From 3a0397b4c2b2d9c47e8bd0da808f5a1797244439 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Jun 25 2018 07:24:33 +0000
Subject: SUDO: Create the socket with stricter permissions


This patch switches the sudo responder from being created as a public
responder where the permissions are open and not checked by the sssd
deaamon to a private socket. In this case, sssd creates the pipes with
strict permissions (see the umask in the call to create_pipe_fd() in
set_unix_socket()) and additionaly checks the permissions with every read
via the tevent integrations (see accept_fd_handler()).

Resolves:
https://pagure.io/SSSD/sssd/issue/3766 (CVE-2018-10852)

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>

---

diff --git a/src/responder/sudo/sudosrv.c b/src/responder/sudo/sudosrv.c
index d832686..f035c76 100644
--- a/src/responder/sudo/sudosrv.c
+++ b/src/responder/sudo/sudosrv.c
@@ -81,7 +81,8 @@ int sudo_process_init(TALLOC_CTX *mem_ctx,
     sudo_cmds = get_sudo_cmds();
     ret = sss_process_init(mem_ctx, ev, cdb,
                            sudo_cmds,
-                           SSS_SUDO_SOCKET_NAME, -1, NULL, -1,
+                           NULL, -1,                   /* No public socket */
+                           SSS_SUDO_SOCKET_NAME, -1,   /* Private socket only */
                            CONFDB_SUDO_CONF_ENTRY,
                            SSS_SUDO_SBUS_SERVICE_NAME,
                            SSS_SUDO_SBUS_SERVICE_VERSION,