now do chmod and chown after edit of temp file and before rename

diff --git a/visudo.c b/visudo.c
index acfe576c10614569224e9117acbc9187a87be53b..9e43327f1f035cf6ae9d4ff9004211c83d3b2f64 100644 (file)
--- a/visudo.c
+++ b/visudo.c
@@ -206,17 +206,6 @@ int main(argc, argv)
     (void) close(sudoers_fd);
     (void) close(stmp_fd);
 
-    /*
-     * Change ownership of temp file to SUDOERS_UID, SUDOERS_GID
-     * so when we move it to sudoers things are kosher.
-     */
-    if (chown(stmp, SUDOERS_UID, SUDOERS_GID)) {
-       (void) fprintf(stderr,
-           "%s: Warning, unable to set (uid, gid) to (%d, %d): ",
-           Argv[0], SUDOERS_UID, SUDOERS_GID);
-       perror("");
-    }
-
     /*
      * Edit the temp file and parse it (for sanity checking)
      */
@@ -295,6 +284,25 @@ int main(argc, argv)
        }
     } while (parse_error == TRUE);
 
+    /*
+     * Change mode and ownership of temp file so when
+     * we move it to sudoers things are kosher.
+     */
+    if (chown(stmp, SUDOERS_UID, SUDOERS_GID)) {
+       (void) fprintf(stderr,
+           "%s: Unable to set (uid, gid) of %s to (%d, %d): ",
+           Argv[0], stmp, SUDOERS_UID, SUDOERS_GID);
+       perror("");
+       Exit(1);
+    }
+    if (chmod(stmp, SUDOERS_MODE)) {
+       (void) fprintf(stderr,
+           "%s: Unable to change mode of %s to %o: ",
+           Argv[0], stmp, SUDOERS_MODE);
+       perror("");
+       Exit(1);
+    }
+
     /*
      * Now that we have a sane stmp file (parse ok) it needs to be
      * rename(2)'d to sudoers.  If the rename(2) fails we try using
@@ -335,17 +343,6 @@ int main(argc, argv)
            Exit(1);
        }
 
-    /*
-     * Set the mode on the new sudoers file.
-     * If this fail it is ok since the file is only least rw owner.
-     */
-    if (chmod(sudoers, SUDOERS_MODE)) {
-       (void) fprintf(stderr,
-           "%s: Warning, unable to change mode of %s to %o: ",
-           Argv[0], sudoers, SUDOERS_MODE);
-       perror("");
-    }
-
     return(0);
 }