From: Todd C. Miller Date: Tue, 25 Jun 1996 22:02:42 +0000 (+0000) Subject: Fixed NFS-mounted sudoers file under solaris both uid *and* gid X-Git-Tag: SUDO_1_5_0~135 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ea3da19711456fe8aeb3e69a68293c59c8578ad6;p=sudo Fixed NFS-mounted sudoers file under solaris both uid *and* gid were being set to -2. Now beat NFS to the punch and set uid to "nobody" ourselves, preserving group 0 to read sudoers. --- diff --git a/sudo.c b/sudo.c index 53736b4fb..39ae5b632 100644 --- a/sudo.c +++ b/sudo.c @@ -305,6 +305,7 @@ int main(argc, argv) /* validate the user but don't search for "validate" */ rtn = validate((sudo_mode != MODE_VALIDATE)); + switch (rtn) { case VALIDATE_OK: @@ -815,6 +816,8 @@ void set_perms(perm) break; case PERM_USER: + (void) setgid(user_gid); + if (seteuid(user_uid)) { perror("seteuid(user_uid)"); exit(1); @@ -827,8 +830,10 @@ void set_perms(perm) exit(1); } + (void) setgid(user_gid); + if (setuid(user_uid)) { - perror("setuid(uid)"); + perror("setuid(user_uid)"); exit(1); } @@ -880,14 +885,29 @@ void set_perms(perm) exit(1); } - if (seteuid(SUDOERS_UID)) { - perror("seteuid(SUDOERS_UID)"); + if (setgid(SUDOERS_GID)) { + perror("setgid(SUDOERS_GID)"); exit(1); } - if (setegid(SUDOERS_GID)) { - perror("setegid(SUDOERS_GID)"); - exit(1); + /* + * If SUDOERS_UID == 0 we need to use + * a different uid in order to avoid + * NFS lossage. Sigh. + */ + if (SUDOERS_UID) { + if (seteuid(SUDOERS_UID)) { + perror("seteuid(SUDOERS_UID)"); + exit(1); + } + } else { + if (!(pw_ent = getpwnam("nobody"))) + pw_ent->pw_uid = (uid_t) -2; + + if (seteuid(pw_ent->pw_uid)) { + perror("seteuid(nobody)"); + exit(1); + } } break;