diff options
Diffstat (limited to 'debian/patches/Reset-valid_flags-to-MODE_NONINTERACTIVE-for-sudoedi.patch')
| -rw-r--r-- | debian/patches/Reset-valid_flags-to-MODE_NONINTERACTIVE-for-sudoedi.patch | 97 |
1 files changed, 97 insertions, 0 deletions
diff --git a/debian/patches/Reset-valid_flags-to-MODE_NONINTERACTIVE-for-sudoedi.patch b/debian/patches/Reset-valid_flags-to-MODE_NONINTERACTIVE-for-sudoedi.patch new file mode 100644 index 0000000..ac62729 --- /dev/null +++ b/debian/patches/Reset-valid_flags-to-MODE_NONINTERACTIVE-for-sudoedi.patch @@ -0,0 +1,97 @@ +From 6f726f8a6f5e203ae2f4675902ba4aa03a8393af Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" <Todd.Miller@sudo.ws> +Date: Wed, 20 Jan 2021 09:02:42 +0100 +Subject: [PATCH 1/5] Reset valid_flags to MODE_NONINTERACTIVE for sudoedit. + +This is consistent with how the -e option is handled. +Also reject -H and -P flags for sudoedit as was done in sudo 1.7. +Found by Qualys. + +[Salvatore Bonaccorso: Backport to 1.8.27: Context changes] +--- + src/parse_args.c | 18 ++++++++++++------ + 1 file changed, 12 insertions(+), 6 deletions(-) + +--- a/src/parse_args.c ++++ b/src/parse_args.c +@@ -121,7 +121,10 @@ struct environment { + /* + * Default flags allowed when running a command. + */ +-#define DEFAULT_VALID_FLAGS (MODE_BACKGROUND|MODE_PRESERVE_ENV|MODE_RESET_HOME|MODE_LOGIN_SHELL|MODE_NONINTERACTIVE|MODE_SHELL) ++#define DEFAULT_VALID_FLAGS (MODE_BACKGROUND|MODE_PRESERVE_ENV|MODE_RESET_HOME|MODE_LOGIN_SHELL|MODE_NONINTERACTIVE|MODE_PRESERVE_GROUPS|MODE_SHELL) ++#define EDIT_VALID_FLAGS MODE_NONINTERACTIVE ++#define LIST_VALID_FLAGS (MODE_NONINTERACTIVE|MODE_LONG_LIST) ++#define VALIDATE_VALID_FLAGS MODE_NONINTERACTIVE + + /* Option number for the --host long option due to ambiguity of the -h flag. */ + #define OPT_HOSTNAME 256 +@@ -265,6 +268,7 @@ parse_args(int argc, char **argv, int *n + progname = "sudoedit"; + mode = MODE_EDIT; + sudo_settings[ARG_SUDOEDIT].value = "true"; ++ valid_flags = EDIT_VALID_FLAGS; + } + + /* Load local IP addresses and masks. */ +@@ -350,7 +354,7 @@ parse_args(int argc, char **argv, int *n + usage_excl(1); + mode = MODE_EDIT; + sudo_settings[ARG_SUDOEDIT].value = "true"; +- valid_flags = MODE_NONINTERACTIVE; ++ valid_flags = EDIT_VALID_FLAGS; + break; + case 'g': + if (*optarg == '\0') +@@ -360,6 +364,7 @@ parse_args(int argc, char **argv, int *n + break; + case 'H': + sudo_settings[ARG_SET_HOME].value = "true"; ++ SET(flags, MODE_RESET_HOME); + break; + case 'h': + if (optarg == NULL) { +@@ -409,7 +414,7 @@ parse_args(int argc, char **argv, int *n + usage_excl(1); + } + mode = MODE_LIST; +- valid_flags = MODE_NONINTERACTIVE|MODE_LONG_LIST; ++ valid_flags = LIST_VALID_FLAGS; + break; + case 'n': + SET(flags, MODE_NONINTERACTIVE); +@@ -417,6 +422,7 @@ parse_args(int argc, char **argv, int *n + break; + case 'P': + sudo_settings[ARG_PRESERVE_GROUPS].value = "true"; ++ SET(flags, MODE_PRESERVE_GROUPS); + break; + case 'p': + /* An empty prompt is allowed. */ +@@ -460,7 +466,7 @@ parse_args(int argc, char **argv, int *n + if (mode && mode != MODE_VALIDATE) + usage_excl(1); + mode = MODE_VALIDATE; +- valid_flags = MODE_NONINTERACTIVE; ++ valid_flags = VALIDATE_VALID_FLAGS; + break; + case 'V': + if (mode && mode != MODE_VERSION) +@@ -487,7 +493,7 @@ parse_args(int argc, char **argv, int *n + if (!mode) { + /* Defer -k mode setting until we know whether it is a flag or not */ + if (sudo_settings[ARG_IGNORE_TICKET].value != NULL) { +- if (argc == 0 && !(flags & (MODE_SHELL|MODE_LOGIN_SHELL))) { ++ if (argc == 0 && !ISSET(flags, MODE_SHELL|MODE_LOGIN_SHELL)) { + mode = MODE_INVALIDATE; /* -k by itself */ + sudo_settings[ARG_IGNORE_TICKET].value = NULL; + valid_flags = 0; +@@ -550,7 +556,7 @@ parse_args(int argc, char **argv, int *n + /* + * For shell mode we need to rewrite argv + */ +- if (ISSET(mode, MODE_RUN) && ISSET(flags, MODE_SHELL)) { ++ if (ISSET(flags, MODE_SHELL|MODE_LOGIN_SHELL) && ISSET(mode, MODE_RUN)) { + char **av, *cmnd = NULL; + int ac = 1; + |