Unset "secure_path" if user_is_exempt()

2025-08-31 22:35:10 +00:00 · 2001-12-14 06:26:55 +00:00
parent 2cbd965d63
commit f590093e46
2 changed files with 7 additions and 1 deletions
--- a/find_path.c
+++ b/find_path.c
@@ -104,7 +104,7 @@ find_path(infile, outfile, path)
    }

    /* Use PATH passed in unless SECURE_PATH is in effect.  */
-    if (def_str(I_SECURE_PATH) && !user_is_exempt())
+    if (def_str(I_SECURE_PATH))
 	path = def_str(I_SECURE_PATH);
    else if (path == NULL)
 	return(NOT_FOUND);
--- a/sudo.c
+++ b/sudo.c
@@ -245,6 +245,12 @@ main(argc, argv, envp)
    /* Validate the user but don't search for pseudo-commands. */
    validated = sudoers_lookup(pwflag);

+    /* Exempt users aren't affected by secure paths. */
+    if (user_is_exempt() && def_str(I_SECURE_PATH)) {
+	free(def_str(I_SECURE_PATH));
+	def_str(I_SECURE_PATH) = NULL;
+    }
+
    /*
     * Look up runas user passwd struct.  If we are given a uid then
     * there may be no corresponding passwd(5) entry (which is OK).