isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add runas_check_shell flag to require a runas user to have a valid shell.

Browse Source 
Not enabled by default.
This commit is contained in:
Todd C. Miller
2019-12-09 19:29:45 -07:00
parent df8f06609c
commit b14d633ec6
16 changed files with 285 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
plugins/sudoers/sudoers.c
View File

@@ -295,7 +295,7 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
/* Not an audit event. */
sudo_warnx(U_("sudoers specifies that root is not allowed to sudo"));
goto bad;
}
}
if (!set_perms(PERM_INITIAL))
goto bad;
@@ -434,6 +434,13 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
goto bad;
}
/* Check runas user's shell. */
if (!check_user_shell(runas_pw)) {
log_warningx(SLOG_RAW_MSG, N_("invalid shell for user %s: %s"),
runas_pw->pw_name, runas_pw->pw_shell);
goto bad;
}
/*
* We don't reset the environment for sudoedit or if the user
* specified the -E command line flag and they have setenv privs.