]> granicus.if.org Git - sudo/commitdiff
projects / sudo / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cecf69f)
Simpler change to retry sudo_secure_file() as root as needed.
authorTodd C. Miller <Todd.Miller@sudo.ws>
Mon, 15 Jul 2019 01:37:33 +0000 (19:37 -0600)
committerTodd C. Miller <Todd.Miller@sudo.ws>
Mon, 15 Jul 2019 01:37:33 +0000 (19:37 -0600)
plugins/sudoers/sudoers.c patch | blob | history

diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c
index b22e284094f46858654f5e82698494f7f9cfff58..15a00287261a212b6c55c1d7b522ae181f458cd6 100644 (file)
--- a/plugins/sudoers/sudoers.c
+++ b/plugins/sudoers/sudoers.c
@@ -879,19 +879,12 @@ open_sudoers(const char *sudoers, bool doedit, bool *keepopen)
 {
     struct stat sb;
     FILE *fp = NULL;
-    bool asroot = true;
+    bool perm_root = false;
     debug_decl(open_sudoers, SUDOERS_DEBUG_PLUGIN)
 
     if (!set_perms(PERM_SUDOERS))
        debug_return_ptr(NULL);
 
-    /*
-     * If sudoers_uid == ROOT_UID and sudoers_mode is group readable
-     * set_perms() will use a non-zero uid in order to avoid NFS issues..
-     */
-    if (sudoers_uid != ROOT_UID || ISSET(sudoers_mode, S_IRGRP))
-       asroot = false;
-
 again:
     switch (sudo_secure_file(sudoers, sudoers_uid, sudoers_gid, &sb)) {
        case SUDO_PATH_SECURE:
@@ -902,8 +895,10 @@ again:
             */
            if (sudoers_uid == ROOT_UID && ISSET(sudoers_mode, S_IRGRP)) {
                if (!ISSET(sb.st_mode, S_IRGRP) || sb.st_gid != SUDOERS_GID) {
-                   if (!restore_perms() || !set_perms(PERM_ROOT))
-                       debug_return_ptr(NULL);
+                   if (!perm_root) {
+                       if (!restore_perms() || !set_perms(PERM_ROOT))
+                           debug_return_ptr(NULL);
+                   }
                }
            }
            /*
@@ -930,12 +925,12 @@ again:
             * If we tried to stat() sudoers as non-root but got EACCES,
             * try again as root.
             */
-           if (errno == EACCES && !asroot) {
+           if (errno == EACCES && geteuid() != ROOT_UID) {
                int serrno = errno;
                if (restore_perms()) {
                    if (!set_perms(PERM_ROOT))
                        debug_return_ptr(NULL);
-                   asroot = true;
+                   perm_root = true;
                    goto again;
                }
                errno = serrno;
Unnamed repository; edit this file 'description' to name the repository.