From: Martin Schulze Date: Wed, 21 Dec 2005 09:05:52 +0000 (+0100) Subject: Imported Debian patch 1.6.6-1.5 X-Git-Tag: debian/1.6.6-1.5^0 X-Git-Url: https://git.gag.com/?a=commitdiff_plain;h=fdf5968800e73d9859c3dc5429956ea685b3ebd1;p=debian%2Fsudo Imported Debian patch 1.6.6-1.5 --- diff --git a/debian/changelog b/debian/changelog index 06a7103..75d9516 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +sudo (1.6.6-1.5) oldstable-security; urgency=high + + * Non-maintainer upload by the Security Team + * Reverse the environment semantic by forcing users to maintain a + whitelist [env.c, Bug#342948, CVE-2005-4158] + + -- Martin Schulze Wed, 21 Dec 2005 10:05:52 +0100 + sudo (1.6.6-1.4) oldstable-security; urgency=high * Non-maintainer upload by the Security Team diff --git a/env.c b/env.c index 5a53b5d..668f42f 100644 --- a/env.c +++ b/env.c @@ -140,6 +140,7 @@ char *initial_checkenv_table[] = { "LC_*", "LANG", "LANGUAGE", + "TERM", NULL }; @@ -366,7 +367,7 @@ rebuild_env(sudo_mode, envp) * env_check. */ for (ep = envp; *ep; ep++) { - okvar = 1; + okvar = 0; /* Skip variables with values beginning with () (bash functions) */ if ((cp = strchr(*ep, '=')) != NULL && @@ -374,6 +375,7 @@ rebuild_env(sudo_mode, envp) continue; /* Skip anything listed in env_delete. */ +#if 0 for (cur = def_list(I_ENV_DELETE); cur && okvar; cur = cur->next) { len = strlen(cur->value); /* Deal with '*' wildcard */ @@ -387,9 +389,10 @@ rebuild_env(sudo_mode, envp) okvar = 0; } } +#endif /* Check certain variables for '%' and '/' characters. */ - for (cur = def_list(I_ENV_CHECK); cur && okvar; cur = cur->next) { + for (cur = def_list(I_ENV_CHECK); cur; cur = cur->next) { len = strlen(cur->value); /* Deal with '*' wildcard */ if (cur->value[len - 1] == '*') { @@ -399,8 +402,8 @@ rebuild_env(sudo_mode, envp) iswild = 0; if (strncmp(cur->value, *ep, len) == 0 && (iswild || (*ep)[len] == '=') && - strpbrk(*ep, "/%")) { - okvar = 0; + strpbrk(*ep, "/%") == NULL) { + okvar = 1; } }