Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:Update
sudo.4932
sudo-1.8.10p3_pam_groups_upstream.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File sudo-1.8.10p3_pam_groups_upstream.patch of Package sudo.4932
Index: sudo-1.8.10p3/src/sudo.c =================================================================== --- sudo-1.8.10p3.orig/src/sudo.c +++ sudo-1.8.10p3/src/sudo.c @@ -845,7 +845,8 @@ restore_nproc(void) } /* - * Setup the execution environment immediately prior to the call to execve() + * Setup the execution environment immediately prior to the call to execve(). + * Group setup is performed by policy_init_session(), called earlier. * Returns true on success and false on failure. */ bool @@ -921,30 +922,6 @@ exec_setup(struct command_details *detai #endif /* HAVE_LOGIN_CAP_H */ } - /* - * Set groups, including supplementary group vector. - */ - if (!ISSET(details->flags, CD_PRESERVE_GROUPS)) { - if (details->ngroups >= 0) { - if (sudo_setgroups(details->ngroups, details->groups) < 0) { - warning(U_("unable to set supplementary group IDs")); - goto done; - } - } - } -#ifdef HAVE_SETEUID - if (ISSET(details->flags, CD_SET_EGID) && setegid(details->egid)) { - warning(U_("unable to set effective gid to runas gid %u"), - (unsigned int)details->egid); - goto done; - } -#endif - if (ISSET(details->flags, CD_SET_GID) && setgid(details->gid)) { - warning(U_("unable to set gid to runas gid %u"), - (unsigned int)details->gid); - goto done; - } - if (ISSET(details->flags, CD_SET_PRIORITY)) { if (setpriority(PRIO_PROCESS, 0, details->priority) != 0) { warning(U_("unable to set process priority")); @@ -1161,6 +1138,35 @@ policy_init_session(struct command_detai int rval = true; debug_decl(policy_init_session, SUDO_DEBUG_PCOMM) + /* + * We set groups, including supplementary group vector, + * as part of the session setup. This allows for dynamic + * groups to be set via pam_group(8) in pam_setcred(3). + */ + if (!ISSET(details->flags, CD_PRESERVE_GROUPS)) { + if (details->ngroups >= 0) { + if (sudo_setgroups(details->ngroups, details->groups) < 0) { + warning(U_("unable to set supplementary group IDs")); + rval = -1; + goto done; + } + } + } +#ifdef HAVE_SETEUID + if (ISSET(details->flags, CD_SET_EGID) && setegid(details->egid)) { + warning(U_("unable to set effective gid to runas gid %u"), + (unsigned int)details->egid); + rval = -1; + goto done; + } +#endif + if (ISSET(details->flags, CD_SET_GID) && setgid(details->gid)) { + warning(U_("unable to set gid to runas gid %u"), + (unsigned int)details->gid); + rval = -1; + goto done; + } + if (policy_plugin.u.policy->init_session) { /* * Backwards compatibility for older API versions @@ -1175,6 +1181,7 @@ policy_init_session(struct command_detai &details->envp); } } +done: debug_return_bool(rval); }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor