isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

check_user_runcwd: allow -D option if it matches the cwd in sudoers

Browse Source 
Previously, check_user_runcwd() would return true if the runcwd
matched the user's cwd, even if sudoers specified a different one.
The user-specified runcwd was ignored but it is better to error out
in this case.  It is now also possible to use "sudo -D" with the
directory specified in sudoers.
This commit is contained in:
Todd C. Miller
2023-06-28 09:59:33 -06:00
parent f2a274b061
commit e7d4c05ace
2 changed files with 27 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
plugins/sudoers/policy.c
View File

@@ -553,10 +553,6 @@ sudoers_policy_deserialize_info(void *v, struct defaults_list *defaults)
if ((user_cwd = strdup("unknown")) == NULL)
goto oom;
}
if (user_runcwd == NULL) {
/* Unlike user_cwd, user_runcwd is not free()d. */
user_runcwd = user_cwd;
}
if (user_tty == NULL) {
if ((user_tty = strdup("unknown")) == NULL)
goto oom;
@@ -749,7 +745,7 @@ sudoers_policy_store_result(bool accepted, char *argv[], char *envp[],
}
}
if (def_runcwd && strcmp(def_runcwd, "*") != 0) {
/* Set cwd to explicit value in sudoers. */
/* Set cwd to explicit value (sudoers or user-specified). */
if (!expand_tilde(&def_runcwd, runas_pw->pw_name)) {
sudo_warnx(U_("invalid working directory: %s"), def_runcwd);
goto bad;