isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow the group set by "sudo -g" to be any of the target user's groups.

Browse Source 
Previously, this was only allowed if the group matched the target
user's primary group ID (from the passwd database entry).
The sudoers policy will now allow the group if it is one of the
target user's supplemental groups as well.
This commit is contained in:
Todd C. Miller
2018-10-27 06:37:34 -06:00
parent ffe2041a02
commit 391ed95f50
3 changed files with 35 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
plugins/sudoers/parse.h
View File

@@ -314,6 +314,7 @@ int runaslist_matches(struct sudoers_parse_tree *parse_tree, const struct member
int user_matches(struct sudoers_parse_tree *parse_tree, const struct passwd *pw, const struct member *m);
int userlist_matches(struct sudoers_parse_tree *parse_tree, const struct passwd *pw, const struct member_list *list);
const char *sudo_getdomainname(void);
struct gid_list *runas_getgroups(void);
/* toke.c */
void init_lexer(void);