Bug 143

Summary: when command alias contains a wildcard sudo will only allow a absolute path
Product: Sudo Reporter: Mark Church <mchurch>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: normal    
Priority: normal    
Version: 1.6.7   
Hardware: PC   
OS: Linux   
Attachments: Replaces two fnmatch calls with call to a new function.
Function to replace fnmatch
Replaces calls two fnmatch with globmatch
Function to replace fnmatch
Header file to describe globmatch

Description Mark Church 2004-08-05 15:38:38 MDT 
When I have a sudoers file that contains Cmnd_Alias that uses wildcards the
following does not work :

cd /people/mchurch/bin/test.sh
sudo -u nobody ./test.sh

I get :

Sorry, user mchurch is not allowed to execute './test.sh' as nobody on
cletus.ai.org.  Changing it to omit the wildcard allows this to work.

Following is the sudoers file I am using :

Cmnd_Alias      TEST    = /people/*/bin/test.sh
%wheel ALL=(nobody) NOPASSWD: TEST
Comment 1 Todd C. Miller 2004-08-05 16:33:35 MDT 
This is non-trivial to fix.  Basically we would need to use glob(3) instead of fnmatch(3) when matching 
paths.  This is probably doable but will not be in the 1.6.8 release.
Comment 2 Mark Church 2004-08-05 18:07:28 MDT 
According to the glob(3) man page :

No tilde expansion or parameter substitution is done; if  you  want  these,  use
wordexp(3).

Tilde expansion would be a common use case for me as this particular Cmnd_Alias
is for files within the users home directories.  Any reason wordexp(3) wouldn't
work?
Comment 3 Mark Church 2004-08-09 06:46:27 MDT 
Created attachment 23 [details]
Replaces two fnmatch calls with call to a new function.

Replaces two fnmatch calls with call to a new function that users wordexp(3)
instead.
Comment 4 Mark Church 2004-08-09 06:48:29 MDT 
Created attachment 24 [details]
Function to replace fnmatch

This file is the function that replaces the fnmatch calls.
Comment 5 Todd C. Miller 2004-08-09 06:52:08 MDT 
wordexp is not included on many systems and on many where it is it calls the shell which does not 
seem like a good idea.  The BSD glob() supports tilde expansion.  I'll just include that in the sudo 
distribution for systems without a featureful version.
Comment 6 Mark Church 2004-08-09 06:53:54 MDT 
The patches just uploaded aren't entirely complete.  I still need to a .h file
for wordmatch.c.  And I need to add a check in the configure.in to see if
wordexp(3) is available on the target system.  I only have access too a Linux
system to check but some quick research suggests that wordexp(3) is unavailable
on at least OpenBSD and FreeBSD.  From the documentation it appears that falling
back to glob(3) if wordexp(3) isn't found on the target system wouldn't be to
difficult as the functions work in generally the same way.
Comment 7 Mark Church 2004-08-09 07:06:21 MDT 
The documentation for glob(3) on Linux is out of date.  Looking at the source
code reveals that it actually does tilde expansion. When I get a moment this
week I'll switch the patch to use glob(3).
Comment 8 Mark Church 2004-08-15 11:18:02 MDT 
Created attachment 25 [details]
Replaces calls two fnmatch with globmatch
Comment 9 Mark Church 2004-08-15 11:18:50 MDT 
Created attachment 26 [details]
Function to replace fnmatch
Comment 10 Mark Church 2004-08-15 11:19:17 MDT 
Created attachment 27 [details]
Header file to describe globmatch
Comment 11 Todd C. Miller 2004-10-07 13:00:40 MDT 
I just committed changes to the sudo cvs repository to use glob() instead of fnmatch() when matching 
pathnames.  The actual chages are different from your patches since to make things behave properly I 
need to stat matched paths and compare the device and inode numbers with the values for the user's 
command.  In other words, it behaves similar to the case where a user is given access to all 
commands in a directory.

The fix will be present in sudo 1.6.9.