Backport fix from sudo 1.7.4p5; if -g specified w/o -u the target

user is considered to be different from the invoking user unless the user's gid is the same as the target gid.
author: millert <millert@openbsd.org> 2011-01-12 21:45:02 +0000
committer: millert <millert@openbsd.org> 2011-01-12 21:45:02 +0000
commit: c02f74d70b7bb216e16ce0ed1770d3307ecee6b7 (patch)
tree: f8b30a74e936d2f5780fd1952c42558ff065aff3
parent: Provide a specific rw_cas() function for MP kernels; stolen from m88k. (diff)
download: wireguard-openbsd-c02f74d70b7bb216e16ce0ed1770d3307ecee6b7.tar.xz
wireguard-openbsd-c02f74d70b7bb216e16ce0ed1770d3307ecee6b7.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/usr.bin/sudo/check.c b/usr.bin/sudo/check.c
index 817e406eb8c..e9c9f0ae29e 100644
--- a/usr.bin/sudo/check.c
+++ b/usr.bin/sudo/check.c
@@ -93,7 +93,12 @@ check_user(validated, mode)
 	/* do not check or update timestamp */
 	status = TS_ERROR;
     } else {
-	if (user_uid == 0 || user_uid == runas_pw->pw_uid || user_is_exempt())
+	/*
+	 * Don't prompt for the root passwd or if the user is exempt.
+	 * If the user is not changing uid/gid, no need for a password.
+	 */
+	if (user_uid == 0 || (user_uid == runas_pw->pw_uid &&
+	    (!runas_gr || user_gid == runas_gr->gr_gid)) || user_is_exempt())
 	    return;
 
 	build_timestamp(&timestampdir, &timestampfile);
author	millert <millert@openbsd.org>	2011-01-12 21:45:02 +0000
committer	millert <millert@openbsd.org>	2011-01-12 21:45:02 +0000
commit	c02f74d70b7bb216e16ce0ed1770d3307ecee6b7 (patch)
tree	f8b30a74e936d2f5780fd1952c42558ff065aff3
parent	Provide a specific rw_cas() function for MP kernels; stolen from m88k. (diff)
download	wireguard-openbsd-c02f74d70b7bb216e16ce0ed1770d3307ecee6b7.tar.xz wireguard-openbsd-c02f74d70b7bb216e16ce0ed1770d3307ecee6b7.zip