Fix privilege-escalation vulnerability with PKG_OPTIONS.sudo=kerberos:

cleanse environment of variables that alter behavior of Kerberos library so the user can't override the default keytab location, and do *not* ignore missing keytab errors. Prevents root compromise via spoofed KDC on systems with Kerberos libraries but no host key in keytab, no keytab, or keytab overidden via environment. Don't insist that the keytab key be DES -- some Kerberos sites are 3DES/AES only. Somewhat less invasive than the fix Todd incorporated into the 1.6.9 branch of sudo (presently beta) but equivalent (though not as clean).
author: tls <tls> 2007-06-25 09:53:42 +0000
committer: tls <tls> 2007-06-25 09:53:42 +0000
commit: 26c09f00ecac34b065d7f8673e64c6f2bbbdef1f (patch)
tree: 9586dfb9edc59513767d46cac743535de773a8f8 /security/sudo/Makefile
parent: ba2e869050833ead1a2cadbbdebd4e42f24c5cdb (diff)
download: pkgsrc-26c09f00ecac34b065d7f8673e64c6f2bbbdef1f.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/security/sudo/Makefile b/security/sudo/Makefile
index 2dfb06e6195..36362f6e87e 100644
--- a/security/sudo/Makefile
+++ b/security/sudo/Makefile
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.89 2007/03/13 09:46:00 rillig Exp $
+# $NetBSD: Makefile,v 1.90 2007/06/25 09:53:42 tls Exp $
 #
 
 DISTNAME=		sudo-1.6.8p12
 PKGNAME=		sudo-1.6.8pl12
-PKGREVISION=		3
+PKGREVISION=		4
 CATEGORIES=		security
 MASTER_SITES=		http://www.courtesan.com/sudo/dist/ \
 			ftp://ftp.courtesan.com/pub/sudo/ \
author	tls <tls>	2007-06-25 09:53:42 +0000
committer	tls <tls>	2007-06-25 09:53:42 +0000
commit	26c09f00ecac34b065d7f8673e64c6f2bbbdef1f (patch)
tree	9586dfb9edc59513767d46cac743535de773a8f8 /security/sudo/Makefile
parent	ba2e869050833ead1a2cadbbdebd4e42f24c5cdb (diff)
download	pkgsrc-26c09f00ecac34b065d7f8673e64c6f2bbbdef1f.tar.gz