|
Bugzilla – Full Text Bug Listing |
| Summary: | sudoedit behaviour when sudoers argument terminates with '*' differs between 1.7.x and 1.8.x | ||
|---|---|---|---|
| Product: | Sudo | Reporter: | jeffwrit |
| Component: | Sudo | Assignee: | Todd C. Miller <Todd.Miller> |
| Status: | RESOLVED WONTFIX | ||
| Severity: | normal | CC: | orion, prasad1106 |
| Priority: | normal | ||
| Version: | 1.8.4 | ||
| Hardware: | IBM | ||
| OS: | AIX | ||
I guess this should be closed as NOTABUG as it appears to be intended behavior now. The man page indicates: sudoedit Command line arguments to the sudoedit built-in command should always be path names, so a forward slash (‘/’) will not be matched by a wildcard. However it does make it very difficult to allow users to edit files in a large or changing directory tree. Sudo 1.9.10 supports regular expressions in sudoedit args which can be used to give access to subdirectories. |
FNM_PATHNAME flag set in match.c changes the behaviour of '*' wildcard when '*' is last character in arguments to sudoedit keyword. sudoers entry: userA ALL= sudoedit /usr/tivoli/tsm/* Works in 1.7.4p6: sudoedit /usr/tivoli/tsm/client/ba/bin/dsm.opt In 1.8.4p2, it is rejected. Works in both 1.7.4p6 and 1.8.4p2: sudoedit /usr/tivoli/tsm/anyfile relevant code from plugins/sudoers/match.c (lines 378-384): if (sudoers_args) { /* For sudoedit, all args are assumed to be pathnames. */ if (strcmp(sudoers_cmnd, "sudoedit") == 0) flags = FNM_PATHNAME; if (fnmatch(sudoers_args, user_args ? user_args : "", flags) == 0) debug_return_bool(true); } if line 381 is changed to flags = 0; 1.8.4p2 behaviour appears to be the same as 1.7.4p6.