Fix privilege-escalation vulnerability with PKG_OPTIONS.sudo=kerberos:

cleanse environment of variables that alter behavior of Kerberos library
so the user can't override the default keytab location, and do *not*
ignore missing keytab errors.  Prevents root compromise via spoofed KDC
on systems with Kerberos libraries but no host key in keytab, no keytab,
or keytab overidden via environment.

Don't insist that the keytab key be DES -- some Kerberos sites are 3DES/AES
only.

Somewhat less invasive than the fix Todd incorporated into the 1.6.9 branch
of sudo (presently beta) but equivalent (though not as clean).

1 files changed, 23 insertions, 4 deletions

diff --git a/security/sudo/patches/patch-ah b/security/sudo/patches/patch-ah
index 6f089950dea..295715eb687 100644
--- a/security/sudo/patches/patch-ah
+++ b/security/sudo/patches/patch-ah
@@ -1,8 +1,27 @@
-$NetBSD: patch-ah,v 1.4 2006/01/15 11:32:07 adrianp Exp $
+$NetBSD: patch-ah,v 1.5 2007/06/25 09:53:42 tls Exp $
 
---- env.c.orig	2005-11-08 18:21:33.000000000 +0000
-+++ env.c
-@@ -130,6 +130,7 @@ static const char *initial_badenv_table[
+--- env.c.orig	2005-11-08 13:21:33.000000000 -0500
++++ env.c	2007-06-25 04:44:24.000000000 -0400
+@@ -105,14 +105,14 @@
+ #ifdef __APPLE__
+     "DYLD_*",
+ #endif
+-#ifdef HAVE_KERB4
++#if defined(HAVE_KERB4) || defined(HAVE_KERB5)
+     "KRB_CONF*",
+     "KRBCONFDIR",
+     "KRBTKFILE",
+-#endif /* HAVE_KERB4 */
+-#ifdef HAVE_KERB5
+     "KRB5_CONFIG*",
+-#endif /* HAVE_KERB5 */
++    "KRB5_KTNAME",
++    "KRB5CCNAME",
++#endif /* HAVE_KERB4 || HAVE_KERB5 */
+ #ifdef HAVE_SECURID
+     "VAR_ACE",
+     "USR_ACE",
+@@ -130,6 +130,7 @@
      "PERLLIB",
      "PERL5LIB",
      "PERL5OPT",