isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Ignore a boot time that is in the future, which can happen when the

Browse Source 
clock is corrected down after boot.  Otherwise, the timestamp file
will be unlinked each time sudo is run and a password is always
required.
This commit is contained in:
Todd C. Miller
2016-12-01 10:52:05 -07:00
parent 00b6be9dfa
commit 852ffa5938
1 changed files with 16 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
plugins/sudoers/timestamp.c
View File

@@ -389,18 +389,26 @@ timestamp_open(const char *user, pid_t sid)
/* Remove time stamp file if its mtime predates boot time. */
if (tries == 1 && fstat(fd, &sb) == 0) {
struct timespec boottime, mtime;
struct timespec boottime, mtime, now;
if (sudo_gettime_real(&now) == 0 && get_boottime(&boottime)) {
/* Ignore a boot time that is in the future. */
if (sudo_timespeccmp(&now, &boottime, <)) {
sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO,
"ignoring boot time that is in the future");
} else {
mtim_get(&sb, mtime);
if (get_boottime(&boottime)) {
if (sudo_timespeccmp(&mtime, &boottime, <)) {
/* Time stamp file too old, remove it. */
sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO,
"removing time stamp file that predates boot time");
close(fd);
unlink(fname);
continue;
}
}
}
}
break;
}