+++ /dev/null
-Submitted By: Archaic (archaic -aT- linuxfromscratch -DoT- org)
-Date: 2005-01-17
-Initial Package Version: 1.6.8p12
-Origin: Upstream CVS
-Upstream Status: In CVS
-Description: (CVE-2005-4158) Sudo before 1.6.8 p12, when the Perl taint flag is
- off, does not clear the PERLLIB, PERL5LIB, and PERL5OPT environment
- variables, which allows limited local users to cause a Perl script
- to include and execute arbitrary library files that have the same
- name as library files that are included by the script.
- Additionally, more variables beyond perl were added to the
- blacklist and comments were added to the variables.
-
-diff -Naur sudo-1.6.8p12.orig/env.c sudo-1.6.8p12/env.c
---- sudo-1.6.8p12.orig/env.c 2005-11-08 18:21:33.000000000 +0000
-+++ sudo-1.6.8p12/env.c 2006-01-18 00:35:17.000000000 +0000
-@@ -118,18 +118,31 @@
- "USR_ACE",
- "DLC_ACE",
- #endif /* HAVE_SECURID */
-- "TERMINFO",
-- "TERMINFO_DIRS",
-- "TERMPATH",
-+ "TERMINFO", /* terminfo, exclusive path to terminfo files */
-+ "TERMINFO_DIRS", /* terminfo, path(s) to terminfo files */
-+ "TERMPATH", /* termcap, path(s) to termcap files */
- "TERMCAP", /* XXX - only if it starts with '/' */
-- "ENV",
-- "BASH_ENV",
-- "PS4",
-- "SHELLOPTS",
-- "JAVA_TOOL_OPTIONS",
-- "PERLLIB",
-- "PERL5LIB",
-- "PERL5OPT",
-+ "ENV", /* ksh, file to source before script runs */
-+ "BASH_ENV", /* bash, file to source before script runs */
-+ "PS4", /* bash, prefix for lines in xtrace mode */
-+ "GLOBIGNORE", /* bash, globbing patterns to ignore */
-+ "SHELLOPTS", /* bash, extra command line options */
-+ "JAVA_TOOL_OPTIONS", /* java, extra command line options */
-+ "PERLIO_DEBUG ", /* perl, debugging output file */
-+ "PERLLIB", /* perl, search path for modules/includes */
-+ "PERL5LIB", /* perl 5, search path for modules/includes */
-+ "PERL5OPT", /* perl 5, extra command line options */
-+ "PERL5DB", /* perl 5, command used to load debugger */
-+ "FPATH", /* ksh, search path for functions */
-+ "NULLCMD", /* zsh, command for null file redirection */
-+ "READNULLCMD", /* zsh, command for null file redirection */
-+ "ZDOTDIR", /* zsh, search path for dot files */
-+ "TMPPREFIX", /* zsh, prefix for temporary files */
-+ "PYTHONHOME", /* python, module search path */
-+ "PYTHONPATH", /* python, search path */
-+ "PYTHONINSPEC", /* python, allow inspection */
-+ "RUBYLIB", /* ruby, library load path */
-+ "RUBYOPT", /* ruby, extra command line options */
- NULL
- };
-