|
Bugzilla – Full Text Bug Listing |
| Summary: | sudo doesn't match long command lines in sudoers file | ||
|---|---|---|---|
| Product: | Sudo | Reporter: | jfharrigan |
| Component: | Sudoers | Assignee: | Todd C. Miller <Todd.Miller> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | ||
| Priority: | low | ||
| Version: | 1.8.17 | ||
| Hardware: | PC | ||
| OS: | Linux | ||
| Attachments: |
revert arg_size calculation patch
Account for NUL byte when computing how much space we need |
||
I'm unable to reproduce this problem. Can you tell me more about what Linux distro you are running and whether you installed sudo from a package or built it yourself? If you built it yourself, please also list what version compiler you used. The distro is a fairly recent version of CROSS-LFS but I don't remember the exact version. GCC is version 5.3.0.
I built sudo from source with the following options (no CFLAGS):
./configure \
--prefix=/home/install/bad-sudo \
--sysconfdir=/etc \
--localstatedir=/var \
--with-rundir=/var/lib/sudo \
--enable-shared \
--disable-static \
--enable-shell-sets-home \
--without-pam \
--without-sendmail
I created a new user called sudotest with a single sudo rule. The rule doesn't do anything useful, it's just designed to trigger the problem:
sudotest ALL=(root) NOPASSWD: /usr/bin/find /usr/local -mindepth 1 -type d -exec /bin/echo 0 {} ; -exec /bin/echo 1 {} ; -exec /bin/echo 2 {} ; -exec /bin/echo 3 {} ; -exec /bin/echo 4 {} ; -exec /bin/echo 5 {} ; -exec /bin/echo 6 {} ; -exec /bin/echo 7 {} ;
Here is the output of "sudo -l" without my patch:
Matching Defaults entries for sudotest on graphite:
timestamp_timeout=0, root_sudo
User sudotest may run the following commands on graphite:
(root) NOPASSWD: /usr/bin/find /usr/local -mindepth 1 -type d -exec
/bin/echo 0 {} ; -exec /bin/echo 1 {} ; -exec /bin/echo 2 {} ; -exec
/bin/echo 3 {} ; -exe
Here is the output of "sudo -l" with my patch:
Matching Defaults entries for sudotest on graphite:
timestamp_timeout=0, root_sudo
User sudotest may run the following commands on graphite:
(root) NOPASSWD: /usr/bin/find /usr/local -mindepth 1 -type d -exec
/bin/echo 0 {} ; -exec /bin/echo 1 {} ; -exec /bin/echo 2 {} ; -exec
/bin/echo 3 {} ; -exec /bin/echo 4 {} ; -exec /bin/echo 5 {} ; -exec
/bin/echo 6 {} ; -exec /bin/echo 7 {} ;
The following command asks for a password when using sudo built without the patch. With the patch it runs as I expected:
sudo find /usr/local -mindepth 1 -type d -exec /bin/echo 0 {} \; -exec /bin/echo 1 {} \; -exec /bin/echo 2 {} \; -exec /bin/echo 3 {} \; -exec /bin/echo 4 {} \; -exec /bin/echo 5 {} \; -exec /bin/echo 6 {} \; -exec /bin/echo 7 {} \;
Created attachment 479 [details]
Account for NUL byte when computing how much space we need
Thanks for the sudoers line to reproduce the problem. The attached patch fixes the issue.
I tested the patch and it fixes my problem. Thanks. Fixed in sudo 1.8.18 |
Created attachment 478 [details] revert arg_size calculation patch sudo-1.8.17p1 doesn't work with a sudoers file that was previously working with sudo-1.8.16. It seems like long command lines in the sudoers file are being truncated when attempting to match them against the input command line. For me, the 1.8.17p1 sudoers command line limit is 142 characters. I was able to fix my problem with the attached patch which reverts a few lines in toke_util.c to how they were in 1.8.16.