diff --git a/feature-upstream-restrict-sudo-U-other-l.patch b/feature-upstream-restrict-sudo-U-other-l.patch deleted file mode 100644 index 6083dde..0000000 --- a/feature-upstream-restrict-sudo-U-other-l.patch +++ /dev/null @@ -1,143 +0,0 @@ -From 9f695f0fcc749b3cdebc453ba4fdeae84114f3ae Mon Sep 17 00:00:00 2001 -From: "Todd C. Miller" -Date: Mon, 14 Feb 2022 13:09:55 -0700 -Subject: [PATCH] Restrict "sudo -U other -l" to users with sudo ALL for root - or "other". Having "sudo ALL" permissions in no longer sufficient to be able - to list another user's privileges. The invoking user must now have "sudo - ALL" for root or the target user. GitHub issue #134 - ---- - docs/sudo.man.in | 11 ++++++----- - docs/sudo.mdoc.in | 11 ++++++----- - plugins/sudoers/parse.c | 34 ++++++++++++++++++++++++---------- - plugins/sudoers/policy.c | 5 +++++ - 4 files changed, 41 insertions(+), 20 deletions(-) - -Index: sudo-1.9.9/docs/sudo.man.in -=================================================================== ---- sudo-1.9.9.orig/docs/sudo.man.in -+++ sudo-1.9.9/docs/sudo.man.in -@@ -664,11 +664,12 @@ option to list the privileges for - \fIuser\fR - instead of for the invoking user. - The security policy may restrict listing other users' privileges. --The -+When using the - \fIsudoers\fR --policy only allows root or a user with the --\fRALL\fR --privilege on the current host to use this option. -+policy, only root or a user with the ability to run any command as -+either root or the specified -+\fIuser\fR -+on the current host may use this option. - .TP 12n - \fB\-T\fR \fItimeout\fR, \fB\--command-timeout\fR=\fItimeout\fR - Used to set a timeout for the command. -Index: sudo-1.9.9/docs/sudo.mdoc.in -=================================================================== ---- sudo-1.9.9.orig/docs/sudo.mdoc.in -+++ sudo-1.9.9/docs/sudo.mdoc.in -@@ -620,11 +620,12 @@ option to list the privileges for - .Ar user - instead of for the invoking user. - The security policy may restrict listing other users' privileges. --The -+When using the - .Em sudoers --policy only allows root or a user with the --.Li ALL --privilege on the current host to use this option. -+policy, only root or a user with the ability to run any command as -+either root or the specified -+.Ar user -+on the current host may use this option. - .It Fl T Ar timeout , Fl -command-timeout Ns = Ns Ar timeout - Used to set a timeout for the command. - If the timeout expires before the command has exited, the -Index: sudo-1.9.9/plugins/sudoers/parse.c -=================================================================== ---- sudo-1.9.9.orig/plugins/sudoers/parse.c -+++ sudo-1.9.9/plugins/sudoers/parse.c -@@ -43,24 +43,26 @@ static int - sudoers_lookup_pseudo(struct sudo_nss_list *snl, struct passwd *pw, - int validated, int pwflag) - { -- int match; -+ struct passwd *root_pw = NULL; - struct sudo_nss *nss; - struct cmndspec *cs; - struct privilege *priv; - struct userspec *us; - struct defaults *def; -- int nopass; -+ int nopass, match = DENY; - enum def_tuple pwcheck; - debug_decl(sudoers_lookup_pseudo, SUDOERS_DEBUG_PARSER); - - pwcheck = (pwflag == -1) ? never : sudo_defs_table[pwflag].sd_un.tuple; - nopass = (pwcheck == never || pwcheck == all) ? true : false; - -- if (list_pw == NULL) -- SET(validated, FLAG_NO_CHECK); - CLR(validated, FLAG_NO_USER); - CLR(validated, FLAG_NO_HOST); -- match = DENY; -+ if (list_pw != NULL) { -+ root_pw = sudo_getpwuid(ROOT_UID); -+ } else { -+ SET(validated, FLAG_NO_CHECK); -+ } - TAILQ_FOREACH(nss, snl, entries) { - if (nss->query(nss, pw) == -1) { - /* The query function should have printed an error message. */ -@@ -89,16 +91,28 @@ sudoers_lookup_pseudo(struct sudo_nss_li - } - if (match == ALLOW) - continue; -- /* Only check the command when listing another user. */ -+ -+ /* Only check runas/command when listing another user. */ - if (user_uid == 0 || list_pw == NULL || -- user_uid == list_pw->pw_uid || -- cmnd_matches(nss->parse_tree, cs->cmnd, cs->runchroot, -- NULL) == ALLOW) -- match = ALLOW; -+ user_uid == list_pw->pw_uid) { -+ match = ALLOW; -+ continue; -+ } -+ /* Runas user must match list user or root. */ -+ if (userlist_matches(nss->parse_tree, list_pw, -+ cs->runasuserlist) == DENY || -+ userlist_matches(nss->parse_tree, root_pw, -+ cs->runasuserlist) != ALLOW) -+ continue; -+ if (cmnd_matches(nss->parse_tree, cs->cmnd, cs->runchroot, -+ NULL) == ALLOW) -+ match = ALLOW; - } - } - } - } -+ if (root_pw != NULL) -+ sudo_pw_delref(root_pw); - if (match == ALLOW || user_uid == 0) { - /* User has an entry for this host. */ - SET(validated, VALIDATE_SUCCESS); -Index: sudo-1.9.9/plugins/sudoers/policy.c -=================================================================== ---- sudo-1.9.9.orig/plugins/sudoers/policy.c -+++ sudo-1.9.9/plugins/sudoers/policy.c -@@ -1217,6 +1217,11 @@ sudoers_policy_list(int argc, char * con - sudo_warnx(U_("unknown user %s"), list_user); - debug_return_int(-1); - } -+ /* A user may only list another user they have runas access to. */ -+ if (runas_pw != NULL) -+ sudo_pw_delref(runas_pw); -+ runas_pw = list_pw; -+ sudo_pw_addref(list_pw); - } - ret = sudoers_policy_main(argc, argv, I_LISTPW, NULL, verbose, NULL); - if (list_user) { diff --git a/sudo-1.9.10.tar.gz b/sudo-1.9.10.tar.gz new file mode 100644 index 0000000..df3423a --- /dev/null +++ b/sudo-1.9.10.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:44a1461098e7c7b8e6ac597499c24fb2e43748c0c139a8b4944e57d1349a64f4 +size 4516568 diff --git a/sudo-1.9.10.tar.gz.sig b/sudo-1.9.10.tar.gz.sig new file mode 100644 index 0000000..09462e3 Binary files /dev/null and b/sudo-1.9.10.tar.gz.sig differ diff --git a/sudo-1.9.9-honor-T_opt.patch b/sudo-1.9.9-honor-T_opt.patch deleted file mode 100644 index cb51a76..0000000 --- a/sudo-1.9.9-honor-T_opt.patch +++ /dev/null @@ -1,22 +0,0 @@ -From 1f3815c4fb3f282250ff30626979d224e30b4b05 Mon Sep 17 00:00:00 2001 -From: Jaroslav Jindrak -Date: Wed, 9 Feb 2022 17:37:26 +0100 -Subject: [PATCH] Do not unset user timeout when no default timeout is set. - ---- - plugins/sudoers/policy.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/plugins/sudoers/policy.c b/plugins/sudoers/policy.c -index 26c4be3fe..0482b58dd 100644 ---- a/plugins/sudoers/policy.c -+++ b/plugins/sudoers/policy.c -@@ -865,7 +865,7 @@ sudoers_policy_store_result(bool accepted, char *argv[], char *envp[], - - if (def_command_timeout > 0 || user_timeout > 0) { - int timeout = user_timeout; -- if (timeout == 0 || def_command_timeout < timeout) -+ if (timeout == 0 || (def_command_timeout > 0 && def_command_timeout < timeout)) - timeout = def_command_timeout; - if (asprintf(&command_info[info_len++], "timeout=%u", timeout) == -1) - goto oom; diff --git a/sudo-1.9.9.tar.gz b/sudo-1.9.9.tar.gz deleted file mode 100644 index 69e033b..0000000 --- a/sudo-1.9.9.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6d6ee863a3bc26c87661093a74ec63e10fd031ceba714642d21636dfe25e3e00 -size 4456969 diff --git a/sudo-1.9.9.tar.gz.sig b/sudo-1.9.9.tar.gz.sig deleted file mode 100644 index f89246d..0000000 Binary files a/sudo-1.9.9.tar.gz.sig and /dev/null differ diff --git a/sudo.changes b/sudo.changes index 687dda8..bb7220b 100644 --- a/sudo.changes +++ b/sudo.changes @@ -1,3 +1,56 @@ +------------------------------------------------------------------- +Thu Mar 24 08:18:58 UTC 2022 - Dirk Müller + +- update to 1.9.10: + * Added new log_passwords and passprompt_regex sudoers options. If + log_passwords is disabled, sudo will attempt to prevent passwords from being + logged. If sudo detects any of the regular expressions in the passprompt_regex + list in the terminal output, sudo will log ‘*’ characters instead of the + terminal input until a newline or carriage return is found in the input or an + output character is received. + * Added new log_passwords and passprompt_regex settings to sudo_logsrvd that + operate like the sudoers options when logging terminal input. + * Fixed several few bugs in the cvtsudoers utility when merging multiple sudoers + sources. + * Fixed a bug in sudo_logsrvd parsing the sudo_logsrvd.conf file, where the + retry_interval in the [relay] section was not being recognized. + * Restored the pre-1.9.9 behavior of not performing authentication when sudo’s -n + option is specified. A new noninteractive_auth sudoers option has been added to + enable PAM authentication in non-interactive mode. GitHub issue #131. + * On systems with /proc, if the /proc/self/stat (Linux) or /proc/pid/psinfo + (other systems) file is missing or invalid, sudo will now check file + descriptors 0-2 to determine the user’s terminal. Bug #1020. + * Fixed a compilation problem on Debian kFreeBSD. Bug #1021. + * Fixed a crash in sudo_logsrvd when running in relay mode if an alert message is + received. + * Fixed an issue that resulting in “problem with defaults entries” email to be + sent if a user ran sudo when the sudoers entry in the nsswitch.conf file + includes “sss” but no sudo provider is configured in /etc/sssd/sssd.conf. + * Updated the warning displayed when the invoking user is not allowed to run + sudo. If sudo has been configured to send mail on failed attempts (see the + mail_* flags in sudoers), it will now print “This incident has been reported to + the administrator.” If the mailto or mailerpath sudoers settings are disabled, + the message will not be printed and no mail will be sent. + * Fixed a bug where the user-specified command timeout was not being honored if + the sudoers rule did not also specify a timeout. + * Added support for using POSIX extended regular expressions in sudoers rules. A + command and/or arguments in sudoers are treated as a regular expression if they + start with a ‘^’ character and end with a ‘$’. The command and arguments are + matched separately, either one (or both) may be a regular expression. + * A user may now only run sudo -U otheruser -l if they have a “sudo ALL” + privilege where the RunAs user contains either root or otheruser. Previously, + having “sudo ALL” was sufficient, regardless of the RunAs user. GitHub issue + #134. + * The sudo lecture is now displayed immediately before the password prompt. As a + result, sudo will no longer display the lecture unless the user needs to enter + a password. Authentication methods that don’t interact with the user via a + terminal do not trigger the lecture. + * Sudo now uses its own closefrom() emulation on Linux systems. The glibc version + may not work in a chroot jail where /proc is not available. If close_range(2) + is present, it will be used in preference to /proc/self/fd. +- drop sudo-1.9.9-honor-T_opt.patch , feature-upstream-restrict-sudo-U-other-l.patch + (upstream) + ------------------------------------------------------------------- Thu Mar 3 12:00:46 UTC 2022 - Jason Sikes diff --git a/sudo.spec b/sudo.spec index 594e559..98af774 100644 --- a/sudo.spec +++ b/sudo.spec @@ -22,7 +22,7 @@ %define use_usretc 1 %endif Name: sudo -Version: 1.9.9 +Version: 1.9.10 Release: 0 Summary: Execute some commands as root License: ISC @@ -38,8 +38,6 @@ Source6: fate_313276_test.sh Source7: README_313276.test # PATCH-OPENSUSE: the "SUSE" branding of the default sudo config Patch0: sudo-sudoers.patch -Patch1: feature-upstream-restrict-sudo-U-other-l.patch -Patch2: sudo-1.9.9-honor-T_opt.patch BuildRequires: audit-devel BuildRequires: cyrus-sasl-devel BuildRequires: groff