1 --- sudo-1.6.7p5/Makefile.in.selinux 2003-04-15 20:39:10.000000000 -0400
2 +++ sudo-1.6.7p5/Makefile.in 2004-01-02 20:18:14.000000000 -0500
7 -SUDO_LIBS = @SUDO_LIBS@ @AFS_LIBS@ $(LIBS) $(NET_LIBS)
8 +SELINUX_LIBS = -lselinux
9 +SUDO_LIBS = @SUDO_LIBS@ @AFS_LIBS@ $(LIBS) $(NET_LIBS) $(SELINUX_LIBS)
11 # C preprocessor flags
12 CPPFLAGS = -I. -I$(srcdir) @CPPFLAGS@
14 sudoers_mode = @SUDOERS_MODE@
16 # Pass in paths and uid/gid + OS dependent defined
17 -DEFS = @OSDEFS@ -D_PATH_SUDOERS=\"$(sudoersdir)/sudoers\" -D_PATH_SUDOERS_TMP=\"$(sudoersdir)/sudoers.tmp\" -DSUDOERS_UID=$(sudoers_uid) -DSUDOERS_GID=$(sudoers_gid) -DSUDOERS_MODE=$(sudoers_mode)
18 +DEFS = @OSDEFS@ -D_PATH_SUDOERS=\"$(sudoersdir)/sudoers\" -D_PATH_SUDOERS_TMP=\"$(sudoersdir)/sudoers.tmp\" -DSUDOERS_UID=$(sudoers_uid) -DSUDOERS_GID=$(sudoers_gid) -DSUDOERS_MODE=$(sudoers_mode) -DWITH_SELINUX
20 #### End of system configuration section. ####
22 --- sudo-1.6.7p5/sudo.c.selinux 2003-04-15 20:39:14.000000000 -0400
23 +++ sudo-1.6.7p5/sudo.c 2004-01-13 21:38:54.668372568 -0500
25 #include "interfaces.h"
29 +#include <selinux/flask.h> /* for SECCLASS_CHR_FILE */
30 +#include <selinux/selinux.h> /* for is_selinux_enabled() */
31 +#include <selinux/context.h> /* for context-mangling functions */
32 +#include <selinux/get_default_type.h>
33 +char *role_s = NULL; /* role spec'd by user in argv[] */
34 +char *type_s = NULL; /* type spec'd by user in argv[] */
35 +char *ttyn = NULL; /* tty path */
39 static const char rcsid[] = "$Sudo: sudo.c,v 1.334 2003/04/01 15:02:49 millert Exp $";
41 @@ -414,10 +424,195 @@
42 (void) sigaction(SIGCHLD, &saved_sa_chld, NULL);
45 - if ((sudo_mode & MODE_BACKGROUND) && fork() > 0)
46 + if ((sudo_mode & MODE_BACKGROUND) && fork() > 0) {
50 + if( is_selinux_enabled() >0) {
51 + security_context_t old_context=NULL; /* our original securiy ID ("old_context") */
52 + security_context_t new_context=NULL; /* our target security ID ("sid") */
53 + security_context_t tty_context=NULL; /* current sid of tty */
54 + security_context_t new_tty_context=NULL; /* sid to change to while running command*/
58 + * Step 1: Handle command-line arguments.
62 + security_context_t context_s; /* our security context as a string */
64 + context_t context; /* manipulatable form of context_s */
67 + /* Fill in a default type if one hasn't been specified */
68 + if( role_s && !type_s ) {
69 + if( get_default_type(role_s,&type_s) )
71 + fprintf(stderr,"Couldn't get default type.\n");
75 + printf( "Your type will be %s.\n", type_s );
81 + * Get the SID and context of the caller, and extract
82 + * the username from the context. Don't rely on the Linux
83 + * uid information - it isn't trustworthy.
86 + /* Put the caller's SID into `old_context'. */
87 + if( 0!=(getprevcon(&old_context)) ) {
88 + fprintf(stderr,"failed to get old_context.\n");
93 + printf( "Your old context was %s\n", old_context );
96 + * Create a context structure so that we extract and modify
97 + * components easily.
99 + context=context_new(old_context);
103 + * Step 3: Construct a new SID based on our old SID and the
104 + * arguments specified on the command line.
108 + /* The first step in constructing a new SID for the new shell we *
109 + * plan to exec is to take our old context in `context' as a *
110 + * starting point, and modify it according to the options the user *
111 + * specified on the command line. */
113 + /* If the user specified a new role on the command line (if `role_s' *
114 + * is set), then replace the old role in `context' with this new role. */
116 + if( context_role_set(context,role_s)) {
117 + fprintf(stderr,"failed to set new role %s\n",role_s);
121 + printf("Your new role is %s\n",context_role_get(context));
123 + } /* if user specified new role */
125 + /* If the user specified a new type on the command line (if `type_s' *
126 + * is set), then replace the old type in `context' with this new type. */
128 + if( context_type_set(context,type_s)) {
129 + fprintf(stderr,"failed to set new type %s\n",type_s);
133 + printf("Your new type is %s\n",context_type_get(context));
135 + } /* if user specified new type */
137 + /* The second step in creating the new SID is to convert our modified *
138 + * `context' structure back to a context string and then to a SID. */
140 + /* Make `context_s' point to a string version of the new `context'. */
141 + if( !(new_context=context_str(context))) {
142 + fprintf(stderr,"failed to convert new context to string\n" );
147 + printf("Your new context is %s\n",new_context);
152 + * Step 4: Handle relabeling of the tty.
156 + /* Fetch TTY information */
158 + if (! ( ttyn==NULL || *ttyn=='\0')) {
159 + if (getfilecon(ttyn,&tty_context) <0 ) {
160 + fprintf(stderr, "Could not retrieve tty information.\n");
164 + printf("Your tty %s was labeled with SID %d\n", ttyn, tty_context);
167 + new_tty_context = NULL;
168 + if (security_compute_relabel(new_context,tty_context,SECCLASS_CHR_FILE,&new_tty_context) < 0)
169 + fprintf(stderr, "Warning! Could not get new context for %s, not relabeling.\n", ttyn);
174 + printf("Relabeling tty %s to context %s\n", ttyn, new_tty_context);
178 + if( setfilecon(ttyn,new_tty_context)!=0 ) {
179 + fprintf(stderr,"sudo: error: setfilecon on %s to %s",ttyn,new_tty_context);
181 + freecon(new_tty_context);
185 + /* Fork, allowing parent to clean up after shell has executed */
186 + pid_t childPid=fork();
190 + fprintf(stderr,"sudo: failure forking: %s",strerror(errsv));
192 + } else if (childPid) {
196 + if (tty_context!=NULL) {
198 + printf("Restoring tty %s back to SID %d\n", ttyn, tty_context);
201 + /* Cleanup TTY Context */
202 + setfilecon(ttyn,tty_context);
203 + freecon(tty_context);
209 - EXEC(safe_cmnd, NewArgv); /* run the command */
211 + if (setexeccon(new_context) < 0) {
212 + fprintf(stderr, "Could not set exec context to %s.\n", new_context);
215 + freecon(new_context);
216 + /* Close and reopen descriptors 0 through 2 */
217 + if( close(0) || close(1) || close(2) )
219 + fprintf(stderr,"Could not close descriptors.\n");
222 + fd = open(ttyn,O_RDWR);
226 + fd = open(ttyn,O_RDWR);
230 + fd = open(ttyn,O_RDWR);
236 + EXEC(safe_cmnd, NewArgv); /* run the command */
239 #endif /* PROFILING */
246 + /* Must have an associated SELinux role. */
247 + if (NewArgv[1] == NULL)
250 + role_s = NewArgv[1];
252 + /* Shift Argv over and adjust Argc. */
257 + /* Must have an associated SELinux type. */
258 + if (NewArgv[1] == NULL)
261 + type_s = NewArgv[1];
263 + /* Shift Argv over and adjust Argc. */
268 #ifdef HAVE_LOGIN_CAP_H
270 /* Must have an associated login class. */
271 @@ -1063,6 +1282,9 @@
272 #ifdef HAVE_BSD_AUTH_H
273 (void) fprintf(stderr, "[-a auth_type] ");
276 + (void) fprintf(stderr, "[-r role] [-t type] ");
278 (void) fprintf(stderr, "-s | <command>\n");
281 --- sudo-1.6.7p5/sudo.man.in.selinux 2003-04-15 20:39:14.000000000 -0400
282 +++ sudo-1.6.7p5/sudo.man.in 2004-01-02 20:18:14.000000000 -0500
284 .IX Header "SYNOPSIS"
285 \&\fBsudo\fR \fB\-V\fR | \fB\-h\fR | \fB\-l\fR | \fB\-L\fR | \fB\-v\fR | \fB\-k\fR | \fB\-K\fR | \fB\-s\fR |
286 [ \fB\-H\fR ] [\fB\-P\fR ] [\fB\-S\fR ] [ \fB\-b\fR ] | [ \fB\-p\fR \fIprompt\fR ]
287 -[ \fB\-c\fR \fIclass\fR|\fI\-\fR ] [ \fB\-a\fR \fIauth_type\fR ]
288 +[ \fB\-c\fR \fIclass\fR|\fI\-\fR ] [ \fB\-a\fR \fIauth_type\fR ] [\fB\-r\fR \fIrole\fR ] [\fB\-t\fR \fItype\fR ]
289 [ \fB\-u\fR \fIusername\fR|\fI#uid\fR ] \fIcommand\fR
291 .IX Header "DESCRIPTION"
293 the group vector to the list of groups the target user is in.
294 The real and effective group IDs, however, are still set to match
298 +The \fB\-r\fR (\fRrole\fR) option causes the new (SELinux) security context to have the role specified by
302 +The \fB\-t\fR (\fRtype\fR) option causes the new (SELinux) security context to have the have the type (domain)
305 +If no type is specified, the default type is derived from the specified role.
308 The \fB\-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from
309 --- sudo-1.6.7p5/sudoers.selinux 2001-12-16 23:45:52.000000000 -0500
310 +++ sudo-1.6.7p5/sudoers 2004-01-02 20:18:14.000000000 -0500
312 # Defaults specification
314 # User privilege specification
316 +#You should not use sudo as root in an SELinux environment
319 # Uncomment to allow people in group wheel to run all commands
320 # %wheel ALL=(ALL) ALL