Only check gid of sudoers file if it is group-readable or writable.

author Todd C. Miller <Todd.Miller@courtesan.com>

Sat, 13 Aug 2011 22:35:17 +0000 (18:35 -0400)

committer Todd C. Miller <Todd.Miller@courtesan.com>

Sat, 13 Aug 2011 22:35:17 +0000 (18:35 -0400)
author Todd C. Miller <Todd.Miller@courtesan.com>
Sat, 13 Aug 2011 22:35:17 +0000 (18:35 -0400)
committer Todd C. Miller <Todd.Miller@courtesan.com>
Sat, 13 Aug 2011 22:35:17 +0000 (18:35 -0400)
diff --git a/sudo.c b/sudo.c

index 78aa82fbd1ccac39cde9491ed7cdc7daf3809991..fbcd99e2e5aea6ae03a7dad008ede6c83f8be72e 100644 (file)
--- a/sudo.c
+++ b/sudo.c
@@ -1033,7 +1033,7 @@ open_sudoers(sudoers, doedit, keepopen)
      else if (statbuf.st_uid != SUDOERS_UID)
         log_error(NO_EXIT, "%s is owned by uid %u, should be %u", sudoers,
             (unsigned int) statbuf.st_uid, (unsigned int) SUDOERS_UID);
-    else if (statbuf.st_gid != SUDOERS_GID)
+    else if (statbuf.st_gid != SUDOERS_GID && ISSET(statbuf.st_mode, S_IRGRP|S_IWGRP))
         log_error(NO_EXIT, "%s is owned by gid %u, should be %u", sudoers,
             (unsigned int) statbuf.st_gid, (unsigned int) SUDOERS_GID);
      else if ((fp = fopen(sudoers, "r")) == NULL)
author	Todd C. Miller <Todd.Miller@courtesan.com>
	Sat, 13 Aug 2011 22:35:17 +0000 (18:35 -0400)
committer	Todd C. Miller <Todd.Miller@courtesan.com>
	Sat, 13 Aug 2011 22:35:17 +0000 (18:35 -0400)