From 3a13f1bf0cf34b59b436476c5c685204d25b0fda Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Mon, 11 Jan 2021 18:41:19 -0700 Subject: [PATCH] Run the editor with the user's real and effective uid and gid. Fixes a bug introduced in sudo 1.9.5 where the editor was run setuid root unless SELinux RBAC was in use. --- src/sudo_edit.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/sudo_edit.c b/src/sudo_edit.c index 842eca307..b3eea9821 100644 --- a/src/sudo_edit.c +++ b/src/sudo_edit.c @@ -709,8 +709,9 @@ sudo_edit(struct command_details *command_details) nargv[ac] = NULL; /* - * Run the editor with the invoking user's creds, - * keeping track of the time spent in the editor. + * Run the editor with the invoking user's creds and drop setuid. + * Keep track of the time spent in the editor to distinguish between + * a user editing a file and a program doing it. * XXX - should run editor with user's context */ if (sudo_gettime_real(×[0]) == -1) { @@ -719,6 +720,8 @@ sudo_edit(struct command_details *command_details) } memcpy(&saved_command_details, command_details, sizeof(struct command_details)); command_details->cred = user_details.cred; + command_details->cred.euid = user_details.cred.uid; + command_details->cred.egid = user_details.cred.gid; command_details->argv = nargv; ret = run_command(command_details); if (sudo_gettime_real(×[1]) == -1) {