Merge sudo 1.9.5p1 from tip

--HG--
branch : 1.9

NEWS

@@ -1,3 +1,9 @@
+What's new in Sudo 1.9.5p1
+
+ * Fixed a regression introduced in sudo 1.9.5 where the editor run
+   by sudoedit was set-user-ID root unless SELinux RBAC was in use.
+   The editor is now run with the user's real and effective user-IDs.
+
 What's new in Sudo 1.9.5
 
  * Fixed a crash introduced in 1.9.4 when running "sudo -i" as an
@@ -15,7 +21,7 @@ What's new in Sudo 1.9.5
    actually exploitable since the allocated buffer is large enough
    to hold the list of addresses.
 
- * If sudo is executed with a name other that "sudo" or "sudoedit",
+ * If sudo is executed with a name other than "sudo" or "sudoedit",
    it will now fall back to "sudo" as the program name.  This affects
    warning, help and usage messages as well as the matching of Debug
    lines in the /etc/sudo.conf file.  Previously, it was possible

configure

@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for sudo 1.9.5.
+# Generated by GNU Autoconf 2.69 for sudo 1.9.5p1.
 #
 # Report bugs to <https://bugzilla.sudo.ws/>.
 #
@@ -590,8 +590,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='sudo'
 PACKAGE_TARNAME='sudo'
-PACKAGE_VERSION='1.9.5'
-PACKAGE_STRING='sudo 1.9.5'
+PACKAGE_VERSION='1.9.5p1'
+PACKAGE_STRING='sudo 1.9.5p1'
 PACKAGE_BUGREPORT='https://bugzilla.sudo.ws/'
 PACKAGE_URL=''
 
@@ -1584,7 +1584,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures sudo 1.9.5 to adapt to many kinds of systems.
+\`configure' configures sudo 1.9.5p1 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1650,7 +1650,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of sudo 1.9.5:";;
+     short | recursive ) echo "Configuration of sudo 1.9.5p1:";;
    esac
   cat <<\_ACEOF
 
@@ -1924,7 +1924,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-sudo configure 1.9.5
+sudo configure 1.9.5p1
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2633,7 +2633,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by sudo $as_me 1.9.5, which was
+It was created by sudo $as_me 1.9.5p1, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -28816,7 +28816,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by sudo $as_me 1.9.5, which was
+This file was extended by sudo $as_me 1.9.5p1, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -28882,7 +28882,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-sudo config.status 1.9.5
+sudo config.status 1.9.5p1
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 

configure.ac

@@ -18,7 +18,7 @@ dnl ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 dnl OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 dnl
 AC_PREREQ([2.59])
-AC_INIT([sudo], [1.9.5], [https://bugzilla.sudo.ws/], [sudo])
+AC_INIT([sudo], [1.9.5p1], [https://bugzilla.sudo.ws/], [sudo])
 AC_CONFIG_HEADERS([config.h pathnames.h])
 AC_CONFIG_SRCDIR([src/sudo.c])
 dnl

src/copy_file.c

@@ -155,7 +155,8 @@ sudo_check_temp_file(int tfd, const char *tfile, uid_t uid, struct stat *sb)
 	debug_return_bool(false);
     }
     if ((sb->st_mode & ALLPERMS) != (S_IRUSR|S_IWUSR)) {
-	sudo_warnx(U_("%s: bad file mode: 0%o"), tfile, sb->st_mode & ALLPERMS);
+	sudo_warnx(U_("%s: bad file mode: 0%o"), tfile,
+	    (unsigned int)(sb->st_mode & ALLPERMS));
 	debug_return_bool(false);
     }
     if (sb->st_uid != uid) {

src/edit_open.c

@@ -132,8 +132,8 @@ group_matches(gid_t target, struct sudo_cred *cred)
     for (i = 0; i < cred->ngroups; i++) {
 	if (target == cred->groups[i]) {
 	    sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
-		"user gid %u matches directory gid %u", cred->groups[i],
-		(unsigned int)target);
+		"user gid %u matches directory gid %u",
+		(unsigned int)cred->groups[i], (unsigned int)target);
 	    debug_return_bool(true);
 	}
     }

src/sudo_edit.c

@@ -709,8 +709,9 @@ sudo_edit(struct command_details *command_details)
     nargv[ac] = NULL;
 
     /*
-     * Run the editor with the invoking user's creds,
-     * keeping track of the time spent in the editor.
+     * Run the editor with the invoking user's creds and drop setuid.
+     * Keep track of the time spent in the editor to distinguish between
+     * a user editing a file and a program doing it.
      * XXX - should run editor with user's context
      */
     if (sudo_gettime_real(&times[0]) == -1) {
@@ -719,6 +720,8 @@ sudo_edit(struct command_details *command_details)
     }
     memcpy(&saved_command_details, command_details, sizeof(struct command_details));
     command_details->cred = user_details.cred;
+    command_details->cred.euid = user_details.cred.uid;
+    command_details->cred.egid = user_details.cred.gid;
     command_details->argv = nargv;
     ret = run_command(command_details);
     if (sudo_gettime_real(&times[1]) == -1) {