patch from upstream for privilege escalation in certain sudoers configurations

author Bdale Garbee <bdale@gag.com>

Tue, 27 Jan 2009 18:45:36 +0000 (11:45 -0700)

committer Bdale Garbee <bdale@gag.com>

Tue, 27 Jan 2009 18:45:36 +0000 (11:45 -0700)
author Bdale Garbee <bdale@gag.com>
Tue, 27 Jan 2009 18:45:36 +0000 (11:45 -0700)
committer Bdale Garbee <bdale@gag.com>
Tue, 27 Jan 2009 18:45:36 +0000 (11:45 -0700)
diff --git a/parse.c b/parse.c

index 8c4a1e5bb5935d0ab172bfafe51a0b253d175149..b1c7cd9258f9fdcc963b29f79a6fdb0503c34893 100644 (file)
--- a/parse.c
+++ b/parse.c
@@ -621,9 +621,11 @@ usergr_matches(group, user, pw)
      /*
       * If the user has a supplementary group vector, check it first.
       */
-    for (i = 0; i < user_ngroups; i++) {
-       if (grp->gr_gid == user_groups[i])
-           return(TRUE);
+    if (strcmp(user, user_name) == 0) {
+       for (i = 0; i < user_ngroups; i++) {
+           if (grp->gr_gid == user_groups[i])
+               return(TRUE);
+       }
      }
      if (grp->gr_mem != NULL) {
         for (cur = grp->gr_mem; *cur; cur++) {
author	Bdale Garbee <bdale@gag.com>
	Tue, 27 Jan 2009 18:45:36 +0000 (11:45 -0700)
committer	Bdale Garbee <bdale@gag.com>
	Tue, 27 Jan 2009 18:45:36 +0000 (11:45 -0700)