From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Sat, 13 Aug 2011 22:35:17 +0000 (-0400)
Subject: Only check gid of sudoers file if it is group-readable or writable.
X-Git-Tag: SUDO_1_7_7~8
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a430cdd9dce379247419e6fb07f6d264901d15f4;p=sudo

Only check gid of sudoers file if it is group-readable or writable.

--HG--
branch : 1.7
---

diff --git a/sudo.c b/sudo.c
index 78aa82fbd..fbcd99e2e 100644
--- a/sudo.c
+++ b/sudo.c
@@ -1033,7 +1033,7 @@ open_sudoers(sudoers, doedit, keepopen)
     else if (statbuf.st_uid != SUDOERS_UID)
 	log_error(NO_EXIT, "%s is owned by uid %u, should be %u", sudoers,
 	    (unsigned int) statbuf.st_uid, (unsigned int) SUDOERS_UID);
-    else if (statbuf.st_gid != SUDOERS_GID)
+    else if (statbuf.st_gid != SUDOERS_GID && ISSET(statbuf.st_mode, S_IRGRP|S_IWGRP))
 	log_error(NO_EXIT, "%s is owned by gid %u, should be %u", sudoers,
 	    (unsigned int) statbuf.st_gid, (unsigned int) SUDOERS_GID);
     else if ((fp = fopen(sudoers, "r")) == NULL)