isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

When setting up the execution environment, set groups before gid/egid

Browse Source 
like sudo 1.7 did.
This commit is contained in:
Todd C. Miller
2012-01-19 12:55:23 -05:00
parent 8e3691c38e
commit 66a66729af
1 changed files with 8 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/sudo.c
View File

@@ -988,6 +988,14 @@ exec_setup(struct command_details *details, const char *ptyname, int ptyfd)
/* /*
* Set groups, including supplementary group vector. * Set groups, including supplementary group vector.
*/ */
if (!ISSET(details->flags, CD_PRESERVE_GROUPS)) {
if (details->ngroups >= 0) {
if (sudo_setgroups(details->ngroups, details->groups) < 0) {
warning(_("unable to set supplementary group IDs"));
goto done;
}
}
}
#ifdef HAVE_SETEUID #ifdef HAVE_SETEUID
if (ISSET(details->flags, CD_SET_EGID) && setegid(details->egid)) { if (ISSET(details->flags, CD_SET_EGID) && setegid(details->egid)) {
warning(_("unable to set effective gid to runas gid %u"), warning(_("unable to set effective gid to runas gid %u"),
@@ -1001,15 +1009,6 @@ exec_setup(struct command_details *details, const char *ptyname, int ptyfd)
goto done; goto done;
} }
if (!ISSET(details->flags, CD_PRESERVE_GROUPS)) {
if (details->ngroups >= 0) {
if (sudo_setgroups(details->ngroups, details->groups) < 0) {
warning(_("unable to set supplementary group IDs"));
goto done;
}
}
}
if (ISSET(details->flags, CD_SET_PRIORITY)) { if (ISSET(details->flags, CD_SET_PRIORITY)) {
if (setpriority(PRIO_PROCESS, 0, details->priority) != 0) { if (setpriority(PRIO_PROCESS, 0, details->priority) != 0) {
warning(_("unable to set process priority")); warning(_("unable to set process priority"));