and sudo_secure_dir() wrappers which get by #includedir in sudoers.
#include "secure_path.h"
/*
- * Verify that path is a regular file and not writable by other users.
+ * Verify that path is the right type and not writable by other users.
*/
int
-sudo_secure_path(const char *path, uid_t uid, gid_t gid, struct stat *sbp)
+sudo_secure_path(const char *path, int type, uid_t uid, gid_t gid, struct stat *sbp)
{
struct stat sb;
int rval = SUDO_PATH_MISSING;
debug_decl(sudo_secure_path, SUDO_DEBUG_UTIL)
if (path != NULL && stat_sudoers(path, &sb) == 0) {
- if (!S_ISREG(sb.st_mode)) {
+ if ((sb.st_mode & _S_IFMT) != type) {
rval = SUDO_PATH_BAD_TYPE;
} else if (uid != (uid_t)-1 && sb.st_uid != uid) {
rval = SUDO_PATH_WRONG_OWNER;
debug_return_int(rval);
}
+
+/*
+ * Verify that path is a regular file and not writable by other users.
+ */
+int
+sudo_secure_file(const char *path, uid_t uid, gid_t gid, struct stat *sbp)
+{
+ return sudo_secure_path(path, _S_IFREG, uid, gid, sbp);
+}
+
+/*
+ * Verify that path is a directory and not writable by other users.
+ */
+int
+sudo_secure_dir(const char *path, uid_t uid, gid_t gid, struct stat *sbp)
+{
+ return sudo_secure_path(path, _S_IFDIR, uid, gid, sbp);
+}
FILE *fp;
char *cp;
- switch (sudo_secure_path(_PATH_SUDO_CONF, ROOT_UID, -1, &sb)) {
+ switch (sudo_secure_file(_PATH_SUDO_CONF, ROOT_UID, -1, &sb)) {
case SUDO_PATH_SECURE:
break;
case SUDO_PATH_MISSING:
#define SUDO_PATH_WORLD_WRITABLE -4
#define SUDO_PATH_GROUP_WRITABLE -5
-int sudo_secure_path(const char *path, uid_t uid, gid_t gid, struct stat *sbp);
+int sudo_secure_dir(const char *path, uid_t uid, gid_t gid, struct stat *sbp);
+int sudo_secure_file(const char *path, uid_t uid, gid_t gid, struct stat *sbp);
+int sudo_secure_path(const char *path, int type, uid_t uid, gid_t gid, struct stat *sbp);
#endif /* _SUDO_SECURE_PATH_H */
#define YYPREFIX "yy"
#line 2 "gram.y"
/*
- * Copyright (c) 1996, 1998-2005, 2007-2011
+ * Copyright (c) 1996, 1998-2005, 2007-2012
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
extern int sudolineno;
extern int last_token;
extern char *sudoers;
-static bool verbose = false;
+bool sudoers_warnings = true;
bool parse_error = false;
int errorlineno = -1;
char *errorfile = NULL;
}
if (trace_print != NULL) {
LEXTRACE("<*> ");
- } else if (verbose && s != NULL) {
+ } else if (sudoers_warnings && s != NULL) {
warningx(_(">>> %s: %s near line %d <<<"), sudoers, s, sudolineno);
}
parse_error = true;
parse_error = false;
errorlineno = -1;
errorfile = sudoers;
- verbose = !quiet;
+ sudoers_warnings = !quiet;
debug_return;
}
#ifdef SIZE_MAX
#define YY_SIZE_MAX SIZE_MAX
#else
-#define YY_SIZE_MAX 0x7fffffff
+#define YY_SIZE_MAX 0xffffffffU
#endif
if (newsize && YY_SIZE_MAX / newsize < sizeof *newss)
goto bail;
extern int sudolineno;
extern int last_token;
extern char *sudoers;
-static bool verbose = false;
+bool sudoers_warnings = true;
bool parse_error = false;
int errorlineno = -1;
char *errorfile = NULL;
}
if (trace_print != NULL) {
LEXTRACE("<*> ");
- } else if (verbose && s != NULL) {
+ } else if (sudoers_warnings && s != NULL) {
warningx(_(">>> %s: %s near line %d <<<"), sudoers, s, sudolineno);
}
parse_error = true;
parse_error = false;
errorlineno = -1;
errorfile = sudoers;
- verbose = !quiet;
+ sudoers_warnings = !quiet;
debug_return;
}
/*
* Globals
*/
-const char *sudoers_file = _PATH_SUDOERS;
-mode_t sudoers_mode = SUDOERS_MODE;
-uid_t sudoers_uid = SUDOERS_UID;
-gid_t sudoers_gid = SUDOERS_GID;
struct sudo_user sudo_user;
struct passwd *list_pw;
struct interface *interfaces;
set_perms(PERM_SUDOERS);
- switch (sudo_secure_path(sudoers, sudoers_uid, sudoers_gid, &sb)) {
+ switch (sudo_secure_file(sudoers, sudoers_uid, sudoers_gid, &sb)) {
case SUDO_PATH_SECURE:
if ((fp = fopen(sudoers, "r")) == NULL) {
log_error(USE_ERRNO|NO_EXIT, _("unable to open %s"), sudoers);
/* toke.l */
YY_DECL;
+extern const char *sudoers_file;
+extern mode_t sudoers_mode;
+extern uid_t sudoers_uid;
+extern gid_t sudoers_gid;
/* defaults.c */
void dump_defaults(void);
#ifndef _SUDO_MAIN
extern struct sudo_user sudo_user;
extern struct passwd *list_pw;
-extern const char *sudoers_file;
-extern mode_t sudoers_mode;
-extern uid_t sudoers_uid;
-extern gid_t sudoers_gid;
extern int long_list;
extern int sudo_mode;
extern uid_t timestamp_uid;
/* A lexical scanner generated by flex */
/* Scanner skeleton version:
- * $Header: /home/cvs/openbsd/src/usr.bin/lex/flex.skl,v 1.11 2010/08/04 18:24:50 millert Exp $
+ * $Header: /cvs/src/usr.bin/lex/flex.skl,v 1.11 2010/08/04 18:24:50 millert Exp $
*/
#define FLEX_SCANNER
#define INITIAL 0
#line 2 "toke.l"
/*
- * Copyright (c) 1996, 1998-2005, 2007-2011
+ * Copyright (c) 1996, 1998-2005, 2007-2012
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
#include "toke.h"
#include <gram.h>
#include "lbuf.h"
+#include "secure_path.h"
extern YYSTYPE yylval;
extern bool parse_error;
+extern bool sudoers_warnings;
int sudolineno;
int last_token;
char *sudoers;
+/* Default sudoers path, mode and owner */
+const char *sudoers_file = _PATH_SUDOERS;
+mode_t sudoers_mode = SUDOERS_MODE;
+uid_t sudoers_uid = SUDOERS_UID;
+gid_t sudoers_gid = SUDOERS_GID;
+
static bool continued, sawspace;
static int prev_state;
#define INSTR 5
-#line 1515 "lex.yy.c"
+#line 1523 "lex.yy.c"
/* Macros after this point can all be overridden by user definitions in
* section 1.
register char *yy_cp, *yy_bp;
register int yy_act;
-#line 123 "toke.l"
+#line 131 "toke.l"
-#line 1671 "lex.yy.c"
+#line 1679 "lex.yy.c"
if ( yy_init )
{
case 1:
YY_RULE_SETUP
-#line 124 "toke.l"
+#line 132 "toke.l"
{
LEXTRACE(", ");
LEXRETURN(',');
YY_BREAK
case 2:
YY_RULE_SETUP
-#line 129 "toke.l"
+#line 137 "toke.l"
BEGIN STARTDEFS;
YY_BREAK
case 3:
YY_RULE_SETUP
-#line 131 "toke.l"
+#line 139 "toke.l"
{
BEGIN INDEFS;
LEXTRACE("DEFVAR ");
case 4:
YY_RULE_SETUP
-#line 140 "toke.l"
+#line 148 "toke.l"
{
BEGIN STARTDEFS;
LEXTRACE(", ");
YY_BREAK
case 5:
YY_RULE_SETUP
-#line 146 "toke.l"
+#line 154 "toke.l"
{
LEXTRACE("= ");
LEXRETURN('=');
YY_BREAK
case 6:
YY_RULE_SETUP
-#line 151 "toke.l"
+#line 159 "toke.l"
{
LEXTRACE("+= ");
LEXRETURN('+');
YY_BREAK
case 7:
YY_RULE_SETUP
-#line 156 "toke.l"
+#line 164 "toke.l"
{
LEXTRACE("-= ");
LEXRETURN('-');
YY_BREAK
case 8:
YY_RULE_SETUP
-#line 161 "toke.l"
+#line 169 "toke.l"
{
LEXTRACE("BEGINSTR ");
yylval.string = NULL;
YY_BREAK
case 9:
YY_RULE_SETUP
-#line 168 "toke.l"
+#line 176 "toke.l"
{
LEXTRACE("WORD(2) ");
if (!fill(yytext, yyleng))
case 10:
YY_RULE_SETUP
-#line 177 "toke.l"
+#line 185 "toke.l"
{
/* Line continuation char followed by newline. */
sudolineno++;
YY_BREAK
case 11:
YY_RULE_SETUP
-#line 183 "toke.l"
+#line 191 "toke.l"
{
LEXTRACE("ENDSTR ");
BEGIN prev_state;
YY_BREAK
case 12:
YY_RULE_SETUP
-#line 215 "toke.l"
+#line 223 "toke.l"
{
LEXTRACE("BACKSLASH ");
if (!append(yytext, yyleng))
YY_BREAK
case 13:
YY_RULE_SETUP
-#line 221 "toke.l"
+#line 229 "toke.l"
{
LEXTRACE("STRBODY ");
if (!append(yytext, yyleng))
case 14:
YY_RULE_SETUP
-#line 229 "toke.l"
+#line 237 "toke.l"
{
/* quoted fnmatch glob char, pass verbatim */
LEXTRACE("QUOTEDCHAR ");
YY_BREAK
case 15:
YY_RULE_SETUP
-#line 237 "toke.l"
+#line 245 "toke.l"
{
/* quoted sudoers special char, strip backslash */
LEXTRACE("QUOTEDCHAR ");
YY_BREAK
case 16:
YY_RULE_SETUP
-#line 245 "toke.l"
+#line 253 "toke.l"
{
BEGIN INITIAL;
yyless(0);
YY_BREAK
case 17:
YY_RULE_SETUP
-#line 251 "toke.l"
+#line 259 "toke.l"
{
LEXTRACE("ARG ");
if (!fill_args(yytext, yyleng, sawspace))
case 18:
YY_RULE_SETUP
-#line 259 "toke.l"
+#line 267 "toke.l"
{
char *path;
YY_BREAK
case 19:
YY_RULE_SETUP
-#line 277 "toke.l"
+#line 285 "toke.l"
{
char *path;
YY_BREAK
case 20:
YY_RULE_SETUP
-#line 298 "toke.l"
+#line 306 "toke.l"
{
char deftype;
int n;
YY_BREAK
case 21:
YY_RULE_SETUP
-#line 338 "toke.l"
+#line 346 "toke.l"
{
int n;
YY_BREAK
case 22:
YY_RULE_SETUP
-#line 364 "toke.l"
+#line 372 "toke.l"
{
/* cmnd does not require passwd for this user */
LEXTRACE("NOPASSWD ");
YY_BREAK
case 23:
YY_RULE_SETUP
-#line 370 "toke.l"
+#line 378 "toke.l"
{
/* cmnd requires passwd for this user */
LEXTRACE("PASSWD ");
YY_BREAK
case 24:
YY_RULE_SETUP
-#line 376 "toke.l"
+#line 384 "toke.l"
{
LEXTRACE("NOEXEC ");
LEXRETURN(NOEXEC);
YY_BREAK
case 25:
YY_RULE_SETUP
-#line 381 "toke.l"
+#line 389 "toke.l"
{
LEXTRACE("EXEC ");
LEXRETURN(EXEC);
YY_BREAK
case 26:
YY_RULE_SETUP
-#line 386 "toke.l"
+#line 394 "toke.l"
{
LEXTRACE("SETENV ");
LEXRETURN(SETENV);
YY_BREAK
case 27:
YY_RULE_SETUP
-#line 391 "toke.l"
+#line 399 "toke.l"
{
LEXTRACE("NOSETENV ");
LEXRETURN(NOSETENV);
YY_BREAK
case 28:
YY_RULE_SETUP
-#line 396 "toke.l"
+#line 404 "toke.l"
{
LEXTRACE("LOG_OUTPUT ");
LEXRETURN(LOG_OUTPUT);
YY_BREAK
case 29:
YY_RULE_SETUP
-#line 401 "toke.l"
+#line 409 "toke.l"
{
LEXTRACE("NOLOG_OUTPUT ");
LEXRETURN(NOLOG_OUTPUT);
YY_BREAK
case 30:
YY_RULE_SETUP
-#line 406 "toke.l"
+#line 414 "toke.l"
{
LEXTRACE("LOG_INPUT ");
LEXRETURN(LOG_INPUT);
YY_BREAK
case 31:
YY_RULE_SETUP
-#line 411 "toke.l"
+#line 419 "toke.l"
{
LEXTRACE("NOLOG_INPUT ");
LEXRETURN(NOLOG_INPUT);
YY_BREAK
case 32:
YY_RULE_SETUP
-#line 416 "toke.l"
+#line 424 "toke.l"
{
/* empty group or netgroup */
LEXTRACE("ERROR ");
YY_BREAK
case 33:
YY_RULE_SETUP
-#line 422 "toke.l"
+#line 430 "toke.l"
{
/* netgroup */
if (!fill(yytext, yyleng))
YY_BREAK
case 34:
YY_RULE_SETUP
-#line 430 "toke.l"
+#line 438 "toke.l"
{
/* group */
if (!fill(yytext, yyleng))
YY_BREAK
case 35:
YY_RULE_SETUP
-#line 438 "toke.l"
+#line 446 "toke.l"
{
if (!fill(yytext, yyleng))
yyterminate();
YY_BREAK
case 36:
YY_RULE_SETUP
-#line 445 "toke.l"
+#line 453 "toke.l"
{
if (!fill(yytext, yyleng))
yyterminate();
YY_BREAK
case 37:
YY_RULE_SETUP
-#line 452 "toke.l"
+#line 460 "toke.l"
{
if (!ipv6_valid(yytext)) {
LEXTRACE("ERROR ");
YY_BREAK
case 38:
YY_RULE_SETUP
-#line 463 "toke.l"
+#line 471 "toke.l"
{
if (!ipv6_valid(yytext)) {
LEXTRACE("ERROR ");
YY_BREAK
case 39:
YY_RULE_SETUP
-#line 474 "toke.l"
+#line 482 "toke.l"
{
LEXTRACE("ALL ");
LEXRETURN(ALL);
YY_BREAK
case 40:
YY_RULE_SETUP
-#line 480 "toke.l"
+#line 488 "toke.l"
{
#ifdef HAVE_SELINUX
LEXTRACE("ROLE ");
YY_BREAK
case 41:
YY_RULE_SETUP
-#line 489 "toke.l"
+#line 497 "toke.l"
{
#ifdef HAVE_SELINUX
LEXTRACE("TYPE ");
YY_BREAK
case 42:
YY_RULE_SETUP
-#line 498 "toke.l"
+#line 506 "toke.l"
{
#ifndef HAVE_SELINUX
got_alias:
YY_BREAK
case 43:
YY_RULE_SETUP
-#line 508 "toke.l"
+#line 516 "toke.l"
{
/* no command args allowed for Defaults!/path */
if (!fill_cmnd(yytext, yyleng))
YY_BREAK
case 44:
YY_RULE_SETUP
-#line 516 "toke.l"
+#line 524 "toke.l"
{
BEGIN GOTCMND;
LEXTRACE("COMMAND ");
YY_BREAK
case 45:
YY_RULE_SETUP
-#line 523 "toke.l"
+#line 531 "toke.l"
{
/* directories can't have args... */
if (yytext[yyleng - 1] == '/') {
YY_BREAK
case 46:
YY_RULE_SETUP
-#line 538 "toke.l"
+#line 546 "toke.l"
{
LEXTRACE("BEGINSTR ");
yylval.string = NULL;
YY_BREAK
case 47:
YY_RULE_SETUP
-#line 545 "toke.l"
+#line 553 "toke.l"
{
/* a word */
if (!fill(yytext, yyleng))
YY_BREAK
case 48:
YY_RULE_SETUP
-#line 553 "toke.l"
+#line 561 "toke.l"
{
LEXTRACE("( ");
LEXRETURN('(');
YY_BREAK
case 49:
YY_RULE_SETUP
-#line 558 "toke.l"
+#line 566 "toke.l"
{
LEXTRACE(") ");
LEXRETURN(')');
YY_BREAK
case 50:
YY_RULE_SETUP
-#line 563 "toke.l"
+#line 571 "toke.l"
{
LEXTRACE(", ");
LEXRETURN(',');
YY_BREAK
case 51:
YY_RULE_SETUP
-#line 568 "toke.l"
+#line 576 "toke.l"
{
LEXTRACE("= ");
LEXRETURN('=');
YY_BREAK
case 52:
YY_RULE_SETUP
-#line 573 "toke.l"
+#line 581 "toke.l"
{
LEXTRACE(": ");
LEXRETURN(':');
YY_BREAK
case 53:
YY_RULE_SETUP
-#line 578 "toke.l"
+#line 586 "toke.l"
{
if (yyleng & 1) {
LEXTRACE("!");
YY_BREAK
case 54:
YY_RULE_SETUP
-#line 585 "toke.l"
+#line 593 "toke.l"
{
if (YY_START == INSTR) {
LEXTRACE("ERROR ");
YY_BREAK
case 55:
YY_RULE_SETUP
-#line 597 "toke.l"
+#line 605 "toke.l"
{ /* throw away space/tabs */
sawspace = true; /* but remember for fill_args */
}
YY_BREAK
case 56:
YY_RULE_SETUP
-#line 601 "toke.l"
+#line 609 "toke.l"
{
sawspace = true; /* remember for fill_args */
sudolineno++;
YY_BREAK
case 57:
YY_RULE_SETUP
-#line 607 "toke.l"
+#line 615 "toke.l"
{
BEGIN INITIAL;
sudolineno++;
YY_BREAK
case 58:
YY_RULE_SETUP
-#line 615 "toke.l"
+#line 623 "toke.l"
{
LEXTRACE("ERROR ");
LEXRETURN(ERROR);
case YY_STATE_EOF(STARTDEFS):
case YY_STATE_EOF(INDEFS):
case YY_STATE_EOF(INSTR):
-#line 620 "toke.l"
+#line 628 "toke.l"
{
if (YY_START != INITIAL) {
BEGIN INITIAL;
YY_BREAK
case 59:
YY_RULE_SETUP
-#line 630 "toke.l"
+#line 638 "toke.l"
ECHO;
YY_BREAK
-#line 2447 "lex.yy.c"
+#line 2455 "lex.yy.c"
case YY_END_OF_BUFFER:
{
return 0;
}
#endif
-#line 630 "toke.l"
+#line 638 "toke.l"
struct path_list {
char *path;
}
}
if (isdir) {
+ struct stat sb;
+ switch (sudo_secure_dir(path, sudoers_uid, sudoers_gid, &sb)) {
+ case SUDO_PATH_MISSING:
+ debug_return_bool(false);
+ case SUDO_PATH_BAD_TYPE:
+ errno = ENOTDIR;
+ if (sudoers_warnings) {
+ warning(path);
+ }
+ debug_return_bool(false);
+ case SUDO_PATH_WRONG_OWNER:
+ if (sudoers_warnings) {
+ warningx(_("%s is owned by uid %u, should be %u"),
+ path, (unsigned int) sb.st_uid,
+ (unsigned int) sudoers_uid);
+ }
+ debug_return_bool(false);
+ case SUDO_PATH_WORLD_WRITABLE:
+ if (sudoers_warnings) {
+ warningx(_("%s is world writable"), path);
+ }
+ debug_return_bool(false);
+ case SUDO_PATH_GROUP_WRITABLE:
+ if (sudoers_warnings) {
+ warningx(_("%s is owned by gid %u, should be %u"),
+ path, (unsigned int) sb.st_gid,
+ (unsigned int) sudoers_gid);
+ }
+ debug_return_bool(false);
+ default:
+ /* NOTREACHED */
+ debug_return_bool(false);
+ }
if (!(path = switch_dir(&istack[idepth], path))) {
/* switch_dir() called yyerror() for us */
debug_return_bool(false);
%{
/*
- * Copyright (c) 1996, 1998-2005, 2007-2011
+ * Copyright (c) 1996, 1998-2005, 2007-2012
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
#include "toke.h"
#include <gram.h>
#include "lbuf.h"
+#include "secure_path.h"
extern YYSTYPE yylval;
extern bool parse_error;
+extern bool sudoers_warnings;
int sudolineno;
int last_token;
char *sudoers;
+/* Default sudoers path, mode and owner */
+const char *sudoers_file = _PATH_SUDOERS;
+mode_t sudoers_mode = SUDOERS_MODE;
+uid_t sudoers_uid = SUDOERS_UID;
+gid_t sudoers_gid = SUDOERS_GID;
+
static bool continued, sawspace;
static int prev_state;
}
}
if (isdir) {
+ struct stat sb;
+ switch (sudo_secure_dir(path, sudoers_uid, sudoers_gid, &sb)) {
+ case SUDO_PATH_MISSING:
+ debug_return_bool(false);
+ case SUDO_PATH_BAD_TYPE:
+ errno = ENOTDIR;
+ if (sudoers_warnings) {
+ warning(path);
+ }
+ debug_return_bool(false);
+ case SUDO_PATH_WRONG_OWNER:
+ if (sudoers_warnings) {
+ warningx(_("%s is owned by uid %u, should be %u"),
+ path, (unsigned int) sb.st_uid,
+ (unsigned int) sudoers_uid);
+ }
+ debug_return_bool(false);
+ case SUDO_PATH_WORLD_WRITABLE:
+ if (sudoers_warnings) {
+ warningx(_("%s is world writable"), path);
+ }
+ debug_return_bool(false);
+ case SUDO_PATH_GROUP_WRITABLE:
+ if (sudoers_warnings) {
+ warningx(_("%s is owned by gid %u, should be %u"),
+ path, (unsigned int) sb.st_gid,
+ (unsigned int) sudoers_gid);
+ }
+ debug_return_bool(false);
+ default:
+ /* NOTREACHED */
+ debug_return_bool(false);
+ }
if (!(path = switch_dir(&istack[idepth], path))) {
/* switch_dir() called yyerror() for us */
debug_return_bool(false);
projects / sudo / commitdiff