From d13083293897f80c386b0187d1fb8a4bb91356a8 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Tue, 31 May 2005 21:13:44 +0000 Subject: update to sudo 1.6.8p8 --- usr.bin/sudo/CHANGES | 8 ++++ usr.bin/sudo/Makefile.in | 2 +- usr.bin/sudo/auth/kerb5.c | 2 +- usr.bin/sudo/check.c | 8 ++-- usr.bin/sudo/sudo.8 | 4 +- usr.bin/sudo/sudo.c | 6 +-- usr.bin/sudo/sudo_noexec.c | 95 ++++++++++++++++++++++++++++++++++++---------- usr.bin/sudo/sudoers.5 | 4 +- usr.bin/sudo/version.h | 2 +- usr.bin/sudo/visudo.8 | 4 +- 10 files changed, 98 insertions(+), 37 deletions(-) diff --git a/usr.bin/sudo/CHANGES b/usr.bin/sudo/CHANGES index 928b09f77dc..a077edf8a56 100644 --- a/usr.bin/sudo/CHANGES +++ b/usr.bin/sudo/CHANGES @@ -1778,3 +1778,11 @@ Sudo 1.6.8p6 released. 561) Fixed setting of $USER when env_reset is enabled. Sudo 1.6.8p7 released. + +562) Fixed noexec functionality on Linux. + +563) Fixed minor format string mismatches in some error cases. + +564) Fixed a bug that prevented Heimdal authentication from working. + +Sudo 1.6.8p8 released. diff --git a/usr.bin/sudo/Makefile.in b/usr.bin/sudo/Makefile.in index 477ad2b7a8a..e47dd5572a7 100644 --- a/usr.bin/sudo/Makefile.in +++ b/usr.bin/sudo/Makefile.in @@ -130,7 +130,7 @@ TESTOBJS = interfaces.o testsudoers.o $(PARSEOBJS) LIBOBJS = @LIBOBJS@ @ALLOCA@ -VERSION = 1.6.8p7 +VERSION = 1.6.8p8 DISTFILES = $(SRCS) $(HDRS) BUGS CHANGES HISTORY INSTALL INSTALL.configure \ LICENSE Makefile.in PORTING README README.LDAP RUNSON TODO \ diff --git a/usr.bin/sudo/auth/kerb5.c b/usr.bin/sudo/auth/kerb5.c index 9723020ceeb..07022c50f98 100644 --- a/usr.bin/sudo/auth/kerb5.c +++ b/usr.bin/sudo/auth/kerb5.c @@ -55,7 +55,7 @@ static const char rcsid[] = "$Sudo: kerb5.c,v 1.23 2004/06/07 00:02:56 millert E #endif /* lint */ #ifdef HAVE_HEIMDAL -# define extract_name(c, p) krb5_principal_get_comp_string(c, p, 0) +# define extract_name(c, p) krb5_principal_get_comp_string(c, p, 1) # define krb5_free_data_contents(c, d) krb5_data_free(d) # define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 /* XXX */ #else diff --git a/usr.bin/sudo/check.c b/usr.bin/sudo/check.c index c1fa93187d2..b8bd9881d0d 100644 --- a/usr.bin/sudo/check.c +++ b/usr.bin/sudo/check.c @@ -316,7 +316,7 @@ build_timestamp(timestampdir, timestampfile) dirparent = def_timestampdir; len = easprintf(timestampdir, "%s/%s", dirparent, user_name); if (len >= PATH_MAX) - log_error(0, "timestamp path too long: %s", timestampdir); + log_error(0, "timestamp path too long: %s", *timestampdir); /* * Timestamp file may be a file in the directory or NUL to use @@ -335,12 +335,12 @@ build_timestamp(timestampdir, timestampfile) else len = easprintf(timestampfile, "%s/%s/%s", dirparent, user_name, p); if (len >= PATH_MAX) - log_error(0, "timestamp path too long: %s", timestampfile); + log_error(0, "timestamp path too long: %s", *timestampfile); } else if (def_targetpw) { len = easprintf(timestampfile, "%s/%s/%s", dirparent, user_name, *user_runas); if (len >= PATH_MAX) - log_error(0, "timestamp path too long: %s", timestampfile); + log_error(0, "timestamp path too long: %s", *timestampfile); } else *timestampfile = NULL; } @@ -465,7 +465,7 @@ timestamp_status(timestampdir, timestampfile, user, make_dirs) /* If bad uid or file mode, complain and kill the bogus file. */ if (sb.st_uid != timestamp_uid) { log_error(NO_EXIT, - "%s owned by uid %ud, should be uid %lu", + "%s owned by uid %lu, should be uid %lu", timestampfile, (unsigned long) sb.st_uid, (unsigned long) timestamp_uid); (void) unlink(timestampfile); diff --git a/usr.bin/sudo/sudo.8 b/usr.bin/sudo/sudo.8 index a0024b61dc7..8c7a35b7cb4 100644 --- a/usr.bin/sudo/sudo.8 +++ b/usr.bin/sudo/sudo.8 @@ -17,7 +17,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.\" $Sudo: sudo.man.in,v 1.31 2004/09/08 18:35:53 millert Exp $ +.\" $Sudo: sudo.pod,v 1.73 2004/09/08 18:34:38 millert Exp $ .\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 .\" .\" Standard preamble: @@ -149,7 +149,7 @@ .\" ======================================================================== .\" .IX Title "SUDO 8" -.TH SUDO 8 "February 5, 2005" "1.6.8p7" "MAINTENANCE COMMANDS" +.TH SUDO 8 "March 12, 2005" "1.6.8p8" "MAINTENANCE COMMANDS" .SH "NAME" sudo, sudoedit \- execute a command as another user .SH "SYNOPSIS" diff --git a/usr.bin/sudo/sudo.c b/usr.bin/sudo/sudo.c index 31edb653603..858b968a54a 100644 --- a/usr.bin/sudo/sudo.c +++ b/usr.bin/sudo/sudo.c @@ -901,10 +901,10 @@ check_sudoers() (statbuf.st_mode & 07777), SUDOERS_MODE); else if (statbuf.st_uid != SUDOERS_UID) log_error(0, "%s is owned by uid %lu, should be %lu", _PATH_SUDOERS, - (unsigned long) statbuf.st_uid, SUDOERS_UID); + (unsigned long) statbuf.st_uid, (unsigned long) SUDOERS_UID); else if (statbuf.st_gid != SUDOERS_GID) log_error(0, "%s is owned by gid %lu, should be %lu", _PATH_SUDOERS, - (unsigned long) statbuf.st_gid, SUDOERS_GID); + (unsigned long) statbuf.st_gid, (unsigned long) SUDOERS_GID); else { /* Solaris sometimes returns EAGAIN so try 10 times */ for (i = 0; i < 10 ; i++) { @@ -1086,7 +1086,7 @@ get_authpw() } else if (def_targetpw) { if (runas_pw->pw_name == NULL) log_error(NO_MAIL|MSG_ONLY, "no passwd entry for %lu!", - runas_pw->pw_uid); + (unsigned long) runas_pw->pw_uid); pw = runas_pw; } else pw = sudo_user.pw; diff --git a/usr.bin/sudo/sudo_noexec.c b/usr.bin/sudo/sudo_noexec.c index f06f03f53a3..bce1a922772 100644 --- a/usr.bin/sudo/sudo_noexec.c +++ b/usr.bin/sudo/sudo_noexec.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004 Todd C. Miller + * Copyright (c) 2004-2005 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -17,9 +17,14 @@ #include "config.h" #include +#ifdef __STDC__ +# include +#else +# include +#endif #ifndef lint -static const char rcsid[] = "$Sudo: sudo_noexec.c,v 1.5 2004/02/13 21:36:43 millert Exp $"; +static const char rcsid[] = "$Sudo: sudo_noexec.c,v 1.11 2005/03/10 15:09:28 millert Exp $"; #endif /* lint */ /* @@ -34,24 +39,72 @@ static const char rcsid[] = "$Sudo: sudo_noexec.c,v 1.5 2004/02/13 21:36:43 mill extern int errno; #endif -#define DUMMY(fn, args, atypes) \ -int \ -fn args \ - atypes \ -{ \ - errno = EACCES; \ - return(-1); \ +#define DUMMY_BODY \ +{ \ + errno = EACCES; \ + return(-1); \ } -DUMMY(execve, (path, argv, envp), - const char *path; char *const argv[]; char *const envp[];) -DUMMY(_execve, (path, argv, envp), - const char *path; char *const argv[]; char *const envp[];) -DUMMY(execv, (path, argv, envp), - const char *path; char *const argv[];) -DUMMY(_execv, (path, argv, envp), - const char *path; char *const argv[];) -DUMMY(fexecve, (fd, argv, envp), - int fd; char *const argv[]; char *const envp[];) -DUMMY(_fexecve, (fd, argv, envp), - int fd; char *const argv[]; char *const envp[];) +#ifdef __STDC__ + +#define DUMMY2(fn, t1, t2) \ +int \ +fn(t1 a1, t2 a2) \ +DUMMY_BODY + +#define DUMMY3(fn, t1, t2, t3) \ +int \ +fn(t1 a1, t2 a2, t3 a3) \ +DUMMY_BODY + +#define DUMMY_VA(fn, t1, t2) \ +int \ +fn(t1 a1, t2 a2, ...) \ +DUMMY_BODY + +#else /* !__STDC__ */ + +#define DUMMY2(fn, t1, t2) \ +int \ +fn(a1, a2) \ +t1 a1; t2 a2; \ +DUMMY_BODY + +#define DUMMY3(fn, t1, t2, t3) \ +int \ +fn(a1, a2, a3) \ +t1 a1; t2 a2; t3 a3; \ +DUMMY_BODY + +#define DUMMY_VA(fn, t1, t2) \ +int \ +fn(a1, a2, va_alist) \ +t1 a1; t2 a2; va_dcl \ +DUMMY_BODY + +#endif /* !__STDC__ */ + +DUMMY_VA(execl, const char *, const char *) +DUMMY_VA(_execl, const char *, const char *) +DUMMY_VA(__execl, const char *, const char *) +DUMMY_VA(execle, const char *, const char *) +DUMMY_VA(_execle, const char *, const char *) +DUMMY_VA(__execle, const char *, const char *) +DUMMY_VA(execlp, const char *, const char *) +DUMMY_VA(_execlp, const char *, const char *) +DUMMY_VA(__execlp, const char *, const char *) +DUMMY2(execv, const char *, char * const *) +DUMMY2(_execv, const char *, char * const *) +DUMMY2(__execv, const char *, char * const *) +DUMMY2(execvp, const char *, char * const *) +DUMMY2(_execvp, const char *, char * const *) +DUMMY2(__execvp, const char *, char * const *) +DUMMY3(execvP, const char *, const char *, char * const *) +DUMMY3(_execvP, const char *, const char *, char * const *) +DUMMY3(__execvP, const char *, const char *, char * const *) +DUMMY3(execve, const char *, char * const *, char * const *) +DUMMY3(_execve, const char *, char * const *, char * const *) +DUMMY3(__execve, const char *, char * const *, char * const *) +DUMMY3(fexecve, int , char * const *, char * const *) +DUMMY3(_fexecve, int , char * const *, char * const *) +DUMMY3(__fexecve, int , char * const *, char * const *) diff --git a/usr.bin/sudo/sudoers.5 b/usr.bin/sudo/sudoers.5 index e5d381eccf2..1b7bfd2d3a1 100644 --- a/usr.bin/sudo/sudoers.5 +++ b/usr.bin/sudo/sudoers.5 @@ -17,7 +17,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.\" $Sudo: sudoers.man.in,v 1.46 2004/09/06 20:46:28 millert Exp $ +.\" $Sudo: sudoers.pod,v 1.96 2004/09/06 20:45:27 millert Exp $ .\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 .\" .\" Standard preamble: @@ -149,7 +149,7 @@ .\" ======================================================================== .\" .IX Title "SUDOERS 5" -.TH SUDOERS 5 "February 5, 2005" "1.6.8p7" "MAINTENANCE COMMANDS" +.TH SUDOERS 5 "March 12, 2005" "1.6.8p8" "MAINTENANCE COMMANDS" .SH "NAME" sudoers \- list of which users may execute what .SH "DESCRIPTION" diff --git a/usr.bin/sudo/version.h b/usr.bin/sudo/version.h index 9ac1b0773c7..634ef596736 100644 --- a/usr.bin/sudo/version.h +++ b/usr.bin/sudo/version.h @@ -23,6 +23,6 @@ #ifndef _SUDO_VERSION_H #define _SUDO_VERSION_H -static const char version[] = "1.6.8p6"; +static const char version[] = "1.6.8p8"; #endif /* _SUDO_VERSION_H */ diff --git a/usr.bin/sudo/visudo.8 b/usr.bin/sudo/visudo.8 index bfbfcae2678..fb7b8f74ce4 100644 --- a/usr.bin/sudo/visudo.8 +++ b/usr.bin/sudo/visudo.8 @@ -17,7 +17,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.\" $Sudo: visudo.man.in,v 1.21 2004/09/06 20:46:28 millert Exp $ +.\" $Sudo: visudo.pod,v 1.39 2004/09/06 20:45:27 millert Exp $ .\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 .\" .\" Standard preamble: @@ -149,7 +149,7 @@ .\" ======================================================================== .\" .IX Title "VISUDO 8" -.TH VISUDO 8 "February 5, 2005" "1.6.8p7" "MAINTENANCE COMMANDS" +.TH VISUDO 8 "March 12, 2005" "1.6.8p8" "MAINTENANCE COMMANDS" .SH "NAME" visudo \- edit the sudoers file .SH "SYNOPSIS" -- cgit v1.2.3