From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Mon, 31 Jul 2006 17:51:44 +0000 (+0000)
Subject: Move password/group cache cleaning out of sudo_end{pw,grp}ent() so
X-Git-Tag: SUDO_1_7_0~590
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=884b70acc97f022285243e48852b0ac3a9abf467;p=sudo

Move password/group cache cleaning out of sudo_end{pw,grp}ent() so
we can close the passwd/group files early.
---

diff --git a/pwutil.c b/pwutil.c
index 920815495..0a73c7bae 100644
--- a/pwutil.c
+++ b/pwutil.c
@@ -335,15 +335,16 @@ sudo_setpwent()
 {
     setpwent();
     sudo_setspent();
-    pwcache_byuid = rbcreate(cmp_pwuid);
-    pwcache_byname = rbcreate(cmp_pwnam);
+    if (pwcache_byuid == NULL)
+	pwcache_byuid = rbcreate(cmp_pwuid);
+    if (pwcache_byname == NULL)
+	pwcache_byname = rbcreate(cmp_pwnam);
 }
 
+#if 0
 void
-sudo_endpwent()
+sudo_freepwcache()
 {
-    endpwent();
-    sudo_endspent();
     if (pwcache_byuid != NULL) {
 	rbdestroy(pwcache_byuid, pw_free);
 	pwcache_byuid = NULL;
@@ -353,6 +354,14 @@ sudo_endpwent()
 	pwcache_byname = NULL;
     }
 }
+#endif
+
+void
+sudo_endpwent()
+{
+    endpwent();
+    sudo_endspent();
+}
 
 static void
 pw_free(v)
@@ -520,20 +529,29 @@ void
 sudo_setgrent()
 {
     setgrent();
-    grcache_bygid = rbcreate(cmp_grgid);
-    grcache_byname = rbcreate(cmp_grnam);
+    if (grcache_bygid == NULL)
+	grcache_bygid = rbcreate(cmp_grgid);
+    if (grcache_byname == NULL)
+	grcache_byname = rbcreate(cmp_grnam);
 }
 
+#if 0
 void
-sudo_endgrent()
+sudo_freegrcache()
 {
-    endgrent();
-    if (grcache_bygid != NULL) {
+    if (free_cache && grcache_bygid != NULL) {
 	rbdestroy(grcache_bygid, free);
 	grcache_bygid = NULL;
     }
-    if (grcache_byname != NULL) {
+    if (free_cache && grcache_byname != NULL) {
 	rbdestroy(grcache_byname, NULL);
 	grcache_byname = NULL;
     }
 }
+#endif
+
+void
+sudo_endgrent()
+{
+    endgrent();
+}
diff --git a/sudo_edit.c b/sudo_edit.c
index cac22312d..748f700c5 100644
--- a/sudo_edit.c
+++ b/sudo_edit.c
@@ -99,11 +99,16 @@ int sudo_edit(argc, argv)
     while (tmplen > 0 && tmpdir[tmplen - 1] == '/')
 	tmplen--;
 
+    /*
+     * Close password, shadow, and group files before we try to open
+     * user-specified files to prevent the opening of things like /dev/fd/4
+     */
+    sudo_endpwent();
+    sudo_endgrent();
+
     /*
      * For each file specified by the user, make a temporary version
      * and copy the contents of the original to it.
-     * XXX - It would be nice to lock the original files but that means
-     *       keeping an extra fd open for each file.
      */
     tf = emalloc2(argc - 1, sizeof(*tf));
     memset(tf, 0, (argc - 1) * sizeof(*tf));
@@ -240,8 +245,6 @@ int sudo_edit(argc, argv)
 	(void) sigaction(SIGQUIT, &saved_sa_quit, NULL);
 	(void) sigaction(SIGCHLD, &saved_sa_chld, NULL);
 	set_perms(PERM_FULL_USER);
-	sudo_endpwent();
-	sudo_endgrent();
 	closefrom(def_closefrom + 1);
 	execvp(nargv[0], nargv);
 	warning("unable to execute %s", nargv[0]);
@@ -251,7 +254,7 @@ int sudo_edit(argc, argv)
     /*
      * Wait for status from the child.  Most modern kernels
      * will not let an unprivileged child process send a
-     * signal to its privileged parent to we have to request
+     * signal to its privileged parent so we have to request
      * status when the child is stopped and then send the
      * same signal to our own pid.
      */