]> git.ipfire.org Git - ipfire-2.x.git/blame - src/patches/sudo-1.6.8p12-envvar_fix-1.patch
HinzugefĆ¼gt:
[ipfire-2.x.git] / src / patches / sudo-1.6.8p12-envvar_fix-1.patch
CommitLineData
c9673262
MT
1Submitted By: Archaic (archaic -aT- linuxfromscratch -DoT- org)
2Date: 2005-01-17
3Initial Package Version: 1.6.8p12
4Origin: Upstream CVS
5Upstream Status: In CVS
6Description: (CVE-2005-4158) Sudo before 1.6.8 p12, when the Perl taint flag is
7 off, does not clear the PERLLIB, PERL5LIB, and PERL5OPT environment
8 variables, which allows limited local users to cause a Perl script
9 to include and execute arbitrary library files that have the same
10 name as library files that are included by the script.
11 Additionally, more variables beyond perl were added to the
12 blacklist and comments were added to the variables.
13
14diff -Naur sudo-1.6.8p12.orig/env.c sudo-1.6.8p12/env.c
15--- sudo-1.6.8p12.orig/env.c 2005-11-08 18:21:33.000000000 +0000
16+++ sudo-1.6.8p12/env.c 2006-01-18 00:35:17.000000000 +0000
17@@ -118,18 +118,31 @@
18 "USR_ACE",
19 "DLC_ACE",
20 #endif /* HAVE_SECURID */
21- "TERMINFO",
22- "TERMINFO_DIRS",
23- "TERMPATH",
24+ "TERMINFO", /* terminfo, exclusive path to terminfo files */
25+ "TERMINFO_DIRS", /* terminfo, path(s) to terminfo files */
26+ "TERMPATH", /* termcap, path(s) to termcap files */
27 "TERMCAP", /* XXX - only if it starts with '/' */
28- "ENV",
29- "BASH_ENV",
30- "PS4",
31- "SHELLOPTS",
32- "JAVA_TOOL_OPTIONS",
33- "PERLLIB",
34- "PERL5LIB",
35- "PERL5OPT",
36+ "ENV", /* ksh, file to source before script runs */
37+ "BASH_ENV", /* bash, file to source before script runs */
38+ "PS4", /* bash, prefix for lines in xtrace mode */
39+ "GLOBIGNORE", /* bash, globbing patterns to ignore */
40+ "SHELLOPTS", /* bash, extra command line options */
41+ "JAVA_TOOL_OPTIONS", /* java, extra command line options */
42+ "PERLIO_DEBUG ", /* perl, debugging output file */
43+ "PERLLIB", /* perl, search path for modules/includes */
44+ "PERL5LIB", /* perl 5, search path for modules/includes */
45+ "PERL5OPT", /* perl 5, extra command line options */
46+ "PERL5DB", /* perl 5, command used to load debugger */
47+ "FPATH", /* ksh, search path for functions */
48+ "NULLCMD", /* zsh, command for null file redirection */
49+ "READNULLCMD", /* zsh, command for null file redirection */
50+ "ZDOTDIR", /* zsh, search path for dot files */
51+ "TMPPREFIX", /* zsh, prefix for temporary files */
52+ "PYTHONHOME", /* python, module search path */
53+ "PYTHONPATH", /* python, search path */
54+ "PYTHONINSPEC", /* python, allow inspection */
55+ "RUBYLIB", /* ruby, library load path */
56+ "RUBYOPT", /* ruby, extra command line options */
57 NULL
58 };
59