If the SULOG_FILE does not exist when an su session is logged, make sure

the file is created with group root, instead of using the group of the caller.
2008-04-27 00:27:59 +00:00 · 2008-04-27 00:27:59 +00:00 · 8a8072a563
commit 8a8072a563
parent 4196525702
3 changed files with 28 additions and 0 deletions
--- a/6
+++ b/6
@ -1,3 +1,9 @@
+2008-04-27  Nicolas François  <nicolas.francois@centraliens.net>
+
+	* NEWS, libmisc/sulog.c: If the SULOG_FILE does not exist when an
+	su session is logged, make sure the file is created with group
+	root, instead of using the group of the caller.
+
 2008-04-27  Nicolas François  <nicolas.francois@centraliens.net>

 	* NEWS, libmisc/fields.c, src/chfn.c, man/chfn.1.xml: Allow
--- a/4
+++ b/4
@ -12,6 +12,10 @@ shadow-4.1.1 -> shadow-4.1.2						UNRELEASED
 - chfn
  * Allow non-US-ASCII characters in the GECOS fields ("name", "room
    number", and "other info" fields).
+- su
+  * If the SULOG_FILE does not exist when an su session is logged, make
+    sure the file is created with group root, instead of using the group
+    of the caller.

 shadow-4.1.0 -> shadow-4.1.1						02-04-2008

--- a/libmisc/sulog.c
+++ b/libmisc/sulog.c
@ -48,6 +48,7 @@ void sulog (const char *tty, int success, const char *oldname, const char *name)
 	struct tm *tm;
 	FILE *fp;
 	mode_t oldmask;
+	gid_t oldgid = 0;

 	if (success) {
 		SYSLOG ((LOG_INFO,
@ -60,9 +61,26 @@ void sulog (const char *tty, int success, const char *oldname, const char *name)
 	if ((sulog_file = getdef_str ("SULOG_FILE")) == (char *) 0)
 		return;

+	oldgid = getgid ();
 	oldmask = umask (077);
+	/* Switch to group root to avoid creating the sulog file with
+	 * the wrong group ownership. */
+	if ((oldgid != 0) && (setgid (0) != 0)) {
+		SYSLOG ((LOG_INFO,
+		         "su session not logged to %s", sulog_file));
+		/* Continue, but do not switch back to oldgid later */
+		oldgid = 0;
+	}
 	fp = fopen (sulog_file, "a+");
 	umask (oldmask);
+	if ((oldgid != 0) && (setgid (oldgid) != 0)) {
+		perror ("setgid");
+		SYSLOG ((LOG_ERR,
+		         "can't switch back to group `%d' in sulog",
+		         oldgid));
+		/* Do not return if the group permission were raised. */
+		exit (1);
+	}
 	if (fp == (FILE *) 0)
 		return;		/* can't open or create logfile */