From 9e111eae57524ca72002ad1db36eb68ccd50b167 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Fri, 8 Jan 2021 19:52:45 -0700 Subject: [PATCH] Sudo 1.9.5 --- NEWS | 63 +++++++++++++++++++++++++++++++++++++++++++++ configure | 18 ++++++------- configure.ac | 4 +-- doc/LICENSE | 2 +- etc/sudo-logsrvd.pp | 2 +- etc/sudo-python.pp | 2 +- etc/sudo.pp | 2 +- 7 files changed, 78 insertions(+), 15 deletions(-) diff --git a/NEWS b/NEWS index 0949f20698..a3a1a8c3a6 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,66 @@ +What's new in Sudo 1.9.5 + + * Fixed a crash introduced in 1.9.4 when running "sudo -i" as an + unknown user. This is related to but distinct from Bug #948. + + * If the "lecture_file" setting is enabled in sudoers, it must now + refer to a regular file or a symbolic link to a regular file. + + * Fixed a potential use-after-free bug in sudo_logsrvd when the + server shuts down if there are existing connections from clients + that are only logging events and not session I/O data. + + * Fixed a buffer size mismatch when serializing the list of IP + addresses for configured network interfaces. This bug is not + actually exploitable since the allocated buffer is large enough + to hold the list of addresses. + + * If sudo is executed with a name other that "sudo" or "sudoedit", + it will now fall back to "sudo" as the program name. This affects + warning, help and usage messages as well as the matching of Debug + lines in the /etc/sudo.conf file. Previously, it was possible + for the invoking user to manipulate the program name by setting + argv[0] to an arbitrary value when executing sudo. + + * Sudo now checks for failure when setting the close-on-exec flag + on open file descriptors. This should never fail but, if it + were to, there is the possibility of a file descriptor leak to + a child process (such as the command sudo runs). + + * Fixed CVE-2021-23239, a potential information leak in sudoedit + that could be used to test for the existence of directories not + normally accessible to the user in certain circumstances. When + creating a new file, sudoedit checks to make sure the parent + directory of the new file exists before running the editor. + However, a race condition exists if the invoking user can replace + (or create) the parent directory. If a symbolic link is created + in place of the parent directory, sudoedit will run the editor + as long as the target of the link exists. If the target of the + link does not exist, an error message will be displayed. The + race condition can be used to test for the existence of an + arbitrary directory. However, it _cannot_ be used to write to + an arbitrary location. + + * Fixed CVE-2021-23240, a flaw in the temporary file handling of + sudoedit's SELinux RBAC support. On systems where SELinux is + enabled, a user with sudoedit permissions may be able to set the + owner of an arbitrary file to the user-ID of the target user. + On Linux kernels that support "protected symlinks", setting + /proc/sys/fs/protected_symlinks to 1 will prevent the bug from + being exploited. For more information see + https://www.sudo.ws/alerts/sudoedit_selinux.html. + + * Added writability checks for sudoedit when SELinux RBAC is in use. + This makes sudoedit behavior consistent regardless of whether + or not SELinux RBAC is in use. Previously, the "sudoedit_checkdir" + setting had no effect for RBAC entries. + + * A new sudoers option "selinux" can be used to disable sudo's + SELinux RBAC support. + + * Quieted warnings from PVS Studio, clang analyzer, and cppcheck. + Added suppression annotations for PVS Studio false positives. + What's new in Sudo 1.9.4p2 * Fixed a bug introduced in sudo 1.9.4p1 which could lead to a crash diff --git a/configure b/configure index 2467429c83..5bf112da63 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for sudo 1.9.4p2. +# Generated by GNU Autoconf 2.69 for sudo 1.9.5. # # Report bugs to . # @@ -590,8 +590,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='sudo' PACKAGE_TARNAME='sudo' -PACKAGE_VERSION='1.9.4p2' -PACKAGE_STRING='sudo 1.9.4p2' +PACKAGE_VERSION='1.9.5' +PACKAGE_STRING='sudo 1.9.5' PACKAGE_BUGREPORT='https://bugzilla.sudo.ws/' PACKAGE_URL='' @@ -1584,7 +1584,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures sudo 1.9.4p2 to adapt to many kinds of systems. +\`configure' configures sudo 1.9.5 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1650,7 +1650,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of sudo 1.9.4p2:";; + short | recursive ) echo "Configuration of sudo 1.9.5:";; esac cat <<\_ACEOF @@ -1924,7 +1924,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -sudo configure 1.9.4p2 +sudo configure 1.9.5 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2633,7 +2633,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by sudo $as_me 1.9.4p2, which was +It was created by sudo $as_me 1.9.5, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -28816,7 +28816,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by sudo $as_me 1.9.4p2, which was +This file was extended by sudo $as_me 1.9.5, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -28882,7 +28882,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -sudo config.status 1.9.4p2 +sudo config.status 1.9.5 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 4221dbec8e..2f68c33174 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ dnl Use the top-level autogen.sh script to generate configure and config.h.in dnl dnl SPDX-License-Identifier: ISC dnl -dnl Copyright (c) 1994-1996, 1998-2020 Todd C. Miller +dnl Copyright (c) 1994-1996, 1998-2021 Todd C. Miller dnl dnl Permission to use, copy, modify, and distribute this software for any dnl purpose with or without fee is hereby granted, provided that the above @@ -18,7 +18,7 @@ dnl ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF dnl OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. dnl AC_PREREQ([2.59]) -AC_INIT([sudo], [1.9.4p2], [https://bugzilla.sudo.ws/], [sudo]) +AC_INIT([sudo], [1.9.5], [https://bugzilla.sudo.ws/], [sudo]) AC_CONFIG_HEADERS([config.h pathnames.h]) AC_CONFIG_SRCDIR([src/sudo.c]) dnl diff --git a/doc/LICENSE b/doc/LICENSE index 28a9492622..60f193f38e 100644 --- a/doc/LICENSE +++ b/doc/LICENSE @@ -1,6 +1,6 @@ Sudo is distributed under the following license: - Copyright (c) 1994-1996, 1998-2020 + Copyright (c) 1994-1996, 1998-2021 Todd C. Miller Permission to use, copy, modify, and distribute this software for any diff --git a/etc/sudo-logsrvd.pp b/etc/sudo-logsrvd.pp index af167b89bc..663ae6dbbc 100644 --- a/etc/sudo-logsrvd.pp +++ b/etc/sudo-logsrvd.pp @@ -5,7 +5,7 @@ from sudo clients. This makes it possible to have all sudo I/O logs on a central server." vendor="Todd C. Miller" - copyright="(c) 2019-2020 Todd C. Miller" + copyright="(c) 2019-2021 Todd C. Miller" %if [aix] # Convert to 4 part version for AIX, including patch level diff --git a/etc/sudo-python.pp b/etc/sudo-python.pp index e1ef5cbc96..fac3b3454e 100644 --- a/etc/sudo-python.pp +++ b/etc/sudo-python.pp @@ -3,7 +3,7 @@ summary="Sudo Python plugin framework" description="The sudo Python plugin allows you to extend sudo using Python." vendor="Todd C. Miller" - copyright="(c) 2019-2020 Todd C. Miller" + copyright="(c) 2019-2021 Todd C. Miller" %if [aix] # Convert to 4 part version for AIX, including patch level diff --git a/etc/sudo.pp b/etc/sudo.pp index 22011255c0..b4ac0d12fe 100644 --- a/etc/sudo.pp +++ b/etc/sudo.pp @@ -10,7 +10,7 @@ The basic philosophy is to give as few privileges as possible but \ still allow people to get their work done." vendor="Todd C. Miller" - copyright="(c) 1993-1996,1998-2020 Todd C. Miller" + copyright="(c) 1993-1996,1998-2021 Todd C. Miller" sudoedit_man=`echo ${pp_destdir}$mandir/*/sudoedit.*|sed "s:^${pp_destdir}::"` sudoedit_man_target=`basename $sudoedit_man | sed 's/edit//'`