Bug 950

Documenting closefrom option, doc/sudo.man.in states "Values less than three are not permitted."

-C num, --close-from=num
   Close all file descriptors greater than or equal to num before executing a
   command.  Values less than three are not permitted.  By default, sudo will close
   all open file descriptors other than standard input, standard output and standard
   error when executing a command.  The security policy may restrict the user's
   ability to use this option.  The sudoers policy only permits use of the -C option
   when the administrator has enabled the closefrom_override option.


This is consistent with the error message of the parser when providing a value less than 3:

sudo: the argument to -C must be a number greater than or equal to 3 (parse_args.c:325)

However, the value 3 is actually not allowed:

$ sudo -C 3 /bin/true 
sudo: closefrom=3: value too small
sudo: unable to initialize policy plugin

The value of closefrom is serialized to a string, then parsed again on policy.c:181, and there it uses a minimum value of 4, not 3:
    user_closefrom = sudo_strtonum(p, 4, INT_MAX, &errstr);


While it is possible to achieve the same result as --close-from=3 by skipping the --close-from= parameter, I think the bug is in the code which doesn't allow this value, not in the documentation.


The patch itself to fix it is trivial:

diff -r 91afbbde217a plugins/sudoers/policy.c
--- a/plugins/sudoers/policy.c  Fri Dec 11 09:45:14 2020 -0700
+++ b/plugins/sudoers/policy.c  Thu Dec 17 01:03:48 2020 +0100
@@ -178,7 +178,7 @@
        if (MATCHES(*cur, "closefrom=")) {
            errno = 0;
            p = *cur + sizeof("closefrom=") - 1;
-           user_closefrom = sudo_strtonum(p, 4, INT_MAX, &errstr);
+           user_closefrom = sudo_strtonum(p, 3, INT_MAX, &errstr);
            if (user_closefrom == 0) {
                sudo_warnx(U_("%s: %s"), *cur, U_(errstr));
                goto bad;


which, as expected, makes sudo accept the value 3 for -C / --close-from