Bug 38 – Failure to call endspent leaves shadow file open on fd 3

Bug 38 - Failure to call endspent leaves shadow file open on fd 3


Summary:	Failure to call endspent leaves shadow file open on fd 3

Status:	RESOLVED FIXED

Product:	Sudo
Classification:	Unclassified
Component:	Sudo
Version:	1.6.3
Hardware:	PC Linux

Importance:	normal security
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2001-05-10 09:22 MDT by mike
Modified:	2001-05-10 16:55 MDT (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description mike 2001-05-10 09:22:47 MDT

In getspwuid.c, getspnam is called but endspent is not called afterwards, which leaves /etc/shadow open on fd 3 for the sudo'd program to read.  This is with libc.5.4.46.
The patch at http://www.gistnet.com/~mike/sudo-1.6.3p7.patch fixes this by moving the estrdup inside sudo_getepw and calling endspent after estrdup but before returning.

Comment 1 Todd C. Miller 2001-05-10 12:55:59 MDT

Thanks, I wasn't aware that some implementations leave the fd open even though
setspent() had not been called.  I'll just bracket all the shadow varients with
their respective set/end calls.