]> granicus.if.org Git - sudo/commitdiff
projects / sudo / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f3ef738)
for PERM_RUNAS, set the egid to the runas user's gid and restore to the user's origin...
authorTodd C. Miller <Todd.Miller@courtesan.com>
Fri, 6 Jul 2007 14:14:12 +0000 (14:14 +0000)
committerTodd C. Miller <Todd.Miller@courtesan.com>
Fri, 6 Jul 2007 14:14:12 +0000 (14:14 +0000)
set_perms.c patch | blob | history

diff --git a/set_perms.c b/set_perms.c
index 464540ca8e896c987a7bf5b8155794d00794354c..3034889ef82d7287fdadf424c09f31c2e789e8fc 100644 (file)
--- a/set_perms.c
+++ b/set_perms.c
@@ -81,6 +81,7 @@ set_perms(perm)
        case PERM_ROOT:
                                if (setresuid(ROOT_UID, ROOT_UID, ROOT_UID))
                                    errorx(1, "setresuid(ROOT_UID, ROOT_UID, ROOT_UID) failed, your operating system may have a broken setresuid() function\nTry running configure with --disable-setresuid");
+                               (void) setresgid(-1, user_gid, -1);
                                break;
 
        case PERM_USER:
@@ -97,6 +98,7 @@ set_perms(perm)
                                break;
                                
        case PERM_RUNAS:
+                               (void) setresgid(-1, runas_pw->pw_gid, -1);
                                if (setresuid(-1, runas_pw->pw_uid, -1))
                                    error(1, "unable to change to runas uid");
                                break;
@@ -156,6 +158,7 @@ set_perms(perm)
                                    errorx(1, "setreuid(-1, ROOT_UID) failed, your operating system may have a broken setreuid() function\nTry running configure with --disable-setreuid");
                                if (setuid(ROOT_UID))
                                    error(1, "setuid(ROOT_UID)");
+                               (void) setregid(-1, user_gid);
                                break;
 
        case PERM_USER:
@@ -172,6 +175,7 @@ set_perms(perm)
                                break;
                                
        case PERM_RUNAS:
+                               (void) setregid(-1, runas_pw->pw_gid);
                                if (setreuid(-1, runas_pw->pw_uid))
                                    error(1, "unable to change to runas uid");
                                break;
@@ -234,7 +238,8 @@ set_perms(perm)
 
     switch (perm) {
        case PERM_ROOT:
-                               /* already set above */
+                               /* uid set above */
+                               (void) setegid(user_gid);
                                break;
 
        case PERM_USER:
@@ -251,6 +256,7 @@ set_perms(perm)
                                break;
                                
        case PERM_RUNAS:
+                               (void) setegid(runas_pw->pw_gid);
                                if (seteuid(runas_pw->pw_uid))
                                    error(1, "unable to change to runas uid");
                                break;
Unnamed repository; edit this file 'description' to name the repository.