From 3316ac8ebcc658762d054125b5592754ad183a7d Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" <Todd.Miller@courtesan.com> Date: Mon, 24 Jan 2011 14:25:51 -0500 Subject: [PATCH] Do not reject sudoers file just because it is root-writable. --- plugins/sudoers/sudoers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c index fd6b249e1..a98fc2a9f 100644 --- a/plugins/sudoers/sudoers.c +++ b/plugins/sudoers/sudoers.c @@ -902,7 +902,7 @@ open_sudoers(const char *sudoers, int doedit, int *keepopen) log_error(USE_ERRNO|NO_EXIT, "can't stat %s", sudoers); else if (!S_ISREG(statbuf.st_mode)) log_error(NO_EXIT, "%s is not a regular file", sudoers); - else if ((statbuf.st_mode & 07777) != SUDOERS_MODE) + else if ((statbuf.st_mode & 07577) != SUDOERS_MODE) log_error(NO_EXIT, "%s is mode 0%o, should be 0%o", sudoers, (unsigned int) (statbuf.st_mode & 07777), (unsigned int) SUDOERS_MODE); -- 2.40.0