isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add ignore_perms plugin argument to skip the sudoers file security checks.

Browse Source 
This is not intended to be used in a production environment.
This commit is contained in:
Todd C. Miller
2023-08-29 09:55:09 -06:00
parent 1eb4392e14
commit 3c05e748a4
5 changed files with 46 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
plugins/sudoers/sudoers.c
View File

@@ -1282,8 +1282,16 @@ open_sudoers(const char *path, char **outfile, bool doedit, bool *keepopen)
debug_decl(open_sudoers, SUDOERS_DEBUG_PLUGIN);
fd = sudo_open_conf_path(path, fname, sizeof(fname), open_file);
error = sudo_secure_fd(fd, S_IFREG, sudoers_file_uid(), sudoers_file_gid(),
&sb);
if (sudoers_ctx.parser_conf.ignore_perms) {
/* Skip sudoers security checks when ignore_perms is set. */
if (fd == -1 || fstat(fd, &sb) == -1)
error = SUDO_PATH_MISSING;
else
error = SUDO_PATH_SECURE;
} else {
error = sudo_secure_fd(fd, S_IFREG, sudoers_file_uid(),
sudoers_file_gid(), &sb);
}
switch (error) {
case SUDO_PATH_SECURE:
/*