From: Martin Schulze <joey@infodrom.org>
Date: Mon, 12 Dec 2005 17:57:03 +0000 (+0100)
Subject: Imported Debian patch 1.6.8p7-1.3
X-Git-Tag: debian/1.6.8p7-1.3^0
X-Git-Url: https://git.gag.com/?a=commitdiff_plain;h=d208ca153de3f8b0d0a0c9c307ec8e9cf576b40b;p=debian%2Fsudo

Imported Debian patch 1.6.8p7-1.3
---

diff --git a/debian/changelog b/debian/changelog
index 79e2ca5..85c8525 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+sudo (1.6.8p7-1.3) stable-security; urgency=high
+
+  * Non-maintainer upload by the Security Team
+  * Reverse the environment semantic by forcing users to maintain a
+    whitelist [env.c, Bug#342948, CVE-2005-4158]
+
+ -- Martin Schulze <joey@infodrom.org>  Mon, 12 Dec 2005 18:57:03 +0100
+
 sudo (1.6.8p7-1.2) stable-security; urgency=high
 
   * Non-maintainer upload by the Security Team
diff --git a/env.c b/env.c
index 8116178..9ef28c8 100644
--- a/env.c
+++ b/env.c
@@ -136,6 +136,7 @@ static const char *initial_checkenv_table[] = {
     "LC_*",
     "LANG",
     "LANGUAGE",
+    "TERM",
     NULL
 };
 
@@ -425,7 +426,7 @@ rebuild_env(envp, sudo_mode, noexec)
 	 * env_check.
 	 */
 	for (ep = envp; *ep; ep++) {
-	    okvar = 1;
+	    okvar = 0;
 
 	    /* Skip variables with values beginning with () (bash functions) */
 	    if ((cp = strchr(*ep, '=')) != NULL) {
@@ -434,6 +435,7 @@ rebuild_env(envp, sudo_mode, noexec)
 	    }
 
 	    /* Skip anything listed in env_delete. */
+#if 0
 	    for (cur = def_env_delete; cur && okvar; cur = cur->next) {
 		len = strlen(cur->value);
 		/* Deal with '*' wildcard */
@@ -447,9 +449,10 @@ rebuild_env(envp, sudo_mode, noexec)
 		    okvar = 0;
 		}
 	    }
+#endif
 
 	    /* Check certain variables for '%' and '/' characters. */
-	    for (cur = def_env_check; cur && okvar; cur = cur->next) {
+	    for (cur = def_env_check; cur; cur = cur->next) {
 		len = strlen(cur->value);
 		/* Deal with '*' wildcard */
 		if (cur->value[len - 1] == '*') {
@@ -459,8 +462,8 @@ rebuild_env(envp, sudo_mode, noexec)
 		    iswild = 0;
 		if (strncmp(cur->value, *ep, len) == 0 &&
 		    (iswild || (*ep)[len] == '=') &&
-		    strpbrk(*ep, "/%")) {
-		    okvar = 0;
+		    strpbrk(*ep, "/%") == NULL) {
+		    okvar = 1;
 		}
 	    }