Do not reject sudoers file just because it is root-writable.

diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c
index fd6b249e11f21aedf8a94caed6551e12fbe92436..a98fc2a9ffd31b358a391671de2715076018ffbf 100644 (file)
--- a/plugins/sudoers/sudoers.c
+++ b/plugins/sudoers/sudoers.c
@@ -902,7 +902,7 @@ open_sudoers(const char *sudoers, int doedit, int *keepopen)
        log_error(USE_ERRNO|NO_EXIT, "can't stat %s", sudoers);
     else if (!S_ISREG(statbuf.st_mode))
        log_error(NO_EXIT, "%s is not a regular file", sudoers);
-    else if ((statbuf.st_mode & 07777) != SUDOERS_MODE)
+    else if ((statbuf.st_mode & 07577) != SUDOERS_MODE)
        log_error(NO_EXIT, "%s is mode 0%o, should be 0%o", sudoers,
            (unsigned int) (statbuf.st_mode & 07777),
            (unsigned int) SUDOERS_MODE);