|
|
a2b174 |
diff -up ./config.h.in.CVE-2019-19234 ./config.h.in
|
|
|
a2b174 |
--- ./config.h.in.CVE-2019-19234 2019-10-28 13:28:52.000000000 +0100
|
|
|
a2b174 |
+++ ./config.h.in 2020-01-14 15:53:40.506988064 +0100
|
|
|
a2b174 |
@@ -334,6 +334,9 @@
|
|
|
a2b174 |
/* Define to 1 if you have the `getuserattr' function. */
|
|
|
a2b174 |
#undef HAVE_GETUSERATTR
|
|
|
a2b174 |
|
|
|
a2b174 |
+/* Define to 1 if you have the `getusershell' function. */
|
|
|
a2b174 |
+#undef HAVE_GETUSERSHELL
|
|
|
a2b174 |
+
|
|
|
a2b174 |
/* Define to 1 if you have the `getutid' function. */
|
|
|
a2b174 |
#undef HAVE_GETUTID
|
|
|
a2b174 |
|
|
|
a2b174 |
diff -up ./configure.ac.CVE-2019-19234 ./configure.ac
|
|
|
a2b174 |
--- ./configure.ac.CVE-2019-19234 2020-01-14 15:53:40.496987995 +0100
|
|
|
a2b174 |
+++ ./configure.ac 2020-01-14 15:53:40.509988084 +0100
|
|
|
a2b174 |
@@ -2562,6 +2562,10 @@ AC_CHECK_FUNCS([getdelim], [], [
|
|
|
a2b174 |
SUDO_APPEND_COMPAT_EXP(sudo_getdelim)
|
|
|
a2b174 |
COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }getdelim_test"
|
|
|
a2b174 |
])
|
|
|
a2b174 |
+AC_CHECK_FUNCS([getusershell], [], [
|
|
|
a2b174 |
+ AC_LIBOBJ(getusershell)
|
|
|
a2b174 |
+ SUDO_APPEND_COMPAT_EXP(sudo_getusershell)
|
|
|
a2b174 |
+])
|
|
|
a2b174 |
AC_CHECK_FUNCS([reallocarray], [], [
|
|
|
a2b174 |
AC_LIBOBJ(reallocarray)
|
|
|
a2b174 |
SUDO_APPEND_COMPAT_EXP(sudo_reallocarray)
|
|
|
a2b174 |
diff -up ./configure.CVE-2019-19234 ./configure
|
|
|
a2b174 |
--- ./configure.CVE-2019-19234 2019-10-28 13:29:14.000000000 +0100
|
|
|
a2b174 |
+++ ./configure 2020-01-14 15:53:40.509988084 +0100
|
|
|
a2b174 |
@@ -19395,6 +19395,32 @@ esac
|
|
|
a2b174 |
fi
|
|
|
a2b174 |
done
|
|
|
a2b174 |
|
|
|
a2b174 |
+for ac_func in getusershell
|
|
|
a2b174 |
+do :
|
|
|
a2b174 |
+ ac_fn_c_check_func "$LINENO" "getusershell" "ac_cv_func_getusershell"
|
|
|
a2b174 |
+if test "x$ac_cv_func_getusershell" = xyes; then :
|
|
|
a2b174 |
+ cat >>confdefs.h <<_ACEOF
|
|
|
a2b174 |
+#define HAVE_GETUSERSHELL 1
|
|
|
a2b174 |
+_ACEOF
|
|
|
a2b174 |
+
|
|
|
a2b174 |
+else
|
|
|
a2b174 |
+
|
|
|
a2b174 |
+ case " $LIBOBJS " in
|
|
|
a2b174 |
+ *" getusershell.$ac_objext "* ) ;;
|
|
|
a2b174 |
+ *) LIBOBJS="$LIBOBJS getusershell.$ac_objext"
|
|
|
a2b174 |
+ ;;
|
|
|
a2b174 |
+esac
|
|
|
a2b174 |
+
|
|
|
a2b174 |
+
|
|
|
a2b174 |
+ for _sym in sudo_getusershell; do
|
|
|
a2b174 |
+ COMPAT_EXP="${COMPAT_EXP}${_sym}
|
|
|
a2b174 |
+"
|
|
|
a2b174 |
+ done
|
|
|
a2b174 |
+
|
|
|
a2b174 |
+
|
|
|
a2b174 |
+fi
|
|
|
a2b174 |
+done
|
|
|
a2b174 |
+
|
|
|
a2b174 |
for ac_func in reallocarray
|
|
|
a2b174 |
do :
|
|
|
a2b174 |
ac_fn_c_check_func "$LINENO" "reallocarray" "ac_cv_func_reallocarray"
|
|
|
a2b174 |
diff -up ./doc/sudoers.man.in.CVE-2019-19234 ./doc/sudoers.man.in
|
|
|
a2b174 |
--- ./doc/sudoers.man.in.CVE-2019-19234 2020-01-14 15:53:40.503988043 +0100
|
|
|
a2b174 |
+++ ./doc/sudoers.man.in 2020-01-14 15:53:40.510988091 +0100
|
|
|
a2b174 |
@@ -2959,6 +2959,28 @@ Older versions of
|
|
|
a2b174 |
\fBsudo\fR
|
|
|
a2b174 |
always allowed matching of unknown user and group IDs.
|
|
|
a2b174 |
.TP 18n
|
|
|
a2b174 |
+runas_check_shell
|
|
|
a2b174 |
+.br
|
|
|
a2b174 |
+If enabled,
|
|
|
a2b174 |
+\fBsudo\fR
|
|
|
a2b174 |
+will only run commands as a user whose shell appears in the
|
|
|
a2b174 |
+\fI/etc/shells\fR
|
|
|
a2b174 |
+file, even if the invoking user's
|
|
|
a2b174 |
+\fRRunas_List\fR
|
|
|
a2b174 |
+would otherwise permit it.
|
|
|
a2b174 |
+If no
|
|
|
a2b174 |
+\fI/etc/shells\fR
|
|
|
a2b174 |
+file is present, a system-dependent list of built-in default shells is used.
|
|
|
a2b174 |
+On many operating systems, system users such as
|
|
|
a2b174 |
+\(lqbin\(rq,
|
|
|
a2b174 |
+do not have a valid shell and this flag can be used to prevent
|
|
|
a2b174 |
+commands from being run as those users.
|
|
|
a2b174 |
+This flag is
|
|
|
a2b174 |
+\fIoff\fR
|
|
|
a2b174 |
+by default.
|
|
|
a2b174 |
+.sp
|
|
|
a2b174 |
+This setting is only supported by version 1.8.29 or higher.
|
|
|
a2b174 |
+.TP 18n
|
|
|
a2b174 |
runaspw
|
|
|
a2b174 |
If set,
|
|
|
a2b174 |
\fBsudo\fR
|
|
|
a2b174 |
diff -up ./doc/sudoers.mdoc.in.CVE-2019-19234 ./doc/sudoers.mdoc.in
|
|
|
a2b174 |
--- ./doc/sudoers.mdoc.in.CVE-2019-19234 2020-01-14 15:53:40.504988050 +0100
|
|
|
a2b174 |
+++ ./doc/sudoers.mdoc.in 2020-01-14 15:53:40.510988091 +0100
|
|
|
a2b174 |
@@ -2784,6 +2784,26 @@ This setting is only supported by versio
|
|
|
a2b174 |
Older versions of
|
|
|
a2b174 |
.Nm sudo
|
|
|
a2b174 |
always allowed matching of unknown user and group IDs.
|
|
|
a2b174 |
+.It runas_check_shell
|
|
|
a2b174 |
+If enabled,
|
|
|
a2b174 |
+.Nm sudo
|
|
|
a2b174 |
+will only run commands as a user whose shell appears in the
|
|
|
a2b174 |
+.Pa /etc/shells
|
|
|
a2b174 |
+file, even if the invoking user's
|
|
|
a2b174 |
+.Li Runas_List
|
|
|
a2b174 |
+would otherwise permit it.
|
|
|
a2b174 |
+If no
|
|
|
a2b174 |
+.Pa /etc/shells
|
|
|
a2b174 |
+file is present, a system-dependent list of built-in default shells is used.
|
|
|
a2b174 |
+On many operating systems, system users such as
|
|
|
a2b174 |
+.Dq bin ,
|
|
|
a2b174 |
+do not have a valid shell and this flag can be used to prevent
|
|
|
a2b174 |
+commands from being run as those users.
|
|
|
a2b174 |
+This flag is
|
|
|
a2b174 |
+.Em off
|
|
|
a2b174 |
+by default.
|
|
|
a2b174 |
+.Pp
|
|
|
a2b174 |
+This setting is only supported by version 1.8.29 or higher.
|
|
|
a2b174 |
.It runaspw
|
|
|
a2b174 |
If set,
|
|
|
a2b174 |
.Nm sudo
|
|
|
a2b174 |
diff -up ./include/sudo_compat.h.CVE-2019-19234 ./include/sudo_compat.h
|
|
|
a2b174 |
--- ./include/sudo_compat.h.CVE-2019-19234 2019-10-28 13:28:52.000000000 +0100
|
|
|
a2b174 |
+++ ./include/sudo_compat.h 2020-01-14 15:53:40.511988098 +0100
|
|
|
a2b174 |
@@ -407,6 +407,17 @@ __dso_public ssize_t sudo_getdelim(char
|
|
|
a2b174 |
# undef getdelim
|
|
|
a2b174 |
# define getdelim(_a, _b, _c, _d) sudo_getdelim((_a), (_b), (_c), (_d))
|
|
|
a2b174 |
#endif /* HAVE_GETDELIM */
|
|
|
a2b174 |
+#ifndef HAVE_GETUSERSHELL
|
|
|
a2b174 |
+__dso_public char *sudo_getusershell(void);
|
|
|
a2b174 |
+# undef getusershell
|
|
|
a2b174 |
+# define getusershell() sudo_getusershell()
|
|
|
a2b174 |
+__dso_public void sudo_setusershell(void);
|
|
|
a2b174 |
+# undef setusershell
|
|
|
a2b174 |
+# define setusershell() sudo_setusershell()
|
|
|
a2b174 |
+__dso_public void sudo_endusershell(void);
|
|
|
a2b174 |
+# undef endusershell
|
|
|
a2b174 |
+# define endusershell() sudo_endusershell()
|
|
|
a2b174 |
+#endif /* HAVE_GETUSERSHELL */
|
|
|
a2b174 |
#ifndef HAVE_UTIMENSAT
|
|
|
a2b174 |
__dso_public int sudo_utimensat(int fd, const char *file, const struct timespec *times, int flag);
|
|
|
a2b174 |
# undef utimensat
|
|
|
a2b174 |
diff -up ./lib/util/getusershell.c.CVE-2019-19234 ./lib/util/getusershell.c
|
|
|
a2b174 |
--- ./lib/util/getusershell.c.CVE-2019-19234 2020-01-14 15:53:40.511988098 +0100
|
|
|
a2b174 |
+++ ./lib/util/getusershell.c 2020-01-14 15:53:40.511988098 +0100
|
|
|
a2b174 |
@@ -0,0 +1,138 @@
|
|
|
a2b174 |
+/*
|
|
|
a2b174 |
+ * SPDX-License-Identifier: ISC
|
|
|
a2b174 |
+ *
|
|
|
a2b174 |
+ * Copyright (c) 2019 Todd C. Miller <Todd.Miller@courtesan.com>
|
|
|
a2b174 |
+ *
|
|
|
a2b174 |
+ * Permission to use, copy, modify, and distribute this software for any
|
|
|
a2b174 |
+ * purpose with or without fee is hereby granted, provided that the above
|
|
|
a2b174 |
+ * copyright notice and this permission notice appear in all copies.
|
|
|
a2b174 |
+ *
|
|
|
a2b174 |
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
|
a2b174 |
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
|
a2b174 |
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
|
|
a2b174 |
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
|
a2b174 |
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
|
|
a2b174 |
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
|
|
a2b174 |
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
|
a2b174 |
+ */
|
|
|
a2b174 |
+
|
|
|
a2b174 |
+/*
|
|
|
a2b174 |
+ * This is an open source non-commercial project. Dear PVS-Studio, please check it.
|
|
|
a2b174 |
+ * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com
|
|
|
a2b174 |
+ */
|
|
|
a2b174 |
+
|
|
|
a2b174 |
+#include <config.h>
|
|
|
a2b174 |
+
|
|
|
a2b174 |
+#include <sys/types.h>
|
|
|
a2b174 |
+
|
|
|
a2b174 |
+#include <stdio.h>
|
|
|
a2b174 |
+#include <stdlib.h>
|
|
|
a2b174 |
+#include <string.h>
|
|
|
a2b174 |
+#include <ctype.h>
|
|
|
a2b174 |
+#include <errno.h>
|
|
|
a2b174 |
+
|
|
|
a2b174 |
+#define DEFAULT_TEXT_DOMAIN "sudo"
|
|
|
a2b174 |
+#include "sudo_gettext.h" /* must be included before sudo_compat.h */
|
|
|
a2b174 |
+
|
|
|
a2b174 |
+#include "sudo_compat.h"
|
|
|
a2b174 |
+#include "sudo_debug.h"
|
|
|
a2b174 |
+#include "sudo_util.h"
|
|
|
a2b174 |
+
|
|
|
a2b174 |
+static char **allowed_shells, **current_shell;
|
|
|
a2b174 |
+static char *default_shells[] = {
|
|
|
a2b174 |
+ "/bin/sh",
|
|
|
a2b174 |
+ "/bin/ksh",
|
|
|
a2b174 |
+ "/bin/ksh93",
|
|
|
a2b174 |
+ "/bin/bash",
|
|
|
a2b174 |
+ "/bin/dash",
|
|
|
a2b174 |
+ "/bin/zsh",
|
|
|
a2b174 |
+ "/bin/csh",
|
|
|
a2b174 |
+ "/bin/tcsh",
|
|
|
a2b174 |
+ NULL
|
|
|
a2b174 |
+};
|
|
|
a2b174 |
+
|
|
|
a2b174 |
+static char **
|
|
|
a2b174 |
+read_shells(void)
|
|
|
a2b174 |
+{
|
|
|
a2b174 |
+ size_t maxshells = 16, nshells = 0;
|
|
|
a2b174 |
+ size_t linesize = 0;
|
|
|
a2b174 |
+ char *line = NULL;
|
|
|
a2b174 |
+ FILE *fp;
|
|
|
a2b174 |
+ debug_decl(read_shells, SUDO_DEBUG_UTIL)
|
|
|
a2b174 |
+
|
|
|
a2b174 |
+ if ((fp = fopen("/etc/shells", "r")) == NULL)
|
|
|
a2b174 |
+ goto bad;
|
|
|
a2b174 |
+
|
|
|
a2b174 |
+ free(allowed_shells);
|
|
|
a2b174 |
+ allowed_shells = reallocarray(NULL, maxshells, sizeof(char *));
|
|
|
a2b174 |
+ if (allowed_shells == NULL)
|
|
|
a2b174 |
+ goto bad;
|
|
|
a2b174 |
+
|
|
|
a2b174 |
+ while (sudo_parseln(&line, &linesize, NULL, fp, PARSELN_CONT_IGN) != -1) {
|
|
|
a2b174 |
+ if (nshells + 1 >= maxshells) {
|
|
|
a2b174 |
+ char **new_shells;
|
|
|
a2b174 |
+
|
|
|
a2b174 |
+ new_shells = reallocarray(NULL, maxshells + 16, sizeof(char *));
|
|
|
a2b174 |
+ if (new_shells == NULL)
|
|
|
a2b174 |
+ goto bad;
|
|
|
a2b174 |
+ allowed_shells = new_shells;
|
|
|
a2b174 |
+ maxshells += 16;
|
|
|
a2b174 |
+ }
|
|
|
a2b174 |
+ if ((allowed_shells[nshells] = strdup(line)) == NULL)
|
|
|
a2b174 |
+ goto bad;
|
|
|
a2b174 |
+ nshells++;
|
|
|
a2b174 |
+ }
|
|
|
a2b174 |
+ allowed_shells[nshells] = NULL;
|
|
|
a2b174 |
+
|
|
|
a2b174 |
+ free(line);
|
|
|
a2b174 |
+ fclose(fp);
|
|
|
a2b174 |
+ debug_return_ptr(allowed_shells);
|
|
|
a2b174 |
+bad:
|
|
|
a2b174 |
+ free(line);
|
|
|
a2b174 |
+ if (fp != NULL)
|
|
|
a2b174 |
+ fclose(fp);
|
|
|
a2b174 |
+ while (nshells != 0)
|
|
|
a2b174 |
+ free(allowed_shells[--nshells]);
|
|
|
a2b174 |
+ free(allowed_shells);
|
|
|
a2b174 |
+ allowed_shells = NULL;
|
|
|
a2b174 |
+ debug_return_ptr(default_shells);
|
|
|
a2b174 |
+}
|
|
|
a2b174 |
+
|
|
|
a2b174 |
+void
|
|
|
a2b174 |
+sudo_setusershell(void)
|
|
|
a2b174 |
+{
|
|
|
a2b174 |
+ debug_decl(setusershell, SUDO_DEBUG_UTIL)
|
|
|
a2b174 |
+
|
|
|
a2b174 |
+ current_shell = read_shells();
|
|
|
a2b174 |
+
|
|
|
a2b174 |
+ debug_return;
|
|
|
a2b174 |
+}
|
|
|
a2b174 |
+
|
|
|
a2b174 |
+void
|
|
|
a2b174 |
+sudo_endusershell(void)
|
|
|
a2b174 |
+{
|
|
|
a2b174 |
+ debug_decl(endusershell, SUDO_DEBUG_UTIL)
|
|
|
a2b174 |
+
|
|
|
a2b174 |
+ if (allowed_shells != NULL) {
|
|
|
a2b174 |
+ char **shell;
|
|
|
a2b174 |
+
|
|
|
a2b174 |
+ for (shell = allowed_shells; *shell != NULL; shell++)
|
|
|
a2b174 |
+ free(*shell);
|
|
|
a2b174 |
+ free(allowed_shells);
|
|
|
a2b174 |
+ allowed_shells = NULL;
|
|
|
a2b174 |
+ }
|
|
|
a2b174 |
+ current_shell = NULL;
|
|
|
a2b174 |
+
|
|
|
a2b174 |
+ debug_return;
|
|
|
a2b174 |
+}
|
|
|
a2b174 |
+
|
|
|
a2b174 |
+char *
|
|
|
a2b174 |
+sudo_getusershell(void)
|
|
|
a2b174 |
+{
|
|
|
a2b174 |
+ debug_decl(getusershell, SUDO_DEBUG_UTIL)
|
|
|
a2b174 |
+
|
|
|
a2b174 |
+ if (current_shell == NULL)
|
|
|
a2b174 |
+ current_shell = read_shells();
|
|
|
a2b174 |
+
|
|
|
a2b174 |
+ debug_return_str(*current_shell++);
|
|
|
a2b174 |
+}
|
|
|
a2b174 |
diff -up ./lib/util/Makefile.in.CVE-2019-19234 ./lib/util/Makefile.in
|
|
|
a2b174 |
--- ./lib/util/Makefile.in.CVE-2019-19234 2019-10-28 13:28:53.000000000 +0100
|
|
|
a2b174 |
+++ ./lib/util/Makefile.in 2020-01-14 15:53:40.511988098 +0100
|
|
|
a2b174 |
@@ -678,6 +678,18 @@ gettime.i: $(srcdir)/gettime.c $(incdir)
|
|
|
a2b174 |
$(CC) -E -o $@ $(CPPFLAGS) $<
|
|
|
a2b174 |
gettime.plog: gettime.i
|
|
|
a2b174 |
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/gettime.c --i-file $< --output-file $@
|
|
|
a2b174 |
+getusershell.lo: $(srcdir)/getusershell.c $(incdir)/compat/stdbool.h \
|
|
|
a2b174 |
+ $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
|
|
|
a2b174 |
+ $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \
|
|
|
a2b174 |
+ $(incdir)/sudo_util.h $(top_builddir)/config.h
|
|
|
a2b174 |
+ $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/getusershell.c
|
|
|
a2b174 |
+getusershell.i: $(srcdir)/getusershell.c $(incdir)/compat/stdbool.h \
|
|
|
a2b174 |
+ $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
|
|
|
a2b174 |
+ $(incdir)/sudo_gettext.h $(incdir)/sudo_queue.h \
|
|
|
a2b174 |
+ $(incdir)/sudo_util.h $(top_builddir)/config.h
|
|
|
a2b174 |
+ $(CC) -E -o $@ $(CPPFLAGS) $<
|
|
|
a2b174 |
+getusershell.plog: getusershell.i
|
|
|
a2b174 |
+ rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/getusershell.c --i-file $< --output-file $@
|
|
|
a2b174 |
gidlist.lo: $(srcdir)/gidlist.c $(incdir)/compat/stdbool.h \
|
|
|
a2b174 |
$(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
|
|
|
a2b174 |
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
|
|
|
a2b174 |
diff -up ./MANIFEST.CVE-2019-19234 ./MANIFEST
|
|
|
a2b174 |
--- ./MANIFEST.CVE-2019-19234 2019-10-28 13:28:52.000000000 +0100
|
|
|
a2b174 |
+++ ./MANIFEST 2020-01-14 15:53:40.506988064 +0100
|
|
|
a2b174 |
@@ -103,6 +103,7 @@ lib/util/getgrouplist.c
|
|
|
a2b174 |
lib/util/gethostname.c
|
|
|
a2b174 |
lib/util/getopt_long.c
|
|
|
a2b174 |
lib/util/gettime.c
|
|
|
a2b174 |
+lib/util/getusershell.c
|
|
|
a2b174 |
lib/util/gidlist.c
|
|
|
a2b174 |
lib/util/glob.c
|
|
|
a2b174 |
lib/util/inet_ntop.c
|
|
|
a2b174 |
diff -up ./mkdep.pl.CVE-2019-19234 ./mkdep.pl
|
|
|
a2b174 |
--- ./mkdep.pl.CVE-2019-19234 2019-10-28 13:28:52.000000000 +0100
|
|
|
a2b174 |
+++ ./mkdep.pl 2020-01-14 15:53:40.511988098 +0100
|
|
|
a2b174 |
@@ -116,7 +116,7 @@ sub mkdep {
|
|
|
a2b174 |
# XXX - fill in AUTH_OBJS from contents of the auth dir instead
|
|
|
a2b174 |
$makefile =~ s:\@AUTH_OBJS\@:afs.lo aix_auth.lo bsdauth.lo dce.lo fwtk.lo getspwuid.lo kerb5.lo pam.lo passwd.lo rfc1938.lo secureware.lo securid5.lo sia.lo:;
|
|
|
a2b174 |
$makefile =~ s:\@DIGEST\@:digest.lo digest_openssl.lo digest_gcrypt.lo:;
|
|
|
a2b174 |
- $makefile =~ s:\@LTLIBOBJS\@:arc4random.lo arc4random_uniform.lo closefrom.lo fnmatch.lo getaddrinfo.lo getcwd.lo getentropy.lo getgrouplist.lo getdelim.lo getopt_long.lo glob.lo inet_ntop_lo inet_pton.lo isblank.lo memrchr.lo memset_s.lo mksiglist.lo mksigname.lo mktemp.lo nanosleep.lo pw_dup.lo reallocarray.lo sha2.lo sig2str.lo siglist.lo signame.lo snprintf.lo str2sig.lo strlcat.lo strlcpy.lo strndup.lo strnlen.lo strsignal.lo utimens.lo vsyslog.lo pipe2.lo:;
|
|
|
a2b174 |
+ $makefile =~ s:\@LTLIBOBJS\@:arc4random.lo arc4random_uniform.lo closefrom.lo fnmatch.lo getaddrinfo.lo getcwd.lo getentropy.lo getgrouplist.lo getdelim.lo getopt_long.lo getusershell.lo glob.lo inet_ntop_lo inet_pton.lo isblank.lo memrchr.lo memset_s.lo mksiglist.lo mksigname.lo mktemp.lo nanosleep.lo pw_dup.lo reallocarray.lo sha2.lo sig2str.lo siglist.lo signame.lo snprintf.lo str2sig.lo strlcat.lo strlcpy.lo strndup.lo strnlen.lo strsignal.lo utimens.lo vsyslog.lo pipe2.lo:;
|
|
|
a2b174 |
|
|
|
a2b174 |
# Parse OBJS lines
|
|
|
a2b174 |
my %objs;
|
|
|
a2b174 |
diff -up ./plugins/sudoers/check.c.CVE-2019-19234 ./plugins/sudoers/check.c
|
|
|
a2b174 |
--- ./plugins/sudoers/check.c.CVE-2019-19234 2019-10-28 13:27:45.000000000 +0100
|
|
|
a2b174 |
+++ ./plugins/sudoers/check.c 2020-01-14 15:53:40.511988098 +0100
|
|
|
a2b174 |
@@ -333,3 +333,28 @@ get_authpw(int mode)
|
|
|
a2b174 |
|
|
|
a2b174 |
debug_return_ptr(pw);
|
|
|
a2b174 |
}
|
|
|
a2b174 |
+
|
|
|
a2b174 |
+/*
|
|
|
a2b174 |
+ * Returns true if the specified shell is allowed by /etc/shells, else false.
|
|
|
a2b174 |
+ */
|
|
|
a2b174 |
+bool
|
|
|
a2b174 |
+check_user_shell(const struct passwd *pw)
|
|
|
a2b174 |
+{
|
|
|
a2b174 |
+ const char *shell;
|
|
|
a2b174 |
+ debug_decl(check_user_shell, SUDOERS_DEBUG_AUTH)
|
|
|
a2b174 |
+
|
|
|
a2b174 |
+ if (!def_runas_check_shell)
|
|
|
a2b174 |
+ debug_return_bool(true);
|
|
|
a2b174 |
+
|
|
|
a2b174 |
+ sudo_debug_printf(SUDO_DEBUG_INFO,
|
|
|
a2b174 |
+ "%s: checking /etc/shells for %s", __func__, pw->pw_shell);
|
|
|
a2b174 |
+
|
|
|
a2b174 |
+ setusershell();
|
|
|
a2b174 |
+ while ((shell = getusershell()) != NULL) {
|
|
|
a2b174 |
+ if (strcmp(shell, pw->pw_shell) == 0)
|
|
|
a2b174 |
+ debug_return_bool(true);
|
|
|
a2b174 |
+ }
|
|
|
a2b174 |
+ endusershell();
|
|
|
a2b174 |
+
|
|
|
a2b174 |
+ debug_return_bool(false);
|
|
|
a2b174 |
+}
|
|
|
a2b174 |
diff -up ./plugins/sudoers/def_data.c.CVE-2019-19234 ./plugins/sudoers/def_data.c
|
|
|
a2b174 |
--- ./plugins/sudoers/def_data.c.CVE-2019-19234 2020-01-14 15:53:40.504988050 +0100
|
|
|
a2b174 |
+++ ./plugins/sudoers/def_data.c 2020-01-14 15:53:40.511988098 +0100
|
|
|
a2b174 |
@@ -518,6 +518,10 @@ struct sudo_defs_types sudo_defs_table[]
|
|
|
a2b174 |
N_("Allow the use of unknown runas user and/or group ID"),
|
|
|
a2b174 |
NULL,
|
|
|
a2b174 |
}, {
|
|
|
a2b174 |
+ "runas_check_shell", T_FLAG,
|
|
|
a2b174 |
+ N_("Only permit running commands as a user with a valid shell"),
|
|
|
a2b174 |
+ NULL,
|
|
|
a2b174 |
+ }, {
|
|
|
a2b174 |
NULL, 0, NULL
|
|
|
a2b174 |
}
|
|
|
a2b174 |
};
|
|
|
a2b174 |
diff -up ./plugins/sudoers/def_data.h.CVE-2019-19234 ./plugins/sudoers/def_data.h
|
|
|
a2b174 |
--- ./plugins/sudoers/def_data.h.CVE-2019-19234 2020-01-14 15:53:40.512988105 +0100
|
|
|
a2b174 |
+++ ./plugins/sudoers/def_data.h 2020-01-14 15:58:06.927808982 +0100
|
|
|
a2b174 |
@@ -238,6 +238,8 @@
|
|
|
a2b174 |
#define def_cmnd_no_wait (sudo_defs_table[I_CMND_NO_WAIT].sd_un.flag)
|
|
|
a2b174 |
#define I_RUNAS_ALLOW_UNKNOWN_ID 119
|
|
|
a2b174 |
#define def_runas_allow_unknown_id (sudo_defs_table[I_RUNAS_ALLOW_UNKNOWN_ID].sd_un.flag)
|
|
|
a2b174 |
+#define I_RUNAS_CHECK_SHELL 120
|
|
|
a2b174 |
+#define def_runas_check_shell (sudo_defs_table[I_RUNAS_CHECK_SHELL].sd_un.flag)
|
|
|
a2b174 |
|
|
|
a2b174 |
enum def_tuple {
|
|
|
a2b174 |
never,
|
|
|
a2b174 |
diff -up ./plugins/sudoers/def_data.in.CVE-2019-19234 ./plugins/sudoers/def_data.in
|
|
|
a2b174 |
--- ./plugins/sudoers/def_data.in.CVE-2019-19234 2020-01-14 15:53:40.505988057 +0100
|
|
|
a2b174 |
+++ ./plugins/sudoers/def_data.in 2020-01-14 15:53:40.512988105 +0100
|
|
|
a2b174 |
@@ -375,3 +375,7 @@ cmnd_no_wait
|
|
|
a2b174 |
runas_allow_unknown_id
|
|
|
a2b174 |
T_FLAG
|
|
|
a2b174 |
"Allow the use of unknown runas user and/or group ID"
|
|
|
a2b174 |
+runas_check_shell
|
|
|
a2b174 |
+ T_FLAG
|
|
|
a2b174 |
+ "Only permit running commands as a user with a valid shell"
|
|
|
a2b174 |
+
|
|
|
a2b174 |
diff -up ./plugins/sudoers/sudoers.c.CVE-2019-19234 ./plugins/sudoers/sudoers.c
|
|
|
a2b174 |
--- ./plugins/sudoers/sudoers.c.CVE-2019-19234 2020-01-14 15:53:40.505988057 +0100
|
|
|
a2b174 |
+++ ./plugins/sudoers/sudoers.c 2020-01-14 15:53:40.512988105 +0100
|
|
|
a2b174 |
@@ -273,7 +273,7 @@ sudoers_policy_main(int argc, char * con
|
|
|
a2b174 |
/* Not an audit event. */
|
|
|
a2b174 |
sudo_warnx(U_("sudoers specifies that root is not allowed to sudo"));
|
|
|
a2b174 |
goto bad;
|
|
|
a2b174 |
- }
|
|
|
a2b174 |
+ }
|
|
|
a2b174 |
|
|
|
a2b174 |
if (!set_perms(PERM_INITIAL))
|
|
|
a2b174 |
goto bad;
|
|
|
a2b174 |
@@ -412,6 +412,13 @@ sudoers_policy_main(int argc, char * con
|
|
|
a2b174 |
goto bad;
|
|
|
a2b174 |
}
|
|
|
a2b174 |
|
|
|
a2b174 |
+ /* Check runas user's shell. */
|
|
|
a2b174 |
+ if (!check_user_shell(runas_pw)) {
|
|
|
a2b174 |
+ log_warningx(SLOG_RAW_MSG, N_("invalid shell for user %s: %s"),
|
|
|
a2b174 |
+ runas_pw->pw_name, runas_pw->pw_shell);
|
|
|
a2b174 |
+ goto bad;
|
|
|
a2b174 |
+ }
|
|
|
a2b174 |
+
|
|
|
a2b174 |
/*
|
|
|
a2b174 |
* We don't reset the environment for sudoedit or if the user
|
|
|
a2b174 |
* specified the -E command line flag and they have setenv privs.
|
|
|
a2b174 |
diff -up ./plugins/sudoers/sudoers.h.CVE-2019-19234 ./plugins/sudoers/sudoers.h
|
|
|
a2b174 |
--- ./plugins/sudoers/sudoers.h.CVE-2019-19234 2020-01-14 15:53:40.502988036 +0100
|
|
|
a2b174 |
+++ ./plugins/sudoers/sudoers.h 2020-01-14 15:53:40.512988105 +0100
|
|
|
a2b174 |
@@ -264,6 +264,7 @@ int find_path(const char *infile, char *
|
|
|
a2b174 |
|
|
|
a2b174 |
/* check.c */
|
|
|
a2b174 |
int check_user(int validate, int mode);
|
|
|
a2b174 |
+bool check_user_shell(const struct passwd *pw);
|
|
|
a2b174 |
bool user_is_exempt(void);
|
|
|
a2b174 |
|
|
|
a2b174 |
/* prompt.c */
|