From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Mon, 11 Nov 1996 01:32:33 +0000 (+0000)
Subject: Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE == 0400
X-Git-Tag: SUDO_1_5_3~16
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b317dc70ac3032b04b6465f318af7e79bba12e48;p=sudo

Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE == 0400
---

diff --git a/sudo.c b/sudo.c
index 325510ff8..52245b071 100644
--- a/sudo.c
+++ b/sudo.c
@@ -939,13 +939,14 @@ void set_perms(perm, sudo_mode)
 				}
 
 				/*
-				 * If SUDOERS_UID == 0 we need to use
-				 * a different uid in order to avoid
-				 * NFS lossage.  Using uid 1 is a bit
-				 * bogus but should be safe.
+				 * If SUDOERS_UID == 0 and SUDOERS_MODE
+				 * is group readable we use a non-zero
+				 * uid in order to avoid NFS lossage.
+				 * Using uid 1 is a bit bogus but should
+				 * work on all OS's.
 				 */
 				if (SUDOERS_UID == 0) {
-				    if (seteuid(1)) {
+				    if ((SUDOERS_MODE & 040) && seteuid(1)) {
 					perror("seteuid(1)");
 					exit(1);
 				    }