isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

We also need to open the sudoers file as root if there is a GID

Browse Source 
mismatch.
This commit is contained in:
Todd C. Miller
2014-02-17 10:20:14 -07:00
parent 2b4bc87c07
commit c6e310b948
1 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
plugins/sudoers/sudoers.c
View File

@@ -693,11 +693,12 @@ open_sudoers(const char *sudoers, bool doedit, bool *keepopen)
switch (sudo_secure_file(sudoers, sudoers_uid, sudoers_gid, &sb)) { switch (sudo_secure_file(sudoers, sudoers_uid, sudoers_gid, &sb)) {
case SUDO_PATH_SECURE: case SUDO_PATH_SECURE:
/* /*
* If we are expecting sudoers to be group readable but * If we are expecting sudoers to be group readable by
* it is not, we must open the file as root, not uid 1. * SUDOERS_GID but it is not, we must open the file as root,
* not uid 1.
*/ */
if (sudoers_uid == ROOT_UID && (sudoers_mode & S_IRGRP)) { if (sudoers_uid == ROOT_UID && ISSET(sudoers_mode, S_IRGRP)) {
if ((sb.st_mode & S_IRGRP) == 0) { if (!ISSET(sb.st_mode, S_IRGRP) || sb.st_gid != SUDOERS_GID) {
restore_perms(); restore_perms();
set_perms(PERM_ROOT); set_perms(PERM_ROOT);
} }