From 7a07ad864189a3e3613a74da2d0209f8b3d236d3 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Thu, 29 Jan 2004 21:15:27 +0000 Subject: [PATCH] Don't look at prev_user until after we've parsed sudoers and done the password check. That way, if sudo/sudoedit is run from a root process that was invoked by sudo, we check sudoers for root, not the previous user. This makes sudoedit much more useful and means that for the sudo case, we get correct logging on who actually ran the command. --- sudo.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/sudo.c b/sudo.c index ff127c2ee..cdadf585b 100644 --- a/sudo.c +++ b/sudo.c @@ -348,6 +348,16 @@ main(argc, argv, envp) if (!(validated & FLAG_NOPASS)) check_user(validated & FLAG_CHECK_USER); + /* If run as root with SUDO_USER set, set sudo_user.pw to that user. */ + if (user_uid == 0 && prev_user != NULL && strcmp(prev_user, "root") != 0) { + struct passwd *pw; + + if ((pw = sudo_getpwnam(prev_user)) != NULL) { + free(sudo_user.pw); + sudo_user.pw = pw; + } + } + /* Build a new environment that avoids any nasty bits if we have a cmnd. */ if (sudo_mode & MODE_RUN) new_environ = rebuild_env(envp, sudo_mode, (validated & FLAG_NOEXEC)); @@ -526,16 +536,9 @@ init_vars(sudo_mode) /* * Get a local copy of the user's struct passwd with the shadow password * if necessary. It is assumed that euid is 0 at this point so we - * can read the shadow passwd file if necessary. If we are being run - * as root and the user is chaining sudo commands, use the SUDO_USER - * environment variable to determine the user's real identity. - * It is not safe to trust SUDO_USER if the real uid != 0. + * can read the shadow passwd file if necessary. */ - if (getuid() == 0 && prev_user != NULL) - sudo_user.pw = sudo_getpwnam(prev_user); - else - sudo_user.pw = sudo_getpwuid(getuid()); - if (sudo_user.pw == NULL) { + if ((sudo_user.pw = sudo_getpwuid(getuid())) == NULL) { /* Need to make a fake struct passwd for logging to work. */ struct passwd pw; char pw_name[MAX_UID_T_LEN + 1]; -- 2.50.1