From: Martin Schulze <joey@infodrom.org>
Date: Mon, 20 Mar 2006 21:56:30 +0000 (+0100)
Subject: Imported Debian patch 1.6.8p7-1.4
X-Git-Tag: debian/1.6.8p7-1.4^0
X-Git-Url: https://git.gag.com/?a=commitdiff_plain;h=d1a119ed0be74c7354c99adb432ccc7de5e44ba7;p=debian%2Fsudo

Imported Debian patch 1.6.8p7-1.4
---

diff --git a/debian/README.Debian b/debian/README.Debian
new file mode 100644
index 0000000..8da7c94
--- /dev/null
+++ b/debian/README.Debian
@@ -0,0 +1,19 @@
+The version of sudo that ships with Debian by default resets the
+environment, as described by the "env_reset" flag in the sudoers file.
+
+This implies that all environment variables are removed, except for
+HOME, LOGNAME, PATH, SHELL, TERM, DISPLAY, XAUTHORITY, XAUTHORIZATION,
+LANG, LANGUAGE, LC_*, and USER.
+
+In case you want sudo to preserve more environment variables, you must
+specify the env_keep variable in the sudoers file. You should edit the
+sudoers file using the visudo tool.
+
+Examples:
+Preserve the default variables plus the EDITOR variable:
+
+    Defaults env_keep+="EDITOR"
+
+Preserve the default variables plus all variables starting with LC_:
+
+    Defaults env_keep+="LC_*"
diff --git a/debian/changelog b/debian/changelog
index 85c8525..751c8d1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,18 @@
+sudo (1.6.8p7-1.4) stable-security; urgency=medium
+
+  * Non-maintainer upload by the Security Team
+  * Reworked the former patch to limit environment variables from being
+    passed through, set env_reset as default instead [sudo.c, env.c,
+    sudoers.pod, Bug#342948, CVE-2005-4158]
+  * env_reset is now set by default
+  * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
+    DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
+    (in addition to the SUDO_* variables)
+  * Rebuild sudoers.man.in from the POD file
+  * Added README.Debian
+
+ -- Martin Schulze <joey@infodrom.org>  Mon, 20 Mar 2006 22:56:30 +0100
+
 sudo (1.6.8p7-1.3) stable-security; urgency=high
 
   * Non-maintainer upload by the Security Team
diff --git a/debian/rules b/debian/rules
index 50b19eb..f211075 100755
--- a/debian/rules
+++ b/debian/rules
@@ -26,6 +26,8 @@ build-stamp:
 		--with-sendmail=/usr/sbin/sendmail \
 		--with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin"
 
+	-rm -f sudoers.man.in sudoers.man
+	make sudoers.man.in sudoers.man
 	-$(MAKE)
 
 	touch build-stamp
diff --git a/env.c b/env.c
index 9ef28c8..b30b843 100644
--- a/env.c
+++ b/env.c
@@ -363,6 +363,14 @@ rebuild_env(envp, sudo_mode, noexec)
 		}
 	    }
 
+	    if (!strncmp (*ep, "DISPLAY=",8)
+		|| !strncmp (*ep, "XAUTHORITY=", 11)
+		|| !strncmp (*ep, "XAUTHORIZATION=", 15)
+		|| !strncmp (*ep, "LANG=", 5)
+		|| !strncmp (*ep, "LANGUAGE=", 9)
+		|| !strncmp (*ep, "LC_", 3))
+	      keepit = 1;
+
 	    /* For SUDO_PS1 -> PS1 conversion. */
 	    if (strncmp(*ep, "SUDO_PS1=", 8) == 0)
 		ps1 = *ep + 5;
@@ -426,7 +434,7 @@ rebuild_env(envp, sudo_mode, noexec)
 	 * env_check.
 	 */
 	for (ep = envp; *ep; ep++) {
-	    okvar = 0;
+	    okvar = 1;
 
 	    /* Skip variables with values beginning with () (bash functions) */
 	    if ((cp = strchr(*ep, '=')) != NULL) {
@@ -435,7 +443,6 @@ rebuild_env(envp, sudo_mode, noexec)
 	    }
 
 	    /* Skip anything listed in env_delete. */
-#if 0
 	    for (cur = def_env_delete; cur && okvar; cur = cur->next) {
 		len = strlen(cur->value);
 		/* Deal with '*' wildcard */
@@ -449,10 +456,9 @@ rebuild_env(envp, sudo_mode, noexec)
 		    okvar = 0;
 		}
 	    }
-#endif
 
 	    /* Check certain variables for '%' and '/' characters. */
-	    for (cur = def_env_check; cur; cur = cur->next) {
+	    for (cur = def_env_check; cur && okvar; cur = cur->next) {
 		len = strlen(cur->value);
 		/* Deal with '*' wildcard */
 		if (cur->value[len - 1] == '*') {
@@ -462,8 +468,8 @@ rebuild_env(envp, sudo_mode, noexec)
 		    iswild = 0;
 		if (strncmp(cur->value, *ep, len) == 0 &&
 		    (iswild || (*ep)[len] == '=') &&
-		    strpbrk(*ep, "/%") == NULL) {
-		    okvar = 1;
+		    strpbrk(*ep, "/%")) {
+		    okvar = 0;
 		}
 	    }
 
diff --git a/sudo.c b/sudo.c
index 31edb65..01f3310 100644
--- a/sudo.c
+++ b/sudo.c
@@ -697,6 +697,8 @@ parse_args(argc, argv)
 	return(rval);
     }
 
+    /* New default: reset the environment */
+    def_env_reset = TRUE;
     while (NewArgc > 0 && NewArgv[0][0] == '-') {
 	if (NewArgv[0][1] != '\0' && NewArgv[0][2] != '\0')
 	    warnx("please use single character options");
diff --git a/sudoers.man.in b/sudoers.man.in
index 294ff67..63946db 100644
--- a/sudoers.man.in
+++ b/sudoers.man.in
@@ -1413,3 +1413,5 @@ including, but not limited to, the implied warranties of merchantability
 and fitness for a particular purpose are disclaimed.  See the \s-1LICENSE\s0
 file distributed with \fBsudo\fR or http://www.sudo.ws/sudo/license.html
 for complete details.
+.PP
+Test
diff --git a/sudoers.pod b/sudoers.pod
index 563ab15..372d8e9 100644
--- a/sudoers.pod
+++ b/sudoers.pod
@@ -437,12 +437,19 @@ signals and setuid processes.
 
 If set, B<sudo> will reset the environment to only contain the
 following variables: C<HOME>, C<LOGNAME>, C<PATH>, C<SHELL>, C<TERM>,
+C<DISPLAY>, C<XAUTHORITY>, C<XAUTHORIZATION>,
+C<LANG>, C<LANGUAGE>, C<LC_*>,
 and C<USER> (in addition to the C<SUDO_*> variables).
-Of these, only C<TERM> is copied unaltered from the old environment.
+
+Of these, only C<TERM>, C<DISPLAY>, C<XAUTHORITY>, C<XAUTHORIZATION>,
+C<LANG>, C<LANGUAGE>, and C<LC_*> are copied unaltered from the old environment.
 The other variables are set to default values (possibly modified
 by the value of the I<set_logname> option).  If B<sudo> was compiled
 with the C<SECURE_PATH> option, its value will be used for the C<PATH>
 environment variable.
+
+This option is enabled by default.
+
 Other variables may be preserved with the I<env_keep> option.
 
 =item use_loginclass