From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Mon, 6 Feb 2012 18:33:46 +0000 (-0500)
Subject: Set real uid to root before calling sudo_edit() or run_command()
X-Git-Tag: SUDO_1_8_4~21^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c6ef580100ebba2c8ddd738d2cce7bd3f4dfbf61;p=sudo

Set real uid to root before calling sudo_edit() or run_command()
so that the monitor process is owned by root and not by the user.
Otherwise, on AIX at least, the monitor process shows up in ps as
belonging to the user (and can be killed by the user).
---

diff --git a/src/sudo.c b/src/sudo.c
index b8875afd0..eb006a088 100644
--- a/src/sudo.c
+++ b/src/sudo.c
@@ -288,6 +288,8 @@ main(int argc, char *argv[], char *envp[])
 	    command_details.envp = user_env_out;
 	    if (ISSET(sudo_mode, MODE_BACKGROUND))
 		SET(command_details.flags, CD_BACKGROUND);
+	    /* Become full root (not just setuid) so user cannot kill us. */
+	    (void) setuid(ROOT_UID);
 	    /* Restore coredumpsize resource limit before running. */
 #ifdef RLIMIT_CORE
 	    if (sudo_conf_disable_coredump())