File sudo-CVE-2011-0010.patch of Package sudo
# User Todd C. Miller <Todd.Miller@courtesan.com>
# Date 1294760019 18000
# Node ID fe8a94f96542335c02d09fba81077c1dcc6381b5
# Parent 8f9303326db73a2e00cd53c2515db8188386cfc0
If the user is running sudo as himself but as a different group we
need to prompt for a password.
---
check.c | 14 +++++++++++++-
pwutil.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
sudo.h | 1 +
3 files changed, 63 insertions(+), 1 deletion(-)
Index: sudo-1.7.2/check.c
===================================================================
--- sudo-1.7.2.orig/check.c
+++ sudo-1.7.2/check.c
@@ -97,7 +97,13 @@ check_user(validated, mode)
/* do not check or update timestamp */
status = TS_ERROR;
} else {
- if (user_uid == 0 || user_uid == runas_pw->pw_uid || user_is_exempt())
+ /*
+ * Don't prompt for the root passwd or if the user is exempt.
+ * If the user is not changing uid/gid, no need for a password.
+ */
+ if (user_uid == 0 || (user_uid == runas_pw->pw_uid &&
+ (!runas_gr || user_in_group(sudo_user.pw, runas_gr->gr_name))) ||
+ user_is_exempt())
return;
build_timestamp(×tampdir, ×tampfile);
Index: sudo-1.7.2/pwutil.c
===================================================================
--- sudo-1.7.2.orig/pwutil.c
+++ sudo-1.7.2/pwutil.c
@@ -569,3 +569,50 @@ sudo_endgrent()
sudo_freegrcache();
#endif
}
+
+
+int
+user_in_group(struct passwd *pw, const char *group)
+{
+ char **gr_mem;
+ int i;
+ struct group *grp;
+ int retval = FALSE;
+
+ grp = sudo_getgrnam(group);
+ if (grp == NULL)
+ goto done;
+
+ /* check against user's primary (passwd file) gid */
+ if (grp->gr_gid == pw->pw_gid) {
+ retval = TRUE;
+ goto done;
+ }
+
+ /*
+ * If we are matching the invoking or list user and that user has a
+ * supplementary group vector, check it.
+ */
+ if (user_ngroups > 0 &&
+ strcmp(pw->pw_name, list_pw ? list_pw->pw_name : user_name) == 0) {
+ for (i = 0; i < user_ngroups; i++) {
+ if (grp->gr_gid == user_groups[i]) {
+ retval = TRUE;
+ goto done;
+ }
+ }
+ } else
+ {
+ if (grp != NULL && grp->gr_mem != NULL) {
+ for (gr_mem = grp->gr_mem; *gr_mem; gr_mem++) {
+ if (strcmp(*gr_mem, pw->pw_name) == 0) {
+ retval = TRUE;
+ goto done;
+ }
+ }
+ }
+ }
+
+done:
+ return(retval);
+}
Index: sudo-1.7.2/sudo.h
===================================================================
--- sudo-1.7.2.orig/sudo.h
+++ sudo-1.7.2/sudo.h
@@ -318,6 +318,7 @@ struct passwd *sudo_getpwuid __P((uid_t)
struct group *sudo_getgrnam __P((const char *));
struct group *sudo_fakegrnam __P((const char *));
struct group *sudo_getgrgid __P((gid_t));
+int user_in_group(struct passwd *pw, const char *group);
#ifdef HAVE_SELINUX
void selinux_exec __P((char *, char *, char **, int));
#endif
