From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Mon, 12 Nov 2012 22:12:34 +0000 (-0500)
Subject: Set group on sudo_debug when creating it to gid 0 so systems without
X-Git-Tag: SUDO_1_8_7~1^2~332
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0178d5ae01946fbbda6e2aa243390334306c0103;p=sudo

Set group on sudo_debug when creating it to gid 0 so systems without
BSD group semantics don't get the invoking user's group.
---

diff --git a/common/sudo_debug.c b/common/sudo_debug.c
index 0c26cbd25..da90e8fef 100644
--- a/common/sudo_debug.c
+++ b/common/sudo_debug.c
@@ -138,10 +138,17 @@ int sudo_debug_init(const char *debugfile, const char *settings)
     if (debugfile != NULL) {
 	if (sudo_debug_fd != -1)
 	    close(sudo_debug_fd);
-	sudo_debug_fd = open(debugfile, O_WRONLY|O_APPEND|O_CREAT,
-	    S_IRUSR|S_IWUSR);
-	if (sudo_debug_fd == -1)
-	    return 0;
+	sudo_debug_fd = open(debugfile, O_WRONLY|O_APPEND, S_IRUSR|S_IWUSR);
+	if (sudo_debug_fd == -1) {
+	    /* Create debug file as needed and set group ownership. */
+	    if (errno == ENOENT) {
+		sudo_debug_fd = open(debugfile, O_WRONLY|O_APPEND|O_CREAT,
+		    S_IRUSR|S_IWUSR);
+	    }
+	    if (sudo_debug_fd == -1)
+		return 0;
+	    fchown(sudo_debug_fd, (uid_t)-1, 0);
+	}
 	(void)fcntl(sudo_debug_fd, F_SETFD, FD_CLOEXEC);
 	sudo_debug_mode = SUDO_DEBUG_MODE_FILE;
     } else {