The fix applied, as you've described it, bestows uppon sudo a change in behaviour in addition to fixing the class privilege bug.
Previously, the check was a string comparison of username against run_as_default, which is influenced, possibly among other things, by the compile-time configuration of RUNAS_DEFAULT This is distinct from an uid check. It's my duty to ask that the change be properly explained, understood, and known amongst the users of sudo, and that my name be given credit for rescueing this bit of positivity from an altercation with unpleasant people about rlimit and the Unix security model. On Sat, Dec 7, 2013 at 10:24 AM, Todd C. Miller <[email protected]> wrote: > Thanks, I've committed a slightly simpler fix. Since set_loginclass() > already has the struct passwd of the runas user, we can just check > that pw->pw_uid is 0. > > - todd
