rpms/sudo
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
ab230f309f
sudo/sudo-1.8.8-strictuidgid.patch
Daniel Kopecek 8729726fc1 update to 1.8.8 
- major changes & fixes:
  - LDAP SASL support now works properly with Kerberos
  - root may no longer change its SELinux role without entering a password
  - user messages are now always displayed in the user's locale, even when
    the same message is being logged or mailed in a different locale.
  - log files created by sudo now explicitly have the group set to group
    ID 0 rather than relying on BSD group semantics
  - sudo now stores its libexec files in a sudo subdirectory instead of in
    libexec itself
  - system_group and group_file sudoers group provider plugins are now
    installed by default
  - the paths to ldap.conf and ldap.secret may now be specified as arguments
    to the sudoers plugin in the sudo.conf file
  - ...and many new features and settings. See the upstream ChangeLog for the
    full list.
- several sssd support fixes
- added patch to make uid/gid specification parsing more strict (don't accept
  an invalid number as uid/gid)
- use the _pkgdocdir macro
  (see https://fedoraproject.org/wiki/Changes/UnversionedDocdirs)
- fixed several bugs found by the clang static analyzer
- added %post dependency on chmod
2013-10-01 00:09:16 +02:00

54 lines
1.7 KiB
Diff
Raw Blame History

diff -up sudo-1.8.8/plugins/sudoers/match.c.strictuidgid sudo-1.8.8/plugins/sudoers/match.c
--- sudo-1.8.8/plugins/sudoers/match.c.strictuidgid 2013-09-30 23:30:12.359263967 +0200
+++ sudo-1.8.8/plugins/sudoers/match.c 2013-09-30 23:31:04.335443002 +0200
@@ -777,14 +777,16 @@ hostname_matches(char *shost, char *lhos
bool
userpw_matches(char *sudoers_user, char *user, struct passwd *pw)
{
- debug_decl(userpw_matches, SUDO_DEBUG_MATCH)
-
- if (pw != NULL && *sudoers_user == '#') {
- uid_t uid = (uid_t) atoi(sudoers_user + 1);
- if (uid == pw->pw_uid)
- debug_return_bool(true);
- }
- debug_return_bool(strcmp(sudoers_user, user) == 0);
+ debug_decl(userpw_matches, SUDO_DEBUG_MATCH)
+ if (pw != NULL && *sudoers_user == '#') {
+ char *end = NULL;
+ uid_t uid = (uid_t) strtol(sudoers_user + 1, &end, 10);
+ if (end != NULL && (sudoers_user[1] != '\0' && *end == '\0')) {
+ if (uid == pw->pw_uid)
+ debug_return_bool(true);
+ }
+ }
+ debug_return_bool(strcmp(sudoers_user, user) == 0);
}
/*
@@ -794,14 +796,16 @@ userpw_matches(char *sudoers_user, char
bool
group_matches(char *sudoers_group, struct group *gr)
{
- debug_decl(group_matches, SUDO_DEBUG_MATCH)
-
- if (*sudoers_group == '#') {
- gid_t gid = (gid_t) atoi(sudoers_group + 1);
- if (gid == gr->gr_gid)
- debug_return_bool(true);
- }
- debug_return_bool(strcmp(gr->gr_name, sudoers_group) == 0);
+ debug_decl(group_matches, SUDO_DEBUG_MATCH)
+ if (*sudoers_group == '#') {
+ char *end = NULL;
+ gid_t gid = (gid_t) strtol(sudoers_group + 1, &end, 10);
+ if (end != NULL && (sudoers_group[1] != '\0' && *end == '\0')) {
+ if (gid == gr->gr_gid)
+ debug_return_bool(true);
+ }
+ }
+ debug_return_bool(strcmp(gr->gr_name, sudoers_group) == 0);
}
/*
Reference in New Issue View Git Blame Copy Permalink