Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:GA
sudo.4932
sudo-1.8.10p3-user_groups.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File sudo-1.8.10p3-user_groups.patch of Package sudo.4932
# HG changeset patch # User Todd C. Miller <Todd.Miller@courtesan.com> # Date 1466612489 21600 # Node ID 3bf16489800c6908af6600e0adb1160dc0e05ec4 # Parent 40cbfa5deeb114771e43842173603ac0d1509974 Set user groups in exec_setup() if they were not already set by policy_init_session(). Bug #749 Index: sudo-1.8.10p3/src/sudo.c =================================================================== --- sudo-1.8.10p3.orig/src/sudo.c +++ sudo-1.8.10p3/src/sudo.c @@ -536,6 +536,7 @@ command_info_to_details(char * const inf memset(details, 0, sizeof(*details)); details->closefrom = -1; + details->flags = CD_SET_GROUPS; TAILQ_INIT(&details->preserved_fds); #define SET_STRING(s, n) \ @@ -844,6 +845,39 @@ restore_nproc(void) #endif /* __linux__ */ } +static bool +set_user_groups(struct command_details *details) +{ + bool rval = false; + debug_decl(set_user_groups, SUDO_DEBUG_EXEC) + + if (!ISSET(details->flags, CD_PRESERVE_GROUPS)) { + if (details->ngroups >= 0) { + if (sudo_setgroups(details->ngroups, details->groups) < 0) { + warning(U_("unable to set supplementary group IDs")); + goto done; + } + } + } +#ifdef HAVE_SETEUID + if (ISSET(details->flags, CD_SET_EGID) && setegid(details->egid)) { + warning(U_("unable to set effective gid to runas gid %u"), + (unsigned int)details->egid); + goto done; + } +#endif + if (ISSET(details->flags, CD_SET_GID) && setgid(details->gid)) { + warning(U_("unable to set gid to runas gid %u"), + (unsigned int)details->gid); + goto done; + } + rval = true; + +done: + CLR(details->flags, CD_SET_GROUPS); + debug_return_bool(rval); +} + /* * Setup the execution environment immediately prior to the call to execve(). * Group setup is performed by policy_init_session(), called earlier. @@ -922,6 +956,12 @@ exec_setup(struct command_details *detai #endif /* HAVE_LOGIN_CAP_H */ } + if (ISSET(details->flags, CD_SET_GROUPS)) { + /* set_user_groups() prints error message on failure. */ + if (!set_user_groups(details)) + goto done; + } + if (ISSET(details->flags, CD_SET_PRIORITY)) { if (setpriority(PRIO_PROCESS, 0, details->priority) != 0) { warning(U_("unable to set process priority")); @@ -1143,28 +1183,10 @@ policy_init_session(struct command_detai * as part of the session setup. This allows for dynamic * groups to be set via pam_group(8) in pam_setcred(3). */ - if (!ISSET(details->flags, CD_PRESERVE_GROUPS)) { - if (details->ngroups >= 0) { - if (sudo_setgroups(details->ngroups, details->groups) < 0) { - warning(U_("unable to set supplementary group IDs")); - rval = -1; - goto done; - } - } - } -#ifdef HAVE_SETEUID - if (ISSET(details->flags, CD_SET_EGID) && setegid(details->egid)) { - warning(U_("unable to set effective gid to runas gid %u"), - (unsigned int)details->egid); - rval = -1; - goto done; - } -#endif - if (ISSET(details->flags, CD_SET_GID) && setgid(details->gid)) { - warning(U_("unable to set gid to runas gid %u"), - (unsigned int)details->gid); - rval = -1; - goto done; + if (ISSET(details->flags, CD_SET_GROUPS)) { + /* set_user_groups() prints error message on failure. */ + if (!set_user_groups(details)) + goto done; } if (policy_plugin.u.policy->init_session) { Index: sudo-1.8.10p3/src/sudo.h =================================================================== --- sudo-1.8.10p3.orig/src/sudo.h +++ sudo-1.8.10p3/src/sudo.h @@ -122,6 +122,7 @@ struct user_details { #define CD_USE_PTY 0x1000 #define CD_SET_UTMP 0x2000 #define CD_EXEC_BG 0x4000 +#define CD_SET_GROUPS 0x40000 struct preserved_fd { TAILQ_ENTRY(preserved_fd) entries;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor