isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Completely ignore time stamp file if it is set to the epoch,

Browse Source 
regardless of what gettimeofday() returns.
This commit is contained in:
Todd C. Miller
2013-02-21 10:05:16 -05:00
parent f336580bb1
commit 04b25a8bcd
1 changed files with 28 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
plugins/sudoers/timestamp.c
View File

@@ -334,31 +334,34 @@ timestamp_status_internal(bool removing)
*/ */
if (status == TS_OLD && !removing) { if (status == TS_OLD && !removing) {
mtim_get(&sb, &mtime); mtim_get(&sb, &mtime);
/* Negative timeouts only expire manually (sudo -k). */ if (timevalisset(&mtime)) {
if (def_timestamp_timeout < 0 && mtime.tv_sec != 0) /* Negative timeouts only expire manually (sudo -k). */
status = TS_CURRENT; if (def_timestamp_timeout < 0) {
else { status = TS_CURRENT;
now = time(NULL); } else {
if (def_timestamp_timeout && now = time(NULL);
now - mtime.tv_sec < 60 * def_timestamp_timeout) { if (def_timestamp_timeout &&
/* now - mtime.tv_sec < 60 * def_timestamp_timeout) {
* Check for bogus time on the stampfile. The clock may /*
* have been set back or someone could be trying to spoof us. * Check for bogus time on the stampfile. The clock may
*/ * have been set back or user could be trying to spoof us.
if (mtime.tv_sec > now + 60 * def_timestamp_timeout * 2) { */
time_t tv_sec = (time_t)mtime.tv_sec; if (mtime.tv_sec > now + 60 * def_timestamp_timeout * 2) {
log_error(0, time_t tv_sec = (time_t)mtime.tv_sec;
N_("timestamp too far in the future: %20.20s"), log_error(0,
4 + ctime(&tv_sec)); N_("timestamp too far in the future: %20.20s"),
if (*timestampfile) 4 + ctime(&tv_sec));
(void) unlink(timestampfile); if (*timestampfile)
else (void) unlink(timestampfile);
(void) rmdir(timestampdir); else
status = TS_MISSING; (void) rmdir(timestampdir);
} else if (get_boottime(&boottime) && timevalcmp(&mtime, &boottime, <)) { status = TS_MISSING;
status = TS_OLD; } else if (get_boottime(&boottime) &&
} else { timevalcmp(&mtime, &boottime, <)) {
status = TS_CURRENT; status = TS_OLD;
} else {
status = TS_CURRENT;
}
} }
} }
} }