isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Look up runas user by name, not euid, where possible.

Browse Source 
Fixes a problem when there are multiple users with the same user-ID
where the PAM session modules could be called with the wrong user name.
Debian bug #734752
This commit is contained in:
Todd C. Miller
2020-05-06 16:38:08 -06:00
parent ea99394fcf
commit 4dba87262a
2 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/sudo.c
View File

@@ -803,6 +803,7 @@ command_info_to_details(char * const info[], struct command_details *details)
break;
}
#endif /* HAVE_PRIV_SET */
SET_STRING("runas_user=", runas_user)
break;
case 's':
SET_STRING("selinux_role=", selinux_role)
@@ -848,7 +849,10 @@ command_info_to_details(char * const info[], struct command_details *details)
#ifdef HAVE_SETAUTHDB
aix_setauthdb(IDtouser(details->euid), NULL);
#endif
details->pw = getpwuid(details->euid);
if (details->runas_user != NULL)
details->pw = getpwnam(details->runas_user);
if (details->pw == NULL)
details->pw = getpwuid(details->euid);
#ifdef HAVE_SETAUTHDB
aix_restoreauthdb();
#endif

1
src/sudo.h
View File

@@ -161,6 +161,7 @@ struct command_details {
struct passwd *pw;
GETGROUPS_T *groups;
const char *command;
const char *runas_user;
const char *cwd;
const char *login_class;
const char *chroot;