src/patches/sudo-1.6.8p12-envvar_fix-1.patch

   1 Submitted By: Archaic (archaic -aT- linuxfromscratch -DoT- org)
   2 Date: 2005-01-17
   3 Initial Package Version: 1.6.8p12
   4 Origin: Upstream CVS
   5 Upstream Status: In CVS
   6 Description: (CVE-2005-4158) Sudo before 1.6.8 p12, when the Perl taint flag is
   7              off, does not clear the PERLLIB, PERL5LIB, and PERL5OPT environment
   8              variables, which allows limited local users to cause a Perl script
   9              to include and execute arbitrary library files that have the same
  10              name as library files that are included by the script.
  11              Additionally, more variables beyond perl were added to the
  12              blacklist and comments were added to the variables.
  13
  14 diff -Naur sudo-1.6.8p12.orig/env.c sudo-1.6.8p12/env.c
  15 --- sudo-1.6.8p12.orig/env.c    2005-11-08 18:21:33.000000000 +0000
  16 +++ sudo-1.6.8p12/env.c 2006-01-18 00:35:17.000000000 +0000
  17 @@ -118,18 +118,31 @@
  18      "USR_ACE",
  19      "DLC_ACE",
  20  #endif /* HAVE_SECURID */
  21 -    "TERMINFO",
  22 -    "TERMINFO_DIRS",
  23 -    "TERMPATH",
  24 +    "TERMINFO",                        /* terminfo, exclusive path to terminfo files */
  25 +    "TERMINFO_DIRS",           /* terminfo, path(s) to terminfo files */
  26 +    "TERMPATH",                        /* termcap, path(s) to termcap files */
  27      "TERMCAP",                 /* XXX - only if it starts with '/' */
  28 -    "ENV",
  29 -    "BASH_ENV",
  30 -    "PS4",
  31 -    "SHELLOPTS",
  32 -    "JAVA_TOOL_OPTIONS",
  33 -    "PERLLIB",
  34 -    "PERL5LIB",
  35 -    "PERL5OPT",
  36 +    "ENV",                     /* ksh, file to source before script runs */
  37 +    "BASH_ENV",                        /* bash, file to source before script runs */
  38 +    "PS4",                     /* bash, prefix for lines in xtrace mode */
  39 +    "GLOBIGNORE",              /* bash, globbing patterns to ignore */
  40 +    "SHELLOPTS",               /* bash, extra command line options */
  41 +    "JAVA_TOOL_OPTIONS",       /* java, extra command line options */
  42 +    "PERLIO_DEBUG ",           /* perl, debugging output file */
  43 +    "PERLLIB",                 /* perl, search path for modules/includes */
  44 +    "PERL5LIB",                        /* perl 5, search path for modules/includes */
  45 +    "PERL5OPT",                        /* perl 5, extra command line options */
  46 +    "PERL5DB",                 /* perl 5, command used to load debugger */
  47 +    "FPATH",                   /* ksh, search path for functions */
  48 +    "NULLCMD",                 /* zsh, command for null file redirection */
  49 +    "READNULLCMD",             /* zsh, command for null file redirection */
  50 +    "ZDOTDIR",                 /* zsh, search path for dot files */
  51 +    "TMPPREFIX",               /* zsh, prefix for temporary files */
  52 +    "PYTHONHOME",              /* python, module search path */
  53 +    "PYTHONPATH",              /* python, search path */
  54 +    "PYTHONINSPEC",            /* python, allow inspection */
  55 +    "RUBYLIB",                 /* ruby, library load path */
  56 +    "RUBYOPT",                 /* ruby, extra command line options */
  57      NULL
  58  };
  59