Bug 610

Summary: Sudoers option "closefrom_override" does not work for command specific Defaults
Product: Sudo Reporter: Mengtao Sun <smartsmt>
Component: SudoersAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: normal    
Priority: normal    
Version: 1.8.7   
Hardware: All   
OS: All   

Description Mengtao Sun 2013-08-15 08:24:50 MDT 
I am recently working on a project which utilizes sudoers' "closefrom_override" option. After playing it for a while I found that "closefrom_override" doesn't work with command specific Defaults. This is verified via 3 simple tests:

In my /etc/sudoers, I tried the following Defaults entries:

- Defaults!/bin/bash !authenticate (works correctly, which indicates command-specific Defaults (i.e. "Defaults!") works well)
- Defaults:myusername closefrom_override (works correctly, which indicates the option "closefrom_override" works well)
- Defaults!/bin/bash closefrom_override (doesn't work, as sudo doesn't allow the -C option when I run sudo /bin/bash)

After inspecting the source code, I found that in plugin/sudoers/sudoers.c:

- in sudoers_policy_main(...), the check for -C override (at Line 232) happens before applying command-specific default entries (in set_cmnd(...))

I moved the -C override checking after set_cmnd, which solved my problem. I don't think this would introduce any problem, as the command will still be rejected if the user tries to specify -C override but doesn't have the right permission.

I'm not pretty sure if the -C override checking happens earlier on purpose. But I think this looks like a tiny bug :-)
Comment 1 Todd C. Miller 2013-08-15 09:57:04 MDT 
Moving that check until after set_cmnd() should be safe.  That change will be in sudo 1.8.8.
Comment 2 Todd C. Miller 2013-08-17 05:42:50 MDT 
The fix is present in sudo 1.8.8b1, which available now.
Comment 3 Todd C. Miller 2013-09-30 09:38:59 MDT 
Fixed in sudo 1.8.8