Set safe_cmnd after sudoers_lookup() if it has not been set.
Previously it was set by sudo "ALL" in the parser but at that point the fully-qualified pathname has not yet been found.
This commit is contained in:
Todd C. Miller
39
gram.c
39
gram.c
@@ -596,7 +596,7 @@ short *yyss;
|
|||||||
short *yysslim;
|
short *yysslim;
|
||||||
YYSTYPE *yyvs;
|
YYSTYPE *yyvs;
|
||||||
int yystacksize;
|
int yystacksize;
|
||||||
#line 501 "gram.y"
|
#line 498 "gram.y"
|
||||||
/*
|
/*
|
||||||
* Add a list of defaults structures to the defaults list.
|
* Add a list of defaults structures to the defaults list.
|
||||||
* The binding, if non-NULL, specifies a list of hosts, users, or
|
* The binding, if non-NULL, specifies a list of hosts, users, or
|
||||||
@@ -1249,19 +1249,16 @@ case 57:
|
|||||||
#line 383 "gram.y"
|
#line 383 "gram.y"
|
||||||
{
|
{
|
||||||
NEW_MEMBER(yyval.member, NULL, ALL);
|
NEW_MEMBER(yyval.member, NULL, ALL);
|
||||||
if (safe_cmnd)
|
|
||||||
free(safe_cmnd);
|
|
||||||
safe_cmnd = estrdup(user_cmnd);
|
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 58:
|
case 58:
|
||||||
#line 389 "gram.y"
|
#line 386 "gram.y"
|
||||||
{
|
{
|
||||||
NEW_MEMBER(yyval.member, yyvsp[0].string, ALIAS);
|
NEW_MEMBER(yyval.member, yyvsp[0].string, ALIAS);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 59:
|
case 59:
|
||||||
#line 392 "gram.y"
|
#line 389 "gram.y"
|
||||||
{
|
{
|
||||||
struct sudo_command *c = emalloc(sizeof(*c));
|
struct sudo_command *c = emalloc(sizeof(*c));
|
||||||
c->cmnd = yyvsp[0].command.cmnd;
|
c->cmnd = yyvsp[0].command.cmnd;
|
||||||
@@ -1270,7 +1267,7 @@ case 59:
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 62:
|
case 62:
|
||||||
#line 404 "gram.y"
|
#line 401 "gram.y"
|
||||||
{
|
{
|
||||||
char *s;
|
char *s;
|
||||||
if ((s = alias_add(yyvsp[-2].string, HOSTALIAS, yyvsp[0].member)) != NULL) {
|
if ((s = alias_add(yyvsp[-2].string, HOSTALIAS, yyvsp[0].member)) != NULL) {
|
||||||
@@ -1280,14 +1277,14 @@ case 62:
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 64:
|
case 64:
|
||||||
#line 414 "gram.y"
|
#line 411 "gram.y"
|
||||||
{
|
{
|
||||||
LIST_APPEND(yyvsp[-2].member, yyvsp[0].member);
|
LIST_APPEND(yyvsp[-2].member, yyvsp[0].member);
|
||||||
yyval.member = yyvsp[-2].member;
|
yyval.member = yyvsp[-2].member;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 67:
|
case 67:
|
||||||
#line 424 "gram.y"
|
#line 421 "gram.y"
|
||||||
{
|
{
|
||||||
char *s;
|
char *s;
|
||||||
if ((s = alias_add(yyvsp[-2].string, CMNDALIAS, yyvsp[0].member)) != NULL) {
|
if ((s = alias_add(yyvsp[-2].string, CMNDALIAS, yyvsp[0].member)) != NULL) {
|
||||||
@@ -1297,14 +1294,14 @@ case 67:
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 69:
|
case 69:
|
||||||
#line 434 "gram.y"
|
#line 431 "gram.y"
|
||||||
{
|
{
|
||||||
LIST_APPEND(yyvsp[-2].member, yyvsp[0].member);
|
LIST_APPEND(yyvsp[-2].member, yyvsp[0].member);
|
||||||
yyval.member = yyvsp[-2].member;
|
yyval.member = yyvsp[-2].member;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 72:
|
case 72:
|
||||||
#line 444 "gram.y"
|
#line 441 "gram.y"
|
||||||
{
|
{
|
||||||
char *s;
|
char *s;
|
||||||
if ((s = alias_add(yyvsp[-2].string, RUNASALIAS, yyvsp[0].member)) != NULL) {
|
if ((s = alias_add(yyvsp[-2].string, RUNASALIAS, yyvsp[0].member)) != NULL) {
|
||||||
@@ -1314,7 +1311,7 @@ case 72:
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 75:
|
case 75:
|
||||||
#line 457 "gram.y"
|
#line 454 "gram.y"
|
||||||
{
|
{
|
||||||
char *s;
|
char *s;
|
||||||
if ((s = alias_add(yyvsp[-2].string, USERALIAS, yyvsp[0].member)) != NULL) {
|
if ((s = alias_add(yyvsp[-2].string, USERALIAS, yyvsp[0].member)) != NULL) {
|
||||||
@@ -1324,57 +1321,57 @@ case 75:
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 77:
|
case 77:
|
||||||
#line 467 "gram.y"
|
#line 464 "gram.y"
|
||||||
{
|
{
|
||||||
LIST_APPEND(yyvsp[-2].member, yyvsp[0].member);
|
LIST_APPEND(yyvsp[-2].member, yyvsp[0].member);
|
||||||
yyval.member = yyvsp[-2].member;
|
yyval.member = yyvsp[-2].member;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 78:
|
case 78:
|
||||||
#line 473 "gram.y"
|
#line 470 "gram.y"
|
||||||
{
|
{
|
||||||
yyval.member = yyvsp[0].member;
|
yyval.member = yyvsp[0].member;
|
||||||
yyval.member->negated = FALSE;
|
yyval.member->negated = FALSE;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 79:
|
case 79:
|
||||||
#line 477 "gram.y"
|
#line 474 "gram.y"
|
||||||
{
|
{
|
||||||
yyval.member = yyvsp[0].member;
|
yyval.member = yyvsp[0].member;
|
||||||
yyval.member->negated = TRUE;
|
yyval.member->negated = TRUE;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 80:
|
case 80:
|
||||||
#line 483 "gram.y"
|
#line 480 "gram.y"
|
||||||
{
|
{
|
||||||
NEW_MEMBER(yyval.member, yyvsp[0].string, ALIAS);
|
NEW_MEMBER(yyval.member, yyvsp[0].string, ALIAS);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 81:
|
case 81:
|
||||||
#line 486 "gram.y"
|
#line 483 "gram.y"
|
||||||
{
|
{
|
||||||
NEW_MEMBER(yyval.member, NULL, ALL);
|
NEW_MEMBER(yyval.member, NULL, ALL);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 82:
|
case 82:
|
||||||
#line 489 "gram.y"
|
#line 486 "gram.y"
|
||||||
{
|
{
|
||||||
NEW_MEMBER(yyval.member, yyvsp[0].string, NETGROUP);
|
NEW_MEMBER(yyval.member, yyvsp[0].string, NETGROUP);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 83:
|
case 83:
|
||||||
#line 492 "gram.y"
|
#line 489 "gram.y"
|
||||||
{
|
{
|
||||||
NEW_MEMBER(yyval.member, yyvsp[0].string, USERGROUP);
|
NEW_MEMBER(yyval.member, yyvsp[0].string, USERGROUP);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 84:
|
case 84:
|
||||||
#line 495 "gram.y"
|
#line 492 "gram.y"
|
||||||
{
|
{
|
||||||
NEW_MEMBER(yyval.member, yyvsp[0].string, WORD);
|
NEW_MEMBER(yyval.member, yyvsp[0].string, WORD);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
#line 1326 "gram.c"
|
#line 1323 "gram.c"
|
||||||
}
|
}
|
||||||
yyssp -= yym;
|
yyssp -= yym;
|
||||||
yystate = *yyssp;
|
yystate = *yyssp;
|
||||||
|
|||||||
3
gram.y
3
gram.y
@@ -382,9 +382,6 @@ cmndtag : /* empty */ {
|
|||||||
|
|
||||||
cmnd : ALL {
|
cmnd : ALL {
|
||||||
NEW_MEMBER($$, NULL, ALL);
|
NEW_MEMBER($$, NULL, ALL);
|
||||||
if (safe_cmnd)
|
|
||||||
free(safe_cmnd);
|
|
||||||
safe_cmnd = estrdup(user_cmnd);
|
|
||||||
}
|
}
|
||||||
| ALIAS {
|
| ALIAS {
|
||||||
NEW_MEMBER($$, $1, ALIAS);
|
NEW_MEMBER($$, $1, ALIAS);
|
||||||
|
|||||||
10
sudo.c
10
sudo.c
@@ -284,6 +284,8 @@ main(argc, argv, envp)
|
|||||||
if (!def_ignore_local_sudoers && !ISSET(validated, VALIDATE_OK))
|
if (!def_ignore_local_sudoers && !ISSET(validated, VALIDATE_OK))
|
||||||
#endif
|
#endif
|
||||||
validated = sudoers_lookup(pwflag);
|
validated = sudoers_lookup(pwflag);
|
||||||
|
if (safe_cmnd == NULL)
|
||||||
|
safe_cmnd = estrdup(user_cmnd);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Look up the timestamp dir owner if one is specified.
|
* Look up the timestamp dir owner if one is specified.
|
||||||
@@ -367,14 +369,6 @@ main(argc, argv, envp)
|
|||||||
exit(0);
|
exit(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* This *must* have been set if we got a match but... */
|
|
||||||
if (safe_cmnd == NULL) {
|
|
||||||
log_error(MSG_ONLY,
|
|
||||||
"internal error, safe_cmnd never got set for %s; %s",
|
|
||||||
user_cmnd,
|
|
||||||
"please report this error at http://courtesan.com/sudo/bugs/");
|
|
||||||
}
|
|
||||||
|
|
||||||
#ifdef HAVE_SYSTRACE
|
#ifdef HAVE_SYSTRACE
|
||||||
if (def_monitor)
|
if (def_monitor)
|
||||||
systrace_attach(getpid());
|
systrace_attach(getpid());
|
||||||
|
|||||||
Reference in New Issue
Block a user