]>
Commit | Line | Data |
---|---|---|
c9673262 MT |
1 | Submitted By: Archaic (archaic -aT- linuxfromscratch -DoT- org) |
2 | Date: 2005-01-17 | |
3 | Initial Package Version: 1.6.8p12 | |
4 | Origin: Upstream CVS | |
5 | Upstream Status: In CVS | |
6 | Description: (CVE-2005-4158) Sudo before 1.6.8 p12, when the Perl taint flag is | |
7 | off, does not clear the PERLLIB, PERL5LIB, and PERL5OPT environment | |
8 | variables, which allows limited local users to cause a Perl script | |
9 | to include and execute arbitrary library files that have the same | |
10 | name as library files that are included by the script. | |
11 | Additionally, more variables beyond perl were added to the | |
12 | blacklist and comments were added to the variables. | |
13 | ||
14 | diff -Naur sudo-1.6.8p12.orig/env.c sudo-1.6.8p12/env.c | |
15 | --- sudo-1.6.8p12.orig/env.c 2005-11-08 18:21:33.000000000 +0000 | |
16 | +++ sudo-1.6.8p12/env.c 2006-01-18 00:35:17.000000000 +0000 | |
17 | @@ -118,18 +118,31 @@ | |
18 | "USR_ACE", | |
19 | "DLC_ACE", | |
20 | #endif /* HAVE_SECURID */ | |
21 | - "TERMINFO", | |
22 | - "TERMINFO_DIRS", | |
23 | - "TERMPATH", | |
24 | + "TERMINFO", /* terminfo, exclusive path to terminfo files */ | |
25 | + "TERMINFO_DIRS", /* terminfo, path(s) to terminfo files */ | |
26 | + "TERMPATH", /* termcap, path(s) to termcap files */ | |
27 | "TERMCAP", /* XXX - only if it starts with '/' */ | |
28 | - "ENV", | |
29 | - "BASH_ENV", | |
30 | - "PS4", | |
31 | - "SHELLOPTS", | |
32 | - "JAVA_TOOL_OPTIONS", | |
33 | - "PERLLIB", | |
34 | - "PERL5LIB", | |
35 | - "PERL5OPT", | |
36 | + "ENV", /* ksh, file to source before script runs */ | |
37 | + "BASH_ENV", /* bash, file to source before script runs */ | |
38 | + "PS4", /* bash, prefix for lines in xtrace mode */ | |
39 | + "GLOBIGNORE", /* bash, globbing patterns to ignore */ | |
40 | + "SHELLOPTS", /* bash, extra command line options */ | |
41 | + "JAVA_TOOL_OPTIONS", /* java, extra command line options */ | |
42 | + "PERLIO_DEBUG ", /* perl, debugging output file */ | |
43 | + "PERLLIB", /* perl, search path for modules/includes */ | |
44 | + "PERL5LIB", /* perl 5, search path for modules/includes */ | |
45 | + "PERL5OPT", /* perl 5, extra command line options */ | |
46 | + "PERL5DB", /* perl 5, command used to load debugger */ | |
47 | + "FPATH", /* ksh, search path for functions */ | |
48 | + "NULLCMD", /* zsh, command for null file redirection */ | |
49 | + "READNULLCMD", /* zsh, command for null file redirection */ | |
50 | + "ZDOTDIR", /* zsh, search path for dot files */ | |
51 | + "TMPPREFIX", /* zsh, prefix for temporary files */ | |
52 | + "PYTHONHOME", /* python, module search path */ | |
53 | + "PYTHONPATH", /* python, search path */ | |
54 | + "PYTHONINSPEC", /* python, allow inspection */ | |
55 | + "RUBYLIB", /* ruby, library load path */ | |
56 | + "RUBYOPT", /* ruby, extra command line options */ | |
57 | NULL | |
58 | }; | |
59 |