Bug 392

Summary: Wildcard matches slash
Product: Sudo Reporter: Aubort Jean-Baptiste <rorist+sudo>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED INVALID    
Severity: security    
Priority: low    
Version: 1.6.9   
Hardware: PC   
OS: Linux   

Description Aubort Jean-Baptiste 2010-02-08 11:06:03 MST 
in the man page of sudoers, we read:

---
Note that a forward slash (’/’) will not be matched by wildcards used in the pathname.
---

But if we put this line in the sudoers:
user ALL=/bin/cat /somedir/*

the user will then have the right to do:
sudo cat /somedir/../etc/shadow

Observed on 1.6.9p17 (Ubuntu 9.04, Redhat 5.3 Debian 5.0.3)
Comment 1 Todd C. Miller 2010-02-08 11:20:48 MST 
That statement refers to the command, not the command line args, where * matches any character.