From dbfba8e03d0fd62b5bd97a7ae9c8712221106b17 Mon Sep 17 00:00:00 2001
From: Martin Schulze <joey@infodrom.org>
Date: Mon, 20 Mar 2006 22:56:43 +0100
Subject: [PATCH] Imported Debian patch 1.6.6-1.6

---
 debian/README.Debian | 19 +++++++++++++++++++
 debian/changelog     | 15 +++++++++++++++
 debian/rules         |  2 ++
 env.c                | 18 ++++++++++++------
 sudo.c               |  1 +
 sudoers.pod          |  9 ++++++++-
 6 files changed, 57 insertions(+), 7 deletions(-)
 create mode 100644 debian/README.Debian

diff --git a/debian/README.Debian b/debian/README.Debian
new file mode 100644
index 0000000..8da7c94
--- /dev/null
+++ b/debian/README.Debian
@@ -0,0 +1,19 @@
+The version of sudo that ships with Debian by default resets the
+environment, as described by the "env_reset" flag in the sudoers file.
+
+This implies that all environment variables are removed, except for
+HOME, LOGNAME, PATH, SHELL, TERM, DISPLAY, XAUTHORITY, XAUTHORIZATION,
+LANG, LANGUAGE, LC_*, and USER.
+
+In case you want sudo to preserve more environment variables, you must
+specify the env_keep variable in the sudoers file. You should edit the
+sudoers file using the visudo tool.
+
+Examples:
+Preserve the default variables plus the EDITOR variable:
+
+    Defaults env_keep+="EDITOR"
+
+Preserve the default variables plus all variables starting with LC_:
+
+    Defaults env_keep+="LC_*"
diff --git a/debian/changelog b/debian/changelog
index 75d9516..203f592 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,18 @@
+sudo (1.6.6-1.6) oldstable-security; urgency=medium
+
+  * Non-maintainer upload by the Security Team
+  * Reworked the former patch to limit environment variables from being
+    passed through, set env_reset as default instead [sudo.c, env.c,
+    sudoers.pod, Bug#342948, CVE-2005-4158]
+  * env_reset is now set by default
+  * env_reset will preserve only HOME, LOGNAME, PATH, SHELL, TERM,
+    DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER
+    (in addition to the SUDO_* variables)
+  * Rebuild sudoers.man.in from the POD file
+  * Added README.Debian
+
+ -- Martin Schulze <joey@infodrom.org>  Mon, 20 Mar 2006 22:56:43 +0100
+
 sudo (1.6.6-1.5) oldstable-security; urgency=high
 
   * Non-maintainer upload by the Security Team
diff --git a/debian/rules b/debian/rules
index dc7790e..35342d3 100755
--- a/debian/rules
+++ b/debian/rules
@@ -31,6 +31,8 @@ build-stamp:
 		--disable-root-mailer $(grosshack) \
 		--with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin"
 
+	-rm -f sudoers.man.in sudoers.man
+	make sudoers.man.in sudoers.man
 	-$(MAKE)
 
 	touch build-stamp
diff --git a/env.c b/env.c
index 668f42f..78027dc 100644
--- a/env.c
+++ b/env.c
@@ -307,6 +307,14 @@ rebuild_env(sudo_mode, envp)
 		}
 	    }
 
+	    if (!strncmp (*ep, "DISPLAY=",8)
+		|| !strncmp (*ep, "XAUTHORITY=", 11)
+		|| !strncmp (*ep, "XAUTHORIZATION=", 15)
+		|| !strncmp (*ep, "LANG=", 5)
+		|| !strncmp (*ep, "LANGUAGE=", 9)
+		|| !strncmp (*ep, "LC_", 3))
+	      keepit = 1;
+
 	    /* For SUDO_PS1 -> PS1 conversion. */
 	    if (strncmp(*ep, "SUDO_PS1=", 8) == 0)
 		ps1 = *ep + 5;
@@ -367,7 +375,7 @@ rebuild_env(sudo_mode, envp)
 	 * env_check.
 	 */
 	for (ep = envp; *ep; ep++) {
-	    okvar = 0;
+	    okvar = 1;
 
 	    /* Skip variables with values beginning with () (bash functions) */
 	    if ((cp = strchr(*ep, '=')) != NULL &&
@@ -375,7 +383,6 @@ rebuild_env(sudo_mode, envp)
 		continue;
 
 	    /* Skip anything listed in env_delete. */
-#if 0
 	    for (cur = def_list(I_ENV_DELETE); cur && okvar; cur = cur->next) {
 		len = strlen(cur->value);
 		/* Deal with '*' wildcard */
@@ -389,10 +396,9 @@ rebuild_env(sudo_mode, envp)
 		    okvar = 0;
 		}
 	    }
-#endif
 
 	    /* Check certain variables for '%' and '/' characters. */
-	    for (cur = def_list(I_ENV_CHECK); cur; cur = cur->next) {
+	    for (cur = def_list(I_ENV_CHECK); cur && okvar; cur = cur->next) {
 		len = strlen(cur->value);
 		/* Deal with '*' wildcard */
 		if (cur->value[len - 1] == '*') {
@@ -402,8 +408,8 @@ rebuild_env(sudo_mode, envp)
 		    iswild = 0;
 		if (strncmp(cur->value, *ep, len) == 0 &&
 		    (iswild || (*ep)[len] == '=') &&
-		    strpbrk(*ep, "/%") == NULL) {
-		    okvar = 1;
+		    strpbrk(*ep, "/%")) {
+		    okvar = 0;
 		}
 	    }
 
diff --git a/sudo.c b/sudo.c
index 7c6f532..7156041 100644
--- a/sudo.c
+++ b/sudo.c
@@ -620,6 +620,7 @@ parse_args()
 	return(rval);
     }
 
+    def_flag(I_ENV_RESET) = TRUE;
     while (NewArgc > 0 && NewArgv[0][0] == '-') {
 	if (NewArgv[0][1] != '\0' && NewArgv[0][2] != '\0') {
 	    (void) fprintf(stderr, "%s: Please use single character options\n",
diff --git a/sudoers.pod b/sudoers.pod
index 6e74fba..0ec054b 100644
--- a/sudoers.pod
+++ b/sudoers.pod
@@ -438,12 +438,19 @@ signals and setuid processes.
 
 If set, B<sudo> will reset the environment to only contain the
 following variables: C<HOME>, C<LOGNAME>, C<PATH>, C<SHELL>, C<TERM>,
+C<DISPLAY>, C<XAUTHORITY>, C<XAUTHORIZATION>,
+C<LANG>, C<LANGUAGE>, C<LC_*>,
 and C<USER> (in addition to the C<SUDO_*> variables).
-Of these, only C<TERM> is copied unaltered from the old environment.
+
+Of these, only C<TERM>, C<DISPLAY>, C<XAUTHORITY>, C<XAUTHORIZATION>,
+C<LANG>, C<LANGUAGE>, and C<LC_*> are copied unaltered from the old environment.
 The other variables are set to default values (possibly modified
 by the value of the I<set_logname> option).  If B<sudo> was compiled
 with the C<SECURE_PATH> option, its value will be used for the C<PATH>
 environment variable.
+
+This option is enabled by default.
+
 Other variables may be preserved with the I<env_keep> option.
 
 =item use_loginclass
-- 
2.47.2