mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-31 06:15:37 +00:00
Code Issues Releases Wiki Activity

sudo_intercept.so: send the secret immediately after connecting.

Browse Source 
Sending the secret out of band, before the message size is read,
should make it harder to mount a DoS attack.
This commit is contained in:
Todd C. Miller
2021-08-31 16:33:54 -06:00
parent 26938012f8
commit 9137909c7d
5 changed files with 62 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
include/intercept.pb-c.h
View File

@@ -86,7 +86,6 @@ struct _HelloResponse
/*
* Policy check request from sudo_intercept.so.
* Must include the correct secret value.
* Note that the plugin API only currently supports passing
* the new environment in to the open() function.
*/
@@ -100,11 +99,10 @@ struct _PolicyCheckRequest
size_t n_envp;
char **envp;
int32_t intercept_fd;
uint64_t secret;
};
#define POLICY_CHECK_REQUEST__INIT \
{ PROTOBUF_C_MESSAGE_INIT (&policy_check_request__descriptor) \
, (char *)protobuf_c_empty_string, (char *)protobuf_c_empty_string, 0,NULL, 0,NULL, 0, 0 }
, (char *)protobuf_c_empty_string, (char *)protobuf_c_empty_string, 0,NULL, 0,NULL, 0 }
struct _PolicyAcceptMessage