If sudoers_mode is group-readable but the actual sudoers file is

not, open the file as uid 0, not uid 1.  This fixes a problem when
sudoers has a more restrictive mode than what sudo expects to find.
In older versions, sudo would silently chmod the file to add the
group-readable bit.

--HG--
branch : 1.8

diff --git a/plugins/sudoers/set_perms.c b/plugins/sudoers/set_perms.c
index 97d6ee9e755ea952cb5197915d1c8bb18d4213f9..e2ae5122f5b45c64b13120ccd33a2747d5568551 100644 (file)
--- a/plugins/sudoers/set_perms.c
+++ b/plugins/sudoers/set_perms.c
@@ -307,7 +307,7 @@ set_perms(int perm)
         * we use a non-zero uid in order to avoid NFS lossage.
         * Using uid 1 is a bit bogus but should work on all OS's.
         */
-       if (sudoers_uid == ROOT_UID && (sudoers_mode & 040))
+       if (sudoers_uid == ROOT_UID && (sudoers_mode & S_IRGRP))
            state->euid = 1;
        else
            state->euid = sudoers_uid;
@@ -617,7 +617,7 @@ set_perms(int perm)
         * we use a non-zero uid in order to avoid NFS lossage.
         * Using uid 1 is a bit bogus but should work on all OS's.
         */
-       if (sudoers_uid == ROOT_UID && (sudoers_mode & 040))
+       if (sudoers_uid == ROOT_UID && (sudoers_mode & S_IRGRP))
            state->euid = 1;
        else
            state->euid = sudoers_uid;
@@ -990,7 +990,7 @@ set_perms(int perm)
         * we use a non-zero uid in order to avoid NFS lossage.
         * Using uid 1 is a bit bogus but should work on all OS's.
         */
-       if (sudoers_uid == ROOT_UID && (sudoers_mode & 040))
+       if (sudoers_uid == ROOT_UID && (sudoers_mode & S_IRGRP))
            state->euid = 1;
        else
            state->euid = sudoers_uid;
@@ -1276,7 +1276,7 @@ set_perms(int perm)
         * we use a non-zero uid in order to avoid NFS lossage.
         * Using uid 1 is a bit bogus but should work on all OS's.
         */
-       if (sudoers_uid == ROOT_UID && (sudoers_mode & 040))
+       if (sudoers_uid == ROOT_UID && (sudoers_mode & S_IRGRP))
            state->euid = 1;
        else
            state->euid = sudoers_uid;

diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c
index af72c378f8ce0c6ce2ac7eb384258dcefabea4fd..9002712bc158a95ea56908278a19b7c8bee6b0eb 100644 (file)
--- a/plugins/sudoers/sudoers.c
+++ b/plugins/sudoers/sudoers.c
@@ -975,13 +975,23 @@ open_sudoers(const char *sudoers, bool doedit, bool *keepopen)
 
     switch (sudo_secure_file(sudoers, sudoers_uid, sudoers_gid, &sb)) {
        case SUDO_PATH_SECURE:
+           /*
+            * If we are expecting sudoers to be group readable but
+            * it is not, we must open the file as root, not uid 1.
+            */
+           if (sudoers_uid == ROOT_UID && (sudoers_mode & S_IRGRP)) {
+               if ((sb.st_mode & S_IRGRP) == 0) {
+                   restore_perms();
+                   set_perms(PERM_ROOT);
+               }
+           }
+           /*
+            * Open sudoers and make sure we can read it so we can present
+            * the user with a reasonable error message (unlike the lexer).
+            */
            if ((fp = fopen(sudoers, "r")) == NULL) {
                log_error(USE_ERRNO, _("unable to open %s"), sudoers);
            } else {
-               /*
-                * Make sure we can actually read sudoers so we can present the
-                * user with a reasonable error message (unlike the lexer).
-                */
                if (sb.st_size != 0 && fgetc(fp) == EOF) {
                    log_error(USE_ERRNO, _("unable to read %s"),
                        sudoers);