From 1bd90d8fffb37f818c859cadabc1b0ba635e3c05 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Tue, 21 Mar 2017 13:54:27 -0600 Subject: [PATCH] Explicitly set the file mode of I/O log files so the mode is not affected by the invoking user's umask. --- plugins/sudoers/iolog.c | 9 +++++++-- plugins/sudoers/mkdir_parents.c | 10 +++++++++- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/plugins/sudoers/iolog.c b/plugins/sudoers/iolog.c index 2c09f9588..6452acb88 100644 --- a/plugins/sudoers/iolog.c +++ b/plugins/sudoers/iolog.c @@ -103,10 +103,10 @@ io_mkdirs(char *path) } if (ok) { if (S_ISDIR(sb.st_mode)) { - if ((sb.st_mode & ALLPERMS) != iolog_dirmode) - ignore_result(chmod(path, iolog_dirmode)); if (sb.st_uid != iolog_uid || sb.st_gid != iolog_gid) ignore_result(chown(path, iolog_uid, iolog_gid)); + if ((sb.st_mode & ALLPERMS) != iolog_dirmode) + ignore_result(chmod(path, iolog_dirmode)); } else { sudo_warnx(U_("%s exists but is not a directory (0%o)"), path, (unsigned int) sb.st_mode); @@ -130,6 +130,7 @@ io_mkdirs(char *path) ok = false; } else { ignore_result(chown(path, iolog_uid, iolog_gid)); + ignore_result(chmod(path, iolog_dirmode)); } } if (uid_changed) { @@ -374,6 +375,7 @@ io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7]) } sudo_lock_file(fd, SUDO_LOCK); ignore_result(fchown(fd, iolog_uid, iolog_gid)); + ignore_result(fchmod(fd, iolog_filemode)); /* * If there is no seq file in iolog_dir and a fallback dir was @@ -397,6 +399,7 @@ io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7]) } if (fd2 != -1) { ignore_result(fchown(fd2, iolog_uid, gid)); + ignore_result(fchmod(fd2, iolog_filemode)); nread = read(fd2, buf, sizeof(buf) - 1); if (nread > 0) { if (buf[nread - 1] == '\n') @@ -522,6 +525,7 @@ open_io_fd(char *pathbuf, size_t len, struct io_log_file *iol, bool docompress) } if (fd != -1) { ignore_result(fchown(fd, iolog_uid, iolog_gid)); + ignore_result(fchmod(fd, iolog_filemode)); (void)fcntl(fd, F_SETFD, FD_CLOEXEC); #ifdef HAVE_ZLIB_H if (docompress) @@ -764,6 +768,7 @@ write_info_log(char *pathbuf, size_t len, struct iolog_details *details, debug_return_bool(false); } ignore_result(fchown(fd, iolog_uid, iolog_gid)); + ignore_result(fchmod(fd, iolog_filemode)); fprintf(fp, "%lld:%s:%s:%s:%s:%d:%d\n%s\n%s", (long long)now->tv_sec, details->user ? details->user : "unknown", details->runas_pw->pw_name, diff --git a/plugins/sudoers/mkdir_parents.c b/plugins/sudoers/mkdir_parents.c index 335a35704..d49f93e24 100644 --- a/plugins/sudoers/mkdir_parents.c +++ b/plugins/sudoers/mkdir_parents.c @@ -53,6 +53,7 @@ sudo_mkdir_parents(char *path, uid_t uid, gid_t gid, mode_t mode, bool quiet) if (mkdir(path, mode) == 0) { if (uid != (uid_t)-1 && gid != (gid_t)-1) ignore_result(chown(path, uid, gid)); + ignore_result(chmod(path, mode)); } else { if (errno != EEXIST) { if (!quiet) @@ -65,7 +66,14 @@ sudo_mkdir_parents(char *path, uid_t uid, gid_t gid, mode_t mode, bool quiet) sudo_warn(U_("unable to stat %s"), path); goto bad; } - if (!S_ISDIR(sb.st_mode)) { + if (S_ISDIR(sb.st_mode)) { + if (uid != (uid_t)-1 && gid != (gid_t)-1) { + if (sb.st_uid != uid || sb.st_gid != uid) + ignore_result(chown(path, uid, uid)); + } + if ((sb.st_mode & ALLPERMS) != mode) + ignore_result(chmod(path, mode)); + } else { if (!quiet) sudo_warnx(U_("%s exists but is not a directory (0%o)"), path, (unsigned int) sb.st_mode); -- 2.40.0