[sudo-commits] sudo changeset 14772:eeb075b3b79c
Todd C. Miller
Todd.Miller at sudo.ws
Tue Jun 13 16:46:07 MDT 2023
changeset: 14772:eeb075b3b79c in /raid/repos/sudo
details: https://www.sudo.ws/repos/sudo/rev/eeb075b3b79c
user: Todd C. Miller <Todd.Miller at sudo.ws>
date: Tue Jun 13 10:29:00 2023 -0600
Log Message:
runaslist_matches: fix bug when no runas list is specified in sudoers.
If a sudoers rule has no runas list, a user-specified runas group
should only be allowed if it matches a group that the default runas
user belongs to. Instead, a missing group check allowed the user
run commands as the default runas user with an arbitrary group.
This means that a rule like "somebody host = ALL", which should be
equivalent to "somebody host = (root) ALL", had the same effect as
"somebody host = (root:ALL) ALL".
diffstat:
plugins/sudoers/match.c | 97 +++++++++++++++++++++++++-----------------------
1 files changed, 50 insertions(+), 47 deletions(-)
More information about the sudo-commits
mailing list