diff --git a/include/sudo_compat.h b/include/sudo_compat.h index c2aa3211d..eb47d9004 100644 --- a/include/sudo_compat.h +++ b/include/sudo_compat.h @@ -173,6 +173,19 @@ #ifndef S_ISLNK # define S_ISLNK(m) (((m) & _S_IFMT) == _S_IFLNK) #endif /* S_ISLNK */ +#ifndef S_ISTXT +# define S_ISTXT 0001000 +#endif /* S_ISTXT */ + +/* + * ACCESSPERMS (00777) and ALLPERMS (07777) are handy BSDisms + */ +#ifndef ACCESSPERMS +# define ACCESSPERMS (S_IRWXU|S_IRWXG|S_IRWXO) +#endif /* ACCESSPERMS */ +#ifndef ALLPERMS +# define ALLPERMS (S_ISUID|S_ISGID|S_ISTXT|S_IRWXU|S_IRWXG|S_IRWXO) +#endif /* ALLPERMS */ /* For futimens() and utimensat() emulation. */ #if !defined(HAVE_FUTIMENS) && !defined(HAVE_UTIMENSAT) diff --git a/lib/util/strtomode.c b/lib/util/strtomode.c index 5eeae5860..b4bad96d2 100644 --- a/lib/util/strtomode.c +++ b/lib/util/strtomode.c @@ -17,6 +17,7 @@ #include #include +#include #include #include @@ -49,7 +50,7 @@ sudo_strtomode_v1(const char *cp, const char **errstr) errno = EINVAL; debug_return_int(0); } - if (lval < 0 || lval > 0777) { + if (lval < 0 || lval > ACCESSPERMS) { if (errstr != NULL) *errstr = lval < 0 ? N_("value too small") : N_("value too large"); errno = ERANGE; diff --git a/plugins/sudoers/defaults.c b/plugins/sudoers/defaults.c index 5c8668d6c..22e566d4a 100644 --- a/plugins/sudoers/defaults.c +++ b/plugins/sudoers/defaults.c @@ -535,7 +535,7 @@ init_defaults(void) #ifdef SUDO_UMASK def_umask = SUDO_UMASK; #else - def_umask = 0777; + def_umask = ACCESSPERMS; #endif def_loglinelen = MAXLOGFILELEN; def_timestamp_timeout = TIMEOUT; @@ -955,7 +955,7 @@ store_mode(const char *str, union sudo_defs_val *sd_un) debug_decl(store_mode, SUDOERS_DEBUG_DEFAULTS) if (str == NULL) { - sd_un->mode = 0777; + sd_un->mode = ACCESSPERMS; } else { mode = sudo_strtomode(str, &errstr); if (errstr != NULL) { diff --git a/plugins/sudoers/goodpath.c b/plugins/sudoers/goodpath.c index b992a7a51..33bd9d6a9 100644 --- a/plugins/sudoers/goodpath.c +++ b/plugins/sudoers/goodpath.c @@ -52,7 +52,7 @@ sudo_goodpath(const char *path, struct stat *sbp) if (stat(path, sbp) == 0) { /* Make sure path describes an executable regular file. */ - if (S_ISREG(sbp->st_mode) && ISSET(sbp->st_mode, 0111)) + if (S_ISREG(sbp->st_mode) && ISSET(sbp->st_mode, S_IXUSR|S_IXGRP|S_IXOTH)) ret = true; else errno = EACCES; diff --git a/plugins/sudoers/logging.c b/plugins/sudoers/logging.c index d5b8ecfb2..37d801ab7 100644 --- a/plugins/sudoers/logging.c +++ b/plugins/sudoers/logging.c @@ -150,7 +150,7 @@ do_logfile(const char *msg) sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale); - oldmask = umask(077); + oldmask = umask(S_IRWXG|S_IRWXO); fp = fopen(def_logfile, "a"); (void) umask(oldmask); if (fp == NULL) { @@ -627,7 +627,8 @@ send_mail(const char *fmt, ...) sudo_warn("setsid"); if (chdir("/") == -1) sudo_warn("chdir(/)"); - if ((fd = open(_PATH_DEVNULL, O_RDWR, 0644)) != -1) { + fd = open(_PATH_DEVNULL, O_RDWR, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); + if (fd != -1) { (void) dup2(fd, STDIN_FILENO); (void) dup2(fd, STDOUT_FILENO); (void) dup2(fd, STDERR_FILENO); diff --git a/plugins/sudoers/policy.c b/plugins/sudoers/policy.c index c5de6d012..08ac25a81 100644 --- a/plugins/sudoers/policy.c +++ b/plugins/sudoers/policy.c @@ -568,7 +568,7 @@ sudoers_policy_exec_setup(char *argv[], char *envp[], mode_t cmnd_umask, if ((command_info[info_len++] = sudo_new_key_val("iolog_group", def_iolog_group)) == NULL) goto oom; } - if (cmnd_umask != 0777) { + if (cmnd_umask != ACCESSPERMS) { if (asprintf(&command_info[info_len++], "umask=0%o", (unsigned int)cmnd_umask) == -1) goto oom; } diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c index d3169e57a..f691798ba 100644 --- a/plugins/sudoers/sudoers.c +++ b/plugins/sudoers/sudoers.c @@ -225,7 +225,7 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[], { char **edit_argv = NULL; char *iolog_path = NULL; - mode_t cmnd_umask = 0777; + mode_t cmnd_umask = ACCESSPERMS; struct sudo_nss *nss; bool nopass = false; int cmnd_status = -1, oldlocale, validated; @@ -538,7 +538,7 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[], * If user's umask is more restrictive, OR in those bits too * unless umask_override is set. */ - if (def_umask != 0777) { + if (def_umask != ACCESSPERMS) { cmnd_umask = def_umask; if (!def_umask_override) cmnd_umask |= user_umask; diff --git a/plugins/sudoers/timestamp.c b/plugins/sudoers/timestamp.c index f2f6a9e05..588695346 100644 --- a/plugins/sudoers/timestamp.c +++ b/plugins/sudoers/timestamp.c @@ -192,7 +192,8 @@ ts_secure_dir(char *path, bool make_it, bool quiet) ret = true; break; case SUDO_PATH_MISSING: - if (make_it && ts_mkdirs(path, timestamp_uid, 0700, 0711, quiet)) { + if (make_it && ts_mkdirs(path, timestamp_uid, S_IRWXU, + S_IRWXU|S_IXGRP|S_IXOTH, quiet)) { ret = true; break; } @@ -235,7 +236,7 @@ ts_open(const char *path, int flags) if (timestamp_uid != 0) uid_changed = set_perms(PERM_TIMESTAMP); - fd = open(path, flags, 0600); + fd = open(path, flags, S_IRUSR|S_IWUSR); if (uid_changed && !restore_perms()) { /* Unable to restore permissions, should not happen. */ if (fd != -1) { diff --git a/plugins/sudoers/visudo.c b/plugins/sudoers/visudo.c index 63594b9c9..7018f5e9e 100644 --- a/plugins/sudoers/visudo.c +++ b/plugins/sudoers/visudo.c @@ -443,7 +443,7 @@ edit_sudoers(struct sudoersfile *sp, char *editor, int editor_argc, if (sp->tpath == NULL) { if (asprintf(&sp->tpath, "%s.tmp", sp->path) == -1) sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); - tfd = open(sp->tpath, O_WRONLY | O_CREAT | O_TRUNC, 0600); + tfd = open(sp->tpath, O_WRONLY|O_CREAT|O_TRUNC, S_IRWXU|S_IRUSR); if (tfd < 0) sudo_fatal("%s", sp->tpath); @@ -669,7 +669,7 @@ install_sudoers(struct sudoersfile *sp, bool oldperms) if (!oldperms && fstat(sp->fd, &sb) != -1) { if (sb.st_uid != sudoers_uid || sb.st_gid != sudoers_gid) ignore_result(chown(sp->path, sudoers_uid, sudoers_gid)); - if ((sb.st_mode & 0777) != sudoers_mode) + if ((sb.st_mode & ACCESSPERMS) != sudoers_mode) ignore_result(chmod(sp->path, sudoers_mode)); } ret = true; @@ -688,9 +688,9 @@ install_sudoers(struct sudoersfile *sp, bool oldperms) sudo_warn(U_("unable to set (uid, gid) of %s to (%u, %u)"), sp->tpath, (unsigned int)sb.st_uid, (unsigned int)sb.st_gid); } - if (chmod(sp->tpath, sb.st_mode & 0777) != 0) { + if (chmod(sp->tpath, sb.st_mode & ACCESSPERMS) != 0) { sudo_warn(U_("unable to change mode of %s to 0%o"), sp->tpath, - (unsigned int)(sb.st_mode & 0777)); + (unsigned int)(sb.st_mode & ACCESSPERMS)); } } else { if (chown(sp->tpath, sudoers_uid, sudoers_gid) != 0) { @@ -896,7 +896,7 @@ check_owner(const char *path, bool quiet) path, sudoers_uid, sudoers_gid); } } - if ((sb.st_mode & 07777) != sudoers_mode) { + if ((sb.st_mode & ALLPERMS) != sudoers_mode) { ok = false; if (!quiet) { fprintf(stderr, _("%s: bad permissions, should be mode 0%o\n"), diff --git a/src/sesh.c b/src/sesh.c index c07366d15..85a451fa7 100644 --- a/src/sesh.c +++ b/src/sesh.c @@ -189,7 +189,7 @@ sesh_sudoedit(int argc, char *argv[]) * doesn't exist, that's OK, we'll create an empty * destination file. */ - if ((fd_src = open(path_src, O_RDONLY|follow, 0600)) < 0) { + if ((fd_src = open(path_src, O_RDONLY|follow, S_IRUSR|S_IWUSR)) < 0) { if (errno != ENOENT) { sudo_warn("%s", path_src); if (post) { @@ -200,7 +200,8 @@ sesh_sudoedit(int argc, char *argv[]) } } - if ((fd_dst = open(path_dst, oflags_dst, post ? 0644 : 0600)) < 0) { + if ((fd_dst = open(path_dst, oflags_dst, post ? + (S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH) : (S_IRUSR|S_IWUSR))) < 0) { /* error - cleanup */ sudo_warn("%s", path_dst); if (post) { diff --git a/src/sudo.c b/src/sudo.c index 49b48abdc..a56751d38 100644 --- a/src/sudo.c +++ b/src/sudo.c @@ -364,7 +364,8 @@ fix_fds(void) miss[STDOUT_FILENO] = fcntl(STDOUT_FILENO, F_GETFL, 0) == -1; miss[STDERR_FILENO] = fcntl(STDERR_FILENO, F_GETFL, 0) == -1; if (miss[STDIN_FILENO] || miss[STDOUT_FILENO] || miss[STDERR_FILENO]) { - if ((devnull = open(_PATH_DEVNULL, O_RDWR, 0644)) == -1) + devnull = open(_PATH_DEVNULL, O_RDWR, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); + if (devnull == -1) sudo_fatal(U_("unable to open %s"), _PATH_DEVNULL); if (miss[STDIN_FILENO] && dup2(devnull, STDIN_FILENO) == -1) sudo_fatal("dup2"); diff --git a/src/sudo_edit.c b/src/sudo_edit.c index 9c6a1ac1e..0faef4c6f 100644 --- a/src/sudo_edit.c +++ b/src/sudo_edit.c @@ -548,7 +548,8 @@ sudo_edit_create_tfiles(struct command_details *command_details, rc = -1; switch_user(command_details->euid, command_details->egid, command_details->ngroups, command_details->groups); - ofd = sudo_edit_open(files[i], O_RDONLY, 0644, command_details); + ofd = sudo_edit_open(files[i], O_RDONLY, + S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH, command_details); if (ofd != -1 || errno == ENOENT) { if (ofd == -1) { /* New file, verify parent dir exists unless in cwd. */ @@ -673,7 +674,8 @@ sudo_edit_copy_tfiles(struct command_details *command_details, "seteuid(%u)", user_details.uid); if (seteuid(user_details.uid) != 0) sudo_fatal("seteuid(%d)", (int)user_details.uid); - tfd = sudo_edit_open(tf[i].tfile, O_RDONLY, 0644, NULL); + tfd = sudo_edit_open(tf[i].tfile, O_RDONLY, + S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH, NULL); if (tfd != -1) rc = fstat(tfd, &sb); sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, @@ -707,8 +709,8 @@ sudo_edit_copy_tfiles(struct command_details *command_details, } switch_user(command_details->euid, command_details->egid, command_details->ngroups, command_details->groups); - ofd = sudo_edit_open(tf[i].ofile, O_WRONLY|O_TRUNC|O_CREAT, 0644, - command_details); + ofd = sudo_edit_open(tf[i].ofile, O_WRONLY|O_TRUNC|O_CREAT, + S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH, command_details); switch_user(ROOT_UID, user_details.egid, user_details.ngroups, user_details.groups); if (ofd == -1) {