Skip to content

Commit ff0b6be

Browse files
committed
open_sudoers: Do not perform path expansion on files in an includedir
A file in an includedir containing one or more colons (':') in the name we was being expanded as a colon-separated path instead of being opened as-is. This fixes a regression introduced in sudo 1.9.14. Bug #1085
1 parent ac30b94 commit ff0b6be

1 file changed

Lines changed: 9 additions & 1 deletion

File tree

plugins/sudoers/sudoers.c

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1289,7 +1289,15 @@ open_sudoers(const char *path, char **outfile, bool doedit, bool *keepopen)
12891289
int error, fd;
12901290
debug_decl(open_sudoers, SUDOERS_DEBUG_PLUGIN);
12911291

1292-
fd = sudo_open_conf_path(path, fname, sizeof(fname), open_file);
1292+
if (outfile == NULL) {
1293+
/* Single file, do not treat as a path. */
1294+
fd = open_file(path, O_RDONLY|O_NONBLOCK);
1295+
if (fd != -1)
1296+
(void)fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
1297+
} else {
1298+
/* Could be a colon-separated path of file names. */
1299+
fd = sudo_open_conf_path(path, fname, sizeof(fname), open_file);
1300+
}
12931301
if (sudoers_ctx.parser_conf.ignore_perms) {
12941302
/* Skip sudoers security checks when ignore_perms is set. */
12951303
if (fd == -1 || fstat(fd, &sb) == -1)

0 commit comments

Comments
 (0)