isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Move the -C (user_closefrom) check until after set_cmnd() so that

Browse Source 
closefrom_override can be used in a command-specific Defaults line.
Fixes bug #610 from Mengtao Sun.
This commit is contained in:
Todd C. Miller
2013-08-15 09:56:17 -06:00
parent 299a881fe2
commit c376c71618
1 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
plugins/sudoers/sudoers.c
View File

@@ -227,15 +227,6 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
goto bad;
}
/* Check for -C overriding def_closefrom. */
if (user_closefrom >= 0 && user_closefrom != def_closefrom) {
if (!def_closefrom_override) {
warningx(_("you are not permitted to use the -C option"));
goto bad;
}
def_closefrom = user_closefrom;
}
set_perms(PERM_INITIAL);
/* Environment variables specified on the command line. */
@@ -265,9 +256,18 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
if (ISSET(sudo_mode, MODE_PRESERVE_GROUPS))
def_preserve_groups = true;
/* Find command in path */
/* Find command in path and apply per-command Defaults. */
cmnd_status = set_cmnd();
/* Check for -C overriding def_closefrom. */
if (user_closefrom >= 0 && user_closefrom != def_closefrom) {
if (!def_closefrom_override) {
warningx(_("you are not permitted to use the -C option"));
goto bad;
}
def_closefrom = user_closefrom;
}
/*
* Check sudoers sources, using the locale specified in sudoers.
*/