isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

src/load_plugins, plugins/sudoers: added developer_mode sudo.conf option

Browse Source 
It can be used to disable the enforcement that a plugin (shared object or
an imported python module) must be owned by root and not modifiable by
others.
This can make plugin development easier.
This commit is contained in:
Robert Manner
2019-12-10 12:30:15 +01:00
committed by Todd C. Miller
parent 6710048c8d
commit c0d53d75eb
17 changed files with 76 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
plugins/sudoers/group_plugin.c
View File

@@ -86,13 +86,15 @@ group_plugin_load(char *plugin_info)
sudo_warn("%s", path);
goto done;
}
if (sb.st_uid != ROOT_UID) {
sudo_warnx(U_("%s must be owned by uid %d"), path, ROOT_UID);
goto done;
}
if ((sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) {
sudo_warnx(U_("%s must only be writable by owner"), path);
goto done;
if (!sudo_conf_developer_mode()) {
if (sb.st_uid != ROOT_UID) {
sudo_warnx(U_("%s must be owned by uid %d"), path, ROOT_UID);
goto done;
}
if ((sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) {
sudo_warnx(U_("%s must only be writable by owner"), path);
goto done;
}
}
/* Open plugin and map in symbol. */