sudo documentation purports wrong loginclass functionality

Mon, 18 Mar 2013 14:49:13 -0700 

There are at least two instances in sudo documentation that lead
to believe that `use_loginclass' and `sudo -c` behave differently
than they do in the implementation WRT which of the target and
calling users' loginclass gets applied.

sudoers(5):

   831  
   832       use_loginclass    If set, sudo will apply the defaults specified 
for the
   833                         target user's login class if one exists.  Only
   834                         available if sudo is configured with the
   835                         --with-logincap option.  This flag is off by 
default.
   836  

By "target user" I understand NAME in `sudo -uNAME CMD` or root in
absence of `-u'.

sudo(8):

    69  
    70       -c class    The -c (class) option causes sudo to run the specified
    71                   command with resources limited by the specified login 
class.
    72                   The class argument can be either a class name as 
defined in
    73                   /etc/login.conf, or a single `-' character.  
Specifying a
    74                   class of - indicates that the command should be run
    75                   restricted by the default login capabilities for the 
user the
    76                   command is run as.  If the class argument specifies an
    77                   existing user class, the command must be run as root, 
or the
    78                   sudo command must be run from a shell that is already 
root.
    79                   This option is only available on systems with BSD login
    80                   classes.
    81

In the `sudo -c- CMD` case, I understand that "the user the command
is run as" is a synonym of the previous "target user" term; NAME
in `sudo -uNAME CMD` or root.

In spite both of these, it's the calling user's loginclass that is
effective.

The patch below attempts to aligns sudo with the documentation. I
have no idea if it causes unwarranted privileges to be granted later
on in the call stack.  Alternatively, the documentation should be
fixed to reflect the less useful and counter-intuitive current
bevahiour.

diff --git a/usr.bin/sudo/sudo.c b/usr.bin/sudo/sudo.c
index a299bdc..650c41a 100644
--- a/usr.bin/sudo/sudo.c
+++ b/usr.bin/sudo/sudo.c
@@ -305,7 +305,7 @@ main(argc, argv, envp)
        log_error(NO_STDERR|NO_EXIT, "problem with defaults entries");
 
     /* Set login class if applicable. */
-    set_loginclass(sudo_user.pw);
+    set_loginclass(runas_pw);
 
     /* Update initial shell now that runas is set. */
     if (ISSET(sudo_mode, MODE_LOGIN_SHELL))

Reply via email to