rpms / sudo

Clone
Source Code
GIT

Blame SOURCES/sudo-1.9.5-CVE-2021-23240-5.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   611e46d9167445d9202a4df0b60a986364457197
  2.   SOURCES
  3.   sudo-1.9.5-CVE-2021-23240-5.patch
Blob History Raw
230a1d 
diff -up ./src/copy_file.c.symbolic-link-attack-5 ./src/copy_file.c
230a1d 
--- ./src/copy_file.c.symbolic-link-attack-5	2021-02-02 17:18:05.355567274 +0100
230a1d 
+++ ./src/copy_file.c	2021-02-02 17:19:09.904671563 +0100
230a1d 
@@ -128,7 +128,6 @@ write_error:
230a1d 
     }
230a1d 
 }
230a1d
230a1d 
-#ifdef HAVE_SELINUX
230a1d 
 bool
230a1d 
 sudo_check_temp_file(int tfd, const char *tfile, uid_t uid, struct stat *sb)
230a1d 
 {
230a1d 
@@ -158,4 +157,3 @@ sudo_check_temp_file(int tfd, const char
230a1d 
     }
230a1d 
     debug_return_bool(true);
230a1d 
 }
230a1d 
-#endif /* SELINUX */
230a1d 
diff -up ./src/sudo_edit.c.symbolic-link-attack-5 ./src/sudo_edit.c
230a1d 
--- ./src/sudo_edit.c.symbolic-link-attack-5	2021-02-02 17:18:05.355567274 +0100
230a1d 
+++ ./src/sudo_edit.c	2021-02-02 17:18:05.356567260 +0100
230a1d 
@@ -692,24 +692,17 @@ sudo_edit_copy_tfiles(struct command_det
230a1d
230a1d 
     /* Copy contents of temp files to real ones. */
230a1d 
     for (i = 0; i < nfiles; i++) {
230a1d 
-	int rc = -1;
230a1d 
 	sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
230a1d 
 	    "seteuid(%u)", (unsigned int)user_details.uid);
230a1d 
 	if (seteuid(user_details.uid) != 0)
230a1d 
 	    sudo_fatal("seteuid(%u)", (unsigned int)user_details.uid);
230a1d 
 	tfd = sudo_edit_open(tf[i].tfile, O_RDONLY,
230a1d 
 	    S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH, NULL);
230a1d 
-	if (tfd != -1)
230a1d 
-	    rc = fstat(tfd, &sb);
230a1d 
-	sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
230a1d 
-	    "seteuid(%u)", ROOT_UID);
230a1d 
 	if (seteuid(ROOT_UID) != 0)
230a1d 
 	    sudo_fatal("seteuid(ROOT_UID)");
230a1d 
-	if (rc == -1 || !S_ISREG(sb.st_mode)) {
230a1d 
-	    if (rc == -1)
230a1d 
-		sudo_warn("%s", tf[i].tfile);
230a1d 
-	    else
230a1d 
-		sudo_warnx(U_("%s: not a regular file"), tf[i].tfile);
230a1d 
+	sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
230a1d 
+	    "seteuid(%u)", ROOT_UID);
230a1d 
+	if (tfd == -1 || !sudo_check_temp_file(tfd, tf[i].tfile, user_details.uid, &sb)) {
230a1d 
 	    sudo_warnx(U_("%s left unmodified"), tf[i].ofile);
230a1d 
 	    if (tfd != -1)
230a1d 
 		close(tfd);

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation