[sudo-workers] broken parsing of #includedir with sudo-1.8.5
Mike Frysinger
vapier at gentoo.org
Thu May 17 15:18:14 EDT 2012
it looks like the refactoring of path checks broke parsing of #includedir
directives. specifically, if we look at plugins/sudoers/toke.l, we see:
static bool
_push_include(char *path, bool isdir)
{
...
switch (sudo_secure_dir(path, sudoers_uid, sudoers_gid, &sb)) {
case SUDO_PATH_MISSING:
debug_return_bool(false);
case SUDO_PATH_BAD_TYPE:
...
debug_return_bool(false);
case SUDO_PATH_WRONG_OWNER:
...
debug_return_bool(false);
case SUDO_PATH_WORLD_WRITABLE:
...
debug_return_bool(false);
case SUDO_PATH_GROUP_WRITABLE:
...
debug_return_bool(false);
default:
/* NOTREACHED */
debug_return_bool(false);
}
...
the astute reader might notice that nowhere in this switch statement do we
break out :). so regardless of the secure status, we do not parse the path.
adding a case for SUDO_PATH_SECURE like so fixes things:
case SUDO_PATH_SECURE:
break;
however, that leads us to another bug: files with bad perms inside of included
dirs no longer get warned. so with sudo-1.8.4, i can do:
# touch /etc/sudoers.d/f
# chmod 644 /etc/sudoers.d/f
# chown 0:0 /etc/sudoers.d/f
# sudo true
sudo: /etc/sudoers.d/f is mode 0644, should be 0440
but now with 1.8.5 (and the fix above), i get no warning:
# sudo true
i'm not familiar enough with the code base to suggest a fix here ...
-mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/sudo-workers/attachments/20120517/f116c551/attachment.bin>
More information about the sudo-workers
mailing list