Bug 287

Summary: Symlinks to same file will execute in wrong directory
Product: Sudo Reporter: Kyle Leaders <kyle_leaders>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: normal    
Priority: normal    
Version: 1.6.9   
Hardware: PC   
OS: Linux   

Description Kyle Leaders 2008-05-29 13:20:31 MDT
It appears that sudo will grab the last entry in sudoers and execute the script from that folder rather than the one specified on the command line. I've so far been able to replicate this on all versions of sudo from 1.6.6 to 1.6.9p16. Here's an example of what I'm talking about:


First you create 2 symlinks to the same file in different directories:

monkey@notus ~ $ ln -sv /home/monkey/test-scripts/bin/script.sh /home/monkey/test-scripts/directory1/test.sh
`/home/monkey/test-scripts/directory1/test.sh' -> `/home/monkey/test-scripts/bin/script.sh'
monkey@notus ~ $ ln -sv /home/monkey/test-scripts/bin/script.sh /home/monkey/test-scripts/directory2/test.sh
`/home/monkey/test-scripts/directory2/test.sh' -> `/home/monkey/test-scripts/bin/script.sh'

Second, give 2 users permission to run things in those directories (must have these 2 users on adjacent lines) like so:

#DavidS
davids  ALL=(monkey) /home/monkey/test-scripts/directory1/

#JonR
jonr  ALL=(monkey) /home/monkey/test-scripts/directory2/


Then, try to run the symlink for the first user:

davids@notus / $ sudo -u monkey /home/monkey/test-scripts/directory1/test.sh
Password:
The current script running is:
/home/monkey/test-scripts/directory2/test.sh
Running from:
/
Running as:
monkey

As you can see, the user davids is running the wrong script using jonr's entry.

DavidS can then also run the script in directory2 directly:

davids@notus / $ sudo -u monkey /home/monkey/test-scripts/directory2/test.sh
The current script running is:
/home/monkey/test-scripts/directory2/test.sh
Running from:
/
Running as:
monkey

Here's the script I used to test it:

davids@notus / $ cat /home/monkey/test-scripts/bin/script.sh 
#!/bin/bash

echo "The current script running is:"
echo $0
echo "Running from:"
pwd
echo "Running as:"
whoami
Comment 1 Todd C. Miller 2008-06-11 09:17:08 MDT
This is an artifact of how the sudo parser works in versions prior to 1.7.0.  This behavior does not occur in sudo 1.7.0.  You can download a release candidate from http://sudo.ws/sudo/dist/beta/sudo-1.7.0rc2.tar.gz