After studying sudo a little more I came up with a patch that I think
can be applied to sudo without issues. While the first patch was enough
to point out where the problem was, this new patch should fix it in the
best possible way.
I hadn't realised before that there can be more than one source for sudo
and this patch takes care of it, the process fails only if there are no
valid sources.
diff -ur old/sudo-1.7.0/sudo.c new/sudo-1.7.0/sudo.c
--- old/sudo-1.7.0/sudo.c 2009-07-05 09:33:40.000000000 -0400
+++ new/sudo-1.7.0/sudo.c 2009-07-05 09:24:30.000000000 -0400
@@ -1072,16 +1072,19 @@
(unsigned long) statbuf.st_gid, (unsigned long) SUDOERS_GID);
else if ((fp = fopen(sudoers, "r")) == NULL)
log_error(USE_ERRNO, "can't open %s", sudoers);
- else if (statbuf.st_size != 0) {
- /*
- * Make sure we can actually read sudoers so we can present the
- * user with a reasonable error message.
- */
- if (fgetc(fp) == EOF)
- log_error(USE_ERRNO, "can't read %s", sudoers);
- rewind(fp);
+ else {
+ if (statbuf.st_size != 0) {
+ /*
+ * Make sure we can actually read sudoers so we can present the
+ * user with a reasonable error message.
+ */
+ if (fgetc(fp) == EOF)
+ log_error(USE_ERRNO, "can't read %s", sudoers);
+ rewind(fp);
+ }
+
+ (void) fcntl(fileno(fp), F_SETFD, 1);
}
- (void) fcntl(fileno(fp), F_SETFD, 1);
set_perms(PERM_ROOT); /* change back to root */
return(fp);
