isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Support "*" for CWD/CHROOT to allow user to specify cwd or chroot.

Browse Source 
Adds two new command line options, -D (--chdir) and -R (--chroot)
that can only be used when sudoers sets runcwd or runchroot to "*".
This commit is contained in:
Todd C. Miller
2020-09-01 14:10:02 -06:00
parent bd254e1042
commit 1676f0ceeb
17 changed files with 397 additions and 128 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
plugins/sudoers/sudoers.c
View File

@@ -396,6 +396,28 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
}
}
if (user_runchroot != NULL) {
if (def_runchroot == NULL || strcmp(def_runchroot, "*") != 0) {
audit_failure(NewArgv,
N_("user not allowed to change root directory to %s"),
user_runchroot);
sudo_warnx("%s", U_("you are not permitted to use the -R option"));
goto bad;
}
free(def_runchroot);
def_runchroot = user_runchroot;
}
if (user_runcwd != NULL) {
if (def_runcwd == NULL || strcmp(def_runcwd, "*") != 0) {
audit_failure(NewArgv,
N_("user not allowed to change directory to %s"), user_runcwd);
sudo_warnx("%s", U_("you are not permitted to use the -D option"));
goto bad;
}
free(def_runcwd);
def_runcwd = user_runcwd;
}
/*
* Look up the timestamp dir owner if one is specified.
*/