File sudo-1.6.9p17-CVE-2010-0427.diff of Package sudo

Overview Repositories Revisions Requests Users Attributes Meta

File sudo-1.6.9p17-CVE-2010-0427.diff of Package sudo

Index: set_perms.c
===================================================================
--- set_perms.c.orig
+++ set_perms.c
@@ -376,11 +376,12 @@ set_perms(perm)
 #endif /* HAVE_SETRESUID */
 
 #ifdef HAVE_INITGROUPS
+static int runas_ngroups = -1;
+static GETGROUPS_T *runas_groups;
+
 static void
 runas_setgroups()
 {
-    static int ngroups = -1;
-    static GETGROUPS_T *groups;
     struct passwd *pw;
 
     if (def_preserve_groups)
@@ -389,21 +390,28 @@ runas_setgroups()
     /*
      * Use stashed copy of runas groups if available, else initgroups and stash.
      */
-    if (ngroups == -1) {
+    if (runas_ngroups == -1) {
 	pw = runas_pw ? runas_pw : sudo_user.pw;
 	if (initgroups(pw->pw_name, pw->pw_gid) < 0)
 	    log_error(USE_ERRNO|MSG_ONLY, "can't set runas group vector");
-	if ((ngroups = getgroups(0, NULL)) < 0)
+	if ((runas_ngroups = getgroups(0, NULL)) < 0)
 	    log_error(USE_ERRNO|MSG_ONLY, "can't get runas ngroups");
-	groups = emalloc2(ngroups, sizeof(GETGROUPS_T));
-	if (getgroups(ngroups, groups) < 0)
+	runas_groups = emalloc2(runas_ngroups, sizeof(GETGROUPS_T));
+	if (getgroups(runas_ngroups, runas_groups) < 0)
 	    log_error(USE_ERRNO|MSG_ONLY, "can't get runas group vector");
     } else {
-	if (setgroups(ngroups, groups) < 0)
+	if (setgroups(runas_ngroups, runas_groups) < 0)
 	    log_error(USE_ERRNO|MSG_ONLY, "can't set runas group vector");
     }
 }
 
+void
+runas_resetgroups()
+{
+    runas_ngroups = -1;
+    efree(runas_groups);
+}
+
 static void
 restore_groups()
 {
Index: sudo.c
===================================================================
--- sudo.c.orig
+++ sudo.c
@@ -131,6 +131,7 @@ extern char **insert_env_vars		__P((char
 extern struct passwd *sudo_getpwnam	__P((const char *));
 extern struct passwd *sudo_getpwuid	__P((uid_t));
 extern struct passwd *sudo_pwdup	__P((const struct passwd *));
+extern void runas_resetgroups		__P((void));
 
 /*
  * Globals
@@ -1244,6 +1245,7 @@ set_runaspw(user)
 	if (runas_pw == NULL)
 	    log_error(NO_MAIL|MSG_ONLY, "no passwd entry for %s!", user);
     }
+    runas_resetgroups();
     return(TRUE);
 }

Places

File sudo-1.6.9p17-CVE-2010-0427.diff of Package sudo

Places