD_MAX -UQUAD_MIN -UUQUAD_MAX -U_POSIX_HOST_NAME_MAX -U_POSIX_PATH_MAX -U__NBBY -DNSIG=64
97+
CPPCHECK_OPTS = -q --enable=warning,performance,portability --suppress=constStatement --suppress=compareBoolExpressionWithInt --error-exitcode=1 --inline-suppr -Dva_copy=va_copy -U__cplusplus -UQUAD_MAX -UQUAD_MIN -UUQUAD_MAX -U_POSIX_HOST_NAME_MAX -U_POSIX_PATH_MAX -U__NBBY -DNSIG=64
9898

9999
# Default splint options when run from the top-level Makefile
100100
SPLINT_OPTS = -D__restrict= -checks

NEWS

Lines changed: 63 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,66 @@
1+
What's new in Sudo 1.9.5
2+
3+
* Fixed a crash introduced in 1.9.4 when running "sudo -i" as an
4+
unknown user. This is related to but distinct from Bug #948.
5+
6+
* If the "lecture_file" setting is enabled in sudoers, it must now
7+
refer to a regular file or a symbolic link to a regular file.
8+
9+
* Fixed a potential use-after-free bug in sudo_logsrvd when the
10+
server shuts down if there are existing connections from clients
11+
that are only logging events and not session I/O data.
12+
13+
* Fixed a buffer size mismatch when serializing the list of IP
14+
addresses for configured network interfaces. This bug is not
15+
actually exploitable since the allocated buffer is large enough
16+
to hold the list of addresses.
17+
18+
* If sudo is executed with a name other that "sudo" or "sudoedit",
19+
it will now fall back to "sudo" as the program name. This affects
20+
warning, help and usage messages as well as the matching of Debug
21+
lines in the /etc/sudo.conf file. Previously, it was possible
22+
for the invoking user to manipulate the program name by setting
23+
argv[0] to an arbitrary value when executing sudo.
24+
25+
* Sudo now checks for failure when setting the close-on-exec flag
26+
on open file descriptors. This should never fail but, if it
27+
were to, there is the possibility of a file descriptor leak to
28+
a child process (such as the command sudo runs).
29+
30+
* Fixed CVE-2021-23239, a potential information leak in sudoedit
31+
that could be used to test for the existence of directories not
32+
normally accessible to the user in certain circumstances. When
33+
creating a new file, sudoedit checks to make sure the parent
34+
directory of the new file exists before running the editor.
35+
However, a race condition exists if the invoking user can replace
36+
(or create) the parent directory. If a symbolic link is created
37+
in place of the parent directory, sudoedit will run the editor
38+
as long as the target of the link exists. If the target of the
39+
link does not exist, an error message will be displayed. The
40+
race condition can be used to test for the existence of an
41+
arbitrary directory. However, it _cannot_ be used to write to
42+
an arbitrary location.
43+
44+
* Fixed CVE-2021-23240, a flaw in the temporary file handling of
45+
sudoedit's SELinux RBAC support. On systems where SELinux is
46+
enabled, a user with sudoedit permissions may be able to set the
47+
owner of an arbitrary file to the user-ID of the target user.
48+
On Linux kernels that support "protected symlinks", setting
49+
/proc/sys/fs/protected_symlinks to 1 will prevent the bug from
50+
being exploited. For more information see
51+
https://www.sudo.ws/alerts/sudoedit_selinux.html.
52+
53+
* Added writability checks for sudoedit when SELinux RBAC is in use.
54+
This makes sudoedit behavior consistent regardless of whether
55+
or not SELinux RBAC is in use. Previously, the "sudoedit_checkdir"
56+
setting had no effect for RBAC entries.
57+
58+
* A new sudoers option "selinux" can be used to disable sudo's
59+
SELinux RBAC support.
60+
61+
* Quieted warnings from PVS Studio, clang analyzer, and cppcheck.
62+
Added suppression annotations for PVS Studio false positives.
63+
164
What's new in Sudo 1.9.4p2
265

366
* Fixed a bug introduced in sudo 1.9.4p1 which could lead to a crash

configure

Lines changed: 77 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
#! /bin/sh
22
# Guess values for system-dependent variables and create Makefiles.
3-
# Generated by GNU Autoconf 2.69 for sudo 1.9.4p2.
3+
# Generated by GNU Autoconf 2.69 for sudo 1.9.5.
44
#
55
# Report bugs to <https://bugzilla.sudo.ws/>.
66
#
@@ -590,8 +590,8 @@ MAKEFLAGS=
590590
# Identity of this package.
591591
PACKAGE_NAME='sudo'
592592
PACKAGE_TARNAME='sudo'
593-
PACKAGE_VERSION='1.9.4p2'
594-
PACKAGE_STRING='sudo 1.9.4p2'
593+
PACKAGE_VERSION='1.9.5'
594+
PACKAGE_STRING='sudo 1.9.5'
595595
PACKAGE_BUGREPORT='https://bugzilla.sudo.ws/'
596596
PACKAGE_URL=''
597597

@@ -1584,7 +1584,7 @@ if test "$ac_init_help" = "long"; then
15841584
# Omit some internal or obsolete options to make the list less imposing.
15851585
# This message is too long to be a string in the A/UX 3.1 sh.
15861586
cat <<_ACEOF
1587-
\`configure' configures sudo 1.9.4p2 to adapt to many kinds of systems.
1587+
\`configure' configures sudo 1.9.5 to adapt to many kinds of systems.
15881588

15891589
Usage: $0 [OPTION]... [VAR=VALUE]...
15901590

@@ -1650,7 +1650,7 @@ fi
16501650

16511651
if test -n "$ac_init_help"; then
16521652
case $ac_init_help in
1653-
short | recursive ) echo "Configuration of sudo 1.9.4p2:";;
1653+
short | recursive ) echo "Configuration of sudo 1.9.5:";;
16541654
esac
16551655
cat <<\_ACEOF
16561656

@@ -1924,7 +1924,7 @@ fi
19241924
test -n "$ac_init_help" && exit $ac_status
19251925
if $ac_init_version; then
19261926
cat <<\_ACEOF
1927-
sudo configure 1.9.4p2
1927+
sudo configure 1.9.5
19281928
generated by GNU Autoconf 2.69
19291929

19301930
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2633,7 +2633,7 @@ cat >config.log <<_ACEOF
26332633
This file contains any messages produced by compilers while
26342634
running configure, to aid debugging if configure makes a mistake.
26352635

2636-
It was created by sudo $as_me 1.9.4p2, which was
2636+
It was created by sudo $as_me 1.9.5, which was
26372637
generated by GNU Autoconf 2.69. Invocation command line was
26382638

26392639
$ $0 $@
@@ -2928,8 +2928,6 @@ as_fn_append ac_header_list " sys/statvfs.h"
29282928
as_fn_append ac_func_list " fexecve"
29292929
as_fn_append ac_func_list " killpg"
29302930
as_fn_append ac_func_list " nl_langinfo"
2931-
as_fn_append ac_func_list " pread"
2932-
as_fn_append ac_func_list " pwrite"
29332931
as_fn_append ac_func_list " faccessat"
29342932
as_fn_append ac_func_list " wordexp"
29352933
as_fn_append ac_func_list " getauxval"
@@ -19437,10 +19435,6 @@ done
1943719435

1943819436

1943919437

19440-
19441-
19442-
19443-
1944419438
case "$host_os" in
1944519439
hpux*)
1944619440
if test X"$ac_cv_func_pread" = X"yes"; then
@@ -19466,6 +19460,58 @@ done
1946619460
fi
1946719461
;;
1946819462
esac
19463+
for ac_func in pread
19464+
do :
19465+
ac_fn_c_check_func "$LINENO" "pread" "ac_cv_func_pread"
19466+
if test "x$ac_cv_func_pread" = xyes; then :
19467+
cat >>confdefs.h <<_ACEOF
19468+
#define HAVE_PREAD 1
19469+
_ACEOF
19470+
19471+
else
19472+
19473+
case " $LIBOBJS " in
19474+
*" pread.$ac_objext "* ) ;;
19475+
*) LIBOBJS="$LIBOBJS pread.$ac_objext"
19476+
;;
19477+
esac
19478+
19479+
19480+
for _sym in sudo_pread; do
19481+
COMPAT_EXP="${COMPAT_EXP}${_sym}
19482+
"
19483+
done
19484+
19485+
19486+
fi
19487+
done
19488+
19489+
for ac_func in pwrite
19490+
do :
19491+
ac_fn_c_check_func "$LINENO" "pwrite" "ac_cv_func_pwrite"
19492+
if test "x$ac_cv_func_pwrite" = xyes; then :
19493+
cat >>confdefs.h <<_ACEOF
19494+
#define HAVE_PWRITE 1
19495+
_ACEOF
19496+
19497+
else
19498+
19499+
case " $LIBOBJS " in
19500+
*" pwrite.$ac_objext "* ) ;;
19501+
*) LIBOBJS="$LIBOBJS pwrite.$ac_objext"
19502+
;;
19503+
esac
19504+
19505+
19506+
for _sym in sudo_pwrite; do
19507+
COMPAT_EXP="${COMPAT_EXP}${_sym}
19508+
"
19509+
done
19510+
19511+
19512+
fi
19513+
done
19514+
1946919515
for ac_func in cfmakeraw
1947019516
do :
1947119517
ac_fn_c_check_func "$LINENO" "cfmakeraw" "ac_cv_func_cfmakeraw"
@@ -22884,17 +22930,26 @@ if test "x$ac_cv_func_getprogname" = xyes; then :
2288422930
cat >>confdefs.h <<_ACEOF
2288522931
#define HAVE_GETPROGNAME 1
2288622932
_ACEOF
22887-
for ac_func in setprogname
22933+
22934+
for ac_func in setprogname
2288822935
do :
2288922936
ac_fn_c_check_func "$LINENO" "setprogname" "ac_cv_func_setprogname"
2289022937
if test "x$ac_cv_func_setprogname" = xyes; then :
2289122938
cat >>confdefs.h <<_ACEOF
2289222939
#define HAVE_SETPROGNAME 1
2289322940
_ACEOF
2289422941

22942+
else
22943+
22944+
for _sym in sudo_setprogname; do
22945+
COMPAT_EXP="${COMPAT_EXP}${_sym}
22946+
"
22947+
done
22948+
2289522949
fi
2289622950
done
2289722951

22952+
2289822953
else
2289922954

2290022955
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for __progname" >&5
@@ -22936,6 +22991,12 @@ $as_echo "$sudo_cv___progname" >&6; }
2293622991
done
2293722992

2293822993

22994+
for _sym in sudo_setprogname; do
22995+
COMPAT_EXP="${COMPAT_EXP}${_sym}
22996+
"
22997+
done
22998+
22999+
2293923000
fi
2294023001
done
2294123002

@@ -28755,7 +28816,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
2875528816
# report actual input values of CONFIG_FILES etc. instead of their
2875628817
# values after options handling.
2875728818
ac_log="
28758-
This file was extended by sudo $as_me 1.9.4p2, which was
28819+
This file was extended by sudo $as_me 1.9.5, which was
2875928820
generated by GNU Autoconf 2.69. Invocation command line was
2876028821

2876128822
CONFIG_FILES = $CONFIG_FILES
@@ -28821,7 +28882,7 @@ _ACEOF
2882128882
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
2882228883
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
2882328884
ac_cs_version="\\
28824-
sudo config.status 1.9.4p2
28885+
sudo config.status 1.9.5
2882528886
configured by $0, generated by GNU Autoconf 2.69,
2882628887
with options \\"\$ac_cs_config\\"
2882728888

configure.ac

Lines changed: 16 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ dnl Use the top-level autogen.sh script to generate configure and config.h.in
33
dnl
44
dnl SPDX-License-Identifier: ISC
55
dnl
6-
dnl Copyright (c) 1994-1996, 1998-2020 Todd C. Miller <Todd.Miller@sudo.ws>
6+
dnl Copyright (c) 1994-1996, 1998-2021 Todd C. Miller <Todd.Miller@sudo.ws>
77
dnl
88
dnl Permission to use, copy, modify, and distribute this software for any
99
dnl purpose with or without fee is hereby granted, provided that the above
@@ -18,7 +18,7 @@ dnl ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1818
dnl OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
1919
dnl
2020
AC_PREREQ([2.59])
21-
AC_INIT([sudo], [1.9.4p2], [https://bugzilla.sudo.ws/], [sudo])
21+
AC_INIT([sudo], [1.9.5], [https://bugzilla.sudo.ws/], [sudo])
2222
AC_CONFIG_HEADERS([config.h pathnames.h])
2323
AC_CONFIG_SRCDIR([src/sudo.c])
2424
dnl
@@ -2641,7 +2641,7 @@ dnl
26412641
dnl Function checks
26422642
dnl
26432643
AC_FUNC_GETGROUPS
2644-
AC_CHECK_FUNCS_ONCE([fexecve killpg nl_langinfo pread pwrite faccessat wordexp getauxval fseeko])
2644+
AC_CHECK_FUNCS_ONCE([fexecve killpg nl_langinfo faccessat wordexp getauxval fseeko])
26452645
case "$host_os" in
26462646
hpux*)
26472647
if test X"$ac_cv_func_pread" = X"yes"; then
@@ -2654,6 +2654,14 @@ case "$host_os" in
26542654
fi
26552655
;;
26562656
esac
2657+
AC_CHECK_FUNCS([pread], [], [
2658+
AC_LIBOBJ(pread)
2659+
SUDO_APPEND_COMPAT_EXP(sudo_pread)
2660+
])
2661+
AC_CHECK_FUNCS([pwrite], [], [
2662+
AC_LIBOBJ(pwrite)
2663+
SUDO_APPEND_COMPAT_EXP(sudo_pwrite)
2664+
])
26572665
AC_CHECK_FUNCS([cfmakeraw], [], [
26582666
AC_LIBOBJ(cfmakeraw)
26592667
SUDO_APPEND_COMPAT_EXP(sudo_cfmakeraw)
@@ -3301,9 +3309,11 @@ esac
33013309
LIBS="$OLIBS"
33023310

33033311
dnl
3304-
dnl Check for getprogname() or __progname
3312+
dnl Check for getprogname()/setprogname() or __progname
33053313
dnl
3306-
AC_CHECK_FUNCS([getprogname], [AC_CHECK_FUNCS([setprogname])], [
3314+
AC_CHECK_FUNCS([getprogname], [
3315+
AC_CHECK_FUNCS([setprogname], [], [SUDO_APPEND_COMPAT_EXP(sudo_setprogname)])
3316+
], [
33073317
AC_MSG_CHECKING([for __progname])
33083318
AC_CACHE_VAL(sudo_cv___progname, [
33093319
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[extern char *__progname; if (__progname[0] == '\0') return 1;]])], [sudo_cv___progname=yes], [sudo_cv___progname=no])])
@@ -3312,6 +3322,7 @@ AC_CHECK_FUNCS([getprogname], [AC_CHECK_FUNCS([setprogname])], [
33123322
fi
33133323
AC_MSG_RESULT($sudo_cv___progname)
33143324
SUDO_APPEND_COMPAT_EXP(sudo_getprogname)
3325+
SUDO_APPEND_COMPAT_EXP(sudo_setprogname)
33153326
])
33163327
dnl
33173328
dnl Check for __func__ or __FUNCTION__

doc/LICENSE

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
Sudo is distributed under the following license:
22

3-
Copyright (c) 1994-1996, 1998-2020
3+
Copyright (c) 1994-1996, 1998-2021
44
Todd C. Miller <Todd.Miller@sudo.ws>
55

66
Permission to use, copy, modify, and distribute this software for any

0 commit comments

Comments
 (0)