isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add calls to set_perms(PERM_ROOT) becore logging to a file. We

Browse Source 
should already be root but since we cache the current permission
status it is basically free.  That way, if more of sudoers runs as
non-root in the future logging will still work correctly.
This commit is contained in:
Todd C. Miller
2012-11-12 09:41:56 -05:00
parent acf8af9aac
commit 02aa965a2d
1 changed files with 15 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
plugins/sudoers/logging.c
View File

@@ -263,6 +263,9 @@ log_denial(int status, bool inform_user)
logline = new_logline(message, 0); logline = new_logline(message, 0);
/* Become root if we are not already. */
set_perms(PERM_ROOT|PERM_NOEXIT);
if (should_mail(status)) if (should_mail(status))
send_mail("%s", logline); /* send mail based on status */ send_mail("%s", logline); /* send mail based on status */
@@ -274,6 +277,8 @@ log_denial(int status, bool inform_user)
if (def_logfile) if (def_logfile)
do_logfile(logline); do_logfile(logline);
restore_perms();
efree(logline); efree(logline);
/* Restore locale. */ /* Restore locale. */
@@ -395,6 +400,9 @@ log_allowed(int status)
logline = new_logline(NULL, 0); logline = new_logline(NULL, 0);
/* Become root if we are not already. */
set_perms(PERM_ROOT|PERM_NOEXIT);
if (should_mail(status)) if (should_mail(status))
send_mail("%s", logline); /* send mail based on status */ send_mail("%s", logline); /* send mail based on status */
@@ -406,6 +414,8 @@ log_allowed(int status)
if (def_logfile) if (def_logfile)
do_logfile(logline); do_logfile(logline);
restore_perms();
efree(logline); efree(logline);
sudoers_setlocale(oldlocale, NULL); sudoers_setlocale(oldlocale, NULL);
@@ -424,9 +434,6 @@ vlog_error(int flags, const char *fmt, va_list ap)
va_list ap2; va_list ap2;
debug_decl(vlog_error, SUDO_DEBUG_LOGGING) debug_decl(vlog_error, SUDO_DEBUG_LOGGING)
/* Become root if we are not already to avoid user interference */
set_perms(PERM_ROOT|PERM_NOEXIT);
/* Need extra copy of ap for warning() below. */ /* Need extra copy of ap for warning() below. */
if (!ISSET(flags, NO_STDERR)) if (!ISSET(flags, NO_STDERR))
va_copy(ap2, ap); va_copy(ap2, ap);
@@ -450,6 +457,9 @@ vlog_error(int flags, const char *fmt, va_list ap)
efree(message); efree(message);
} }
/* Become root if we are not already. */
set_perms(PERM_ROOT|PERM_NOEXIT);
/* /*
* Send a copy of the error via mail. * Send a copy of the error via mail.
*/ */
@@ -466,12 +476,12 @@ vlog_error(int flags, const char *fmt, va_list ap)
do_logfile(logline); do_logfile(logline);
} }
restore_perms();
efree(logline); efree(logline);
sudoers_setlocale(oldlocale, NULL); sudoers_setlocale(oldlocale, NULL);
restore_perms();
/* /*
* Tell the user (in their locale). * Tell the user (in their locale).
*/ */