1 --- sudo-1.6.7p5/sesh.c.selinux 2004-07-08 13:18:28.000000000 -0400
2 +++ sudo-1.6.7p5/sesh.c 2004-07-08 13:18:28.000000000 -0400
7 +#include <sys/types.h>
11 +main (int argc, char **argv) {
15 + fprintf(stderr,"%s: Requires at least one argument\n", argv[0]);
18 + if ( argv[1][0] != '/' ) {
19 + fprintf(stderr,"%s: First argument must have a full path\n", argv[0]);
23 + if ((pid = fork()) < 0) {
24 + snprintf(buf, sizeof(buf), "%s: Couldn't fork");
27 + } else if (pid > 0) {
33 + if ((ret = waitpid(pid, &status, 0)) < 0 && errno == EINTR)
36 + perror("waitpid failed");
41 + if (WIFEXITED(status))
42 + exit(WEXITSTATUS(status));
47 + execv(argv[1], &argv[1]);
49 + snprintf(buf, sizeof(buf), "%s: Error execing %s", argv[0], argv[1]);
54 --- sudo-1.6.7p5/configure.in.selinux 2003-05-06 11:22:36.000000000 -0400
55 +++ sudo-1.6.7p5/configure.in 2004-07-08 13:18:28.000000000 -0400
57 dnl Initial values for Makefile variables listed above
58 dnl May be overridden by environment variables..
61 +PROGS="sudo visudo sesh"
62 test -n "$MANTYPE" || MANTYPE="man"
63 test -n "$mansrcdir" || mansrcdir="."
64 test -n "$SUDOERS_MODE" || SUDOERS_MODE=0440
65 --- sudo-1.6.8/sudo.c.orig 2004-08-07 01:42:52.000000000 +0200
66 +++ sudo-1.6.8/sudo.c 2004-08-29 20:45:31.556903000 +0200
68 #include "interfaces.h"
72 +#include <selinux/flask.h> /* for SECCLASS_CHR_FILE */
73 +#include <selinux/selinux.h> /* for is_selinux_enabled() */
74 +#include <selinux/context.h> /* for context-mangling functions */
75 +#include <selinux/get_default_type.h>
76 +char *role_s = NULL; /* role spec'd by user in argv[] */
77 +char *type_s = NULL; /* type spec'd by user in argv[] */
78 +security_context_t new_tty_context=NULL; /* security context to change to while running command*/
79 +security_context_t tty_context=NULL; /* current security context of tty */
83 static const char rcsid[] = "$Sudo: sudo.c,v 1.369 2004/08/06 23:42:52 millert Exp $";
86 sigaction_t saved_sa_int, saved_sa_quit, saved_sa_tstp, saved_sa_chld;
87 void (*set_perms) __P((int));
90 +security_context_t setup_tty_context(int fd, char *ttyn, security_context_t new_context) {
91 + security_context_t tty_context=NULL; /* current sid of tty */
94 + if (fgetfilecon(fd,&tty_context) <0 )
95 + fprintf(stderr, "Warning! Could not get current context for %s, not relabeling.\n", ttyn);
99 + printf("Your tty %s was labeled with context %s\n", ttyn, tty_context);
102 + new_tty_context = NULL;
103 + if (tty_context && security_compute_relabel(new_context,tty_context,SECCLASS_CHR_FILE,&new_tty_context) < 0)
104 + fprintf(stderr, "Warning! Could not get new context for %s, not relabeling.\n", ttyn);
107 + if (new_tty_context)
108 + printf("Relabeling tty %s to context %s\n", ttyn, new_tty_context);
111 + if (new_tty_context) {
112 + if( fsetfilecon(fd,new_tty_context)!=0 ) {
113 + fprintf(stderr,"sudo: error: setfilecon on %s to %s",ttyn,new_tty_context);
116 + return tty_context;
118 +security_context_t get_exec_context(char *role_s, char *type_s) {
120 + security_context_t old_context=NULL; /* our original securiy ID ("old_context") */
121 + security_context_t new_context=NULL; /* our target security ID ("sid") */
125 + * Step 1: Handle command-line arguments.
129 + security_context_t context_s; /* our security context as a string */
130 + int context_length;
131 + context_t context; /* manipulatable form of context_s */
135 + * Get the SID and context of the caller, and extract
136 + * the username from the context. Don't rely on the Linux
137 + * uid information - it isn't trustworthy.
140 + /* Put the caller's SID into `old_context'. */
141 + if( 0!=(getprevcon(&old_context)) ) {
142 + fprintf(stderr,"failed to get old_context.\n");
147 + printf( "Your old context was %s\n", old_context );
150 + * Create a context structure so that we extract and modify
151 + * components easily.
153 + context=context_new(old_context);
157 + * Step 3: Construct a new SID based on our old SID and the
158 + * arguments specified on the command line.
162 + /* The first step in constructing a new SID for the new shell we *
163 + * plan to exec is to take our old context in `context' as a *
164 + * starting point, and modify it according to the options the user *
165 + * specified on the command line. */
167 + /* Set the SELinux user identity to root */
168 + context_user_set(context, "root");
170 + /* If the user specified a new role on the command line (if `role_s' *
171 + * is set), then replace the old role in `context' with this new role. */
174 + if( get_default_type(role_s,&type_s) )
176 + fprintf(stderr,"Couldn't get default type.\n");
180 + printf( "Your type will be %s.\n", type_s );
184 + if( context_role_set(context,role_s)) {
185 + fprintf(stderr,"failed to set new role %s\n",role_s);
189 + printf("Your new role is %s\n",context_role_get(context));
192 + /* If the user specified a new type on the command line (if `type_s' *
193 + * is set), then replace the old type in `context' with this new type. */
195 + if( context_type_set(context,type_s)) {
196 + fprintf(stderr,"failed to set new type %s\n",type_s);
200 + printf("Your new type is %s\n",context_type_get(context));
202 + } /* if user specified new type */
204 + /* The second step in creating the new SID is to convert our modified *
205 + * `context' structure back to a context string and then to a SID. */
207 + /* Make `context_s' point to a string version of the new `context'. */
208 + if( !(new_context=strdup(context_str(context)))) {
209 + fprintf(stderr,"failed to convert new context to string\n" );
213 + } /* if user specified new role */
215 + if (get_default_context(context_user_get(context),
218 + fprintf(stderr,"failed to get default context\n" );
222 + context_free(context);
223 + freecon(old_context);
225 + if (security_check_context(new_context) < 0) {
226 + fprintf(stderr, "%s is not a valid context\n", new_context);
230 + return new_context;
235 main(argc, argv, envp)
237 @@ -149,10 +304,10 @@
248 extern int printmatches;
250 /* Setup defaults data structures. */
253 - /* Load the list of local ip addresses and netmasks. */
257 if (ISSET(sudo_mode, MODE_SHELL))
263 + /* Load the list of local ip addresses and netmasks. */
270 if (ISSET(sudo_mode, MODE_BACKGROUND) && fork() > 0)
274 + if(is_selinux_enabled() > 0) {
276 + char *ttyn = NULL; /* tty path */
277 + security_context_t new_context=NULL; /* our target security ID ("sid") */
278 + security_context_t chk_tty_context= NULL;
280 + new_context=get_exec_context(role_s,type_s);
282 + printf("Your new context is %s\n",new_context);
285 + if (setexeccon(new_context) < 0) {
286 + fprintf(stderr, "Could not set exec context to %s.\n", new_context);
289 + freecon(new_context);
292 + SELinux will only not transition properly with the following
293 + code. Basically if the user chooses to use a different security
294 + context. We need to start the selinux shell, before executing
295 + the command. This way the process transition will happen
296 + correctly. For example if they user wants to run rpm from
297 + sysadm_r. Sudo will exec the /usr/sbin/sesh followed by the
298 + specified command.*/
299 + char **dst, **src = NewArgv+1;
300 + NewArgv = (char **) emalloc2((++NewArgc + 1), sizeof(char *));
301 + NewArgv[0] = estrdup("sesh");
302 + NewArgv[1] = safe_cmnd;
303 + safe_cmnd = estrdup("/usr/sbin/sesh");
304 + /* copy the args from Argv */
305 + for (dst = NewArgv + 2; (*dst = *src) != NULL; ++src, ++dst)
310 EXECV(safe_cmnd, NewArgv); /* run the command */
319 + /* Must have an associated SELinux role. */
320 + if (NewArgv[1] == NULL)
323 + role_s = NewArgv[1];
325 + /* Shift Argv over and adjust Argc. */
330 + /* Must have an associated SELinux type. */
331 + if (NewArgv[1] == NULL)
334 + type_s = NewArgv[1];
336 + /* Shift Argv over and adjust Argc. */
341 #ifdef HAVE_LOGIN_CAP_H
343 /* Must have an associated login class. */
344 @@ -1111,6 +1325,9 @@
345 #ifdef HAVE_LOGIN_CAP_H
349 + " [-r role] [-t type]",
352 " [-u username|#uid]",
353 " { -e file [...] | -i | -s | <command> }",
354 --- sudo-1.6.8/sudo.man.in.orig 2004-08-17 20:53:39.000000000 +0200
355 +++ sudo-1.6.8/sudo.man.in 2004-08-29 20:48:39.189378528 +0200
357 .IX Header "SYNOPSIS"
358 \&\fBsudo\fR \fB\-K\fR | \fB\-L\fR | \fB\-V\fR | \fB\-h\fR | \fB\-k\fR | \fB\-l\fR | \fB\-v\fR
360 -\&\fBsudo\fR [\fB\-HPSb\fR] [\fB\-a\fR\ \fIauth_type\fR] [\fB\-c\fR\ \fIclass\fR|\fI\-\fR]
361 +\&\fBsudo\fR [\fB\-HPSb\fR] [\fB\-a\fR\ \fIauth_type\fR] [\fB\-c\fR\ \fIclass\fR|\fI\-\fR] [\fB\-r\fR \fIrole\fR ] [\fB\-t\fR \fItype\fR ]
362 [\fB\-p\fR\ \fIprompt\fR] [\fB\-u\fR\ \fIusername\fR|\fI#uid\fR]
363 {\fB\-e\fR\ file\ [...]\ |\ \fB\-i\fR\ |\ \fB\-s\fR\ |\ \fIcommand\fR}
366 \&\fBsudo\fR will initialize the group vector to the list of groups the
367 target user is in. The real and effective group IDs, however, are
368 still set to match the target user.
371 +The \fB\-r\fR (\fRrole\fR) option causes the new (SELinux) security context to have the role specified by
375 +The \fB\-t\fR (\fRtype\fR) option causes the new (SELinux) security context to have the have the type (domain)
378 +If no type is specified, the default type is derived from the specified role.
381 The \fB\-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from
382 --- sudo-1.6.8p1/Makefile.in.orig 2004-09-15 22:11:22.000000000 +0200
383 +++ sudo-1.6.8p1/Makefile.in 2004-09-19 12:26:11.212233352 +0200
387 NET_LIBS = @NET_LIBS@
388 -SUDO_LIBS = @SUDO_LIBS@ @AFS_LIBS@ $(LIBS) $(NET_LIBS)
389 +SELINUX_LIBS = -lselinux
390 +SUDO_LIBS = @SUDO_LIBS@ @AFS_LIBS@ $(LIBS) $(NET_LIBS) $(SELINUX_LIBS)
392 # C preprocessor flags
393 CPPFLAGS = -I. -I$(srcdir) @CPPFLAGS@
395 sudoers_mode = @SUDOERS_MODE@
397 # Pass in paths and uid/gid + OS dependent defined
398 -DEFS = @OSDEFS@ -D_PATH_SUDOERS=\"$(sudoersdir)/sudoers\" -D_PATH_SUDOERS_TMP=\"$(sudoersdir)/sudoers.tmp\" -DSUDOERS_UID=$(sudoers_uid) -DSUDOERS_GID=$(sudoers_gid) -DSUDOERS_MODE=$(sudoers_mode)
399 +DEFS = @OSDEFS@ -D_PATH_SUDOERS=\"$(sudoersdir)/sudoers\" -D_PATH_SUDOERS_TMP=\"$(sudoersdir)/sudoers.tmp\" -DSUDOERS_UID=$(sudoers_uid) -DSUDOERS_GID=$(sudoers_gid) -DSUDOERS_MODE=$(sudoers_mode) -DWITH_SELINUX
401 #### End of system configuration section. ####
404 parse.c parse.lex parse.yacc set_perms.c sigaction.c snprintf.c \
405 strcasecmp.c strerror.c strlcat.c strlcpy.c sudo.c sudo_noexec.c \
406 sudo.tab.c sudo_edit.c testsudoers.c tgetpass.c utimes.c visudo.c \
407 - zero_bytes.c $(AUTH_SRCS)
408 + zero_bytes.c $(AUTH_SRCS) sesh.c
410 AUTH_SRCS = auth/afs.c auth/aix_auth.c auth/bsdauth.c auth/dce.c auth/fwtk.c \
411 auth/kerb4.c auth/kerb5.c auth/pam.c auth/passwd.c auth/rfc1938.c \
414 VISUDOBJS = visudo.o fileops.o gettime.o goodpath.o find_path.o $(PARSEOBJS)
418 TESTOBJS = interfaces.o testsudoers.o $(PARSEOBJS)
420 LIBOBJS = @LIBOBJS@ @ALLOCA@
422 BINFILES= BUGS CHANGES HISTORY LICENSE README TODO TROUBLESHOOTING \
423 UPGRADE install-sh mkinstalldirs sample.syslog.conf sample.sudoers \
424 sudo sudo.cat sudo.man sudo.pod sudoers sudoers.cat sudoers.man \
425 - sudoers.pod visudo visudo.cat visudo.man visudo.pod
426 + sudoers.pod visudo visudo.cat visudo.man visudo.pod sesh
428 BINSPECIAL= INSTALL.binary Makefile.binary libtool
431 visudo: $(VISUDOBJS) $(LIBOBJS)
432 $(CC) -o $@ $(VISUDOBJS) $(LIBOBJS) $(LDFLAGS) $(LIBS) $(NET_LIBS)
435 + $(CC) -o $@ $(SESH_OBJS) $(LDFLAGS) $(LIBS)
437 testsudoers: $(TESTOBJS) $(LIBOBJS)
438 $(CC) -o $@ $(TESTOBJS) $(LIBOBJS) $(LDFLAGS) $(LIBS) $(NET_LIBS)
441 set_perms.o: set_perms.c $(SUDODEP)
442 tgetpass.o: tgetpass.c $(SUDODEP)
443 visudo.o: visudo.c $(SUDODEP) version.h
445 sudo.o: sudo.c $(SUDODEP) interfaces.h version.h
446 interfaces.o: interfaces.c $(SUDODEP) interfaces.h
447 testsudoers.o: testsudoers.c $(SUDODEP) parse.h interfaces.h
449 ln $(DESTDIR)$(sudodir)/sudo $(DESTDIR)$(sudodir)/sudoedit
451 $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s visudo $(DESTDIR)$(visudodir)/visudo
452 + $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s sesh $(DESTDIR)$(visudodir)/sesh
454 install-noexec: sudo_noexec.la
455 $(LIBTOOL) --mode=install $(INSTALL) sudo_noexec.la $(DESTDIR)$(noexecdir)