isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Make find_path() a little more generic by not checking def_foo

Browse Source 
variables inside it.  Instead, pass in ignore_dot as a function
argument.
This commit is contained in:
Todd C. Miller
2010-05-13 10:27:03 -04:00
parent 832ce341e4
commit d5bfd148d6
4 changed files with 13 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
plugins/sudoers/find_path.c
View File

@@ -53,7 +53,8 @@
* but it is in '.' and IGNORE_DOT is set. * but it is in '.' and IGNORE_DOT is set.
*/ */
int int
find_path(char *infile, char **outfile, struct stat *sbp, char *path) find_path(char *infile, char **outfile, struct stat *sbp, char *path,
int ignore_dot)
{ {
static char command[PATH_MAX]; /* qualified filename */ static char command[PATH_MAX]; /* qualified filename */
char *n; /* for traversing path */ char *n; /* for traversing path */
@@ -78,10 +79,7 @@ find_path(char *infile, char **outfile, struct stat *sbp, char *path)
return(NOT_FOUND); return(NOT_FOUND);
} }
/* Use PATH passed in unless SECURE_PATH is in effect. */ if (path == NULL)
if (def_secure_path && !user_is_exempt())
path = def_secure_path;
else if (path == NULL)
return(NOT_FOUND); return(NOT_FOUND);
path = estrdup(path); path = estrdup(path);
origpath = path; origpath = path;
@@ -122,7 +120,7 @@ find_path(char *infile, char **outfile, struct stat *sbp, char *path)
if (len <= 0 || len >= sizeof(command)) if (len <= 0 || len >= sizeof(command))
errorx(1, "%s: File name too long", infile); errorx(1, "%s: File name too long", infile);
result = sudo_goodpath(command, sbp); result = sudo_goodpath(command, sbp);
if (result && def_ignore_dot) if (result && ignore_dot)
return(NOT_FOUND_DOT); return(NOT_FOUND_DOT);
} }

9
plugins/sudoers/sudoers.c
View File

@@ -738,6 +738,7 @@ static int
set_cmnd(int sudo_mode) set_cmnd(int sudo_mode)
{ {
int rval; int rval;
char *path = user_path;
/* Set project if applicable. */ /* Set project if applicable. */
set_project(runas_pw); set_project(runas_pw);
@@ -752,13 +753,17 @@ set_cmnd(int sudo_mode)
if (sudo_mode & (MODE_RUN | MODE_EDIT | MODE_CHECK)) { if (sudo_mode & (MODE_RUN | MODE_EDIT | MODE_CHECK)) {
if (ISSET(sudo_mode, MODE_RUN | MODE_CHECK)) { if (ISSET(sudo_mode, MODE_RUN | MODE_CHECK)) {
if (def_secure_path && !user_is_exempt())
path = def_secure_path;
set_perms(PERM_RUNAS); set_perms(PERM_RUNAS);
rval = find_path(NewArgv[0], &user_cmnd, user_stat, user_path); rval = find_path(NewArgv[0], &user_cmnd, user_stat, path,
def_ignore_dot);
restore_perms(); restore_perms();
if (rval != FOUND) { if (rval != FOUND) {
/* Failed as root, try as invoking user. */ /* Failed as root, try as invoking user. */
set_perms(PERM_USER); set_perms(PERM_USER);
rval = find_path(NewArgv[0], &user_cmnd, user_stat, user_path); rval = find_path(NewArgv[0], &user_cmnd, user_stat, path,
def_ignore_dot);
restore_perms(); restore_perms();
} }
} }

2
plugins/sudoers/sudoers.h
View File

@@ -199,7 +199,7 @@ struct passwd;
char *sudo_goodpath(const char *, struct stat *); char *sudo_goodpath(const char *, struct stat *);
/* findpath.c */ /* findpath.c */
int find_path(char *, char **, struct stat *, char *); int find_path(char *, char **, struct stat *, char *, int);
/* check.c */ /* check.c */
int check_user(int, int); int check_user(int, int);

2
plugins/sudoers/visudo.c
View File

@@ -806,7 +806,7 @@ get_editor(char **args)
UserEditor = NULL; UserEditor = NULL;
else if (UserEditor) { else if (UserEditor) {
UserEditorArgs = get_args(UserEditor); UserEditorArgs = get_args(UserEditor);
if (find_path(UserEditor, &Editor, NULL, getenv("PATH")) == FOUND) { if (find_path(UserEditor, &Editor, NULL, getenv("PATH"), 0) == FOUND) {
UserEditor = Editor; UserEditor = Editor;
} else { } else {
if (def_env_editor) { if (def_env_editor) {