Bug 449

Summary: wildcards in command alias match space
Product: Sudo Reporter: Luca Berra <bluca>
Component: ConfigureAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED WONTFIX    
Severity: normal    
Priority: normal    
Version: 1.7.4   
Hardware: All   
OS: All   

Description Luca Berra 2010-11-06 10:45:46 MDT 
with an entry like:
luser ALL=(ALL) NOPASSWD: /bin/cat /var/log/fubar/*
sudo allows luser to run commands like
sudo /bin/cat /var/log/fubar/foo /etc/shadow
quick workaround is making an entry like
luser ALL=(ALL) NOPASSWD: /bin/cat /var/log/fubar/*,!/bin/cat /var/log/fubar/* *
Comment 1 Todd C. Miller 2010-11-30 12:31:31 MST 
The command line arguments are matched as a single string, which is why * matches a space.  This is less than ideal but it is the historic behavior.  A future version of sudo will include regular expression support for more flexible matching.