isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Set user group list when executing the askpass helper.

Browse Source 
Under normal circumstances the existing group list will match the
list fetched by sudo.  However, if sudo is executed by a process
that has changed the group list via setgroups(2) and "group_source"
in sudo.conf is set to "dynamic" it is possible for them to be
different.

If group_source in sudo.conf is set to "dynamic" it is possible
for the group list
This commit is contained in:
Todd C. Miller
2021-04-06 14:30:16 -06:00
parent f1f8515bd6
commit e3ff4e663c
1 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/tgetpass.c
View File

@@ -289,6 +289,7 @@ static char *
sudo_askpass(const char *askpass, const char *prompt)
{
static char buf[SUDO_CONV_REPL_MAX + 1], *pass;
struct sudo_cred *cred = &user_details.cred;
struct sigaction sa, savechld;
enum tgetpass_errval errval;
int pfd[2], status;
@@ -323,12 +324,18 @@ sudo_askpass(const char *askpass, const char *prompt)
restore_limits();
/* But avoid a setuid() failure on Linux due to RLIMIT_NPROC. */
unlimit_nproc();
if (setgid(user_details.cred.gid)) {
sudo_warn(U_("unable to set gid to %u"), (unsigned int)user_details.cred.gid);
if (setgid(cred->gid)) {
sudo_warn(U_("unable to set gid to %u"), (unsigned int)cred->gid);
_exit(255);
}
if (setuid(user_details.cred.uid)) {
sudo_warn(U_("unable to set uid to %u"), (unsigned int)user_details.cred.uid);
if (cred->ngroups != -1) {
if (sudo_setgroups(cred->ngroups, cred->groups) == -1) {
sudo_warn("%s", U_("unable to set supplementary group IDs"));
_exit(255);
}
}
if (setuid(cred->uid)) {
sudo_warn(U_("unable to set uid to %u"), (unsigned int)cred->uid);
_exit(255);
}
restore_nproc();