From 3cc8460b0dc61856647401986ed16705f54f5b36 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Thu, 3 Jun 2010 08:27:54 -0400 Subject: [PATCH] Make find_path() a little more generic by not checking def_foo variables inside it. Instead, pass in ignore_dot as a function argument. --HG-- branch : 1.7 --- find_path.c | 10 ++++------ sudo.c | 9 +++++++-- sudo.h | 2 +- visudo.c | 2 +- 4 files changed, 13 insertions(+), 10 deletions(-) diff --git a/find_path.c b/find_path.c index 22ff607df..4a732581b 100644 --- a/find_path.c +++ b/find_path.c @@ -53,11 +53,12 @@ * but it is in '.' and IGNORE_DOT is set. */ int -find_path(infile, outfile, sbp, path) +find_path(infile, outfile, sbp, path, ignore_dot) char *infile; /* file to find */ char **outfile; /* result parameter */ struct stat *sbp; /* stat result parameter */ char *path; /* path to search */ + int ignore_dot; /* don't check cwd */ { static char command[PATH_MAX]; /* qualified filename */ char *n; /* for traversing path */ @@ -82,10 +83,7 @@ find_path(infile, outfile, sbp, path) return(NOT_FOUND); } - /* Use PATH passed in unless SECURE_PATH is in effect. */ - if (def_secure_path && !user_is_exempt()) - path = def_secure_path; - else if (path == NULL) + if (path == NULL) return(NOT_FOUND); path = estrdup(path); origpath = path; @@ -126,7 +124,7 @@ find_path(infile, outfile, sbp, path) if (len <= 0 || len >= sizeof(command)) errorx(1, "%s: File name too long", infile); result = sudo_goodpath(command, sbp); - if (result && def_ignore_dot) + if (result && ignore_dot) return(NOT_FOUND_DOT); } diff --git a/sudo.c b/sudo.c index 1b93fabee..1192ee9ed 100644 --- a/sudo.c +++ b/sudo.c @@ -813,6 +813,7 @@ set_cmnd(sudo_mode) int sudo_mode; { int rval; + char *path = user_path; /* Set project if applicable. */ set_project(runas_pw); @@ -822,13 +823,17 @@ set_cmnd(sudo_mode) user_stat = emalloc(sizeof(struct stat)); if (sudo_mode & (MODE_RUN | MODE_EDIT | MODE_CHECK)) { if (ISSET(sudo_mode, MODE_RUN | MODE_CHECK)) { + if (def_secure_path && !user_is_exempt()) + path = def_secure_path; set_perms(PERM_RUNAS); - rval = find_path(NewArgv[0], &user_cmnd, user_stat, user_path); + rval = find_path(NewArgv[0], &user_cmnd, user_stat, path, + def_ignore_dot); set_perms(PERM_ROOT); if (rval != FOUND) { /* Failed as root, try as invoking user. */ set_perms(PERM_USER); - rval = find_path(NewArgv[0], &user_cmnd, user_stat, user_path); + rval = find_path(NewArgv[0], &user_cmnd, user_stat, path, + def_ignore_dot); set_perms(PERM_ROOT); } } diff --git a/sudo.h b/sudo.h index d5802292f..867105513 100644 --- a/sudo.h +++ b/sudo.h @@ -205,7 +205,7 @@ struct passwd; char *sudo_goodpath __P((const char *, struct stat *)); char *tgetpass __P((const char *, int, int)); -int find_path __P((char *, char **, struct stat *, char *)); +int find_path __P((char *, char **, struct stat *, char *, int)); int tty_present __P((void)); void check_user __P((int, int)); void verify_user __P((struct passwd *, char *)); diff --git a/visudo.c b/visudo.c index c93b817b8..2ecf26962 100644 --- a/visudo.c +++ b/visudo.c @@ -825,7 +825,7 @@ get_editor(args) UserEditor = NULL; else if (UserEditor) { UserEditorArgs = get_args(UserEditor); - if (find_path(UserEditor, &Editor, NULL, getenv("PATH")) == FOUND) { + if (find_path(UserEditor, &Editor, NULL, getenv("PATH"), 0) == FOUND) { UserEditor = Editor; } else { if (def_env_editor) { -- 2.40.0