From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Mon, 7 Sep 2015 12:06:08 +0000 (-0600)
Subject: Bring back the check for time stamp files that predate the boot
X-Git-Tag: SUDO_1_8_15^2~68
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=69050f9345b261e6d01deb46af721555f80034bf;p=sudo

Bring back the check for time stamp files that predate the boot
time.  Instead of truncating we now unlink the file since another
process may be sleeping on the lock.
---

diff --git a/plugins/sudoers/timestamp.c b/plugins/sudoers/timestamp.c
index 5f838cab0..5da3c3ab3 100644
--- a/plugins/sudoers/timestamp.c
+++ b/plugins/sudoers/timestamp.c
@@ -375,7 +375,7 @@ timestamp_open(const char *user, pid_t sid)
 {
     struct ts_cookie *cookie = NULL;
     char *fname = NULL;
-    int fd = -1;
+    int tries, fd = -1;
     debug_decl(timestamp_open, SUDOERS_DEBUG_AUTH)
 
     /* Zero timeout means don't use the time stamp file. */
@@ -393,17 +393,35 @@ timestamp_open(const char *user, pid_t sid)
 	sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
 	goto bad;
     }
-    fd = ts_open(fname, O_RDWR|O_CREAT);
-    switch (fd) {
-    case TIMESTAMP_OPEN_ERROR:
-	log_warning(SLOG_SEND_MAIL, N_("unable to open %s"), fname);
-	goto bad;
-    case TIMESTAMP_PERM_ERROR:
-	/* Already logged set_perms/restore_perms error. */
-	goto bad;
-    }
+    for (tries = 1; ; tries++) {
+	struct stat sb;
+
+	fd = ts_open(fname, O_RDWR|O_CREAT);
+	switch (fd) {
+	case TIMESTAMP_OPEN_ERROR:
+	    log_warning(SLOG_SEND_MAIL, N_("unable to open %s"), fname);
+	    goto bad;
+	case TIMESTAMP_PERM_ERROR:
+	    /* Already logged set_perms/restore_perms error. */
+	    goto bad;
+	}
 
-    /* XXX - if mtime on file predates boot time ignore/unlink? */
+	/* Remove time stamp file if its mtime predates boot time. */
+	if (tries == 1 && fstat(fd, &sb) == 0) {
+	    struct timespec boottime, mtime;
+
+	    mtim_get(&sb, mtime);
+	    if (get_boottime(&boottime)) {
+		if (sudo_timespeccmp(&mtime, &boottime, <)) {
+		    /* Time stamp file too old, remove it. */
+		    close(fd);
+		    unlink(fname);
+		    continue;
+		}
+	    }
+	}
+	break;
+    }
 
     /* Allocate and fill in cookie to store state. */
     cookie = malloc(sizeof(*cookie));