Bug 886648
Summary: | Access granted with invalid sudoRunAsUser/sudoRunAsGroup | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Nikolai Kondrashov <nikolai.kondrashov> | ||||
Component: | sudo | Assignee: | Daniel Kopeček <dkopecek> | ||||
Status: | CLOSED ERRATA | QA Contact: | David Spurek <dspurek> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 6.4 | CC: | dapospis, dspurek, ebenes, ksrot, mvadkert, pvrabec | ||||
Target Milestone: | rc | ||||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | sudo-1.8.6p3-8.el6 | Doc Type: | Bug Fix | ||||
Doc Text: |
No documentation needed.
|
Story Points: | --- | ||||
Clone Of: | |||||||
: | 1006991 1026904 (view as bug list) | Environment: | |||||
Last Closed: | 2013-11-21 23:12:10 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 947775, 1006991, 1026904 | ||||||
Attachments: |
|
Description
Nikolai Kondrashov
2012-12-12 18:46:07 UTC
This request was not resolved in time for the current release. Red Hat invites you to ask your support representative to propose this request, if still desired, for consideration in the next release of Red Hat Enterprise Linux. Sudo accepts the invalid strings because it uses atoi() to convert the string to an uid/gid. I've changed the code to use strtol and added checks that the whole string was accepted by it. Created attachment 784416 [details]
proposed patch
Verified fixed with sudo-1.8.6p3-11.el6.x86_64. Relevant sudo suite output: :: [ PASS ] :: attrs_runasuser_user_id_invalid (Expected 0, got 0) :: [ PASS ] :: attrs_runasgroup_id_invalid (Expected 0, got 0) Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-1701.html |