From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Mon, 12 Nov 2012 14:41:56 +0000 (-0500)
Subject: Add calls to set_perms(PERM_ROOT) becore logging to a file.  We
X-Git-Tag: SUDO_1_8_7~1^2~335
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=02aa965a2d77753b404f68fde9581cd8f7d76ded;p=sudo

Add calls to set_perms(PERM_ROOT) becore logging to a file.  We
should already be root but since we cache the current permission
status it is basically free.  That way, if more of sudoers runs as
non-root in the future logging will still work correctly.
---

diff --git a/plugins/sudoers/logging.c b/plugins/sudoers/logging.c
index 7dcda03c7..c5257dc34 100644
--- a/plugins/sudoers/logging.c
+++ b/plugins/sudoers/logging.c
@@ -263,6 +263,9 @@ log_denial(int status, bool inform_user)
 
     logline = new_logline(message, 0);
 
+    /* Become root if we are not already. */
+    set_perms(PERM_ROOT|PERM_NOEXIT);
+
     if (should_mail(status))
 	send_mail("%s", logline);	/* send mail based on status */
 
@@ -274,6 +277,8 @@ log_denial(int status, bool inform_user)
     if (def_logfile)
 	do_logfile(logline);
 
+    restore_perms();
+
     efree(logline);
 
     /* Restore locale. */
@@ -395,6 +400,9 @@ log_allowed(int status)
 
     logline = new_logline(NULL, 0);
 
+    /* Become root if we are not already. */
+    set_perms(PERM_ROOT|PERM_NOEXIT);
+
     if (should_mail(status))
 	send_mail("%s", logline);	/* send mail based on status */
 
@@ -406,6 +414,8 @@ log_allowed(int status)
     if (def_logfile)
 	do_logfile(logline);
 
+    restore_perms();
+
     efree(logline);
 
     sudoers_setlocale(oldlocale, NULL);
@@ -424,9 +434,6 @@ vlog_error(int flags, const char *fmt, va_list ap)
     va_list ap2;
     debug_decl(vlog_error, SUDO_DEBUG_LOGGING)
 
-    /* Become root if we are not already to avoid user interference */
-    set_perms(PERM_ROOT|PERM_NOEXIT);
-
     /* Need extra copy of ap for warning() below. */
     if (!ISSET(flags, NO_STDERR))
 	va_copy(ap2, ap);
@@ -450,6 +457,9 @@ vlog_error(int flags, const char *fmt, va_list ap)
         efree(message);
     }
 
+    /* Become root if we are not already. */
+    set_perms(PERM_ROOT|PERM_NOEXIT);
+
     /*
      * Send a copy of the error via mail.
      */
@@ -466,12 +476,12 @@ vlog_error(int flags, const char *fmt, va_list ap)
 	    do_logfile(logline);
     }
 
+    restore_perms();
+
     efree(logline);
 
     sudoers_setlocale(oldlocale, NULL);
 
-    restore_perms();
-
     /*
      * Tell the user (in their locale).
      */