From eca57ce130da5efd4493ec73197ef15b4e8af12e Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Tue, 25 Oct 2011 15:07:58 -0400 Subject: [PATCH] When matching a RunasAlias for a runas group, pass the alias in as the group_list, not the user_list. From Daniel Kopecek. --HG-- branch : 1.7 --- NEWS | 5 +++++ match.c | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index b798fb0c6..d7436feea 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,8 @@ +What's new in Sudo 1.7.8p1? + + * Fixed matching of a Runas_Alias in the group section of a + Runas_Spec. + What's new in Sudo 1.7.8? * Sudo will now use PAM by default on AIX 6 and higher. diff --git a/match.c b/match.c index 1a47e55c8..184616e2b 100644 --- a/match.c +++ b/match.c @@ -222,7 +222,7 @@ _runaslist_matches(user_list, group_list) break; case ALIAS: if ((a = alias_find(m->name, RUNASALIAS)) != NULL) { - rval = _runaslist_matches(&a->members, &empty); + rval = _runaslist_matches(&empty, &a->members); if (rval != UNSPEC) group_matched = m->negated ? !rval : rval; break; -- 2.50.1