pkgsrc-changes: CVS commit: pkgsrc/security/sudo

Subject: CVS commit: pkgsrc/security/sudo
To: None <pkgsrc-changes@NetBSD.org>
From: Thor Lancelot Simon <tls@netbsd.org>
List: pkgsrc-changes
Date: 06/25/2007 09:53:42

Module Name:	pkgsrc
Committed By:	tls
Date:		Mon Jun 25 09:53:42 UTC 2007

Modified Files:
	pkgsrc/security/sudo: Makefile distinfo
	pkgsrc/security/sudo/patches: patch-ah

Log Message:
Fix privilege-escalation vulnerability with PKG_OPTIONS.sudo=kerberos:
cleanse environment of variables that alter behavior of Kerberos library
so the user can't override the default keytab location, and do *not*
ignore missing keytab errors.  Prevents root compromise via spoofed KDC
on systems with Kerberos libraries but no host key in keytab, no keytab,
or keytab overidden via environment.

Don't insist that the keytab key be DES -- some Kerberos sites are 3DES/AES
only.

Somewhat less invasive than the fix Todd incorporated into the 1.6.9 branch
of sudo (presently beta) but equivalent (though not as clean).


To generate a diff of this commit:
cvs rdiff -r1.89 -r1.90 pkgsrc/security/sudo/Makefile
cvs rdiff -r1.34 -r1.35 pkgsrc/security/sudo/distinfo
cvs rdiff -r1.4 -r1.5 pkgsrc/security/sudo/patches/patch-ah

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.