File sudo-1.8.10p3-user_groups.patch of Package sudo.4932

Overview Repositories Revisions Requests Users Attributes Meta

File sudo-1.8.10p3-user_groups.patch of Package sudo.4932

# HG changeset patch
# User Todd C. Miller <Todd.Miller@courtesan.com>
# Date 1466612489 21600
# Node ID 3bf16489800c6908af6600e0adb1160dc0e05ec4
# Parent  40cbfa5deeb114771e43842173603ac0d1509974
Set user groups in exec_setup() if they were not already set by
policy_init_session().  Bug #749

Index: sudo-1.8.10p3/src/sudo.c
===================================================================
--- sudo-1.8.10p3.orig/src/sudo.c
+++ sudo-1.8.10p3/src/sudo.c
@@ -536,6 +536,7 @@ command_info_to_details(char * const inf
 
     memset(details, 0, sizeof(*details));
     details->closefrom = -1;
+    details->flags = CD_SET_GROUPS;
     TAILQ_INIT(&details->preserved_fds);
 
 #define SET_STRING(s, n) \
@@ -844,6 +845,39 @@ restore_nproc(void)
 #endif /* __linux__ */
 }
 
+static bool
+set_user_groups(struct command_details *details)
+{
+    bool rval = false;
+    debug_decl(set_user_groups, SUDO_DEBUG_EXEC)
+
+    if (!ISSET(details->flags, CD_PRESERVE_GROUPS)) {
+	if (details->ngroups >= 0) {
+	    if (sudo_setgroups(details->ngroups, details->groups) < 0) {
+		warning(U_("unable to set supplementary group IDs"));
+		goto done;
+	    }
+	}
+    }
+#ifdef HAVE_SETEUID
+    if (ISSET(details->flags, CD_SET_EGID) && setegid(details->egid)) {
+	warning(U_("unable to set effective gid to runas gid %u"),
+	    (unsigned int)details->egid);
+	goto done;
+    }
+#endif
+    if (ISSET(details->flags, CD_SET_GID) && setgid(details->gid)) {
+	warning(U_("unable to set gid to runas gid %u"),
+	    (unsigned int)details->gid);
+	goto done;
+    }
+    rval = true;
+
+done:
+    CLR(details->flags, CD_SET_GROUPS);
+    debug_return_bool(rval);
+}
+
 /*
  * Setup the execution environment immediately prior to the call to execve().
  * Group setup is performed by policy_init_session(), called earlier.
@@ -922,6 +956,12 @@ exec_setup(struct command_details *detai
 #endif /* HAVE_LOGIN_CAP_H */
     }
 
+    if (ISSET(details->flags, CD_SET_GROUPS)) {
+	/* set_user_groups() prints error message on failure. */
+	if (!set_user_groups(details))
+	    goto done;
+    }
+
     if (ISSET(details->flags, CD_SET_PRIORITY)) {
 	if (setpriority(PRIO_PROCESS, 0, details->priority) != 0) {
 	    warning(U_("unable to set process priority"));
@@ -1143,28 +1183,10 @@ policy_init_session(struct command_detai
      * as part of the session setup.  This allows for dynamic
      * groups to be set via pam_group(8) in pam_setcred(3).
      */
-    if (!ISSET(details->flags, CD_PRESERVE_GROUPS)) {
-        if (details->ngroups >= 0) {
-            if (sudo_setgroups(details->ngroups, details->groups) < 0) {
-                warning(U_("unable to set supplementary group IDs"));
-                rval = -1;
-                goto done;
-            }
-        }
-    }
-#ifdef HAVE_SETEUID
-    if (ISSET(details->flags, CD_SET_EGID) && setegid(details->egid)) {
-        warning(U_("unable to set effective gid to runas gid %u"),
-            (unsigned int)details->egid);
-        rval = -1;
-        goto done;
-    }
-#endif
-    if (ISSET(details->flags, CD_SET_GID) && setgid(details->gid)) {
-        warning(U_("unable to set gid to runas gid %u"),
-            (unsigned int)details->gid);
-        rval = -1;
-        goto done;
+    if (ISSET(details->flags, CD_SET_GROUPS)) {
+       /* set_user_groups() prints error message on failure. */
+       if (!set_user_groups(details))
+           goto done;
     }
 
     if (policy_plugin.u.policy->init_session) {
Index: sudo-1.8.10p3/src/sudo.h
===================================================================
--- sudo-1.8.10p3.orig/src/sudo.h
+++ sudo-1.8.10p3/src/sudo.h
@@ -122,6 +122,7 @@ struct user_details {
 #define CD_USE_PTY		0x1000
 #define CD_SET_UTMP		0x2000
 #define CD_EXEC_BG		0x4000
+#define CD_SET_GROUPS          0x40000
 
 struct preserved_fd {
     TAILQ_ENTRY(preserved_fd) entries;

Places

File sudo-1.8.10p3-user_groups.patch of Package sudo.4932

Places