]>
Commit | Line | Data |
---|---|---|
5cb05c03 | 1 | --- sudo-1.6.7p5/Makefile.in.selinux 2003-04-15 20:39:10.000000000 -0400 |
ad1310e6 | 2 | +++ sudo-1.6.7p5/Makefile.in 2004-01-02 20:18:14.000000000 -0500 |
5cb05c03 AM |
3 | @@ -59,7 +59,8 @@ |
4 | # Libraries | |
5 | LIBS = @LIBS@ | |
6 | NET_LIBS = @NET_LIBS@ | |
7 | -SUDO_LIBS = @SUDO_LIBS@ @AFS_LIBS@ $(LIBS) $(NET_LIBS) | |
8 | +SELINUX_LIBS = -lselinux | |
9 | +SUDO_LIBS = @SUDO_LIBS@ @AFS_LIBS@ $(LIBS) $(NET_LIBS) $(SELINUX_LIBS) | |
10 | ||
11 | # C preprocessor flags | |
12 | CPPFLAGS = -I. -I$(srcdir) @CPPFLAGS@ | |
13 | @@ -105,7 +106,7 @@ | |
14 | sudoers_mode = @SUDOERS_MODE@ | |
15 | ||
16 | # Pass in paths and uid/gid + OS dependent defined | |
17 | -DEFS = @OSDEFS@ -D_PATH_SUDOERS=\"$(sudoersdir)/sudoers\" -D_PATH_SUDOERS_TMP=\"$(sudoersdir)/sudoers.tmp\" -DSUDOERS_UID=$(sudoers_uid) -DSUDOERS_GID=$(sudoers_gid) -DSUDOERS_MODE=$(sudoers_mode) | |
18 | +DEFS = @OSDEFS@ -D_PATH_SUDOERS=\"$(sudoersdir)/sudoers\" -D_PATH_SUDOERS_TMP=\"$(sudoersdir)/sudoers.tmp\" -DSUDOERS_UID=$(sudoers_uid) -DSUDOERS_GID=$(sudoers_gid) -DSUDOERS_MODE=$(sudoers_mode) -DWITH_SELINUX | |
19 | ||
20 | #### End of system configuration section. #### | |
21 | ||
22 | --- sudo-1.6.7p5/sudo.c.selinux 2003-04-15 20:39:14.000000000 -0400 | |
ad1310e6 AM |
23 | +++ sudo-1.6.7p5/sudo.c 2004-01-13 21:38:54.668372568 -0500 |
24 | @@ -101,6 +101,16 @@ | |
5cb05c03 AM |
25 | #include "interfaces.h" |
26 | #include "version.h" | |
27 | ||
28 | +#ifdef WITH_SELINUX | |
29 | +#include <selinux/flask.h> /* for SECCLASS_CHR_FILE */ | |
30 | +#include <selinux/selinux.h> /* for is_selinux_enabled() */ | |
31 | +#include <selinux/context.h> /* for context-mangling functions */ | |
32 | +#include <selinux/get_default_type.h> | |
ad1310e6 AM |
33 | +char *role_s = NULL; /* role spec'd by user in argv[] */ |
34 | +char *type_s = NULL; /* type spec'd by user in argv[] */ | |
35 | +char *ttyn = NULL; /* tty path */ | |
5cb05c03 AM |
36 | +#endif |
37 | + | |
38 | #ifndef lint | |
39 | static const char rcsid[] = "$Sudo: sudo.c,v 1.334 2003/04/01 15:02:49 millert Exp $"; | |
40 | #endif /* lint */ | |
ad1310e6 AM |
41 | @@ -414,10 +424,195 @@ |
42 | (void) sigaction(SIGCHLD, &saved_sa_chld, NULL); | |
5cb05c03 | 43 | |
ad1310e6 AM |
44 | #ifndef PROFILING |
45 | - if ((sudo_mode & MODE_BACKGROUND) && fork() > 0) | |
46 | + if ((sudo_mode & MODE_BACKGROUND) && fork() > 0) { | |
47 | + exit(0); | |
48 | + } | |
5cb05c03 | 49 | +#ifdef WITH_SELINUX |
ad1310e6 AM |
50 | + if( is_selinux_enabled() >0) { |
51 | + security_context_t old_context=NULL; /* our original securiy ID ("old_context") */ | |
52 | + security_context_t new_context=NULL; /* our target security ID ("sid") */ | |
53 | + security_context_t tty_context=NULL; /* current sid of tty */ | |
54 | + security_context_t new_tty_context=NULL; /* sid to change to while running command*/ | |
5cb05c03 | 55 | + |
ad1310e6 AM |
56 | + /* |
57 | + * | |
58 | + * Step 1: Handle command-line arguments. | |
59 | + * | |
60 | + */ | |
5cb05c03 | 61 | + |
ad1310e6 AM |
62 | + security_context_t context_s; /* our security context as a string */ |
63 | + int context_length; | |
64 | + context_t context; /* manipulatable form of context_s */ | |
5cb05c03 AM |
65 | + |
66 | + | |
ad1310e6 AM |
67 | + /* Fill in a default type if one hasn't been specified */ |
68 | + if( role_s && !type_s ) { | |
69 | + if( get_default_type(role_s,&type_s) ) | |
70 | + { | |
71 | + fprintf(stderr,"Couldn't get default type.\n"); | |
72 | + exit(-1); | |
73 | + } | |
5cb05c03 | 74 | +#ifdef CANTSPELLGDB |
ad1310e6 | 75 | + printf( "Your type will be %s.\n", type_s ); |
5cb05c03 | 76 | +#endif |
ad1310e6 | 77 | + } |
5cb05c03 AM |
78 | + |
79 | + | |
ad1310e6 AM |
80 | + /* |
81 | + * Get the SID and context of the caller, and extract | |
82 | + * the username from the context. Don't rely on the Linux | |
83 | + * uid information - it isn't trustworthy. | |
84 | + */ | |
5cb05c03 | 85 | + |
ad1310e6 AM |
86 | + /* Put the caller's SID into `old_context'. */ |
87 | + if( 0!=(getprevcon(&old_context)) ) { | |
88 | + fprintf(stderr,"failed to get old_context.\n"); | |
89 | + exit(-1); | |
90 | + } | |
5cb05c03 AM |
91 | + |
92 | +#ifdef CANTSPELLGDB | |
ad1310e6 | 93 | + printf( "Your old context was %s\n", old_context ); |
5cb05c03 | 94 | +#endif |
ad1310e6 AM |
95 | + /* |
96 | + * Create a context structure so that we extract and modify | |
97 | + * components easily. | |
98 | + */ | |
99 | + context=context_new(old_context); | |
5cb05c03 | 100 | + |
ad1310e6 AM |
101 | + /* |
102 | + * | |
103 | + * Step 3: Construct a new SID based on our old SID and the | |
104 | + * arguments specified on the command line. | |
105 | + * | |
106 | + */ | |
5cb05c03 | 107 | + |
ad1310e6 AM |
108 | + /* The first step in constructing a new SID for the new shell we * |
109 | + * plan to exec is to take our old context in `context' as a * | |
110 | + * starting point, and modify it according to the options the user * | |
111 | + * specified on the command line. */ | |
5cb05c03 | 112 | + |
ad1310e6 AM |
113 | + /* If the user specified a new role on the command line (if `role_s' * |
114 | + * is set), then replace the old role in `context' with this new role. */ | |
115 | + if( role_s ) { | |
116 | + if( context_role_set(context,role_s)) { | |
117 | + fprintf(stderr,"failed to set new role %s\n",role_s); | |
118 | + exit(-1); | |
119 | + } | |
5cb05c03 | 120 | +#ifdef CANTSPELLGDB |
ad1310e6 | 121 | + printf("Your new role is %s\n",context_role_get(context)); |
5cb05c03 | 122 | +#endif |
ad1310e6 | 123 | + } /* if user specified new role */ |
5cb05c03 | 124 | + |
ad1310e6 AM |
125 | + /* If the user specified a new type on the command line (if `type_s' * |
126 | + * is set), then replace the old type in `context' with this new type. */ | |
127 | + if( type_s ) { | |
128 | + if( context_type_set(context,type_s)) { | |
129 | + fprintf(stderr,"failed to set new type %s\n",type_s); | |
130 | + exit(-1); | |
131 | + } | |
5cb05c03 | 132 | +#ifdef CANTSPELLGDB |
ad1310e6 | 133 | + printf("Your new type is %s\n",context_type_get(context)); |
5cb05c03 | 134 | +#endif |
ad1310e6 | 135 | + } /* if user specified new type */ |
5cb05c03 | 136 | + |
ad1310e6 AM |
137 | + /* The second step in creating the new SID is to convert our modified * |
138 | + * `context' structure back to a context string and then to a SID. */ | |
5cb05c03 | 139 | + |
ad1310e6 AM |
140 | + /* Make `context_s' point to a string version of the new `context'. */ |
141 | + if( !(new_context=context_str(context))) { | |
142 | + fprintf(stderr,"failed to convert new context to string\n" ); | |
143 | + exit(-1); | |
144 | + } | |
5cb05c03 AM |
145 | + |
146 | +#ifdef CANTSPELLGDB | |
ad1310e6 | 147 | + printf("Your new context is %s\n",new_context); |
5cb05c03 AM |
148 | +#endif |
149 | + | |
ad1310e6 AM |
150 | + /* |
151 | + * | |
152 | + * Step 4: Handle relabeling of the tty. | |
153 | + * | |
154 | + */ | |
5cb05c03 | 155 | + |
ad1310e6 AM |
156 | + /* Fetch TTY information */ |
157 | + ttyn=ttyname(0); | |
158 | + if (! ( ttyn==NULL || *ttyn=='\0')) { | |
159 | + if (getfilecon(ttyn,&tty_context) <0 ) { | |
160 | + fprintf(stderr, "Could not retrieve tty information.\n"); | |
161 | + } else { | |
5cb05c03 AM |
162 | + |
163 | +#ifdef CANTSPELLGDB | |
ad1310e6 | 164 | + printf("Your tty %s was labeled with SID %d\n", ttyn, tty_context); |
5cb05c03 AM |
165 | +#endif |
166 | + | |
ad1310e6 AM |
167 | + new_tty_context = NULL; |
168 | + if (security_compute_relabel(new_context,tty_context,SECCLASS_CHR_FILE,&new_tty_context) < 0) | |
169 | + fprintf(stderr, "Warning! Could not get new context for %s, not relabeling.\n", ttyn); | |
170 | + else | |
171 | + { | |
5cb05c03 AM |
172 | + |
173 | +#ifdef CANTSPELLGDB | |
ad1310e6 | 174 | + printf("Relabeling tty %s to context %s\n", ttyn, new_tty_context); |
5cb05c03 AM |
175 | +#endif |
176 | + | |
ad1310e6 AM |
177 | + /* Relabel it */ |
178 | + if( setfilecon(ttyn,new_tty_context)!=0 ) { | |
179 | + fprintf(stderr,"sudo: error: setfilecon on %s to %s",ttyn,new_tty_context); | |
180 | + } | |
181 | + freecon(new_tty_context); | |
182 | + } | |
5cb05c03 | 183 | + } |
ad1310e6 | 184 | + } |
5cb05c03 AM |
185 | + /* Fork, allowing parent to clean up after shell has executed */ |
186 | + pid_t childPid=fork(); | |
187 | + if( childPid<0 ) { | |
188 | + int errsv=errno; | |
189 | + | |
190 | + fprintf(stderr,"sudo: failure forking: %s",strerror(errsv)); | |
191 | + exit(-1); | |
192 | + } else if (childPid) { | |
193 | + /* PARENT */ | |
194 | + wait(NULL); | |
195 | + | |
ad1310e6 | 196 | + if (tty_context!=NULL) { |
5cb05c03 | 197 | +#ifdef CANTSPELLGDB |
ad1310e6 | 198 | + printf("Restoring tty %s back to SID %d\n", ttyn, tty_context); |
5cb05c03 AM |
199 | +#endif |
200 | + | |
ad1310e6 AM |
201 | + /* Cleanup TTY Context */ |
202 | + setfilecon(ttyn,tty_context); | |
203 | + freecon(tty_context); | |
204 | + } | |
5cb05c03 AM |
205 | + |
206 | + /* Done! */ | |
207 | exit(0); | |
208 | - else | |
209 | - EXEC(safe_cmnd, NewArgv); /* run the command */ | |
210 | + } | |
211 | + if (setexeccon(new_context) < 0) { | |
212 | + fprintf(stderr, "Could not set exec context to %s.\n", new_context); | |
213 | + exit(-1); | |
214 | + } | |
215 | + freecon(new_context); | |
216 | + /* Close and reopen descriptors 0 through 2 */ | |
217 | + if( close(0) || close(1) || close(2) ) | |
218 | + { | |
219 | + fprintf(stderr,"Could not close descriptors.\n"); | |
220 | + exit(-1); | |
221 | + } | |
222 | + fd = open(ttyn,O_RDWR); | |
223 | + if (fd != 0) { | |
224 | + exit(-1); | |
225 | + } | |
226 | + fd = open(ttyn,O_RDWR); | |
227 | + if (fd != 1) { | |
228 | + exit(-1); | |
229 | + } | |
230 | + fd = open(ttyn,O_RDWR); | |
231 | + if (fd != 2) { | |
232 | + exit(-1); | |
233 | + } | |
234 | + } | |
235 | +#endif | |
236 | + EXEC(safe_cmnd, NewArgv); /* run the command */ | |
237 | #else | |
238 | exit(0); | |
239 | #endif /* PROFILING */ | |
ad1310e6 | 240 | @@ -693,6 +888,30 @@ |
5cb05c03 AM |
241 | NewArgv++; |
242 | break; | |
243 | #endif | |
244 | +#ifdef WITH_SELINUX | |
245 | + case 'r': | |
246 | + /* Must have an associated SELinux role. */ | |
247 | + if (NewArgv[1] == NULL) | |
248 | + usage(1); | |
249 | + | |
250 | + role_s = NewArgv[1]; | |
251 | + | |
252 | + /* Shift Argv over and adjust Argc. */ | |
253 | + NewArgc--; | |
254 | + NewArgv++; | |
255 | + break; | |
256 | + case 't': | |
257 | + /* Must have an associated SELinux type. */ | |
258 | + if (NewArgv[1] == NULL) | |
259 | + usage(1); | |
260 | + | |
261 | + type_s = NewArgv[1]; | |
262 | + | |
263 | + /* Shift Argv over and adjust Argc. */ | |
264 | + NewArgc--; | |
265 | + NewArgv++; | |
266 | + break; | |
267 | +#endif | |
268 | #ifdef HAVE_LOGIN_CAP_H | |
269 | case 'c': | |
270 | /* Must have an associated login class. */ | |
ad1310e6 AM |
271 | @@ -1063,6 +1282,9 @@ |
272 | #ifdef HAVE_BSD_AUTH_H | |
273 | (void) fprintf(stderr, "[-a auth_type] "); | |
274 | #endif | |
275 | +#ifdef WITH_SELINUX | |
276 | + (void) fprintf(stderr, "[-r role] [-t type] "); | |
277 | +#endif | |
278 | (void) fprintf(stderr, "-s | <command>\n"); | |
279 | exit(exit_val); | |
280 | } | |
5cb05c03 | 281 | --- sudo-1.6.7p5/sudo.man.in.selinux 2003-04-15 20:39:14.000000000 -0400 |
ad1310e6 | 282 | +++ sudo-1.6.7p5/sudo.man.in 2004-01-02 20:18:14.000000000 -0500 |
5cb05c03 AM |
283 | @@ -174,7 +174,7 @@ |
284 | .IX Header "SYNOPSIS" | |
285 | \&\fBsudo\fR \fB\-V\fR | \fB\-h\fR | \fB\-l\fR | \fB\-L\fR | \fB\-v\fR | \fB\-k\fR | \fB\-K\fR | \fB\-s\fR | | |
286 | [ \fB\-H\fR ] [\fB\-P\fR ] [\fB\-S\fR ] [ \fB\-b\fR ] | [ \fB\-p\fR \fIprompt\fR ] | |
287 | -[ \fB\-c\fR \fIclass\fR|\fI\-\fR ] [ \fB\-a\fR \fIauth_type\fR ] | |
288 | +[ \fB\-c\fR \fIclass\fR|\fI\-\fR ] [ \fB\-a\fR \fIauth_type\fR ] [\fB\-r\fR \fIrole\fR ] [\fB\-t\fR \fItype\fR ] | |
289 | [ \fB\-u\fR \fIusername\fR|\fI#uid\fR ] \fIcommand\fR | |
290 | .SH "DESCRIPTION" | |
291 | .IX Header "DESCRIPTION" | |
292 | @@ -327,6 +327,16 @@ | |
293 | the group vector to the list of groups the target user is in. | |
294 | The real and effective group IDs, however, are still set to match | |
295 | the target user. | |
296 | +.IP "\-r" 4 | |
297 | +.IX Item "-r" | |
298 | +The \fB\-r\fR (\fRrole\fR) option causes the new (SELinux) security context to have the role specified by | |
299 | +\fIROLE\fR. | |
300 | +.IP "\-t" 4 | |
301 | +.IX Item "-t" | |
302 | +The \fB\-t\fR (\fRtype\fR) option causes the new (SELinux) security context to have the have the type (domain) | |
303 | +specified by | |
304 | +\fITYPE\fR. | |
305 | +If no type is specified, the default type is derived from the specified role. | |
306 | .IP "\-S" 4 | |
307 | .IX Item "-S" | |
308 | The \fB\-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from | |
309 | --- sudo-1.6.7p5/sudoers.selinux 2001-12-16 23:45:52.000000000 -0500 | |
ad1310e6 | 310 | +++ sudo-1.6.7p5/sudoers 2004-01-02 20:18:14.000000000 -0500 |
5cb05c03 AM |
311 | @@ -14,7 +14,8 @@ |
312 | # Defaults specification | |
313 | ||
314 | # User privilege specification | |
315 | -root ALL=(ALL) ALL | |
316 | +#You should not use sudo as root in an SELinux environment | |
317 | +#root ALL=(ALL) ALL | |
318 | ||
319 | # Uncomment to allow people in group wheel to run all commands | |
320 | # %wheel ALL=(ALL) ALL |