diff options
| author | Todd C. Miller <millert@cvs.openbsd.org> | 2011-01-12 21:45:03 +0000 |
|---|---|---|
| committer | Todd C. Miller <millert@cvs.openbsd.org> | 2011-01-12 21:45:03 +0000 |
| commit | e3b54548057786d0475e0a053dae358d96bf7a70 (patch) | |
| tree | be76a034a7618c5a964c05cb221fbce1187f25bd /usr.bin/sudo | |
| parent | 8d8f88eeb53bec32d90502aeaef89e8b487972e7 (diff) | |
Backport fix from sudo 1.7.4p5; if -g specified w/o -u the target
user is considered to be different from the invoking user unless
the user's gid is the same as the target gid.
Diffstat (limited to 'usr.bin/sudo')
| -rw-r--r-- | usr.bin/sudo/check.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/usr.bin/sudo/check.c b/usr.bin/sudo/check.c index 817e406eb8c..e9c9f0ae29e 100644 --- a/usr.bin/sudo/check.c +++ b/usr.bin/sudo/check.c @@ -93,7 +93,12 @@ check_user(validated, mode) /* do not check or update timestamp */ status = TS_ERROR; } else { - if (user_uid == 0 || user_uid == runas_pw->pw_uid || user_is_exempt()) + /* + * Don't prompt for the root passwd or if the user is exempt. + * If the user is not changing uid/gid, no need for a password. + */ + if (user_uid == 0 || (user_uid == runas_pw->pw_uid && + (!runas_gr || user_gid == runas_gr->gr_gid)) || user_is_exempt()) return; build_timestamp(×tampdir, ×tampfile); |