isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Stay setuid until just before executing the command.

Browse Source 
Fixes a problem with pam_xauth which checks effective and real uids
to get the real identity of the user.
This commit is contained in:
Todd C. Miller
2020-11-11 09:34:50 -07:00
parent 6439b4cc01
commit b2ccbb3a90
1 changed files with 0 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/sudo.c
View File

@@ -297,9 +297,6 @@ main(int argc, char *argv[], char *envp[])
SET(command_details.flags, CD_LOGIN_SHELL); SET(command_details.flags, CD_LOGIN_SHELL);
if (ISSET(sudo_mode, MODE_BACKGROUND)) if (ISSET(sudo_mode, MODE_BACKGROUND))
SET(command_details.flags, CD_BACKGROUND); SET(command_details.flags, CD_BACKGROUND);
/* Become full root (not just setuid) so user cannot kill us. */
if (setuid(ROOT_UID) == -1)
sudo_warn("setuid(%d)", ROOT_UID);
if (ISSET(command_details.flags, CD_SUDOEDIT)) { if (ISSET(command_details.flags, CD_SUDOEDIT)) {
status = sudo_edit(&command_details); status = sudo_edit(&command_details);
} else { } else {