From d56a17165a91d5cdd3bb1115fb3edbbd346a1108 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Sat, 13 Aug 2011 18:34:37 -0400
Subject: [PATCH] Also check sudoers gid if sudoers is group writable.

---
 plugins/sudoers/sudoers.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c
index 85fef16ae..a3816e2cb 100644
--- a/plugins/sudoers/sudoers.c
+++ b/plugins/sudoers/sudoers.c
@@ -964,7 +964,7 @@ open_sudoers(const char *sudoers, int doedit, int *keepopen)
     else if (statbuf.st_uid != sudoers_uid)
 	log_error(NO_EXIT, _("%s is owned by uid %u, should be %u"), sudoers,
 	    (unsigned int) statbuf.st_uid, (unsigned int) sudoers_uid);
-    else if (ISSET(statbuf.st_mode, S_IRGRP) && statbuf.st_gid != sudoers_gid)
+    else if (statbuf.st_gid != sudoers_gid && ISSET(statbuf.st_mode, S_IRGRP|S_IWGRP))
 	log_error(NO_EXIT, _("%s is owned by gid %u, should be %u"), sudoers,
 	    (unsigned int) statbuf.st_gid, (unsigned int) sudoers_gid);
     else if ((fp = fopen(sudoers, "r")) == NULL)
-- 
2.40.0