]> granicus.if.org Git - sudo/commitdiff
projects / sudo / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9f481f1)
Need to be root when switching to a different user.
authorTodd C. Miller <Todd.Miller@courtesan.com>
Mon, 18 Jan 2016 20:12:50 +0000 (13:12 -0700)
committerTodd C. Miller <Todd.Miller@courtesan.com>
Mon, 18 Jan 2016 20:12:50 +0000 (13:12 -0700)
src/sudo_edit.c patch | blob | history

diff --git a/src/sudo_edit.c b/src/sudo_edit.c
index 6e71624239045c99ce6b59f6ce4865c8069a7a05..c63d4b60345da45d3929447e831af3e9be03602c 100644 (file)
--- a/src/sudo_edit.c
+++ b/src/sudo_edit.c
@@ -254,8 +254,21 @@ dir_is_writable(int dfd, struct user_details *ud, struct command_details *cd)
     debug_decl(dir_is_writable, SUDO_DEBUG_EDIT)
     int rc;
 
+    /* Change uid/gid/groups to invoking user, usually needs root perms. */
+    if (cd->euid != ROOT_UID) {
+       if (seteuid(ROOT_UID) != 0)
+           sudo_fatal("seteuid(ROOT_UID)");
+    }
     switch_user(ud->uid, ud->gid, ud->ngroups, ud->groups);
+
+    /* Access checks are done using the euid/egid and group vector. */
     rc = faccessat(dfd, ".", W_OK, AT_EACCESS);
+
+    /* Change uid/gid/groups back to target user, may need root perms. */
+    if (ud->uid != ROOT_UID) {
+       if (seteuid(ROOT_UID) != 0)
+           sudo_fatal("seteuid(ROOT_UID)");
+    }
     switch_user(cd->euid, cd->egid, cd->ngroups, cd->groups);
 
     if (rc == 0)
Unnamed repository; edit this file 'description' to name the repository.