From 633b6d2c352e7c45600f4ae9a3cd2f6e3af7ebbc Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Mon, 8 Jul 1996 02:30:25 +0000 Subject: [PATCH] fixed backwards compatibility with sudo 1.4 sudoers mode for root readable/writable filesystems --- sudo.c | 33 ++++++++++++++++++++------------- 1 file changed, 20 insertions(+), 13 deletions(-) diff --git a/sudo.c b/sudo.c index 4e5aa8a24..c265090d2 100644 --- a/sudo.c +++ b/sudo.c @@ -749,16 +749,13 @@ static int check_sudoers() char c; int rtn = ALL_SYSTEMS_GO; - set_perms(PERM_SUDOERS); - - if ((fd = open(_PATH_SUDO_SUDOERS, O_RDONLY)) < 0 || read(fd, &c, 1) == -1) - rtn = NO_SUDOERS_FILE; - else if (lstat(_PATH_SUDO_SUDOERS, &statbuf)) - rtn = NO_SUDOERS_FILE; - else if (!S_ISREG(statbuf.st_mode)) - rtn = SUDOERS_NOT_FILE; - else if ((statbuf.st_mode & 0007777) != SUDOERS_MODE) { - if ((statbuf.st_mode & 0007777) == 0400) { + /* + * Fix the mode and group on sudoers file from old default. + * Only works if filesystem is readable/writable by root. + */ + set_perms(PERM_ROOT); + if (!lstat(_PATH_SUDO_SUDOERS, &statbuf) && SUDOERS_UID == statbuf.st_uid) { + if (SUDOERS_MODE != 0400 && (statbuf.st_mode & 0007777) == 0400) { if (chmod(_PATH_SUDO_SUDOERS, SUDOERS_MODE) == 0) { (void) fprintf(stderr, "%s: fixed mode on %s\n", Argv[0], _PATH_SUDO_SUDOERS); @@ -778,10 +775,20 @@ static int check_sudoers() Argv[0], _PATH_SUDO_SUDOERS); perror(""); } - } else { - rtn = SUDOERS_WRONG_MODE; } - } else if (statbuf.st_uid != SUDOERS_UID || statbuf.st_gid != SUDOERS_GID) + } + + set_perms(PERM_SUDOERS); + + if ((fd = open(_PATH_SUDO_SUDOERS, O_RDONLY)) < 0 || read(fd, &c, 1) == -1) + rtn = NO_SUDOERS_FILE; + else if (lstat(_PATH_SUDO_SUDOERS, &statbuf)) + rtn = NO_SUDOERS_FILE; + else if (!S_ISREG(statbuf.st_mode)) + rtn = SUDOERS_NOT_FILE; + else if ((statbuf.st_mode & 0007777) != SUDOERS_MODE) + rtn = SUDOERS_WRONG_MODE; + else if (statbuf.st_uid != SUDOERS_UID || statbuf.st_gid != SUDOERS_GID) rtn = SUDOERS_WRONG_OWNER; if (fd != -1) -- 2.40.0