Bugzilla – Bug 143
when command alias contains a wildcard sudo will only allow a absolute path
Last modified: 2004-10-07 17:00:40 MDT
When I have a sudoers file that contains Cmnd_Alias that uses wildcards the following does not work : cd /people/mchurch/bin/test.sh sudo -u nobody ./test.sh I get : Sorry, user mchurch is not allowed to execute './test.sh' as nobody on cletus.ai.org. Changing it to omit the wildcard allows this to work. Following is the sudoers file I am using : Cmnd_Alias TEST = /people/*/bin/test.sh %wheel ALL=(nobody) NOPASSWD: TEST
This is non-trivial to fix. Basically we would need to use glob(3) instead of fnmatch(3) when matching paths. This is probably doable but will not be in the 1.6.8 release.
According to the glob(3) man page : No tilde expansion or parameter substitution is done; if you want these, use wordexp(3). Tilde expansion would be a common use case for me as this particular Cmnd_Alias is for files within the users home directories. Any reason wordexp(3) wouldn't work?
Created attachment 23 [details] Replaces two fnmatch calls with call to a new function. Replaces two fnmatch calls with call to a new function that users wordexp(3) instead.
Created attachment 24 [details] Function to replace fnmatch This file is the function that replaces the fnmatch calls.
wordexp is not included on many systems and on many where it is it calls the shell which does not seem like a good idea. The BSD glob() supports tilde expansion. I'll just include that in the sudo distribution for systems without a featureful version.
The patches just uploaded aren't entirely complete. I still need to a .h file for wordmatch.c. And I need to add a check in the configure.in to see if wordexp(3) is available on the target system. I only have access too a Linux system to check but some quick research suggests that wordexp(3) is unavailable on at least OpenBSD and FreeBSD. From the documentation it appears that falling back to glob(3) if wordexp(3) isn't found on the target system wouldn't be to difficult as the functions work in generally the same way.
The documentation for glob(3) on Linux is out of date. Looking at the source code reveals that it actually does tilde expansion. When I get a moment this week I'll switch the patch to use glob(3).
Created attachment 25 [details] Replaces calls two fnmatch with globmatch
Created attachment 26 [details] Function to replace fnmatch
Created attachment 27 [details] Header file to describe globmatch
I just committed changes to the sudo cvs repository to use glob() instead of fnmatch() when matching pathnames. The actual chages are different from your patches since to make things behave properly I need to stat matched paths and compare the device and inode numbers with the values for the user's command. In other words, it behaves similar to the case where a user is given access to all commands in a directory. The fix will be present in sudo 1.6.9.