[ipfire-2.x.git] / src / patches / sudo-1.6.8p12-envvar_fix-1.patch

Submitted By: Archaic (archaic -aT- linuxfromscratch -DoT- org)
Date: 2005-01-17
Initial Package Version: 1.6.8p12
Origin: Upstream CVS
Upstream Status: In CVS
Description: (CVE-2005-4158) Sudo before 1.6.8 p12, when the Perl taint flag is
	     off, does not clear the PERLLIB, PERL5LIB, and PERL5OPT environment
	     variables, which allows limited local users to cause a Perl script
	     to include and execute arbitrary library files that have the same
             name as library files that are included by the script.
             Additionally, more variables beyond perl were added to the
             blacklist and comments were added to the variables.

diff -Naur sudo-1.6.8p12.orig/env.c sudo-1.6.8p12/env.c
--- sudo-1.6.8p12.orig/env.c	2005-11-08 18:21:33.000000000 +0000
+++ sudo-1.6.8p12/env.c	2006-01-18 00:35:17.000000000 +0000
@@ -118,18 +118,31 @@
     "USR_ACE",
     "DLC_ACE",
 #endif /* HAVE_SECURID */
-    "TERMINFO",
-    "TERMINFO_DIRS",
-    "TERMPATH",
+    "TERMINFO",			/* terminfo, exclusive path to terminfo files */
+    "TERMINFO_DIRS",		/* terminfo, path(s) to terminfo files */
+    "TERMPATH",			/* termcap, path(s) to termcap files */
     "TERMCAP",			/* XXX - only if it starts with '/' */
-    "ENV",
-    "BASH_ENV",
-    "PS4",
-    "SHELLOPTS",
-    "JAVA_TOOL_OPTIONS",
-    "PERLLIB",
-    "PERL5LIB",
-    "PERL5OPT",
+    "ENV",			/* ksh, file to source before script runs */
+    "BASH_ENV",			/* bash, file to source before script runs */
+    "PS4",			/* bash, prefix for lines in xtrace mode */
+    "GLOBIGNORE",		/* bash, globbing patterns to ignore */
+    "SHELLOPTS",		/* bash, extra command line options */
+    "JAVA_TOOL_OPTIONS",	/* java, extra command line options */
+    "PERLIO_DEBUG ",		/* perl, debugging output file */
+    "PERLLIB",			/* perl, search path for modules/includes */
+    "PERL5LIB",			/* perl 5, search path for modules/includes */
+    "PERL5OPT",			/* perl 5, extra command line options */
+    "PERL5DB",			/* perl 5, command used to load debugger */
+    "FPATH",			/* ksh, search path for functions */
+    "NULLCMD",			/* zsh, command for null file redirection */
+    "READNULLCMD",		/* zsh, command for null file redirection */
+    "ZDOTDIR",			/* zsh, search path for dot files */
+    "TMPPREFIX",		/* zsh, prefix for temporary files */
+    "PYTHONHOME",		/* python, module search path */
+    "PYTHONPATH",		/* python, search path */
+    "PYTHONINSPEC",		/* python, allow inspection */
+    "RUBYLIB",			/* ruby, library load path */
+    "RUBYOPT",			/* ruby, extra command line options */
     NULL
 };
Commit	Line	Data
c9673262 MT	1	Submitted By: Archaic (archaic -aT- linuxfromscratch -DoT- org)
	2	Date: 2005-01-17
	3	Initial Package Version: 1.6.8p12
	4	Origin: Upstream CVS
	5	Upstream Status: In CVS
	6	Description: (CVE-2005-4158) Sudo before 1.6.8 p12, when the Perl taint flag is
	7	off, does not clear the PERLLIB, PERL5LIB, and PERL5OPT environment
	8	variables, which allows limited local users to cause a Perl script
	9	to include and execute arbitrary library files that have the same
	10	name as library files that are included by the script.
	11	Additionally, more variables beyond perl were added to the
	12	blacklist and comments were added to the variables.
	13
	14	diff -Naur sudo-1.6.8p12.orig/env.c sudo-1.6.8p12/env.c
	15	--- sudo-1.6.8p12.orig/env.c 2005-11-08 18:21:33.000000000 +0000
	16	+++ sudo-1.6.8p12/env.c 2006-01-18 00:35:17.000000000 +0000
	17	@@ -118,18 +118,31 @@
	18	"USR_ACE",
	19	"DLC_ACE",
	20	#endif /* HAVE_SECURID */
	21	- "TERMINFO",
	22	- "TERMINFO_DIRS",
	23	- "TERMPATH",
	24	+ "TERMINFO", /* terminfo, exclusive path to terminfo files */
	25	+ "TERMINFO_DIRS", /* terminfo, path(s) to terminfo files */
	26	+ "TERMPATH", /* termcap, path(s) to termcap files */
	27	"TERMCAP", /* XXX - only if it starts with '/' */
	28	- "ENV",
	29	- "BASH_ENV",
	30	- "PS4",
	31	- "SHELLOPTS",
	32	- "JAVA_TOOL_OPTIONS",
	33	- "PERLLIB",
	34	- "PERL5LIB",
	35	- "PERL5OPT",
	36	+ "ENV", /* ksh, file to source before script runs */
	37	+ "BASH_ENV", /* bash, file to source before script runs */
	38	+ "PS4", /* bash, prefix for lines in xtrace mode */
	39	+ "GLOBIGNORE", /* bash, globbing patterns to ignore */
	40	+ "SHELLOPTS", /* bash, extra command line options */
	41	+ "JAVA_TOOL_OPTIONS", /* java, extra command line options */
	42	+ "PERLIO_DEBUG ", /* perl, debugging output file */
	43	+ "PERLLIB", /* perl, search path for modules/includes */
	44	+ "PERL5LIB", /* perl 5, search path for modules/includes */
	45	+ "PERL5OPT", /* perl 5, extra command line options */
	46	+ "PERL5DB", /* perl 5, command used to load debugger */
	47	+ "FPATH", /* ksh, search path for functions */
	48	+ "NULLCMD", /* zsh, command for null file redirection */
	49	+ "READNULLCMD", /* zsh, command for null file redirection */
	50	+ "ZDOTDIR", /* zsh, search path for dot files */
	51	+ "TMPPREFIX", /* zsh, prefix for temporary files */
	52	+ "PYTHONHOME", /* python, module search path */
	53	+ "PYTHONPATH", /* python, search path */
	54	+ "PYTHONINSPEC", /* python, allow inspection */
	55	+ "RUBYLIB", /* ruby, library load path */
	56	+ "RUBYOPT", /* ruby, extra command line options */
	57	NULL
	58	};
	59