1
Origin: http://www.sudo.ws/repos/sudo/raw-rev/fe8a94f96542
2
Description: fix CVE-2011-0010 by prompting for password when the user is
3
running sudo as himself but as a different group
5
Index: sudo-1.7.4p4/check.c
6
===================================================================
7
--- sudo-1.7.4p4.orig/check.c 2011-01-18 16:33:03.000000000 -0600
8
+++ sudo-1.7.4p4/check.c 2011-01-18 16:33:17.000000000 -0600
10
if (ISSET(mode, MODE_INVALIDATE)) {
11
SET(validated, FLAG_CHECK_USER);
13
- if (user_uid == 0 || user_uid == runas_pw->pw_uid || user_is_exempt())
15
+ * Don't prompt for the root passwd or if the user is exempt.
16
+ * If the user is not changing uid/gid, no need for a password.
18
+ if (user_uid == 0 || (user_uid == runas_pw->pw_uid &&
19
+ (!runas_gr || user_in_group(sudo_user.pw, runas_gr->gr_name))) ||