From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Sat, 23 Oct 2004 17:32:20 +0000 (+0000)
Subject: Call sudo_goodpath() *after* changing the cwd to match the traced process.
X-Git-Tag: SUDO_1_7_0~878
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=2c91a58149cb898106480f324ba36ec0f63904b7;p=sudo

Call sudo_goodpath() *after* changing the cwd to match the traced process.
Fixes relative paths.
---

diff --git a/mon_systrace.c b/mon_systrace.c
index f2b98f60e..485cc0182 100644
--- a/mon_systrace.c
+++ b/mon_systrace.c
@@ -823,7 +823,7 @@ check_execv(fd, pid, seqnr, askp, cookie, policyp, errorp)
     int *policyp;
     int *errorp;
 {
-    int validated;
+    int error, validated;
     struct childinfo *info;
 
     /* If we have a cookie we take special action. */
@@ -849,19 +849,25 @@ check_execv(fd, pid, seqnr, askp, cookie, policyp, errorp)
 
     /* Fill in user_cmnd, user_base, user_args and user_stat.  */
     decode_args(fd, pid, askp);
-    if (user_cmnd[0] != '/' || !sudo_goodpath(user_cmnd, user_stat)) {
-	*policyp = SYSTR_POLICY_NEVER;
-	*errorp = EACCES;
-	return(0);
-    }
 
     /* Get processes's cwd. */
-    if (ioctl(fd, STRIOCGETCWD, &pid) == -1 ||
-	!getcwd(user_cwd, sizeof(user_cwd))) {
+    error = ioctl(fd, STRIOCGETCWD, &pid);
+    if (error == -1 || !getcwd(user_cwd, sizeof(user_cwd))) {
 	warnx("cannot get working directory");
 	(void) strlcpy(user_cwd, "unknown", sizeof(user_cwd));
-    } else
+    }
+
+    /*
+     * Stat user_cmnd and restore cwd
+     */
+    validated = sudo_goodpath(user_cmnd, user_stat) != NULL;
+    if (error != -1)
 	(void) ioctl(fd, STRIOCRESCWD, 0);
+    if (!validated) {
+	*policyp = SYSTR_POLICY_NEVER;
+	*errorp = EACCES;
+	return(0);
+    }
 
     /* Check sudoers and log the result. */
     init_defaults();