Bug 674

Summary: Limited Regex
Product: Sudo Reporter: Martyn Ranyard <martyn>
Component: SudoersAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: normal    
Priority: low    
Version: 1.8.6   
Hardware: PC   
OS: Linux   

Description Martyn Ranyard 2014-11-01 06:26:38 MDT 
At my current workplace we have lots of servers (in the hundreds) split into multiple groups, one of the groups has gone from having < 99 servers to > 99 servers.

One of the lines in the sudoers file was similar to the following :
Host_Alias                   GROUPAB_DB_HOSTS=            grp[a-b]db[0-9][0-9]
So we changed it to the following :
Host_Alias                   GROUPAB_DB_HOSTS=            grp[a-b]db[0-9]{2,3}

so that it would match grpadb05 and grpbdb123 (examples)

Even though sudo is linked against libpcre (RHEL 6.5), this regex doesn't work.

Before I go ahead and familiarise myself with the code I figured I'd report this as an issue so I can get feedback - If I were to submit a patch to use more PCRE patterns on Linux hosts would it be accepted (subject to code review etc)?  I note that on Os/X sudo is not linked against libpcre and assume that this may be one reason, although I would think that being able to use full pcre on hosts that have libpcre would be better than limiting it because some hosts might not?
Comment 1 Todd C. Miller 2014-11-16 07:10:17 MST 
Sudo doesn't support regular expressions, just shell-style globs.  That is why the former version works but the latter does not.
Comment 2 Martyn Ranyard 2014-11-16 15:45:15 MST 
Reopening to get a response to the actual question I asked.  I expect a re-close, but please answer the question.

I didn't really care WHY the regex didn't work, I asked if it was worth me taking the time to figure out a patch and submit it so regex' would work.

For example, if the maintainer sees adding full regex as a bad idea for some reason (security concerns, backward compatibility etc.) then it would be a waste of my time working out how to add it because it just wouldn't be accepted.

On a side note, if it's shell globbing, would {1,}[0-9][0-9] match (for example) 53 and 132 ?
Comment 3 Todd C. Miller 2022-03-04 09:21:27 MST 
Sudo 1.9.10 includes regular expression support.