isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add runas_user and runas_group (if set) to command_info for audit plugin.

Browse Source 
Otherwise, the audit plugin has to look up the runas name and group
by user or group ID.
This commit is contained in:
Todd C. Miller
2020-02-05 10:53:50 -07:00
parent d219c64635
commit c2faa9e6ef
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
plugins/sudoers/policy.c
View File

@@ -564,7 +564,7 @@ sudoers_policy_exec_setup(char *argv[], char *envp[], mode_t cmnd_umask,
debug_return_bool(true); /* nothing to do */
/* Increase the length of command_info as needed, it is *not* checked. */
command_info = calloc(50, sizeof(char *));
command_info = calloc(52, sizeof(char *));
if (command_info == NULL)
goto oom;
@@ -620,6 +620,12 @@ sudoers_policy_exec_setup(char *argv[], char *envp[], mode_t cmnd_umask,
if ((command_info[info_len++] = sudo_new_key_val("cwd", runas_pw->pw_dir)) == NULL)
goto oom;
}
if ((command_info[info_len++] = sudo_new_key_val("runas_user", runas_pw->pw_name)) == NULL)
goto oom;
if (runas_gr != NULL) {
if ((command_info[info_len++] = sudo_new_key_val("runas_group", runas_gr->gr_name)) == NULL)
goto oom;
}
if (def_stay_setuid) {
if (asprintf(&command_info[info_len++], "runas_uid=%u",
(unsigned int)user_uid) == -1)