Overview

File sudo-1.8.6p3-CVE-2013-1776.patch of Package sudo

2b18d55589975e70dd98f24bca5b0aaabc56a9b5
 plugins/sudoers/check.c   |    4 +++-
 plugins/sudoers/sudoers.c |    4 ++++
 plugins/sudoers/sudoers.h |    3 ++-
 3 files changed, 9 insertions(+), 2 deletions(-)

Index: sudo-1.8.6p3/plugins/sudoers/check.c
===================================================================
--- sudo-1.8.6p3.orig/plugins/sudoers/check.c	2013-03-01 12:10:18.668403327 +0100
+++ sudo-1.8.6p3/plugins/sudoers/check.c	2013-03-01 12:10:18.684403798 +0100
@@ -82,6 +82,7 @@ static struct tty_info {
     dev_t rdev;			/* tty device ID */
     ino_t ino;			/* tty inode number */
     struct timeval ctime;	/* tty inode change time */
+    pid_t sid;			/* ID of session with controlling tty */
 } tty_info;
 
 static int   build_timestamp(char **, char **);
@@ -138,13 +139,14 @@ check_user(int validated, int mode)
     if (ISSET(mode, MODE_IGNORE_TICKET))
 	SET(validated, FLAG_CHECK_USER);
 
-    /* Stash the tty's ctime for tty ticket comparison. */
+    /* Stash the tty's device, session ID and ctime for ticket comparison. */
     if (def_tty_tickets && user_ttypath && stat(user_ttypath, &sb) == 0) {
 	tty_info.dev = sb.st_dev;
 	tty_info.ino = sb.st_ino;
 	tty_info.rdev = sb.st_rdev;
 	if (tty_is_devpts(user_ttypath))
 	    ctim_get(&sb, &tty_info.ctime);
+	tty_info.sid = user_sid;
     }
 
     if (build_timestamp(&timestampdir, &timestampfile) == -1) {
Index: sudo-1.8.6p3/plugins/sudoers/sudoers.c
===================================================================
--- sudo-1.8.6p3.orig/plugins/sudoers/sudoers.c	2012-09-18 15:56:30.000000000 +0200
+++ sudo-1.8.6p3/plugins/sudoers/sudoers.c	2013-03-01 12:10:18.685403827 +0100
@@ -1410,6 +1410,10 @@ deserialize_info(char * const args[], ch
 	    sudo_user.cols = atoi(*cur + sizeof("cols=") - 1);
 	    continue;
 	}
+	if (MATCHES(*cur, "sid=")) {
+	    sudo_user.sid = atoi(*cur + sizeof("sid=") - 1);
+	    continue;
+	}
     }
     if (user_cwd == NULL)
 	user_cwd = "unknown";
Index: sudo-1.8.6p3/plugins/sudoers/sudoers.h
===================================================================
--- sudo-1.8.6p3.orig/plugins/sudoers/sudoers.h	2012-09-18 15:57:43.000000000 +0200
+++ sudo-1.8.6p3/plugins/sudoers/sudoers.h	2013-03-01 12:10:18.685403827 +0100
@@ -95,6 +95,7 @@ struct sudo_user {
     int   flags;
     uid_t uid;
     uid_t gid;
+    pid_t sid;
 };
 
 /*
@@ -171,8 +172,8 @@ struct sudo_user {
 #define user_name		(sudo_user.name)
 #define user_uid		(sudo_user.uid)
 #define user_gid		(sudo_user.gid)
+#define user_sid		(sudo_user.sid)
 #define user_passwd		(sudo_user.pw->pw_passwd)
-#define user_uuid		(sudo_user.uuid)
 #define user_dir		(sudo_user.pw->pw_dir)
 #define user_gids		(sudo_user.gids)
 #define user_ngids		(sudo_user.ngids)
openSUSE Build Service is sponsored by
Places