isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

src/load_plugins, plugins/sudoers: added developer_mode sudo.conf option

Browse Source 
It can be used to disable the enforcement that a plugin (shared object or
an imported python module) must be owned by root and not modifiable by
others.
This can make plugin development easier.
This commit is contained in:
Robert Manner
2019-12-10 12:30:15 +01:00
committed by Todd C. Miller
parent 6710048c8d
commit c0d53d75eb
17 changed files with 76 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/load_plugins.c
View File

@@ -130,17 +130,20 @@ sudo_check_plugin(struct plugin_info *info, char *fullpath, size_t pathsize)
}
goto done;
}
if (sb.st_uid != ROOT_UID) {
sudo_warnx(U_("error in %s, line %d while loading plugin \"%s\""),
_PATH_SUDO_CONF, info->lineno, info->symbol_name);
sudo_warnx(U_("%s must be owned by uid %d"), fullpath, ROOT_UID);
goto done;
}
if ((sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) {
sudo_warnx(U_("error in %s, line %d while loading plugin \"%s\""),
_PATH_SUDO_CONF, info->lineno, info->symbol_name);
sudo_warnx(U_("%s must be only be writable by owner"), fullpath);
goto done;
if (!sudo_conf_developer_mode()) {
if (sb.st_uid != ROOT_UID) {
sudo_warnx(U_("error in %s, line %d while loading plugin \"%s\""),
_PATH_SUDO_CONF, info->lineno, info->symbol_name);
sudo_warnx(U_("%s must be owned by uid %d"), fullpath, ROOT_UID);
goto done;
}
if ((sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) {
sudo_warnx(U_("error in %s, line %d while loading plugin \"%s\""),
_PATH_SUDO_CONF, info->lineno, info->symbol_name);
sudo_warnx(U_("%s must be only be writable by owner"), fullpath);
goto done;
}
}
ret = true;