Bug 334

Summary: Wildcards - [...] Matches any character in the specified range does not work.
Product: Sudo Reporter: Andre Visperas <andrev26>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: normal CC: giulivo.navigante
Priority: normal    
Version: 1.7.0   
Hardware: IBM   
OS: AIX   
Attachments: add missing pair of braces

Description Andre Visperas 2009-02-18 06:51:40 MST 
Todd, We currently have sudo version 1.6.8p12 on all our system and the wildcard issue identified below on 1.7.0 is ont seen on 1.6.8p12. The issue is seen on AIX 5.3. Your help is appreciated.

Problem description:
         Sudo is not able to parse wildcard characters […] when used either in the path name or as part of a command.

for e.g. A snippet from the test sudoers config file is

Cmnd_Alias      NOPASS_CMD=/usr/bi[a-z]/cat * /home/smith/nopasscm[a-d],\           
                          /bi[a-z]/cat * /home/smith/nopasscm[a-d]                  

smith    ALL = NOPASSWD: NOPASS_CMD

# sudo -l

User smith may run the following commands on this host:
    (root) PASSWD: /home/smith/us?cmd
    (root) NOPASSWD: /usr/bi[a-z]/cat * /home/maw5/nopasscm[a-d], /bi[a-z]/cat * /home/maw5/nopasscm[a-d]

sudo /usr/bin/cat -n /home/smith/nopasscmd
Forest A Password:
Sorry, user smith is not allowed to execute '/usr/bin/cat -n /home/maw5/nopasscmd' as root on host xxxxxx. 

Additional Info:

1. The same wildcard characters […] work fine when used in "Host_Alias" within the sudoers config file.
2. Same problem observed when these commands were used directly on the RULES section instead of defining the commands through "Cmnd_Alias"
3. Editing through visudo exits in a clean manner.
4. There are no conflicting Rules within the test sudoers config file as seen in the result of #sudo -l as above.
Comment 1 Todd C. Miller 2009-02-18 10:53:01 MST 
Created attachment 240 [details]
add missing pair of braces
Comment 2 Giulio Fidente 2009-02-19 12:31:41 MST 
hi there,

I'm experiencing exactly the same on Fedora 10, where the sudo package is numbered 1.6.9p17-5

here is my test case:

[giulivo@rhst73 ~]$ sudo -l
[sudo] password for giulivo: 
User giulivo may run the following commands on this host:
    (root) /usr/bin/passwd [A-z]*
    (root) !/usr/bin/passwd root
[giulivo@rhst73 ~]$ sudo passwd giulivo
Sorry, user giulivo is not allowed to execute '/usr/bin/passwd giulivo' as root on rhst73.
[giulivo@rhst73 ~]$ 

this isn't very nice because the config I'm using is actually an example which appears in the sudoers man page :P

thanks for helping!
Comment 3 Todd C. Miller 2009-02-19 12:37:41 MST 
Due to locale issues you need to use [A-Za-z] as [A-z] does not produce the expected result when a UTF8 locale is in use (the default on Fedora).
Comment 4 Giulio Fidente 2009-02-19 13:00:27 MST 
that worked for me, thanks Todd
Comment 5 Andre Visperas 2009-02-20 16:42:16 MST 
Todd, Adding those braces fixed it. Thanks a lot!
Comment 6 Todd C. Miller 2009-03-12 10:10:23 MDT 
Fixed in sudo 1.7.1.  A beta version of sudo 1.7.1 may be downloaded from http://www.sudo.ws/devel.html