# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
-timestamp='2005-04-22'
+timestamp='2005-03-24'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# From seanf@swdc.stratus.com.
echo i860-stratus-sysv4
exit 0 ;;
- i*86:VOS:*:*)
- # From Paul.Green@stratus.com.
- echo ${UNAME_MACHINE}-stratus-vos
- exit 0 ;;
*:VOS:*:*)
# From Paul.Green@stratus.com.
echo hppa1.1-stratus-vos
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
-timestamp='2005-04-22'
+timestamp='2005-02-10'
# This file is (in principle) common to ALL GNU software.
# The presence of a machine in this file suggests that SOME GNU software
| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
| am33_2.0 \
| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \
- | bfin \
| c4x | clipper \
| d10v | d30v | dlx | dsp16xx \
| fr30 | frv \
| pyramid \
| sh | sh[1234] | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
| sh64 | sh64le \
- | sparc | sparc64 | sparc64b | sparc86x | sparclet | sparclite \
- | sparcv8 | sparcv9 | sparcv9b \
+ | sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv8 | sparcv9 | sparcv9b \
| strongarm \
| tahoe | thumb | tic4x | tic80 | tron \
| v850 | v850e \
| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
| arm-* | armbe-* | armle-* | armeb-* | armv*-* \
| avr-* \
- | bfin-* | bs2000-* \
+ | bs2000-* \
| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
| clipper-* | craynv-* | cydra-* \
| d10v-* | d30v-* | dlx-* \
| romp-* | rs6000-* \
| sh-* | sh[1234]-* | sh[23]e-* | sh[34]eb-* | shbe-* \
| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
- | sparc-* | sparc64-* | sparc64b-* | sparc86x-* | sparclet-* \
- | sparclite-* \
+ | sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \
| sparcv8-* | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
| tahoe-* | thumb-* \
| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
-sudo (1.6.8p7-1.1sarge1) stable-security; urgency=high
+sudo (1.6.8p7-1.2) stable-security; urgency=high
- * Security upload
- * Fix race condition in pathname validation [CAN-2005-1993]
- (Closes: #315115)
+ * Non-maintainer upload by the Security Team
+ * Clean SHELLOPTS and PS4 from the environment before executing programs
+ with sudo permissions [env.c, CAN-2005-2959]
- -- Jeroen van Wolffelaar <jeroen@wolffelaar.nl> Wed, 29 Jun 2005 03:36:10 +0200
+ -- Martin Schulze <joey@infodrom.org> Thu, 22 Sep 2005 23:32:53 +0200
sudo (1.6.8p7-1.1) unstable; urgency=high
static const char *initial_badenv_table[] = {
"IFS",
"CDPATH",
+ "SHELLOPTS",
+ "PS4",
"LOCALDOMAIN",
"RES_OPTIONS",
"HOSTALIASES",
/* Match against ALL ? */
if (!strcasecmp(*p,"ALL")) {
ret=1;
+ if (safe_cmnd) free (safe_cmnd);
+ safe_cmnd=estrdup(user_cmnd);
if (ldap_conf.debug>1) printf(" MATCH!\n");
continue;
}
}
$$ = TRUE;
+
+ if (safe_cmnd)
+ free(safe_cmnd);
+ safe_cmnd = estrdup(user_cmnd);
}
| ALIAS {
aliasinfo *aip;
/* Validate the user but don't search for pseudo-commands. */
validated = sudoers_lookup(pwflag);
}
- if (safe_cmnd == NULL)
- safe_cmnd = user_cmnd;
/*
* If we are using set_perms_posix() and the stay_setuid flag was not set,
exit(0);
}
+ /* This *must* have been set if we got a match but... */
+ if (safe_cmnd == NULL) {
+ log_error(MSG_ONLY,
+ "internal error, safe_cmnd never got set for %s; %s",
+ user_cmnd,
+ "please report this error at http://courtesan.com/sudo/bugs/");
+ }
+
/* Override user's umask if configured to do so. */
if (def_umask != 0777)
(void) umask(def_umask);
(statbuf.st_mode & 07777), SUDOERS_MODE);
else if (statbuf.st_uid != SUDOERS_UID)
log_error(0, "%s is owned by uid %lu, should be %lu", _PATH_SUDOERS,
- (unsigned long) statbuf.st_uid, (unsigned long) SUDOERS_UID);
+ (unsigned long) statbuf.st_uid, SUDOERS_UID);
else if (statbuf.st_gid != SUDOERS_GID)
log_error(0, "%s is owned by gid %lu, should be %lu", _PATH_SUDOERS,
- (unsigned long) statbuf.st_gid, (unsigned long) SUDOERS_GID);
+ (unsigned long) statbuf.st_gid, SUDOERS_GID);
else {
/* Solaris sometimes returns EAGAIN so try 10 times */
for (i = 0; i < 10 ; i++) {
} else if (def_targetpw) {
if (runas_pw->pw_name == NULL)
log_error(NO_MAIL|MSG_ONLY, "no passwd entry for %lu!",
- (unsigned long) runas_pw->pw_uid);
+ runas_pw->pw_uid);
pw = runas_pw;
} else
pw = sudo_user.pw;
#if __GNUC__ >= 2
__attribute__ ((unused))
#endif /* __GNUC__ >= 2 */
- = "$OpenBSD: skeleton.c,v 1.24 2005/06/10 16:40:45 pvalchev Exp $";
+ = "$OpenBSD: skeleton.c,v 1.23 2004/03/12 13:39:50 henning Exp $";
#endif
#include <stdlib.h>
#define YYBYACC 1
#endif /* HAVE_LSEARCH */
#ifndef lint
-static const char rcsid[] = "$Sudo: parse.yacc,v 1.204 2004/08/11 18:29:10 millert Exp $";
+static const char rcsid[] = "$Sudo: sudo.tab.c,v 1.76 2004/08/11 18:29:36 millert Exp $";
#endif /* lint */
/*
short *yysslim;
YYSTYPE *yyvs;
int yystacksize;
-#line 886 "parse.yacc"
+#line 890 "parse.yacc"
#define MOREALIASES (32)
aliasinfo *aliases = NULL;
}
yyval.BOOLEAN = TRUE;
+
+ if (safe_cmnd)
+ free(safe_cmnd);
+ safe_cmnd = estrdup(user_cmnd);
}
break;
case 61:
-#line 680 "parse.yacc"
+#line 684 "parse.yacc"
{
aliasinfo *aip;
}
break;
case 62:
-#line 709 "parse.yacc"
+#line 713 "parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE) {
}
break;
case 65:
-#line 740 "parse.yacc"
+#line 744 "parse.yacc"
{ push; }
break;
case 66:
-#line 740 "parse.yacc"
+#line 744 "parse.yacc"
{
if ((MATCHED(host_matches) || pedantic) &&
!add_alias(yyvsp[-3].string, HOST_ALIAS, host_matches)) {
}
break;
case 71:
-#line 758 "parse.yacc"
+#line 762 "parse.yacc"
{
push;
if (printmatches == TRUE) {
}
break;
case 72:
-#line 767 "parse.yacc"
+#line 771 "parse.yacc"
{
if ((MATCHED(cmnd_matches) || pedantic) &&
!add_alias(yyvsp[-3].string, CMND_ALIAS, cmnd_matches)) {
}
break;
case 73:
-#line 781 "parse.yacc"
+#line 785 "parse.yacc"
{ ; }
break;
case 77:
-#line 789 "parse.yacc"
+#line 793 "parse.yacc"
{
if (printmatches == TRUE) {
in_alias = TRUE;
}
break;
case 78:
-#line 797 "parse.yacc"
+#line 801 "parse.yacc"
{
if ((yyvsp[0].BOOLEAN != NOMATCH || pedantic) &&
!add_alias(yyvsp[-3].string, RUNAS_ALIAS, yyvsp[0].BOOLEAN)) {
}
break;
case 81:
-#line 814 "parse.yacc"
+#line 818 "parse.yacc"
{ push; }
break;
case 82:
-#line 814 "parse.yacc"
+#line 818 "parse.yacc"
{
if ((MATCHED(user_matches) || pedantic) &&
!add_alias(yyvsp[-3].string, USER_ALIAS, user_matches)) {
}
break;
case 85:
-#line 829 "parse.yacc"
+#line 833 "parse.yacc"
{
SETMATCH(user_matches, yyvsp[0].BOOLEAN);
}
break;
case 86:
-#line 832 "parse.yacc"
+#line 836 "parse.yacc"
{
SETNMATCH(user_matches, yyvsp[0].BOOLEAN);
}
break;
case 87:
-#line 837 "parse.yacc"
+#line 841 "parse.yacc"
{
if (userpw_matches(yyvsp[0].string, user_name, sudo_user.pw))
yyval.BOOLEAN = TRUE;
}
break;
case 88:
-#line 844 "parse.yacc"
+#line 848 "parse.yacc"
{
if (usergr_matches(yyvsp[0].string, user_name, sudo_user.pw))
yyval.BOOLEAN = TRUE;
}
break;
case 89:
-#line 851 "parse.yacc"
+#line 855 "parse.yacc"
{
if (netgr_matches(yyvsp[0].string, NULL, NULL, user_name))
yyval.BOOLEAN = TRUE;
}
break;
case 90:
-#line 858 "parse.yacc"
+#line 862 "parse.yacc"
{
aliasinfo *aip = find_alias(yyvsp[0].string, USER_ALIAS);
}
break;
case 91:
-#line 880 "parse.yacc"
+#line 884 "parse.yacc"
{
yyval.BOOLEAN = TRUE;
}
break;
-#line 1916 "sudo.tab.c"
+#line 1920 "sudo.tab.c"
}
yyssp -= yym;
yystate = *yyssp;