Here is a patch to the latest sudo to add more ENVVAR blacklisting.
The references:
http://www.ubuntulinux.org/usn/usn-235-2
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-4158
--
Archaic
Want control, education, and security from your operating system?
Hardened Linux From Scratch
http://www.linuxfromscratch.org/hlfs
Submitted By: Archaic (archaic -aT- linuxfromscratch -DoT- org)
Date: 2005-01-17
Initial Package Version: 1.6.8p12
Origin: Upstream CVS
Upstream Status: In CVS
Description: (CVE-2005-4158) Sudo before 1.6.8 p12, when the Perl taint flag is
off, does not clear the PERLLIB, PERL5LIB, and PERL5OPT environment
variables, which allows limited local users to cause a Perl script
to include and execute arbitrary library files that have the same
name as library files that are included by the script.
Additionally, more variables beyond perl were added to the
blacklist and comments were added to the variables.
diff -Naur sudo-1.6.8p12.orig/env.c sudo-1.6.8p12/env.c
--- sudo-1.6.8p12.orig/env.c 2005-11-08 18:21:33.000000000 +0000
+++ sudo-1.6.8p12/env.c 2006-01-18 00:35:17.000000000 +0000
@@ -118,18 +118,31 @@
"USR_ACE",
"DLC_ACE",
#endif /* HAVE_SECURID */
- "TERMINFO",
- "TERMINFO_DIRS",
- "TERMPATH",
+ "TERMINFO", /* terminfo, exclusive path to terminfo
files */
+ "TERMINFO_DIRS", /* terminfo, path(s) to terminfo files */
+ "TERMPATH", /* termcap, path(s) to termcap files */
"TERMCAP", /* XXX - only if it starts with '/' */
- "ENV",
- "BASH_ENV",
- "PS4",
- "SHELLOPTS",
- "JAVA_TOOL_OPTIONS",
- "PERLLIB",
- "PERL5LIB",
- "PERL5OPT",
+ "ENV", /* ksh, file to source before script runs */
+ "BASH_ENV", /* bash, file to source before script
runs */
+ "PS4", /* bash, prefix for lines in xtrace mode */
+ "GLOBIGNORE", /* bash, globbing patterns to ignore */
+ "SHELLOPTS", /* bash, extra command line options */
+ "JAVA_TOOL_OPTIONS", /* java, extra command line options */
+ "PERLIO_DEBUG ", /* perl, debugging output file */
+ "PERLLIB", /* perl, search path for modules/includes */
+ "PERL5LIB", /* perl 5, search path for
modules/includes */
+ "PERL5OPT", /* perl 5, extra command line options */
+ "PERL5DB", /* perl 5, command used to load debugger */
+ "FPATH", /* ksh, search path for functions */
+ "NULLCMD", /* zsh, command for null file redirection */
+ "READNULLCMD", /* zsh, command for null file redirection */
+ "ZDOTDIR", /* zsh, search path for dot files */
+ "TMPPREFIX", /* zsh, prefix for temporary files */
+ "PYTHONHOME", /* python, module search path */
+ "PYTHONPATH", /* python, search path */
+ "PYTHONINSPEC", /* python, allow inspection */
+ "RUBYLIB", /* ruby, library load path */
+ "RUBYOPT", /* ruby, extra command line options */
NULL
};
--
http://linuxfromscratch.org/mailman/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
