svn commit: r468129 - in head/security/sudo: . files
Renato Botelho
garga at FreeBSD.org
Mon Apr 23 18:40:51 UTC 2018
Author: garga
Date: Mon Apr 23 18:40:50 2018
New Revision: 468129
URL: https://svnweb.freebsd.org/changeset/ports/468129
Log:
Add a patch to fix cryptographic digest in command specification for shell
scripts and other interpreted files. Error happens because fexecve() requires
/dev/fd to be mounted. This patch detects if /dev/fd/N exists before attempt
to use fexecve and workaround the issue.
PR: 223587
Submitted by: Todd C. Miller <Todd.Miller at sudo.ws>
Reported by: vas at mpeks.tomsk.su
Obtained from: https://www.sudo.ws/repos/sudo/rev/30f7c5d64104
MFH: 2018Q2
Sponsored by: Rubicon Communications, LLC (Netgate)
Added:
head/security/sudo/files/patch-fix-fexecve (contents, props changed)
Modified:
head/security/sudo/Makefile
Modified: head/security/sudo/Makefile
==============================================================================
--- head/security/sudo/Makefile Mon Apr 23 18:37:39 2018 (r468128)
+++ head/security/sudo/Makefile Mon Apr 23 18:40:50 2018 (r468129)
@@ -3,7 +3,7 @@
PORTNAME= sudo
PORTVERSION= 1.8.22
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= security
MASTER_SITES= SUDO
Added: head/security/sudo/files/patch-fix-fexecve
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/sudo/files/patch-fix-fexecve Mon Apr 23 18:40:50 2018 (r468129)
@@ -0,0 +1,92 @@
+
+# HG changeset patch
+# User Todd C. Miller <Todd.Miller at sudo.ws>
+# Date 1524502491 21600
+# Node ID 30f7c5d64104cdbae5c0a63e57aeec1d188c0f5b
+# Parent a786a841f30a60c5f18b4ec476f8a749135d48ec
+We can only use fexecve() on a script if /dev/fd/N exists.
+Some systems, such as FreeBSD, don't have /dev/fd mounted
+by default. Bug #831
+
+diff -r a786a841f30a -r 30f7c5d64104 plugins/sudoers/match.c
+--- plugins/sudoers/match.c Sun Apr 22 06:58:53 2018 -0600
++++ plugins/sudoers/match.c Mon Apr 23 10:54:51 2018 -0600
+@@ -487,32 +487,22 @@
+ debug_return_bool(stat(path, sb) == 0);
+ }
+
++#ifdef HAVE_FEXECVE
+ /*
+- * On systems with fexecve(2), set the close-on-exec flag on the file
+- * descriptor only if the file is not a script. Because scripts need
+- * to be executed by an interpreter the fd must remain open for the
+- * interpreter to use.
++ * Check whether the fd refers to a shell script with a "#!" shebang.
+ */
+-static void
+-set_cloexec(int fd)
++static bool
++is_script(int fd)
+ {
+- bool is_script = false;
+-#ifdef HAVE_FEXECVE
++ bool ret = false;
+ char magic[2];
+
+- /* Check for #! cookie and set is_script. */
+ if (read(fd, magic, 2) == 2) {
+ if (magic[0] == '#' && magic[1] == '!')
+- is_script = true;
++ ret = true;
+ }
+ (void) lseek(fd, (off_t)0, SEEK_SET);
+-#endif /* HAVE_FEXECVE */
+- /*
+- * Shell scripts go through namei twice and so we can't set the close
+- * on exec flag on the fd for fexecve(2).
+- */
+- if (!is_script)
+- (void)fcntl(fd, F_SETFD, FD_CLOEXEC);
++ return ret;
+ }
+
+ /*
+@@ -541,10 +531,36 @@
+ if (fd == -1)
+ debug_return_bool(false);
+
+- set_cloexec(fd);
++ if (is_script(fd)) {
++ char fdpath[PATH_MAX];
++ struct stat sb;
++
++ /* We can only use fexecve() on a script if /dev/fd/N exists. */
++ snprintf(fdpath, sizeof(fdpath), "/dev/fd/%d", fd);
++ if (stat(fdpath, &sb) != 0) {
++ close(fd);
++ debug_return_bool(false);
++ }
++
++ /*
++ * Shell scripts go through namei twice so we can't set the
++ * close on exec flag on the fd for fexecve(2).
++ */
++ } else {
++ /* Not a script, close on exec is safe. */
++ (void)fcntl(fd, F_SETFD, FD_CLOEXEC);
++ }
++
+ *fdp = fd;
+ debug_return_bool(true);
+ }
++#else /* HAVE_FEXECVE */
++static bool
++open_cmnd(const char *path, const struct sudo_digest *digest, int *fdp)
++{
++ return true;
++}
++#endif /* HAVE_FEXECVE */
+
+ static bool
+ command_matches_fnmatch(const char *sudoers_cmnd, const char *sudoers_args,
+
More information about the svn-ports-all
mailing list