mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-09-03 15:55:40 +00:00
Code Issues Releases Wiki Activity

Don't allow the user to specify an I/O log file mode that sudo can't

Browse Source 
read or write to.  I/O logs must always be readable and writable
by the owner.
This commit is contained in:
Todd C. Miller
2017-03-17 10:56:17 -06:00
parent 8b3845c1ca
commit 8c8d078f66
4 changed files with 30 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
doc/sudoers.cat
View File

@@ -1623,11 +1623,15 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
This setting is only supported by version 1.8.19 or This setting is only supported by version 1.8.19 or
higher. higher.
iolog_mode The file permision mode to use when creating I/O log iolog_mode The file mode to use when creating I/O log files. Mode
files, mode bits other than 0666 are ignored. When bits for read and write permissions for owner, group or
creating I/O log directories, search (execute) bits are other are honored, everything else is ignored. The
added to to match the read and write bits specified by file permissions will always include the owner read and
_i_o_l_o_g___m_o_d_e. Defaults to 0600. write bits, even if they are not present in the
specified mode. When creating I/O log directories,
search (execute) bits are added to to match the read
and write bits specified by _i_o_l_o_g___m_o_d_e. Defaults to
0600 (read and write by user only).
This setting is only supported by version 1.8.19 or This setting is only supported by version 1.8.19 or
higher. higher.
@@ -2744,4 +2748,4 @@ DDIISSCCLLAAIIMMEERR
file distributed with ssuuddoo or https://www.sudo.ws/license.html for file distributed with ssuuddoo or https://www.sudo.ws/license.html for
complete details. complete details.
Sudo 1.8.20 March 14, 2017 Sudo 1.8.20 Sudo 1.8.20 March 17, 2017 Sudo 1.8.20

11
doc/sudoers.man.in
View File

@@ -21,7 +21,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\" .\"
.TH "SUDOERS" "5" "March 14, 2017" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .TH "SUDOERS" "5" "March 17, 2017" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh .nh
.if n .ad l .if n .ad l
.SH "NAME" .SH "NAME"
@@ -3324,12 +3324,15 @@ the parent directory.
This setting is only supported by version 1.8.19 or higher. This setting is only supported by version 1.8.19 or higher.
.TP 18n .TP 18n
iolog_mode iolog_mode
The file permision mode to use when creating I/O log files, The file mode to use when creating I/O log files.
mode bits other than 0666 are ignored. Mode bits for read and write permissions for owner, group or other
are honored, everything else is ignored.
The file permissions will always include the owner read and
write bits, even if they are not present in the specified mode.
When creating I/O log directories, search (execute) bits are added When creating I/O log directories, search (execute) bits are added
to to match the read and write bits specified by to to match the read and write bits specified by
\fIiolog_mode\fR. \fIiolog_mode\fR.
Defaults to 0600. Defaults to 0600 (read and write by user only).
.sp .sp
This setting is only supported by version 1.8.19 or higher. This setting is only supported by version 1.8.19 or higher.
.TP 18n .TP 18n

11
doc/sudoers.mdoc.in
View File

@@ -19,7 +19,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\" .\"
.Dd March 14, 2017 .Dd March 17, 2017
.Dt SUDOERS @mansectform@ .Dt SUDOERS @mansectform@
.Os Sudo @PACKAGE_VERSION@ .Os Sudo @PACKAGE_VERSION@
.Sh NAME .Sh NAME
@@ -3117,12 +3117,15 @@ the parent directory.
.Pp .Pp
This setting is only supported by version 1.8.19 or higher. This setting is only supported by version 1.8.19 or higher.
.It iolog_mode .It iolog_mode
The file permision mode to use when creating I/O log files, The file mode to use when creating I/O log files.
mode bits other than 0666 are ignored. Mode bits for read and write permissions for owner, group or other
are honored, everything else is ignored.
The file permissions will always include the owner read and
write bits, even if they are not present in the specified mode.
When creating I/O log directories, search (execute) bits are added When creating I/O log directories, search (execute) bits are added
to to match the read and write bits specified by to to match the read and write bits specified by
.Em iolog_mode . .Em iolog_mode .
Defaults to 0600. Defaults to 0600 (read and write by user only).
.Pp .Pp
This setting is only supported by version 1.8.19 or higher. This setting is only supported by version 1.8.19 or higher.
.It iolog_user .It iolog_user

11
plugins/sudoers/iolog.c
View File

@@ -292,13 +292,14 @@ iolog_set_mode(mode_t mode)
{ {
debug_decl(iolog_set_mode, SUDOERS_DEBUG_UTIL) debug_decl(iolog_set_mode, SUDOERS_DEBUG_UTIL)
/* Restrict file mode to a subset of 0666. */ /* I/O log files must be readable and writable by owner. */
iolog_filemode = mode & (S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH); iolog_filemode = S_IRUSR|S_IWUSR;
/* Add in group and other read/write if specified. */
iolog_filemode |= mode & (S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH);
/* For directory mode, add execute bits as needed. */ /* For directory mode, add execute bits as needed. */
iolog_dirmode = iolog_filemode; iolog_dirmode = iolog_filemode | S_IXUSR;
if (iolog_dirmode & (S_IRUSR|S_IWUSR))
iolog_dirmode |= S_IXUSR;
if (iolog_dirmode & (S_IRGRP|S_IWGRP)) if (iolog_dirmode & (S_IRGRP|S_IWGRP))
iolog_dirmode |= S_IXGRP; iolog_dirmode |= S_IXGRP;
if (iolog_dirmode & (S_IROTH|S_IWOTH)) if (iolog_dirmode & (S_IROTH|S_IWOTH))