isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

For sudoedit_checkdir consider a user-owner directory to be writable.

Browse Source 
The non-faccessat() code already did this so this just brings the
faccessat() path into alignment.  Bug #912
This commit is contained in:
Todd C. Miller
2020-01-11 15:32:48 -07:00
parent e7480c3410
commit c592470dbd
1 changed files with 15 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/sudo_edit.c
View File

@@ -94,13 +94,25 @@ switch_user(uid_t euid, gid_t egid, int ngroups, GETGROUPS_T *groups)
#ifdef HAVE_FACCESSAT
/*
* Returns true if the open directory fd is writable by the user.
* Returns true if the open directory fd is owned or writable by the user.
*/
static int
dir_is_writable(int dfd, struct user_details *ud, struct command_details *cd)
{
debug_decl(dir_is_writable, SUDO_DEBUG_EDIT);
struct stat sb;
int rc;
debug_decl(dir_is_writable, SUDO_DEBUG_EDIT);
if (fstat(dfd, &sb) == -1)
debug_return_int(-1);
/* If the user owns the dir we always consider it writable. */
if (sb.st_uid == ud->uid) {
sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
"user uid %u matches directory uid %u", (unsigned int)ud->uid,
(unsigned int)sb.st_uid);
debug_return_int(true);
}
/* Change uid/gid/groups to invoking user, usually needs root perms. */
if (cd->euid != ROOT_UID) {
@@ -150,7 +162,7 @@ group_matches(gid_t target, gid_t gid, int ngroups, GETGROUPS_T *groups)
}
/*
* Returns true if the open directory fd is writable by the user.
* Returns true if the open directory fd is owned or writable by the user.
*/
static int
dir_is_writable(int dfd, struct user_details *ud, struct command_details *cd)