From: Todd C. Miller Date: Mon, 8 Jul 1996 02:30:25 +0000 (+0000) Subject: fixed backwards compatibility with sudo 1.4 sudoers mode X-Git-Tag: SUDO_1_5_0~120 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=633b6d2c352e7c45600f4ae9a3cd2f6e3af7ebbc;p=sudo fixed backwards compatibility with sudo 1.4 sudoers mode for root readable/writable filesystems --- diff --git a/sudo.c b/sudo.c index 4e5aa8a24..c265090d2 100644 --- a/sudo.c +++ b/sudo.c @@ -749,16 +749,13 @@ static int check_sudoers() char c; int rtn = ALL_SYSTEMS_GO; - set_perms(PERM_SUDOERS); - - if ((fd = open(_PATH_SUDO_SUDOERS, O_RDONLY)) < 0 || read(fd, &c, 1) == -1) - rtn = NO_SUDOERS_FILE; - else if (lstat(_PATH_SUDO_SUDOERS, &statbuf)) - rtn = NO_SUDOERS_FILE; - else if (!S_ISREG(statbuf.st_mode)) - rtn = SUDOERS_NOT_FILE; - else if ((statbuf.st_mode & 0007777) != SUDOERS_MODE) { - if ((statbuf.st_mode & 0007777) == 0400) { + /* + * Fix the mode and group on sudoers file from old default. + * Only works if filesystem is readable/writable by root. + */ + set_perms(PERM_ROOT); + if (!lstat(_PATH_SUDO_SUDOERS, &statbuf) && SUDOERS_UID == statbuf.st_uid) { + if (SUDOERS_MODE != 0400 && (statbuf.st_mode & 0007777) == 0400) { if (chmod(_PATH_SUDO_SUDOERS, SUDOERS_MODE) == 0) { (void) fprintf(stderr, "%s: fixed mode on %s\n", Argv[0], _PATH_SUDO_SUDOERS); @@ -778,10 +775,20 @@ static int check_sudoers() Argv[0], _PATH_SUDO_SUDOERS); perror(""); } - } else { - rtn = SUDOERS_WRONG_MODE; } - } else if (statbuf.st_uid != SUDOERS_UID || statbuf.st_gid != SUDOERS_GID) + } + + set_perms(PERM_SUDOERS); + + if ((fd = open(_PATH_SUDO_SUDOERS, O_RDONLY)) < 0 || read(fd, &c, 1) == -1) + rtn = NO_SUDOERS_FILE; + else if (lstat(_PATH_SUDO_SUDOERS, &statbuf)) + rtn = NO_SUDOERS_FILE; + else if (!S_ISREG(statbuf.st_mode)) + rtn = SUDOERS_NOT_FILE; + else if ((statbuf.st_mode & 0007777) != SUDOERS_MODE) + rtn = SUDOERS_WRONG_MODE; + else if (statbuf.st_uid != SUDOERS_UID || statbuf.st_gid != SUDOERS_GID) rtn = SUDOERS_WRONG_OWNER; if (fd != -1)