Package: sudo / 1.7.4p4-2.squeeze.6

debian-changes-1.7.4p4-2.squeeze.2 Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
Description: Upstream changes introduced in version 1.7.4p4-2.squeeze.2
 This patch has been created by dpkg-source during the package build.
 Here's the last changelog entry, hopefully it gives details on why
 those changes were made:
 .
 sudo (1.7.4p4-2.squeeze.2) stable; urgency=low
 .
   * patch from upstream to resolve interoperability problem between HOME in
     env_keep and the -H flag, originally closed #596493, applying this to
     to squeeze also closes: #614232
 .
 The person named in the Author field signed this changelog entry.
Author: Bdale Garbee <bdale@gag.com>
Bug-Debian: http://bugs.debian.org/614232

---
The information above should follow the Patch Tagging Guidelines, please
checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
are templates for supplementary fields that you might want to add:

Origin: <vendor|upstream|other>, <url of original patch>
Bug: <url in upstream bugtracker>
Bug-Debian: http://bugs.debian.org/<bugnumber>
Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
Forwarded: <no|not-needed|url proving that it has been forwarded>
Reviewed-By: <name and email of someone who approved the patch>
Last-Update: <YYYY-MM-DD>

--- sudo-1.7.4p4.orig/check.c
+++ sudo-1.7.4p4/check.c
@@ -119,7 +119,13 @@ check_user(validated, mode)
     if (ISSET(mode, MODE_INVALIDATE)) {
 	SET(validated, FLAG_CHECK_USER);
     } else {
-	if (user_uid == 0 || user_uid == runas_pw->pw_uid || user_is_exempt())
+	/*
+	 * Don't prompt for the root passwd or if the user is exempt.
+	 * If the user is not changing uid/gid, no need for a password.
+	 */
+	if (user_uid == 0 || (user_uid == runas_pw->pw_uid &&
+	    (!runas_gr || user_in_group(sudo_user.pw, runas_gr->gr_name))) ||
+	    user_is_exempt())
 	    return;
     }
 
--- sudo-1.7.4p4.orig/env.c
+++ sudo-1.7.4p4/env.c
@@ -610,10 +610,16 @@ rebuild_env(noexec)
 #ifdef ENV_DEBUG
     memset(env.envp, 0, env.env_size * sizeof(char *));
 #endif
-    if (def_env_reset || ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
-	/* Reset HOME based on target user unless keeping old value. */
-	reset_home = TRUE;
 
+    /* Reset HOME based on target user if configured to. */
+    if (ISSET(sudo_mode, MODE_RUN)) {
+	if (def_always_set_home ||
+	    ISSET(sudo_mode, MODE_RESET_HOME | MODE_LOGIN_SHELL) || 
+	    (ISSET(sudo_mode, MODE_SHELL) && def_set_home))
+	    reset_home = TRUE;
+    }
+
+    if (def_env_reset || ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
 	/* Pull in vars we want to keep from the old environment. */
 	for (ep = old_envp; *ep; ep++) {
 	    int keepit;
@@ -709,6 +715,11 @@ rebuild_env(noexec)
 	    if (!ISSET(didvar, DID_USERNAME))
 		sudo_setenv("USERNAME", user_name, FALSE);
 	}
+
+	/* If we didn't keep HOME, reset it based on target user. */
+	if (!ISSET(didvar, KEPT_HOME))
+	    reset_home = TRUE;
+
 	/*
 	 * Set MAIL to target user in -i mode or if MAIL is not preserved
 	 * from user's environment.
@@ -722,13 +733,6 @@ rebuild_env(noexec)
 	    sudo_putenv(cp, ISSET(didvar, DID_MAIL), TRUE);
 	}
     } else {
-	/* Reset HOME based on target user if configured to. */
-	if (ISSET(sudo_mode, MODE_RUN)) {
-	    if (def_always_set_home || ISSET(sudo_mode, MODE_RESET_HOME) || 
-		(ISSET(sudo_mode, MODE_SHELL) && def_set_home))
-		reset_home = TRUE;
-	}
-
 	/*
 	 * Copy environ entries as long as they don't match env_delete or
 	 * env_check.
@@ -778,7 +782,7 @@ rebuild_env(noexec)
     }
 
     /* Set $HOME to target user if not preserving user's value. */
-    if (reset_home && !ISSET(didvar, KEPT_HOME))
+    if (reset_home)
 	sudo_setenv("HOME", runas_pw->pw_dir, TRUE);
 
     /* Provide default values for $TERM and $PATH if they are not set. */