isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

If the user is running sudo as himself but as a different group we

Browse Source 
need to prompt for a password.
This commit is contained in:
Todd C. Miller
2011-01-11 10:35:20 -05:00
parent 49409b7c5d
commit 2d74e9567f
1 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
plugins/sudoers/check.c
View File

@@ -117,8 +117,14 @@ check_user(int validated, int mode)
if (ISSET(mode, MODE_IGNORE_TICKET)) { if (ISSET(mode, MODE_IGNORE_TICKET)) {
SET(validated, FLAG_CHECK_USER); SET(validated, FLAG_CHECK_USER);
} else { } else {
if (user_uid == 0 || user_uid == runas_pw->pw_uid || user_is_exempt()) /*
return TRUE; * Don't prompt for the root passwd or if the user is exempt.
* If the user is not changing uid/gid, no need for a password.
*/
if (user_uid == 0 || (user_uid == runas_pw->pw_uid &&
(!runas_gr || user_in_group(sudo_user.pw, runas_gr->gr_name))) ||
user_is_exempt())
return TRUE;
} }
if (build_timestamp(&timestampdir, &timestampfile) == -1) if (build_timestamp(&timestampdir, &timestampfile) == -1)