goto bad;
}
state->rgid = ostate->rgid;
- state->egid = ostate->egid;
+ state->egid = ROOT_GID;
state->sgid = ostate->sgid;
+ sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: "
+ "[%d, %d, %d] -> [%d, %d, %d]", __func__,
+ (int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid,
+ (int)state->rgid, (int)state->egid, (int)state->sgid);
+ if (GID_CHANGED && setresgid(ID(rgid), ID(egid), ID(sgid))) {
+ strlcpy(errbuf, _("unable to change to root gid"), sizeof(errbuf));
+ goto bad;
+ }
state->grlist = ostate->grlist;
sudo_grlist_addref(state->grlist);
break;
goto bad;
}
state->rgid = ostate->rgid;
- state->egid = ostate->egid;
+ state->egid = ROOT_GID;
state->sgid = ostate->sgid;
+ sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: "
+ "[%d, %d, %d] -> [%d, %d, %d]", __func__,
+ (int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid,
+ (int)state->rgid, (int)state->egid, (int)state->sgid);
+ if (GID_CHANGED && setgidx(ID_EFFECTIVE, ROOT_GID)) {
+ strlcpy(errbuf, _("unable to change to root gid"), sizeof(errbuf));
+ goto bad;
+ }
state->grlist = ostate->grlist;
sudo_grlist_addref(state->grlist);
break;
}
}
state->rgid = ostate->rgid;
- state->egid = ostate->rgid;
+ state->egid = ROOT_GID;
+ sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: "
+ "[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid,
+ (int)ostate->egid, (int)state->rgid, (int)state->egid);
+ if (GID_CHANGED && setregid(ID(rgid), ID(egid))) {
+ snprintf(errbuf, sizeof(errbuf),
+ "PERM_ROOT: setregid(%d, %d)", ID(rgid), ID(egid));
+ goto bad;
+ }
state->grlist = ostate->grlist;
sudo_grlist_addref(state->grlist);
break;
state->ruid = ROOT_UID;
state->euid = ROOT_UID;
state->rgid = ostate->rgid;
- state->egid = ostate->egid;
+ state->egid = ROOT_GID;
+ sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: "
+ "[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid,
+ (int)ostate->egid, ROOT_GID, ROOT_GID);
+ if (GID_CHANGED && setegid(ROOT_GID)) {
+ strlcpy(errbuf, _("unable to change to root gid"), sizeof(errbuf));
+ goto bad;
+ }
state->grlist = ostate->grlist;
sudo_grlist_addref(state->grlist);
break;
case PERM_ROOT:
state->ruid = ROOT_UID;
- state->rgid = ostate->rgid;
+ state->rgid = ROOT_GID;
state->grlist = ostate->grlist;
sudo_grlist_addref(state->grlist);
sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: uid: "
snprintf(errbuf, sizeof(errbuf), "PERM_ROOT: setuid(%d)", ROOT_UID);
goto bad;
}
+ sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: "
+ "[%d] -> [%d]", __func__, (int)ostate->rgid, (int)state->rgid);
+ if (setgid(ROOT_GID)) {
+ strlcpy(errbuf, _("unable to change to root gid"), sizeof(errbuf));
+ goto bad;
+ }
break;
case PERM_FULL_USER:
state->rgid = user_gid;
- sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: "
+ sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_FULL_USER: gid: "
"[%d] -> [%d]", __func__, (int)ostate->rgid, (int)state->rgid);
(void) setgid(user_gid);
state->grlist = user_group_list;
}
}
state->ruid = user_uid;
- sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: uid: "
+ sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_FULL_USER: uid: "
"[%d] -> [%d]", __func__, (int)ostate->ruid, (int)state->ruid);
if (setuid(user_uid)) {
snprintf(errbuf, sizeof(errbuf),
projects / sudo / commitdiff