isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

We also need to open the sudoers file as root if there is a GID

Browse Source 
mismatch.
This commit is contained in:
Todd C. Miller
2014-02-17 10:20:14 -07:00
parent 2b4bc87c07
commit c6e310b948
1 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
plugins/sudoers/sudoers.c
View File

@@ -693,11 +693,12 @@ open_sudoers(const char *sudoers, bool doedit, bool *keepopen)
switch (sudo_secure_file(sudoers, sudoers_uid, sudoers_gid, &sb)) {
case SUDO_PATH_SECURE:
/*
* If we are expecting sudoers to be group readable but
* it is not, we must open the file as root, not uid 1.
* If we are expecting sudoers to be group readable by
* SUDOERS_GID but it is not, we must open the file as root,
* not uid 1.
*/
if (sudoers_uid == ROOT_UID && (sudoers_mode & S_IRGRP)) {
if ((sb.st_mode & S_IRGRP) == 0) {
if (sudoers_uid == ROOT_UID && ISSET(sudoers_mode, S_IRGRP)) {
if (!ISSET(sb.st_mode, S_IRGRP) || sb.st_gid != SUDOERS_GID) {
restore_perms();
set_perms(PERM_ROOT);
}