From 1e5e5fb4401f3055a9eebb1a3ef1f7b1bb687438 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Fri, 3 May 2013 16:14:12 -0400 Subject: [PATCH] No longer store the ctime of a devpts tty. The handling of ctime on devpts in Linux has been changed to conform to POSIX. As a result we can no longer assume that the ctime will stay unchanged throughout the life of the session. We store the session ID in the time stamp file so there is a much smaller chance of the time stamp file being reused by a new login. While here, store the uid/gid in the timestamp file too for good measure. --- plugins/sudoers/check.h | 3 ++- plugins/sudoers/timestamp.c | 50 ++----------------------------------- 2 files changed, 4 insertions(+), 49 deletions(-) diff --git a/plugins/sudoers/check.h b/plugins/sudoers/check.h index a3331201a..5d73756d6 100644 --- a/plugins/sudoers/check.h +++ b/plugins/sudoers/check.h @@ -39,7 +39,8 @@ struct sudo_tty_info { dev_t dev; /* ID of device tty resides on */ dev_t rdev; /* tty device ID */ ino_t ino; /* tty inode number */ - struct timeval ctime; /* tty inode change time */ + uid_t uid; /* tty owner */ + gid_t gid; /* tty group */ pid_t sid; /* ID of session with controlling tty */ }; diff --git a/plugins/sudoers/timestamp.c b/plugins/sudoers/timestamp.c index 99d589a56..a7b651851 100644 --- a/plugins/sudoers/timestamp.c +++ b/plugins/sudoers/timestamp.c @@ -24,12 +24,6 @@ #include #include #include -#ifdef __linux__ -# include -#endif -#if defined(__sun) && defined(__SVR4) -# include -#endif #ifndef __TANDEM # include #endif @@ -63,8 +57,6 @@ #include "sudoers.h" #include "check.h" -static bool tty_is_devpts(const char *); - static struct sudo_tty_info tty_info; static char timestampdir[PATH_MAX]; static char timestampfile[PATH_MAX]; @@ -85,8 +77,8 @@ build_timestamp(struct passwd *pw) tty_info.dev = sb.st_dev; tty_info.ino = sb.st_ino; tty_info.rdev = sb.st_rdev; - if (tty_is_devpts(user_ttypath)) - ctim_get(&sb, &tty_info.ctime); + tty_info.uid = sb.st_uid; + tty_info.gid = sb.st_gid; tty_info.sid = user_sid; } @@ -418,44 +410,6 @@ remove_timestamp(bool remove) debug_return; } -/* - * Returns true if tty lives on a devpts, /dev or /devices filesystem, else - * false. Unlike most filesystems, the ctime of devpts nodes is not updated - * when the device node is written to, only when the inode's status changes, - * typically via the chmod, chown, link, rename, or utimes system calls. - * Since the ctime is "stable" in this case, we can stash it the tty ticket - * file and use it to determine whether the tty ticket file is stale. - */ -static bool -tty_is_devpts(const char *tty) -{ - bool retval = false; -#ifdef __linux__ - struct statfs sfs; - debug_decl(tty_is_devpts, SUDO_DEBUG_PTY) - -#ifndef DEVPTS_SUPER_MAGIC -# define DEVPTS_SUPER_MAGIC 0x1cd1 -#endif - - if (statfs(tty, &sfs) == 0) { - if (sfs.f_type == DEVPTS_SUPER_MAGIC) - retval = true; - } -#elif defined(__sun) && defined(__SVR4) - struct statvfs sfs; - debug_decl(tty_is_devpts, SUDO_DEBUG_PTY) - - if (statvfs(tty, &sfs) == 0) { - if (strcmp(sfs.f_fstr, "dev") == 0 || strcmp(sfs.f_fstr, "devices") == 0) - retval = true; - } -#else - debug_decl(tty_is_devpts, SUDO_DEBUG_PTY) -#endif /* __linux__ */ - debug_return_bool(retval); -} - /* * Lecture status is currently implied by the timestamp status but * may be stored separately in a future release. -- 2.49.0