mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-30 22:05:46 +00:00
Code Issues Releases Wiki Activity

correct error message if mode/owner wrong and not statable by owner

Browse Source 
but is statable by root.
This commit is contained in:
Todd C. Miller
1996-12-12 04:10:19 +00:00
parent 294b7f4965
commit b0192afc35
1 changed files with 30 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
sudo.c
View File

@@ -783,7 +783,7 @@ static void load_cmnd(sudo_mode)
static int check_sudoers()
{
struct stat statbuf;
int fd = -1;
int fd = -1, rootstat;
char c;
int rtn = ALL_SYSTEMS_GO;
@@ -792,35 +792,39 @@ static int check_sudoers()
* Only works if filesystem is readable/writable by root.
*/
set_perms(PERM_ROOT, 0);
if (!lstat(_PATH_SUDO_SUDOERS, &statbuf) && SUDOERS_UID == statbuf.st_uid) {
if (SUDOERS_MODE != 0400 && (statbuf.st_mode & 0007777) == 0400) {
if (chmod(_PATH_SUDO_SUDOERS, SUDOERS_MODE) == 0) {
(void) fprintf(stderr, "%s: fixed mode on %s\n",
Argv[0], _PATH_SUDO_SUDOERS);
if (statbuf.st_gid != SUDOERS_GID) {
if (!chown(_PATH_SUDO_SUDOERS,GID_NO_CHANGE,SUDOERS_GID)) {
(void) fprintf(stderr, "%s: set group on %s\n",
Argv[0], _PATH_SUDO_SUDOERS);
statbuf.st_gid = SUDOERS_GID;
} else {
(void) fprintf(stderr,"%s: Unable to set group on %s: ",
Argv[0], _PATH_SUDO_SUDOERS);
perror("");
}
if ((rootstat = lstat(_PATH_SUDO_SUDOERS, &statbuf)) == 0 &&
SUDOERS_UID == statbuf.st_uid && SUDOERS_MODE != 0400 &&
(statbuf.st_mode & 0007777) == 0400) {
if (chmod(_PATH_SUDO_SUDOERS, SUDOERS_MODE) == 0) {
(void) fprintf(stderr, "%s: fixed mode on %s\n",
Argv[0], _PATH_SUDO_SUDOERS);
if (statbuf.st_gid != SUDOERS_GID) {
if (!chown(_PATH_SUDO_SUDOERS,GID_NO_CHANGE,SUDOERS_GID)) {
(void) fprintf(stderr, "%s: set group on %s\n",
Argv[0], _PATH_SUDO_SUDOERS);
statbuf.st_gid = SUDOERS_GID;
} else {
(void) fprintf(stderr,"%s: Unable to set group on %s: ",
Argv[0], _PATH_SUDO_SUDOERS);
perror("");
}
} else {
(void) fprintf(stderr, "%s: Unable to fix mode on %s: ",
Argv[0], _PATH_SUDO_SUDOERS);
perror("");
}
} else {
(void) fprintf(stderr, "%s: Unable to fix mode on %s: ",
Argv[0], _PATH_SUDO_SUDOERS);
perror("");
}
}
/*
* Sanity checks on sudoers file. Must be done as sudoers
* file owner. We already did a stat as root, so use that
* data if we can't stat as sudoers file owner.
*/
set_perms(PERM_SUDOERS, 0);
if ((fd = open(_PATH_SUDO_SUDOERS, O_RDONLY)) < 0 || read(fd, &c, 1) == -1)
rtn = NO_SUDOERS_FILE;
else if (lstat(_PATH_SUDO_SUDOERS, &statbuf))
if (lstat(_PATH_SUDO_SUDOERS, &statbuf) != 0 && rootstat != 0)
rtn = NO_SUDOERS_FILE;
else if (!S_ISREG(statbuf.st_mode))
rtn = SUDOERS_NOT_FILE;
@@ -828,6 +832,9 @@ static int check_sudoers()
rtn = SUDOERS_WRONG_MODE;
else if (statbuf.st_uid != SUDOERS_UID || statbuf.st_gid != SUDOERS_GID)
rtn = SUDOERS_WRONG_OWNER;
else if ((fd = open(_PATH_SUDO_SUDOERS, O_RDONLY)) == -1 ||
read(fd, &c, 1) == -1)
rtn = NO_SUDOERS_FILE;
if (fd != -1)
(void) close(fd);