From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Tue, 13 Nov 2012 16:03:48 +0000 (-0500)
Subject: Set gid to 0 when creating I/O log directories.
X-Git-Tag: SUDO_1_7_10p4~11
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c5b43adfa5b8445541d59fc34bdfb1e3e5dd3018;p=sudo

Set gid to 0 when creating I/O log directories.

--HG--
branch : 1.7
---

diff --git a/iolog.c b/iolog.c
index f5845721a..1329c151c 100644
--- a/iolog.c
+++ b/iolog.c
@@ -102,6 +102,7 @@ io_nextid()
     if (stat(def_iolog_dir, &sb) != 0) {
 	if (mkdir(def_iolog_dir, S_IRWXU) != 0)
 	    log_fatal(USE_ERRNO, "Can't mkdir %s", def_iolog_dir);
+	(void) chown(def_iolog_dir, (uid_t)-1, ROOT_GID);
     } else if (!S_ISDIR(sb.st_mode)) {
 	log_fatal(0, "%s exists but is not a directory (0%o)",
 	    def_iolog_dir, (unsigned int) sb.st_mode);
@@ -181,6 +182,7 @@ build_idpath(pathbuf, pathsize)
 	if (stat(pathbuf, &sb) != 0) {
 	    if (mkdir(pathbuf, S_IRWXU) != 0)
 		log_fatal(USE_ERRNO, "Can't mkdir %s", pathbuf);
+	    (void) chown(pathbuf, (uid_t)-1, ROOT_GID);
 	} else if (!S_ISDIR(sb.st_mode)) {
 	    log_fatal(0, "%s: %s", pathbuf, strerror(ENOTDIR));
 	}
@@ -235,6 +237,7 @@ io_log_open()
 
     if (mkdir(pathbuf, S_IRUSR|S_IWUSR|S_IXUSR) != 0)
 	log_fatal(USE_ERRNO, "Can't mkdir %s", pathbuf);
+    (void) chown(pathbuf, (uid_t)-1, ROOT_GID);
 
     /*
      * We create 7 files: a log file, a timing file and 5 for input/output.
diff --git a/set_perms.c b/set_perms.c
index 256418948..30af9c08e 100644
--- a/set_perms.c
+++ b/set_perms.c
@@ -54,12 +54,6 @@
 
 #include "sudo.h"
 
-#ifdef __TANDEM
-# define ROOT_UID	65535
-#else
-# define ROOT_UID	0
-#endif
-
 /*
  * Prototypes
  */
diff --git a/sudo.c b/sudo.c
index 867c3331e..1382ca812 100644
--- a/sudo.c
+++ b/sudo.c
@@ -119,12 +119,6 @@
 # define CMND_WAIT	FALSE
 #endif
 
-#ifdef __TANDEM
-# define ROOT_UID	65535
-#else
-# define ROOT_UID	0
-#endif
-
 /*
  * Prototypes
  */
diff --git a/sudo.h b/sudo.h
index 050498299..2fe3c1d79 100644
--- a/sudo.h
+++ b/sudo.h
@@ -187,6 +187,13 @@ struct command_status {
 #define user_role		(sudo_user.role)
 #define user_type		(sudo_user.type)
 
+#ifdef __TANDEM
+# define ROOT_UID	65535
+#else
+# define ROOT_UID	0
+#endif
+#define ROOT_GID	0
+
 /*
  * We used to use the system definition of PASS_MAX or _PASSWD_LEN,
  * but that caused problems with various alternate authentication