Bug 232

Summary: Comments at the end of a Runas_Alias fail syntax checker.
Product: Sudo Reporter: Bren Mills <mmills>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: low    
Priority: low    
Version: 1.6.8   
Hardware: PC   
OS: All   

Description Bren Mills 2006-12-22 18:25:27 MST 
Sorry for mentioning such a minor bug, but it appears that comments at the end of a Runas_Alias fail the syntax checker. I didn't see anything in the changelog nor when I searched the bugzilla site. Because of consistancy accross sudo and visudo this shouldn't be much of a problem, unless the user is editing their sudoers file w/something other than visudo. 

This was tested with Sudo version 1.6.8p12 on x86 RHEL release 4 (Nahant Update 1). I have access to a wide array of arch/os systems at my work and will be happy to test this on any systems you want. Note that this was a binary built from source using the following configuration command:
./configure --prefix=/usr --with-pam --with-fqdn --with-ignore_dot --with-password_timeout=0 --with-loglen=1024 --with-mailto=sudo --with-tty_tickets --with-logging=both --with-logpath=/var/log/sudo.log

Also note that the man page for sudoers is inconsistant on the issue of #uid entries:
"A User_List is made up of one or more usernames, uids (prefixed with '#'),"
"A Runas_List is similar to a User_List except that it can also contain uids (prefixed with '#')"

########################################################################
# Case #1 (works)
########################################################################
mmills          froggy=(ALL) ALL
User_Alias      SUDOTEST=sudotest # comments here are fine.
Runas_Alias     DAEMON=daemon
SUDOTEST        froggy=(DAEMON) /usr/bin/whoami


-bash-3.00$ whoami
sudotest
-bash-3.00$ sudo -u daemon whoami
daemon

########################################################################
# Case #2 (doesn't work)
########################################################################
mmills          froggy=(ALL) ALL
User_Alias      SUDOTEST=sudotest # comments here are fine.
Runas_Alias     DAEMON=daemon # comments here break stuff. 
SUDOTEST        froggy=(DAEMON) /usr/bin/whoami

bash-3.00# /usr/sbin/visudo 
>>> sudoers file: syntax error, line 2 <<<
Warning: undeclared Runas_Alias `DAEMON' referenced near line 4
What now?

Again, sorry for mentioning such a minor bug. I'll be happy to help resolve this in any way that I can (though my lex/yacc skills are kinda rusty). I'll also be happy to try out any patch on a variety of arch's.

Happy Holidays.
Comment 1 Todd C. Miller 2007-08-21 09:24:02 MDT 
Fixed in cvs, the fix will appear in the next sudo release.  The comment parsing code was not enabled for RunasAliases since it would also match #uid.  I added a separate rule to match comments that don't also match the uid rule.  The man page bug has already been fixed.