From: Todd C. Miller Date: Thu, 29 Jan 2004 21:15:27 +0000 (+0000) Subject: Don't look at prev_user until after we've parsed sudoers and done the X-Git-Tag: SUDO_1_6_8~205 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7a07ad864189a3e3613a74da2d0209f8b3d236d3;p=sudo Don't look at prev_user until after we've parsed sudoers and done the password check. That way, if sudo/sudoedit is run from a root process that was invoked by sudo, we check sudoers for root, not the previous user. This makes sudoedit much more useful and means that for the sudo case, we get correct logging on who actually ran the command. --- diff --git a/sudo.c b/sudo.c index ff127c2ee..cdadf585b 100644 --- a/sudo.c +++ b/sudo.c @@ -348,6 +348,16 @@ main(argc, argv, envp) if (!(validated & FLAG_NOPASS)) check_user(validated & FLAG_CHECK_USER); + /* If run as root with SUDO_USER set, set sudo_user.pw to that user. */ + if (user_uid == 0 && prev_user != NULL && strcmp(prev_user, "root") != 0) { + struct passwd *pw; + + if ((pw = sudo_getpwnam(prev_user)) != NULL) { + free(sudo_user.pw); + sudo_user.pw = pw; + } + } + /* Build a new environment that avoids any nasty bits if we have a cmnd. */ if (sudo_mode & MODE_RUN) new_environ = rebuild_env(envp, sudo_mode, (validated & FLAG_NOEXEC)); @@ -526,16 +536,9 @@ init_vars(sudo_mode) /* * Get a local copy of the user's struct passwd with the shadow password * if necessary. It is assumed that euid is 0 at this point so we - * can read the shadow passwd file if necessary. If we are being run - * as root and the user is chaining sudo commands, use the SUDO_USER - * environment variable to determine the user's real identity. - * It is not safe to trust SUDO_USER if the real uid != 0. + * can read the shadow passwd file if necessary. */ - if (getuid() == 0 && prev_user != NULL) - sudo_user.pw = sudo_getpwnam(prev_user); - else - sudo_user.pw = sudo_getpwuid(getuid()); - if (sudo_user.pw == NULL) { + if ((sudo_user.pw = sudo_getpwuid(getuid())) == NULL) { /* Need to make a fake struct passwd for logging to work. */ struct passwd pw; char pw_name[MAX_UID_T_LEN + 1];