From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Thu, 12 Dec 1996 04:10:19 +0000 (+0000)
Subject: correct error message if mode/owner wrong and not statable by owner
X-Git-Tag: SUDO_1_5_4~30
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b0192afc356e9f95ce0c01bd08cfe584a4b87f29;p=sudo

correct error message if mode/owner wrong and not statable by owner
but is statable by root.
---

diff --git a/sudo.c b/sudo.c
index 5b22873c5..7bfeffc43 100644
--- a/sudo.c
+++ b/sudo.c
@@ -783,7 +783,7 @@ static void load_cmnd(sudo_mode)
 static int check_sudoers()
 {
     struct stat statbuf;
-    int fd = -1;
+    int fd = -1, rootstat;
     char c;
     int rtn = ALL_SYSTEMS_GO;
 
@@ -792,35 +792,39 @@ static int check_sudoers()
      * Only works if filesystem is readable/writable by root.
      */
     set_perms(PERM_ROOT, 0);
-    if (!lstat(_PATH_SUDO_SUDOERS, &statbuf) && SUDOERS_UID == statbuf.st_uid) {
-	if (SUDOERS_MODE != 0400 && (statbuf.st_mode & 0007777) == 0400) {
-	    if (chmod(_PATH_SUDO_SUDOERS, SUDOERS_MODE) == 0) {
-		(void) fprintf(stderr, "%s: fixed mode on %s\n",
-		    Argv[0], _PATH_SUDO_SUDOERS);
-		if (statbuf.st_gid != SUDOERS_GID) {
-		    if (!chown(_PATH_SUDO_SUDOERS,GID_NO_CHANGE,SUDOERS_GID)) {
-			(void) fprintf(stderr, "%s: set group on %s\n",
-			    Argv[0], _PATH_SUDO_SUDOERS);
-			statbuf.st_gid = SUDOERS_GID;
-		    } else {
-			(void) fprintf(stderr,"%s: Unable to set group on %s: ",
-			    Argv[0], _PATH_SUDO_SUDOERS);
-			perror("");
-		    }
+    if ((rootstat = lstat(_PATH_SUDO_SUDOERS, &statbuf)) == 0 &&
+	SUDOERS_UID == statbuf.st_uid && SUDOERS_MODE != 0400 &&
+	(statbuf.st_mode & 0007777) == 0400) {
+
+	if (chmod(_PATH_SUDO_SUDOERS, SUDOERS_MODE) == 0) {
+	    (void) fprintf(stderr, "%s: fixed mode on %s\n",
+		Argv[0], _PATH_SUDO_SUDOERS);
+	    if (statbuf.st_gid != SUDOERS_GID) {
+		if (!chown(_PATH_SUDO_SUDOERS,GID_NO_CHANGE,SUDOERS_GID)) {
+		    (void) fprintf(stderr, "%s: set group on %s\n",
+			Argv[0], _PATH_SUDO_SUDOERS);
+		    statbuf.st_gid = SUDOERS_GID;
+		} else {
+		    (void) fprintf(stderr,"%s: Unable to set group on %s: ",
+			Argv[0], _PATH_SUDO_SUDOERS);
+		    perror("");
 		}
-	    } else {
-		(void) fprintf(stderr, "%s: Unable to fix mode on %s: ",
-		    Argv[0], _PATH_SUDO_SUDOERS);
-		perror("");
 	    }
+	} else {
+	    (void) fprintf(stderr, "%s: Unable to fix mode on %s: ",
+		Argv[0], _PATH_SUDO_SUDOERS);
+	    perror("");
 	}
     }
 
+    /*
+     * Sanity checks on sudoers file.  Must be done as sudoers
+     * file owner.  We already did a stat as root, so use that
+     * data if we can't stat as sudoers file owner.
+     */
     set_perms(PERM_SUDOERS, 0);
 
-    if ((fd = open(_PATH_SUDO_SUDOERS, O_RDONLY)) < 0 || read(fd, &c, 1) == -1)
-	rtn = NO_SUDOERS_FILE;
-    else if (lstat(_PATH_SUDO_SUDOERS, &statbuf))
+    if (lstat(_PATH_SUDO_SUDOERS, &statbuf) != 0 && rootstat != 0)
 	rtn = NO_SUDOERS_FILE;
     else if (!S_ISREG(statbuf.st_mode))
 	rtn = SUDOERS_NOT_FILE;
@@ -828,6 +832,9 @@ static int check_sudoers()
 	rtn = SUDOERS_WRONG_MODE;
     else if (statbuf.st_uid != SUDOERS_UID || statbuf.st_gid != SUDOERS_GID)
 	rtn = SUDOERS_WRONG_OWNER;
+    else if ((fd = open(_PATH_SUDO_SUDOERS, O_RDONLY)) == -1 ||
+	     read(fd, &c, 1) == -1)
+	rtn = NO_SUDOERS_FILE;
 
     if (fd != -1)
 	(void) close(fd);