Overview

File sudo-1.8.6p3-CVE-2013-1776.patch of Package sudo.openSUSE_12.1_Update

2b18d55589975e70dd98f24bca5b0aaabc56a9b5
 plugins/sudoers/check.c   |    4 +++-
 plugins/sudoers/sudoers.c |    4 ++++
 plugins/sudoers/sudoers.h |    3 ++-
 3 files changed, 9 insertions(+), 2 deletions(-)

Index: sudo-1.8.2/plugins/sudoers/check.c
===================================================================
--- sudo-1.8.2.orig/plugins/sudoers/check.c	2013-03-01 13:26:15.560485878 +0100
+++ sudo-1.8.2/plugins/sudoers/check.c	2013-03-01 13:26:15.576486355 +0100
@@ -82,6 +82,7 @@ static struct tty_info {
     dev_t rdev;			/* tty device ID */
     ino_t ino;			/* tty inode number */
     struct timeval ctime;	/* tty inode change time */
+    pid_t sid;			/* ID of session with controlling tty */
 } tty_info;
 
 static int   build_timestamp(char **, char **);
@@ -104,13 +105,14 @@ check_user(int validated, int mode)
     struct stat sb;
     int status, rval = TRUE;
 
-    /* Stash the tty's ctime for tty ticket comparison. */
+    /* Stash the tty's device, session ID and ctime for ticket comparison. */
     if (def_tty_tickets && user_ttypath && stat(user_ttypath, &sb) == 0) {
 	tty_info.dev = sb.st_dev;
 	tty_info.ino = sb.st_ino;
 	tty_info.rdev = sb.st_rdev;
 	if (tty_is_devpts(user_ttypath))
 	    ctim_get(&sb, &tty_info.ctime);
+	tty_info.sid = user_sid;
     }
 
     /* Always prompt for a password when -k was specified with the command. */
Index: sudo-1.8.2/plugins/sudoers/sudoers.c
===================================================================
--- sudo-1.8.2.orig/plugins/sudoers/sudoers.c	2011-08-14 00:37:06.000000000 +0200
+++ sudo-1.8.2/plugins/sudoers/sudoers.c	2013-03-01 13:26:15.577486385 +0100
@@ -1343,6 +1343,10 @@ deserialize_info(char * const settings[]
 	    sudo_user.cols = atoi(*cur + sizeof("cols=") - 1);
 	    continue;
 	}
+	if (MATCHES(*cur, "sid=")) {
+	    sudo_user.sid = atoi(*cur + sizeof("sid=") - 1);
+	    continue;
+	}
     }
     if (user_cwd == NULL)
 	user_cwd = "unknown";
Index: sudo-1.8.2/plugins/sudoers/sudoers.h
===================================================================
--- sudo-1.8.2.orig/plugins/sudoers/sudoers.h	2011-07-25 15:43:36.000000000 +0200
+++ sudo-1.8.2/plugins/sudoers/sudoers.h	2013-03-01 13:26:15.577486385 +0100
@@ -82,6 +82,7 @@ struct sudo_user {
     int   cols;
     uid_t uid;
     uid_t gid;
+    pid_t sid;
 };
 
 /*
@@ -157,8 +158,8 @@ struct sudo_user {
 #define user_name		(sudo_user.name)
 #define user_uid		(sudo_user.uid)
 #define user_gid		(sudo_user.gid)
+#define user_sid		(sudo_user.sid)
 #define user_passwd		(sudo_user.pw->pw_passwd)
-#define user_uuid		(sudo_user.uuid)
 #define user_dir		(sudo_user.pw->pw_dir)
 #define user_group_list		(sudo_user.group_list)
 #define user_tty		(sudo_user.tty)
openSUSE Build Service is sponsored by
Places