From: Todd C. Miller Date: Wed, 29 Feb 2012 20:50:48 +0000 (-0500) Subject: Add type param to sudo_secure_path() and add sudo_secure_file() X-Git-Tag: SUDO_1_8_5~1^2~181 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8d05f0d1b0b895deb5fb25be06e63486eeacfe86;p=sudo Add type param to sudo_secure_path() and add sudo_secure_file() and sudo_secure_dir() wrappers which get by #includedir in sudoers. --- diff --git a/common/secure_path.c b/common/secure_path.c index db2b87f90..bbc38a29d 100644 --- a/common/secure_path.c +++ b/common/secure_path.c @@ -36,17 +36,17 @@ #include "secure_path.h" /* - * Verify that path is a regular file and not writable by other users. + * Verify that path is the right type and not writable by other users. */ int -sudo_secure_path(const char *path, uid_t uid, gid_t gid, struct stat *sbp) +sudo_secure_path(const char *path, int type, uid_t uid, gid_t gid, struct stat *sbp) { struct stat sb; int rval = SUDO_PATH_MISSING; debug_decl(sudo_secure_path, SUDO_DEBUG_UTIL) if (path != NULL && stat_sudoers(path, &sb) == 0) { - if (!S_ISREG(sb.st_mode)) { + if ((sb.st_mode & _S_IFMT) != type) { rval = SUDO_PATH_BAD_TYPE; } else if (uid != (uid_t)-1 && sb.st_uid != uid) { rval = SUDO_PATH_WRONG_OWNER; @@ -64,3 +64,21 @@ sudo_secure_path(const char *path, uid_t uid, gid_t gid, struct stat *sbp) debug_return_int(rval); } + +/* + * Verify that path is a regular file and not writable by other users. + */ +int +sudo_secure_file(const char *path, uid_t uid, gid_t gid, struct stat *sbp) +{ + return sudo_secure_path(path, _S_IFREG, uid, gid, sbp); +} + +/* + * Verify that path is a directory and not writable by other users. + */ +int +sudo_secure_dir(const char *path, uid_t uid, gid_t gid, struct stat *sbp) +{ + return sudo_secure_path(path, _S_IFDIR, uid, gid, sbp); +} diff --git a/common/sudo_conf.c b/common/sudo_conf.c index c4bfd211d..74b90407d 100644 --- a/common/sudo_conf.c +++ b/common/sudo_conf.c @@ -270,7 +270,7 @@ sudo_conf_read(void) FILE *fp; char *cp; - switch (sudo_secure_path(_PATH_SUDO_CONF, ROOT_UID, -1, &sb)) { + switch (sudo_secure_file(_PATH_SUDO_CONF, ROOT_UID, -1, &sb)) { case SUDO_PATH_SECURE: break; case SUDO_PATH_MISSING: diff --git a/include/secure_path.h b/include/secure_path.h index 37218864d..b96b89b54 100644 --- a/include/secure_path.h +++ b/include/secure_path.h @@ -24,6 +24,8 @@ #define SUDO_PATH_WORLD_WRITABLE -4 #define SUDO_PATH_GROUP_WRITABLE -5 -int sudo_secure_path(const char *path, uid_t uid, gid_t gid, struct stat *sbp); +int sudo_secure_dir(const char *path, uid_t uid, gid_t gid, struct stat *sbp); +int sudo_secure_file(const char *path, uid_t uid, gid_t gid, struct stat *sbp); +int sudo_secure_path(const char *path, int type, uid_t uid, gid_t gid, struct stat *sbp); #endif /* _SUDO_SECURE_PATH_H */ diff --git a/plugins/sudoers/gram.c b/plugins/sudoers/gram.c index e8fe89761..6d5771b0c 100644 --- a/plugins/sudoers/gram.c +++ b/plugins/sudoers/gram.c @@ -12,7 +12,7 @@ #define YYPREFIX "yy" #line 2 "gram.y" /* - * Copyright (c) 1996, 1998-2005, 2007-2011 + * Copyright (c) 1996, 1998-2005, 2007-2012 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -85,7 +85,7 @@ extern int sudolineno; extern int last_token; extern char *sudoers; -static bool verbose = false; +bool sudoers_warnings = true; bool parse_error = false; int errorlineno = -1; char *errorfile = NULL; @@ -118,7 +118,7 @@ yyerror(const char *s) } if (trace_print != NULL) { LEXTRACE("<*> "); - } else if (verbose && s != NULL) { + } else if (sudoers_warnings && s != NULL) { warningx(_(">>> %s: %s near line %d <<<"), sudoers, s, sudolineno); } parse_error = true; @@ -823,7 +823,7 @@ init_parser(const char *path, int quiet) parse_error = false; errorlineno = -1; errorfile = sudoers; - verbose = !quiet; + sudoers_warnings = !quiet; debug_return; } @@ -849,7 +849,7 @@ static int yygrowstack() #ifdef SIZE_MAX #define YY_SIZE_MAX SIZE_MAX #else -#define YY_SIZE_MAX 0x7fffffff +#define YY_SIZE_MAX 0xffffffffU #endif if (newsize && YY_SIZE_MAX / newsize < sizeof *newss) goto bail; diff --git a/plugins/sudoers/gram.y b/plugins/sudoers/gram.y index 483d0c3a8..c35571cf0 100644 --- a/plugins/sudoers/gram.y +++ b/plugins/sudoers/gram.y @@ -73,7 +73,7 @@ extern int sudolineno; extern int last_token; extern char *sudoers; -static bool verbose = false; +bool sudoers_warnings = true; bool parse_error = false; int errorlineno = -1; char *errorfile = NULL; @@ -106,7 +106,7 @@ yyerror(const char *s) } if (trace_print != NULL) { LEXTRACE("<*> "); - } else if (verbose && s != NULL) { + } else if (sudoers_warnings && s != NULL) { warningx(_(">>> %s: %s near line %d <<<"), sudoers, s, sudolineno); } parse_error = true; @@ -792,7 +792,7 @@ init_parser(const char *path, int quiet) parse_error = false; errorlineno = -1; errorfile = sudoers; - verbose = !quiet; + sudoers_warnings = !quiet; debug_return; } diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c index ec9f81694..28707ab50 100644 --- a/plugins/sudoers/sudoers.c +++ b/plugins/sudoers/sudoers.c @@ -103,10 +103,6 @@ static void create_admin_success_flag(void); /* * Globals */ -const char *sudoers_file = _PATH_SUDOERS; -mode_t sudoers_mode = SUDOERS_MODE; -uid_t sudoers_uid = SUDOERS_UID; -gid_t sudoers_gid = SUDOERS_GID; struct sudo_user sudo_user; struct passwd *list_pw; struct interface *interfaces; @@ -947,7 +943,7 @@ open_sudoers(const char *sudoers, bool doedit, bool *keepopen) set_perms(PERM_SUDOERS); - switch (sudo_secure_path(sudoers, sudoers_uid, sudoers_gid, &sb)) { + switch (sudo_secure_file(sudoers, sudoers_uid, sudoers_gid, &sb)) { case SUDO_PATH_SECURE: if ((fp = fopen(sudoers, "r")) == NULL) { log_error(USE_ERRNO|NO_EXIT, _("unable to open %s"), sudoers); diff --git a/plugins/sudoers/sudoers.h b/plugins/sudoers/sudoers.h index 1d4f3e9d4..9da734d41 100644 --- a/plugins/sudoers/sudoers.h +++ b/plugins/sudoers/sudoers.h @@ -243,6 +243,10 @@ int yyparse(void); /* toke.l */ YY_DECL; +extern const char *sudoers_file; +extern mode_t sudoers_mode; +extern uid_t sudoers_uid; +extern gid_t sudoers_gid; /* defaults.c */ void dump_defaults(void); @@ -331,10 +335,6 @@ int sudo_setgroups(int ngids, const GETGROUPS_T *gids); #ifndef _SUDO_MAIN extern struct sudo_user sudo_user; extern struct passwd *list_pw; -extern const char *sudoers_file; -extern mode_t sudoers_mode; -extern uid_t sudoers_uid; -extern gid_t sudoers_gid; extern int long_list; extern int sudo_mode; extern uid_t timestamp_uid; diff --git a/plugins/sudoers/toke.c b/plugins/sudoers/toke.c index c007c8d13..b71c2ad3c 100644 --- a/plugins/sudoers/toke.c +++ b/plugins/sudoers/toke.c @@ -4,7 +4,7 @@ /* A lexical scanner generated by flex */ /* Scanner skeleton version: - * $Header: /home/cvs/openbsd/src/usr.bin/lex/flex.skl,v 1.11 2010/08/04 18:24:50 millert Exp $ + * $Header: /cvs/src/usr.bin/lex/flex.skl,v 1.11 2010/08/04 18:24:50 millert Exp $ */ #define FLEX_SCANNER @@ -1404,7 +1404,7 @@ char *yytext; #define INITIAL 0 #line 2 "toke.l" /* - * Copyright (c) 1996, 1998-2005, 2007-2011 + * Copyright (c) 1996, 1998-2005, 2007-2012 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -1476,13 +1476,21 @@ char *yytext; #include "toke.h" #include #include "lbuf.h" +#include "secure_path.h" extern YYSTYPE yylval; extern bool parse_error; +extern bool sudoers_warnings; int sudolineno; int last_token; char *sudoers; +/* Default sudoers path, mode and owner */ +const char *sudoers_file = _PATH_SUDOERS; +mode_t sudoers_mode = SUDOERS_MODE; +uid_t sudoers_uid = SUDOERS_UID; +gid_t sudoers_gid = SUDOERS_GID; + static bool continued, sawspace; static int prev_state; @@ -1512,7 +1520,7 @@ int (*trace_print)(const char *msg) = sudoers_trace_print; #define INSTR 5 -#line 1515 "lex.yy.c" +#line 1523 "lex.yy.c" /* Macros after this point can all be overridden by user definitions in * section 1. @@ -1666,9 +1674,9 @@ YY_DECL register char *yy_cp, *yy_bp; register int yy_act; -#line 123 "toke.l" +#line 131 "toke.l" -#line 1671 "lex.yy.c" +#line 1679 "lex.yy.c" if ( yy_init ) { @@ -1754,7 +1762,7 @@ do_action: /* This label is used only to access EOF actions. */ case 1: YY_RULE_SETUP -#line 124 "toke.l" +#line 132 "toke.l" { LEXTRACE(", "); LEXRETURN(','); @@ -1762,12 +1770,12 @@ YY_RULE_SETUP YY_BREAK case 2: YY_RULE_SETUP -#line 129 "toke.l" +#line 137 "toke.l" BEGIN STARTDEFS; YY_BREAK case 3: YY_RULE_SETUP -#line 131 "toke.l" +#line 139 "toke.l" { BEGIN INDEFS; LEXTRACE("DEFVAR "); @@ -1779,7 +1787,7 @@ YY_RULE_SETUP case 4: YY_RULE_SETUP -#line 140 "toke.l" +#line 148 "toke.l" { BEGIN STARTDEFS; LEXTRACE(", "); @@ -1788,7 +1796,7 @@ YY_RULE_SETUP YY_BREAK case 5: YY_RULE_SETUP -#line 146 "toke.l" +#line 154 "toke.l" { LEXTRACE("= "); LEXRETURN('='); @@ -1796,7 +1804,7 @@ YY_RULE_SETUP YY_BREAK case 6: YY_RULE_SETUP -#line 151 "toke.l" +#line 159 "toke.l" { LEXTRACE("+= "); LEXRETURN('+'); @@ -1804,7 +1812,7 @@ YY_RULE_SETUP YY_BREAK case 7: YY_RULE_SETUP -#line 156 "toke.l" +#line 164 "toke.l" { LEXTRACE("-= "); LEXRETURN('-'); @@ -1812,7 +1820,7 @@ YY_RULE_SETUP YY_BREAK case 8: YY_RULE_SETUP -#line 161 "toke.l" +#line 169 "toke.l" { LEXTRACE("BEGINSTR "); yylval.string = NULL; @@ -1822,7 +1830,7 @@ YY_RULE_SETUP YY_BREAK case 9: YY_RULE_SETUP -#line 168 "toke.l" +#line 176 "toke.l" { LEXTRACE("WORD(2) "); if (!fill(yytext, yyleng)) @@ -1834,7 +1842,7 @@ YY_RULE_SETUP case 10: YY_RULE_SETUP -#line 177 "toke.l" +#line 185 "toke.l" { /* Line continuation char followed by newline. */ sudolineno++; @@ -1843,7 +1851,7 @@ YY_RULE_SETUP YY_BREAK case 11: YY_RULE_SETUP -#line 183 "toke.l" +#line 191 "toke.l" { LEXTRACE("ENDSTR "); BEGIN prev_state; @@ -1878,7 +1886,7 @@ YY_RULE_SETUP YY_BREAK case 12: YY_RULE_SETUP -#line 215 "toke.l" +#line 223 "toke.l" { LEXTRACE("BACKSLASH "); if (!append(yytext, yyleng)) @@ -1887,7 +1895,7 @@ YY_RULE_SETUP YY_BREAK case 13: YY_RULE_SETUP -#line 221 "toke.l" +#line 229 "toke.l" { LEXTRACE("STRBODY "); if (!append(yytext, yyleng)) @@ -1898,7 +1906,7 @@ YY_RULE_SETUP case 14: YY_RULE_SETUP -#line 229 "toke.l" +#line 237 "toke.l" { /* quoted fnmatch glob char, pass verbatim */ LEXTRACE("QUOTEDCHAR "); @@ -1909,7 +1917,7 @@ YY_RULE_SETUP YY_BREAK case 15: YY_RULE_SETUP -#line 237 "toke.l" +#line 245 "toke.l" { /* quoted sudoers special char, strip backslash */ LEXTRACE("QUOTEDCHAR "); @@ -1920,7 +1928,7 @@ YY_RULE_SETUP YY_BREAK case 16: YY_RULE_SETUP -#line 245 "toke.l" +#line 253 "toke.l" { BEGIN INITIAL; yyless(0); @@ -1929,7 +1937,7 @@ YY_RULE_SETUP YY_BREAK case 17: YY_RULE_SETUP -#line 251 "toke.l" +#line 259 "toke.l" { LEXTRACE("ARG "); if (!fill_args(yytext, yyleng, sawspace)) @@ -1940,7 +1948,7 @@ YY_RULE_SETUP case 18: YY_RULE_SETUP -#line 259 "toke.l" +#line 267 "toke.l" { char *path; @@ -1961,7 +1969,7 @@ YY_RULE_SETUP YY_BREAK case 19: YY_RULE_SETUP -#line 277 "toke.l" +#line 285 "toke.l" { char *path; @@ -1985,7 +1993,7 @@ YY_RULE_SETUP YY_BREAK case 20: YY_RULE_SETUP -#line 298 "toke.l" +#line 306 "toke.l" { char deftype; int n; @@ -2028,7 +2036,7 @@ YY_RULE_SETUP YY_BREAK case 21: YY_RULE_SETUP -#line 338 "toke.l" +#line 346 "toke.l" { int n; @@ -2057,7 +2065,7 @@ YY_RULE_SETUP YY_BREAK case 22: YY_RULE_SETUP -#line 364 "toke.l" +#line 372 "toke.l" { /* cmnd does not require passwd for this user */ LEXTRACE("NOPASSWD "); @@ -2066,7 +2074,7 @@ YY_RULE_SETUP YY_BREAK case 23: YY_RULE_SETUP -#line 370 "toke.l" +#line 378 "toke.l" { /* cmnd requires passwd for this user */ LEXTRACE("PASSWD "); @@ -2075,7 +2083,7 @@ YY_RULE_SETUP YY_BREAK case 24: YY_RULE_SETUP -#line 376 "toke.l" +#line 384 "toke.l" { LEXTRACE("NOEXEC "); LEXRETURN(NOEXEC); @@ -2083,7 +2091,7 @@ YY_RULE_SETUP YY_BREAK case 25: YY_RULE_SETUP -#line 381 "toke.l" +#line 389 "toke.l" { LEXTRACE("EXEC "); LEXRETURN(EXEC); @@ -2091,7 +2099,7 @@ YY_RULE_SETUP YY_BREAK case 26: YY_RULE_SETUP -#line 386 "toke.l" +#line 394 "toke.l" { LEXTRACE("SETENV "); LEXRETURN(SETENV); @@ -2099,7 +2107,7 @@ YY_RULE_SETUP YY_BREAK case 27: YY_RULE_SETUP -#line 391 "toke.l" +#line 399 "toke.l" { LEXTRACE("NOSETENV "); LEXRETURN(NOSETENV); @@ -2107,7 +2115,7 @@ YY_RULE_SETUP YY_BREAK case 28: YY_RULE_SETUP -#line 396 "toke.l" +#line 404 "toke.l" { LEXTRACE("LOG_OUTPUT "); LEXRETURN(LOG_OUTPUT); @@ -2115,7 +2123,7 @@ YY_RULE_SETUP YY_BREAK case 29: YY_RULE_SETUP -#line 401 "toke.l" +#line 409 "toke.l" { LEXTRACE("NOLOG_OUTPUT "); LEXRETURN(NOLOG_OUTPUT); @@ -2123,7 +2131,7 @@ YY_RULE_SETUP YY_BREAK case 30: YY_RULE_SETUP -#line 406 "toke.l" +#line 414 "toke.l" { LEXTRACE("LOG_INPUT "); LEXRETURN(LOG_INPUT); @@ -2131,7 +2139,7 @@ YY_RULE_SETUP YY_BREAK case 31: YY_RULE_SETUP -#line 411 "toke.l" +#line 419 "toke.l" { LEXTRACE("NOLOG_INPUT "); LEXRETURN(NOLOG_INPUT); @@ -2139,7 +2147,7 @@ YY_RULE_SETUP YY_BREAK case 32: YY_RULE_SETUP -#line 416 "toke.l" +#line 424 "toke.l" { /* empty group or netgroup */ LEXTRACE("ERROR "); @@ -2148,7 +2156,7 @@ YY_RULE_SETUP YY_BREAK case 33: YY_RULE_SETUP -#line 422 "toke.l" +#line 430 "toke.l" { /* netgroup */ if (!fill(yytext, yyleng)) @@ -2159,7 +2167,7 @@ YY_RULE_SETUP YY_BREAK case 34: YY_RULE_SETUP -#line 430 "toke.l" +#line 438 "toke.l" { /* group */ if (!fill(yytext, yyleng)) @@ -2170,7 +2178,7 @@ YY_RULE_SETUP YY_BREAK case 35: YY_RULE_SETUP -#line 438 "toke.l" +#line 446 "toke.l" { if (!fill(yytext, yyleng)) yyterminate(); @@ -2180,7 +2188,7 @@ YY_RULE_SETUP YY_BREAK case 36: YY_RULE_SETUP -#line 445 "toke.l" +#line 453 "toke.l" { if (!fill(yytext, yyleng)) yyterminate(); @@ -2190,7 +2198,7 @@ YY_RULE_SETUP YY_BREAK case 37: YY_RULE_SETUP -#line 452 "toke.l" +#line 460 "toke.l" { if (!ipv6_valid(yytext)) { LEXTRACE("ERROR "); @@ -2204,7 +2212,7 @@ YY_RULE_SETUP YY_BREAK case 38: YY_RULE_SETUP -#line 463 "toke.l" +#line 471 "toke.l" { if (!ipv6_valid(yytext)) { LEXTRACE("ERROR "); @@ -2218,7 +2226,7 @@ YY_RULE_SETUP YY_BREAK case 39: YY_RULE_SETUP -#line 474 "toke.l" +#line 482 "toke.l" { LEXTRACE("ALL "); LEXRETURN(ALL); @@ -2227,7 +2235,7 @@ YY_RULE_SETUP YY_BREAK case 40: YY_RULE_SETUP -#line 480 "toke.l" +#line 488 "toke.l" { #ifdef HAVE_SELINUX LEXTRACE("ROLE "); @@ -2239,7 +2247,7 @@ YY_RULE_SETUP YY_BREAK case 41: YY_RULE_SETUP -#line 489 "toke.l" +#line 497 "toke.l" { #ifdef HAVE_SELINUX LEXTRACE("TYPE "); @@ -2251,7 +2259,7 @@ YY_RULE_SETUP YY_BREAK case 42: YY_RULE_SETUP -#line 498 "toke.l" +#line 506 "toke.l" { #ifndef HAVE_SELINUX got_alias: @@ -2264,7 +2272,7 @@ YY_RULE_SETUP YY_BREAK case 43: YY_RULE_SETUP -#line 508 "toke.l" +#line 516 "toke.l" { /* no command args allowed for Defaults!/path */ if (!fill_cmnd(yytext, yyleng)) @@ -2275,7 +2283,7 @@ YY_RULE_SETUP YY_BREAK case 44: YY_RULE_SETUP -#line 516 "toke.l" +#line 524 "toke.l" { BEGIN GOTCMND; LEXTRACE("COMMAND "); @@ -2285,7 +2293,7 @@ YY_RULE_SETUP YY_BREAK case 45: YY_RULE_SETUP -#line 523 "toke.l" +#line 531 "toke.l" { /* directories can't have args... */ if (yytext[yyleng - 1] == '/') { @@ -2303,7 +2311,7 @@ YY_RULE_SETUP YY_BREAK case 46: YY_RULE_SETUP -#line 538 "toke.l" +#line 546 "toke.l" { LEXTRACE("BEGINSTR "); yylval.string = NULL; @@ -2313,7 +2321,7 @@ YY_RULE_SETUP YY_BREAK case 47: YY_RULE_SETUP -#line 545 "toke.l" +#line 553 "toke.l" { /* a word */ if (!fill(yytext, yyleng)) @@ -2324,7 +2332,7 @@ YY_RULE_SETUP YY_BREAK case 48: YY_RULE_SETUP -#line 553 "toke.l" +#line 561 "toke.l" { LEXTRACE("( "); LEXRETURN('('); @@ -2332,7 +2340,7 @@ YY_RULE_SETUP YY_BREAK case 49: YY_RULE_SETUP -#line 558 "toke.l" +#line 566 "toke.l" { LEXTRACE(") "); LEXRETURN(')'); @@ -2340,7 +2348,7 @@ YY_RULE_SETUP YY_BREAK case 50: YY_RULE_SETUP -#line 563 "toke.l" +#line 571 "toke.l" { LEXTRACE(", "); LEXRETURN(','); @@ -2348,7 +2356,7 @@ YY_RULE_SETUP YY_BREAK case 51: YY_RULE_SETUP -#line 568 "toke.l" +#line 576 "toke.l" { LEXTRACE("= "); LEXRETURN('='); @@ -2356,7 +2364,7 @@ YY_RULE_SETUP YY_BREAK case 52: YY_RULE_SETUP -#line 573 "toke.l" +#line 581 "toke.l" { LEXTRACE(": "); LEXRETURN(':'); @@ -2364,7 +2372,7 @@ YY_RULE_SETUP YY_BREAK case 53: YY_RULE_SETUP -#line 578 "toke.l" +#line 586 "toke.l" { if (yyleng & 1) { LEXTRACE("!"); @@ -2374,7 +2382,7 @@ YY_RULE_SETUP YY_BREAK case 54: YY_RULE_SETUP -#line 585 "toke.l" +#line 593 "toke.l" { if (YY_START == INSTR) { LEXTRACE("ERROR "); @@ -2389,14 +2397,14 @@ YY_RULE_SETUP YY_BREAK case 55: YY_RULE_SETUP -#line 597 "toke.l" +#line 605 "toke.l" { /* throw away space/tabs */ sawspace = true; /* but remember for fill_args */ } YY_BREAK case 56: YY_RULE_SETUP -#line 601 "toke.l" +#line 609 "toke.l" { sawspace = true; /* remember for fill_args */ sudolineno++; @@ -2405,7 +2413,7 @@ YY_RULE_SETUP YY_BREAK case 57: YY_RULE_SETUP -#line 607 "toke.l" +#line 615 "toke.l" { BEGIN INITIAL; sudolineno++; @@ -2416,7 +2424,7 @@ YY_RULE_SETUP YY_BREAK case 58: YY_RULE_SETUP -#line 615 "toke.l" +#line 623 "toke.l" { LEXTRACE("ERROR "); LEXRETURN(ERROR); @@ -2428,7 +2436,7 @@ case YY_STATE_EOF(GOTCMND): case YY_STATE_EOF(STARTDEFS): case YY_STATE_EOF(INDEFS): case YY_STATE_EOF(INSTR): -#line 620 "toke.l" +#line 628 "toke.l" { if (YY_START != INITIAL) { BEGIN INITIAL; @@ -2441,10 +2449,10 @@ case YY_STATE_EOF(INSTR): YY_BREAK case 59: YY_RULE_SETUP -#line 630 "toke.l" +#line 638 "toke.l" ECHO; YY_BREAK -#line 2447 "lex.yy.c" +#line 2455 "lex.yy.c" case YY_END_OF_BUFFER: { @@ -3335,7 +3343,7 @@ int main() return 0; } #endif -#line 630 "toke.l" +#line 638 "toke.l" struct path_list { char *path; @@ -3513,6 +3521,39 @@ _push_include(char *path, bool isdir) } } if (isdir) { + struct stat sb; + switch (sudo_secure_dir(path, sudoers_uid, sudoers_gid, &sb)) { + case SUDO_PATH_MISSING: + debug_return_bool(false); + case SUDO_PATH_BAD_TYPE: + errno = ENOTDIR; + if (sudoers_warnings) { + warning(path); + } + debug_return_bool(false); + case SUDO_PATH_WRONG_OWNER: + if (sudoers_warnings) { + warningx(_("%s is owned by uid %u, should be %u"), + path, (unsigned int) sb.st_uid, + (unsigned int) sudoers_uid); + } + debug_return_bool(false); + case SUDO_PATH_WORLD_WRITABLE: + if (sudoers_warnings) { + warningx(_("%s is world writable"), path); + } + debug_return_bool(false); + case SUDO_PATH_GROUP_WRITABLE: + if (sudoers_warnings) { + warningx(_("%s is owned by gid %u, should be %u"), + path, (unsigned int) sb.st_gid, + (unsigned int) sudoers_gid); + } + debug_return_bool(false); + default: + /* NOTREACHED */ + debug_return_bool(false); + } if (!(path = switch_dir(&istack[idepth], path))) { /* switch_dir() called yyerror() for us */ debug_return_bool(false); diff --git a/plugins/sudoers/toke.l b/plugins/sudoers/toke.l index ced224876..f48fb2842 100644 --- a/plugins/sudoers/toke.l +++ b/plugins/sudoers/toke.l @@ -1,6 +1,6 @@ %{ /* - * Copyright (c) 1996, 1998-2005, 2007-2011 + * Copyright (c) 1996, 1998-2005, 2007-2012 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -72,13 +72,21 @@ #include "toke.h" #include #include "lbuf.h" +#include "secure_path.h" extern YYSTYPE yylval; extern bool parse_error; +extern bool sudoers_warnings; int sudolineno; int last_token; char *sudoers; +/* Default sudoers path, mode and owner */ +const char *sudoers_file = _PATH_SUDOERS; +mode_t sudoers_mode = SUDOERS_MODE; +uid_t sudoers_uid = SUDOERS_UID; +gid_t sudoers_gid = SUDOERS_GID; + static bool continued, sawspace; static int prev_state; @@ -804,6 +812,39 @@ _push_include(char *path, bool isdir) } } if (isdir) { + struct stat sb; + switch (sudo_secure_dir(path, sudoers_uid, sudoers_gid, &sb)) { + case SUDO_PATH_MISSING: + debug_return_bool(false); + case SUDO_PATH_BAD_TYPE: + errno = ENOTDIR; + if (sudoers_warnings) { + warning(path); + } + debug_return_bool(false); + case SUDO_PATH_WRONG_OWNER: + if (sudoers_warnings) { + warningx(_("%s is owned by uid %u, should be %u"), + path, (unsigned int) sb.st_uid, + (unsigned int) sudoers_uid); + } + debug_return_bool(false); + case SUDO_PATH_WORLD_WRITABLE: + if (sudoers_warnings) { + warningx(_("%s is world writable"), path); + } + debug_return_bool(false); + case SUDO_PATH_GROUP_WRITABLE: + if (sudoers_warnings) { + warningx(_("%s is owned by gid %u, should be %u"), + path, (unsigned int) sb.st_gid, + (unsigned int) sudoers_gid); + } + debug_return_bool(false); + default: + /* NOTREACHED */ + debug_return_bool(false); + } if (!(path = switch_dir(&istack[idepth], path))) { /* switch_dir() called yyerror() for us */ debug_return_bool(false);