From cab6b976dc55f5ccd3810eb6a840744d0f75a6d8 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Mon, 12 Nov 2012 15:20:10 -0500
Subject: [PATCH] For PERM_ROOT set egid to 0 so log files are not created with
 the gid of the user.

---
 plugins/sudoers/set_perms.c | 51 ++++++++++++++++++++++++++++++++-----
 plugins/sudoers/sudoers.h   |  5 ++--
 2 files changed, 47 insertions(+), 9 deletions(-)

diff --git a/plugins/sudoers/set_perms.c b/plugins/sudoers/set_perms.c
index d91640ab4..db240f8ed 100644
--- a/plugins/sudoers/set_perms.c
+++ b/plugins/sudoers/set_perms.c
@@ -179,8 +179,16 @@ set_perms(int perm)
 	    goto bad;
 	}
 	state->rgid = ostate->rgid;
-	state->egid = ostate->egid;
+	state->egid = ROOT_GID;
 	state->sgid = ostate->sgid;
+	sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: "
+	    "[%d, %d, %d] -> [%d, %d, %d]", __func__,
+	    (int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid,
+	    (int)state->rgid, (int)state->egid, (int)state->sgid);
+	if (GID_CHANGED && setresgid(ID(rgid), ID(egid), ID(sgid))) {
+	    strlcpy(errbuf, _("unable to change to root gid"), sizeof(errbuf));
+	    goto bad;
+	}
 	state->grlist = ostate->grlist;
 	sudo_grlist_addref(state->grlist);
 	break;
@@ -481,8 +489,16 @@ set_perms(int perm)
 	    goto bad;
 	}
 	state->rgid = ostate->rgid;
-	state->egid = ostate->egid;
+	state->egid = ROOT_GID;
 	state->sgid = ostate->sgid;
+	sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: "
+	    "[%d, %d, %d] -> [%d, %d, %d]", __func__,
+	    (int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid,
+	    (int)state->rgid, (int)state->egid, (int)state->sgid);
+	if (GID_CHANGED && setgidx(ID_EFFECTIVE, ROOT_GID)) {
+	    strlcpy(errbuf, _("unable to change to root gid"), sizeof(errbuf));
+	    goto bad;
+	}
 	state->grlist = ostate->grlist;
 	sudo_grlist_addref(state->grlist);
 	break;
@@ -879,7 +895,15 @@ set_perms(int perm)
 	    }
 	}
 	state->rgid = ostate->rgid;
-	state->egid = ostate->rgid;
+	state->egid = ROOT_GID;
+	sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: "
+	    "[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid,
+	    (int)ostate->egid, (int)state->rgid, (int)state->egid);
+	if (GID_CHANGED && setregid(ID(rgid), ID(egid))) {
+	    snprintf(errbuf, sizeof(errbuf),
+		"PERM_ROOT: setregid(%d, %d)", ID(rgid), ID(egid));
+	    goto bad;
+	}
 	state->grlist = ostate->grlist;
 	sudo_grlist_addref(state->grlist);
 	break;
@@ -1165,7 +1189,14 @@ set_perms(int perm)
 	state->ruid = ROOT_UID;
 	state->euid = ROOT_UID;
 	state->rgid = ostate->rgid;
-	state->egid = ostate->egid;
+	state->egid = ROOT_GID;
+	sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: "
+	    "[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid,
+	    (int)ostate->egid, ROOT_GID, ROOT_GID);
+	if (GID_CHANGED && setegid(ROOT_GID)) {
+	    strlcpy(errbuf, _("unable to change to root gid"), sizeof(errbuf));
+	    goto bad;
+	}
 	state->grlist = ostate->grlist;
 	sudo_grlist_addref(state->grlist);
 	break;
@@ -1421,7 +1452,7 @@ set_perms(int perm)
 
     case PERM_ROOT:
 	state->ruid = ROOT_UID;
-	state->rgid = ostate->rgid;
+	state->rgid = ROOT_GID;
 	state->grlist = ostate->grlist;
 	sudo_grlist_addref(state->grlist);
 	sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: uid: "
@@ -1430,11 +1461,17 @@ set_perms(int perm)
 	    snprintf(errbuf, sizeof(errbuf), "PERM_ROOT: setuid(%d)", ROOT_UID);
 	    goto bad;
 	}
+	sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: "
+	    "[%d] -> [%d]", __func__, (int)ostate->rgid, (int)state->rgid);
+	if (setgid(ROOT_GID)) {
+	    strlcpy(errbuf, _("unable to change to root gid"), sizeof(errbuf));
+	    goto bad;
+	}
 	break;
 
     case PERM_FULL_USER:
 	state->rgid = user_gid;
-	sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: "
+	sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_FULL_USER: gid: "
 	    "[%d] -> [%d]", __func__, (int)ostate->rgid, (int)state->rgid);
 	(void) setgid(user_gid);
 	state->grlist = user_group_list;
@@ -1446,7 +1483,7 @@ set_perms(int perm)
 	    }
 	}
 	state->ruid = user_uid;
-	sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: uid: "
+	sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_FULL_USER: uid: "
 	    "[%d] -> [%d]", __func__, (int)ostate->ruid, (int)state->ruid);
 	if (setuid(user_uid)) {
 	    snprintf(errbuf, sizeof(errbuf),
diff --git a/plugins/sudoers/sudoers.h b/plugins/sudoers/sudoers.h
index f51928b55..7a81fff40 100644
--- a/plugins/sudoers/sudoers.h
+++ b/plugins/sudoers/sudoers.h
@@ -202,10 +202,11 @@ struct sudo_user {
 #define	runas_limitprivs	(sudo_user.limitprivs)
 
 #ifdef __TANDEM
-# define ROOT_UID       65535
+# define ROOT_UID	65535
 #else
-# define ROOT_UID       0
+# define ROOT_UID	0
 #endif
+#define ROOT_GID	0
 
 /*
  * We used to use the system definition of PASS_MAX or _PASSWD_LEN,
-- 
2.40.0