|
Bugzilla – Full Text Bug Listing |
| Summary: | One cannot specify a user id for a User_Alias | ||
|---|---|---|---|
| Product: | Sudo | Reporter: | zell |
| Component: | Sudo | Assignee: | Todd C. Miller <Todd.Miller> |
| Status: | RESOLVED FIXED | ||
| Severity: | high | ||
| Priority: | high | ||
| Version: | 1.6.3 | ||
| Hardware: | All | ||
| OS: | Linux | ||
I will probably fix this directly in the lexer. In retrospect, using #XXXX as the syntax for a uid was a bad idea due to the ambiguity is causes in the parser. User_Aliases are not supposed to be able to contain uids. The sudoers man page will be corrected in sudo 1.6.4. |
The documentation defines the following non-terminal: User ::= '!'* username | '!'* '#'uid | ... which implies that you can use the comment character to specify a user id instead of a user name. Later on in the documentation: The pound sign ('#') is used to indicate a comment (unless it occurs in the context of a user name and is followed by one or more digits, in which case it is treated as a uid). However, it looks like the lexer throws away any text from '#' to $. Which means the following is an invalid assignment according to visudo: User_Alias FOO #500 FOO ALL=/bin/ls # error at this line for undefined User_Alias I have made a local modification to fix this. First, The user must escape the comment character: User_Alias FOO \#500 Then I have made a change in the parser (parse.yacc) in the WORD production, at line 775: if (strcmp($1, user_name) == 0) $$ = TRUE; + else if ($1[0] == '#' && atoi($1 + 1) == user_uid) + $$ = TRUE; else $$ = -1; free($1);