]> git.ipfire.org Git - ipfire-2.x.git/blobdiff - src/patches/sudo-1.6.8p12-envvar_fix-1.patch
projects / ipfire-2.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
HinzugefĆ¼gt:
[ipfire-2.x.git] / src / patches / sudo-1.6.8p12-envvar_fix-1.patch
diff --git a/src/patches/sudo-1.6.8p12-envvar_fix-1.patch b/src/patches/sudo-1.6.8p12-envvar_fix-1.patch
new file mode 100644 (file)
index 0000000..5bb4db2
--- /dev/null
+++ b/src/patches/sudo-1.6.8p12-envvar_fix-1.patch
@@ -0,0 +1,59 @@
+Submitted By: Archaic (archaic -aT- linuxfromscratch -DoT- org)
+Date: 2005-01-17
+Initial Package Version: 1.6.8p12
+Origin: Upstream CVS
+Upstream Status: In CVS
+Description: (CVE-2005-4158) Sudo before 1.6.8 p12, when the Perl taint flag is
+            off, does not clear the PERLLIB, PERL5LIB, and PERL5OPT environment
+            variables, which allows limited local users to cause a Perl script
+            to include and execute arbitrary library files that have the same
+             name as library files that are included by the script.
+             Additionally, more variables beyond perl were added to the
+             blacklist and comments were added to the variables.
+
+diff -Naur sudo-1.6.8p12.orig/env.c sudo-1.6.8p12/env.c
+--- sudo-1.6.8p12.orig/env.c   2005-11-08 18:21:33.000000000 +0000
++++ sudo-1.6.8p12/env.c        2006-01-18 00:35:17.000000000 +0000
+@@ -118,18 +118,31 @@
+     "USR_ACE",
+     "DLC_ACE",
+ #endif /* HAVE_SECURID */
+-    "TERMINFO",
+-    "TERMINFO_DIRS",
+-    "TERMPATH",
++    "TERMINFO",                       /* terminfo, exclusive path to terminfo files */
++    "TERMINFO_DIRS",          /* terminfo, path(s) to terminfo files */
++    "TERMPATH",                       /* termcap, path(s) to termcap files */
+     "TERMCAP",                        /* XXX - only if it starts with '/' */
+-    "ENV",
+-    "BASH_ENV",
+-    "PS4",
+-    "SHELLOPTS",
+-    "JAVA_TOOL_OPTIONS",
+-    "PERLLIB",
+-    "PERL5LIB",
+-    "PERL5OPT",
++    "ENV",                    /* ksh, file to source before script runs */
++    "BASH_ENV",                       /* bash, file to source before script runs */
++    "PS4",                    /* bash, prefix for lines in xtrace mode */
++    "GLOBIGNORE",             /* bash, globbing patterns to ignore */
++    "SHELLOPTS",              /* bash, extra command line options */
++    "JAVA_TOOL_OPTIONS",      /* java, extra command line options */
++    "PERLIO_DEBUG ",          /* perl, debugging output file */
++    "PERLLIB",                        /* perl, search path for modules/includes */
++    "PERL5LIB",                       /* perl 5, search path for modules/includes */
++    "PERL5OPT",                       /* perl 5, extra command line options */
++    "PERL5DB",                        /* perl 5, command used to load debugger */
++    "FPATH",                  /* ksh, search path for functions */
++    "NULLCMD",                        /* zsh, command for null file redirection */
++    "READNULLCMD",            /* zsh, command for null file redirection */
++    "ZDOTDIR",                        /* zsh, search path for dot files */
++    "TMPPREFIX",              /* zsh, prefix for temporary files */
++    "PYTHONHOME",             /* python, module search path */
++    "PYTHONPATH",             /* python, search path */
++    "PYTHONINSPEC",           /* python, allow inspection */
++    "RUBYLIB",                        /* ruby, library load path */
++    "RUBYOPT",                        /* ruby, extra command line options */
+     NULL
+ };
IPFire 2.x development tree