From: Todd C. Miller Date: Fri, 6 Jul 2007 14:14:12 +0000 (+0000) Subject: for PERM_RUNAS, set the egid to the runas user's gid and restore to the user's origin... X-Git-Tag: SUDO_1_7_0~505 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=988f44a60380f67706d07624f3e219a8d007888a;p=sudo for PERM_RUNAS, set the egid to the runas user's gid and restore to the user's original in PERM_ROOT --- diff --git a/set_perms.c b/set_perms.c index 464540ca8..3034889ef 100644 --- a/set_perms.c +++ b/set_perms.c @@ -81,6 +81,7 @@ set_perms(perm) case PERM_ROOT: if (setresuid(ROOT_UID, ROOT_UID, ROOT_UID)) errorx(1, "setresuid(ROOT_UID, ROOT_UID, ROOT_UID) failed, your operating system may have a broken setresuid() function\nTry running configure with --disable-setresuid"); + (void) setresgid(-1, user_gid, -1); break; case PERM_USER: @@ -97,6 +98,7 @@ set_perms(perm) break; case PERM_RUNAS: + (void) setresgid(-1, runas_pw->pw_gid, -1); if (setresuid(-1, runas_pw->pw_uid, -1)) error(1, "unable to change to runas uid"); break; @@ -156,6 +158,7 @@ set_perms(perm) errorx(1, "setreuid(-1, ROOT_UID) failed, your operating system may have a broken setreuid() function\nTry running configure with --disable-setreuid"); if (setuid(ROOT_UID)) error(1, "setuid(ROOT_UID)"); + (void) setregid(-1, user_gid); break; case PERM_USER: @@ -172,6 +175,7 @@ set_perms(perm) break; case PERM_RUNAS: + (void) setregid(-1, runas_pw->pw_gid); if (setreuid(-1, runas_pw->pw_uid)) error(1, "unable to change to runas uid"); break; @@ -234,7 +238,8 @@ set_perms(perm) switch (perm) { case PERM_ROOT: - /* already set above */ + /* uid set above */ + (void) setegid(user_gid); break; case PERM_USER: @@ -251,6 +256,7 @@ set_perms(perm) break; case PERM_RUNAS: + (void) setegid(runas_pw->pw_gid); if (seteuid(runas_pw->pw_uid)) error(1, "unable to change to runas uid"); break;