char *timestampfile;
{
+ set_perms(PERM_TIMESTAMP, 0);
if (touch(timestampfile ? timestampfile : timestampdir, time(NULL)) == -1) {
if (timestampfile) {
int fd = open(timestampfile, O_WRONLY|O_CREAT|O_TRUNC, 0600);
log_error(NO_EXIT|USE_ERRNO, "Can't mkdir %s", timestampdir);
}
}
+ set_perms(PERM_ROOT, 0);
}
/*
char *dirparent = def_str(I_TIMESTAMPDIR);
int status = TS_ERROR; /* assume the worst */
+ set_perms(PERM_TIMESTAMP, 0);
+
/*
* Sanity check dirparent and make it if it doesn't already exist.
* We start out assuming the worst (that the dir is not sane) and
if (!S_ISDIR(sb.st_mode))
log_error(NO_EXIT, "%s exists but is not a directory (0%o)",
dirparent, sb.st_mode);
- else if (sb.st_uid != 0)
- log_error(NO_EXIT, "%s owned by uid %ld, should be owned by root",
- dirparent, (long) sb.st_uid);
+ else if (sb.st_uid != timestamp_uid)
+ log_error(NO_EXIT, "%s owned by uid %ld, should be uid %ld",
+ dirparent, (long) sb.st_uid, (long) timestamp_uid);
else if ((sb.st_mode & 0000022))
log_error(NO_EXIT,
"%s writable by non-owner (0%o), should be mode 0700",
status = TS_MISSING;
}
}
- if (status == TS_ERROR)
+ if (status == TS_ERROR) {
+ set_perms(PERM_ROOT, 0);
return(status);
+ }
/*
* Sanity check the user's ticket dir. We start by downgrading
} else
log_error(NO_EXIT, "%s exists but is not a directory (0%o)",
timestampdir, sb.st_mode);
- } else if (sb.st_uid != 0)
- log_error(NO_EXIT, "%s owned by uid %ld, should be owned by root",
- timestampdir, (long) sb.st_uid);
+ } else if (sb.st_uid != timestamp_uid)
+ log_error(NO_EXIT, "%s owned by uid %ld, should be uid %ld",
+ timestampdir, (long) sb.st_uid, (long) timestamp_uid);
else if ((sb.st_mode & 0000022))
log_error(NO_EXIT,
"%s writable by non-owner (0%o), should be mode 0700",
timestampfile, sb.st_mode);
} else {
/* If bad uid or file mode, complain and kill the bogus file. */
- if (sb.st_uid != 0) {
+ if (sb.st_uid != timestamp_uid) {
log_error(NO_EXIT,
- "%s owned by uid %ld, should be owned by root",
- timestampfile, (long) sb.st_uid);
+ "%s owned by uid %ld, should be uid %ld",
+ timestampfile, (long) sb.st_uid, (long) timestamp_uid);
(void) unlink(timestampfile);
} else if ((sb.st_mode & 0000022)) {
log_error(NO_EXIT,
}
}
+ set_perms(PERM_ROOT, 0);
return(status);
}
fatal("seteuid(SUDOERS_UID)", 1);
}
break;
+ case PERM_TIMESTAMP:
+ if (seteuid(timestamp_uid))
+ fatal("seteuid(timestamp_uid)", 1);
+ break;
+
}
}
#endif /* !NO_SAVED_IDS && _SC_SAVED_IDS && _SC_VERSION */
fatal("setreuid(0, SUDOERS_UID)", 1);
}
break;
+ case PERM_TIMESTAMP:
+ if (setreuid(0, timestamp_uid))
+ fatal("setreuid(0, timestamp_uid)", 1);
+ break;
}
}
fatal("seteuid(SUDOERS_UID)", 1);
}
break;
+ case PERM_TIMESTAMP:
+ if (seteuid(timestamp_uid))
+ fatal("seteuid(timestamp_uid)", 1);
+ break;
}
}
#endif /* HAVE_SETREUID */
struct interface *interfaces;
int num_interfaces;
int tgetpass_flags;
+int timestamp_uid;
extern int errorlineno;
#if defined(RLIMIT_CORE) && !defined(SUDO_DEVEL)
static struct rlimit corelimit;
log_error(NO_MAIL|MSG_ONLY, "no passwd entry for %s!", *user_runas);
}
+ /*
+ * Look up the timestamp dir owner if one is specified.
+ */
+ if (def_str(I_TIMESTAMPOWNER)) {
+ struct passwd *pw;
+
+ if (*def_str(I_TIMESTAMPOWNER) == '#')
+ pw = getpwuid(atoi(def_str(I_TIMESTAMPOWNER) + 1));
+ else
+ pw = getpwnam(def_str(I_TIMESTAMPOWNER));
+ if (!pw)
+ log_error(0, "timestamp owner (%s): No such user",
+ def_str(I_TIMESTAMPOWNER));
+ timestamp_uid = pw->pw_uid;
+ }
+
/* This goes after the sudoers parse since we honor sudoers options. */
if (sudo_mode == MODE_KILL || sudo_mode == MODE_INVALIDATE) {
remove_timestamp((sudo_mode == MODE_KILL));
projects / sudo / commitdiff