From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Sun, 8 Dec 2013 18:11:21 +0000 (-0700)
Subject: When checking whether a user may change the login class, just check
X-Git-Tag: SUDO_1_7_10p8~20
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=43ddb94b01207838034979a58d31a1127de780df;p=sudo

When checking whether a user may change the login class, just check
pw_uid of the runas user, which was passed in to set_loginclass().

--HG--
branch : 1.7
---

diff --git a/CONTRIBUTORS b/CONTRIBUTORS
index d63a74467..821510c76 100644
--- a/CONTRIBUTORS
+++ b/CONTRIBUTORS
@@ -111,6 +111,7 @@ you believe you should be listed, please send a note to sudo@sudo.ws.
     Eric Paquet
     Chantal Paradis
     Ted Percival
+    Andres Perera
     Christian S.J. Peron
     Alexander Peslyak
     Toby Peterson
diff --git a/sudo.c b/sudo.c
index 1e1c9db91..a7f8d5094 100644
--- a/sudo.c
+++ b/sudo.c
@@ -1171,8 +1171,7 @@ set_loginclass(pw)
 	return;
 
     if (login_class && strcmp(login_class, "-") != 0) {
-	if (user_uid != 0 &&
-	    strcmp(runas_user ? runas_user : def_runas_default, "root") != 0)
+	if (user_uid != 0 && pw->pw_uid != 0)
 	    errorx(1, "only root can use -c %s", login_class);
     } else {
 	login_class = pw->pw_class;