From: Bdale Garbee Date: Thu, 11 Mar 2010 19:46:25 +0000 (-0700) Subject: more work moving to quilt for patch management X-Git-Tag: debian/1.7.2p5-1~5 X-Git-Url: https://git.gag.com/?a=commitdiff_plain;h=5d1cdf83dd9f20f98a294efaa9b54a0b9458f05c;p=debian%2Fsudo more work moving to quilt for patch management --- diff --git a/.gbp.conf b/.gbp.conf deleted file mode 100644 index 9510689..0000000 --- a/.gbp.conf +++ /dev/null @@ -1,46 +0,0 @@ -# Configuration file for git-buildpackage and friends - -[DEFAULT] -# the default build command: -#builder = debuild -i\.git/ -I.git -# the default clean command: -#cleaner = debuild clean -# the default branch for upstream sources: -upstream-branch = upstream -# the default branch for the debian patch: -debian-branch = master -# the default tag formats used: -#upstream-tag = upstream/%(version)s -#debian-tag = debian/%(version)s -# use pristine-tar: -pristine-tar = True - -# Options only affecting git-buildpackage -[git-buildpackage] -#upstream-branch = dfsgclean -# uncomment this to automatically GPG sign tags -#sign-tags = True -# keyid to GPG sign tags with -#keyid = 0xdeadbeef -# push to a remote repository after a successful tag: -posttag = git push --mirror -# use this for more svn-buildpackage like behaviour: -export-dir = ../build-area/sudo/ -#tarball-dir = ../tarballs/ - -# Options only affecting git-import-orig -[git-import-orig] -#upstream-branch = newupstream -#debian-branch = dfsgclean -#filter = .svn - -# Options only affecting git-import-dsc -[git-import-dsc] -#upstream-branch = svn-upstream -#filter = [ 'CVS', '.cvsignore' ] - -# Options only affecting git-dch -[git-dch] -#git-log = --no-merges -#snapshot-number = snapshot + 1 - diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 0000000..9510689 --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,46 @@ +# Configuration file for git-buildpackage and friends + +[DEFAULT] +# the default build command: +#builder = debuild -i\.git/ -I.git +# the default clean command: +#cleaner = debuild clean +# the default branch for upstream sources: +upstream-branch = upstream +# the default branch for the debian patch: +debian-branch = master +# the default tag formats used: +#upstream-tag = upstream/%(version)s +#debian-tag = debian/%(version)s +# use pristine-tar: +pristine-tar = True + +# Options only affecting git-buildpackage +[git-buildpackage] +#upstream-branch = dfsgclean +# uncomment this to automatically GPG sign tags +#sign-tags = True +# keyid to GPG sign tags with +#keyid = 0xdeadbeef +# push to a remote repository after a successful tag: +posttag = git push --mirror +# use this for more svn-buildpackage like behaviour: +export-dir = ../build-area/sudo/ +#tarball-dir = ../tarballs/ + +# Options only affecting git-import-orig +[git-import-orig] +#upstream-branch = newupstream +#debian-branch = dfsgclean +#filter = .svn + +# Options only affecting git-import-dsc +[git-import-dsc] +#upstream-branch = svn-upstream +#filter = [ 'CVS', '.cvsignore' ] + +# Options only affecting git-dch +[git-dch] +#git-log = --no-merges +#snapshot-number = snapshot + 1 + diff --git a/debian/patches/env.c-safety.diff b/debian/patches/env.c-safety.diff index 6a6467d..8531e9a 100644 --- a/debian/patches/env.c-safety.diff +++ b/debian/patches/env.c-safety.diff @@ -27,3 +27,55 @@ /* For SUDO_PS1 -> PS1 conversion. */ if (strncmp(*ep, "SUDO_PS1=", 8) == 0) ps1 = *ep + 5; +--- tmp/sudoers.pod 2010-03-11 12:28:58.000000000 -0700 ++++ sudo/sudoers.pod 2010-03-11 12:29:58.000000000 -0700 +@@ -1227,6 +1227,9 @@ + + =item env_delete + ++Not effective due to security issues: only variables listed in ++I or I can be passed through B! ++ + Environment variables to be removed from the user's environment + when the I option is not in effect. The argument may + be a double-quoted, space-separated list or a single value without +@@ -1240,8 +1243,8 @@ + + =item env_keep + +-Environment variables to be preserved in the user's environment +-when the I option is in effect. This allows fine-grained ++Environment variables to be preserved in the user's environment. ++This allows fine-grained + control over the environment B-spawned processes will receive. + The argument may be a double-quoted, space-separated list or a + single value without double-quotes. The list can be replaced, added +@@ -1280,8 +1283,14 @@ + =head1 EXAMPLES + + Below are example I entries. Admittedly, some of +-these are a bit contrived. First, we define our I: ++these are a bit contrived. First, we allow a few environment ++variables to pass and then define our I: + ++ # Run X applications through sudo; HOME is used to find .Xauthority file ++ # Note that some programs may use HOME for other purposes too and ++ # this may lead to privilege escalation! ++ Defaults env_keep = "DISPLAY HOME" ++ + # User alias specification + User_Alias FULLTIMERS = millert, mikef, dowdy + User_Alias PARTTIMERS = bostley, jwfox, crawl +--- /home/bdale/Desktop/sudo-1.7.2p1/sudo.pod 2009-06-15 15:19:47.000000000 -0600 ++++ sudo/sudo.pod 2009-11-20 07:31:58.000000000 -0700 +@@ -452,8 +452,8 @@ + To prevent command spoofing, B checks "." and "" (both denoting + current directory) last when searching for a command in the user's + PATH (if one or both are in the PATH). Note, however, that the +-actual C environment variable is I modified and is passed +-unchanged to the program that B executes. ++C environment variable is further modified in Debian because of ++the use of the I build option. + + B will check the ownership of its timestamp directory + (F<@timedir@> by default) and ignore the directory's contents if diff --git a/debian/patches/series b/debian/patches/series index 264a255..08d2543 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -2,3 +2,6 @@ makefile-strip.diff sudo-1.7.2p1-visudo-manpage-fix.diff typo-in-classic-insults.diff env.c-safety.diff +paths-in-samples.diff +sudoers.pod.diff +sudo.pod.diff diff --git a/debian/patches/sudo.pod.diff b/debian/patches/sudo.pod.diff index 0b2d38c..2d34627 100644 --- a/debian/patches/sudo.pod.diff +++ b/debian/patches/sudo.pod.diff @@ -1,16 +1,5 @@ --- /home/bdale/Desktop/sudo-1.7.2p1/sudo.pod 2009-06-15 15:19:47.000000000 -0600 +++ sudo/sudo.pod 2009-11-20 07:31:58.000000000 -0700 -@@ -452,8 +452,8 @@ - To prevent command spoofing, B checks "." and "" (both denoting - current directory) last when searching for a command in the user's - PATH (if one or both are in the PATH). Note, however, that the --actual C environment variable is I modified and is passed --unchanged to the program that B executes. -+C environment variable is further modified in Debian because of -+the use of the I build option. - - B will check the ownership of its timestamp directory - (F<@timedir@> by default) and ignore the directory's contents if @@ -616,6 +616,10 @@ L, L, L, L diff --git a/debian/patches/sudoers.pod.diff b/debian/patches/sudoers.pod.diff index b780785..281c711 100644 --- a/debian/patches/sudoers.pod.diff +++ b/debian/patches/sudoers.pod.diff @@ -1,5 +1,5 @@ ---- /home/bdale/Desktop/sudo-1.7.2p1/sudoers.pod 2009-06-30 06:41:09.000000000 -0600 -+++ sudo/sudoers.pod 2009-11-20 07:31:58.000000000 -0700 +--- tmp/sudoers.pod 2010-03-11 12:28:58.000000000 -0700 ++++ sudo/sudoers.pod 2010-03-11 12:29:58.000000000 -0700 @@ -93,7 +93,7 @@ Cmnd_Alias ::= NAME '=' Cmnd_List @@ -8,50 +8,12 @@ + NAME ::= [A-Z]([a-z][A-Z][0-9]_)* Each I definition is of the form - -@@ -565,7 +565,7 @@ - - =over 16 - --=item always_set_home -+=item mail_badpass - - If set, B will set the C environment variable to the home - directory of the target user (which is root unless the B<-u> option is used). -@@ -1227,6 +1227,9 @@ - - =item env_delete - -+Not effective due to security issues: only variables listed in -+I or I can be passed through B! -+ - Environment variables to be removed from the user's environment - when the I option is not in effect. The argument may - be a double-quoted, space-separated list or a single value without -@@ -1240,8 +1243,8 @@ - - =item env_keep - --Environment variables to be preserved in the user's environment --when the I option is in effect. This allows fine-grained -+Environment variables to be preserved in the user's environment. -+This allows fine-grained - control over the environment B-spawned processes will receive. - The argument may be a double-quoted, space-separated list or a - single value without double-quotes. The list can be replaced, added -@@ -1282,6 +1285,15 @@ - Below are example I entries. Admittedly, some of - these are a bit contrived. First, we define our I: - -+Below are example I entries. Admittedly, some of -+these are a bit contrived. First, we allow a few environment -+variables to pass and then define our I: -+ -+ # Run X applications through sudo; HOME is used to find .Xauthority file -+ # Note that some programs may use HOME for other purposes too and -+ # this may lead to privilege escalation! -+ Defaults env_keep = "DISPLAY HOME" -+ - # User alias specification - User_Alias FULLTIMERS = millert, mikef, dowdy - User_Alias PARTTIMERS = bostley, jwfox, crawl +@@ -747,7 +747,7 @@ + If set, root is allowed to run B too. Disabling this prevents users + from "chaining" B commands to get a root shell by doing something + like C<"sudo sudo /bin/sh">. Note, however, that turning off I +-will also prevent root and from running B. ++will also prevent root from running B. + Disabling I provides no real additional security; it + exists purely for historical reasons. + This flag is I<@root_sudo@> by default. diff --git a/sudo.c b/sudo.c index 4ee0c4c..27af77a 100644 --- a/sudo.c +++ b/sudo.c @@ -628,7 +628,6 @@ init_vars(sudo_mode, envp) * "host" is the (possibly fully-qualified) hostname and * "shost" is the unqualified form of the hostname. */ - sudo_user.host_fqdn_queried = FALSE; nohostname = gethostname(thost, sizeof(thost)); if (nohostname) user_host = user_shost = "localhost"; @@ -639,7 +638,13 @@ init_vars(sudo_mode, envp) /* Defer call to set_fqdn() until log_error() is safe. */ user_shost = user_host; } else { - user_shost = user_host; + if ((p = strchr(user_host, '.'))) { + *p = '\0'; + user_shost = estrdup(user_host); + *p = '.'; + } else { + user_shost = user_host; + } } } @@ -1364,7 +1369,6 @@ set_fqdn() } else { user_shost = user_host; } - sudo_user.host_fqdn_queried = TRUE; } /* diff --git a/sudo.h b/sudo.h index 8fa7699..afb4e4e 100644 --- a/sudo.h +++ b/sudo.h @@ -47,8 +47,6 @@ struct sudo_user { char *ttypath; char *host; char *shost; - int host_fqdn_queried; - char **runas; char *prompt; char *cmnd; char *cmnd_args; diff --git a/sudoers.man.in b/sudoers.man.in index 9d4f010..b56b1c4 100644 --- a/sudoers.man.in +++ b/sudoers.man.in @@ -856,7 +856,7 @@ This flag is \fIoff\fR by default. If set, root is allowed to run \fBsudo\fR too. Disabling this prevents users from \*(L"chaining\*(R" \fBsudo\fR commands to get a root shell by doing something like \f(CW"sudo sudo /bin/sh"\fR. Note, however, that turning off \fIroot_sudo\fR -will also prevent root from running \fBsudoedit\fR. +will also prevent root and from running \fBsudoedit\fR. Disabling \fIroot_sudo\fR provides no real additional security; it exists purely for historical reasons. This flag is \fI@root_sudo@\fR by default. diff --git a/sudoers.pod b/sudoers.pod index bbc2264..47acc3a 100644 --- a/sudoers.pod +++ b/sudoers.pod @@ -747,7 +747,7 @@ This flag is I by default. If set, root is allowed to run B too. Disabling this prevents users from "chaining" B commands to get a root shell by doing something like C<"sudo sudo /bin/sh">. Note, however, that turning off I -will also prevent root and from running B. +will also prevent root from running B. Disabling I provides no real additional security; it exists purely for historical reasons. This flag is I<@root_sudo@> by default.