[sudo-workers] broken parsing of #includedir with sudo-1.8.5
Todd C. Miller
Todd.Miller at courtesan.com
Thu May 17 15:41:42 EDT 2012
On Thu, 17 May 2012 15:18:14 EDT, Mike Frysinger wrote:
> the astute reader might notice that nowhere in this switch statement do we
> break out :). so regardless of the secure status, we do not parse the path
> adding a case for SUDO_PATH_SECURE like so fixes things:
> case SUDO_PATH_SECURE:
> break;
Whoops, good catch.
> however, that leads us to another bug: files with bad perms inside of included
> dirs no longer get warned. so with sudo-1.8.4, i can do:
> # touch /etc/sudoers.d/f
> # chmod 644 /etc/sudoers.d/f
> # chown 0:0 /etc/sudoers.d/f
> # sudo true
> sudo: /etc/sudoers.d/f is mode 0644, should be 0440
>
> but now with 1.8.5 (and the fix above), i get no warning:
> # sudo true
The restrictions on permissions have been relaxed intentionally
(see http://www.gratisoft.us/bugzilla/show_bug.cgi?id=492) so I
don't consider that a bug.
Previously, it was easy to get locked out of sudo due to the file
mode which is especially problematic on systems that don't let you
log in as root. Sudo will not load a file from an include dir that
is owned by the wrong user or writable by anyone other than the
owner but if the local admin wants their sudoers file to be world
writable, they can now do so.
- todd
More information about the sudo-workers
mailing list