Bug 232 – Comments at the end of a Runas_Alias fail syntax checker.

Bug 232 - Comments at the end of a Runas_Alias fail syntax checker.


Summary:	Comments at the end of a Runas_Alias fail syntax checker.

Status:	RESOLVED FIXED

Product:	Sudo
Classification:	Unclassified
Component:	Sudo
Version:	1.6.8
Hardware:	PC All

Importance:	low low
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2006-12-22 18:25 MST by Bren Mills
Modified:	2007-08-21 09:24 MDT (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Bren Mills 2006-12-22 18:25:27 MST

Sorry for mentioning such a minor bug, but it appears that comments at the end of a Runas_Alias fail the syntax checker. I didn't see anything in the changelog nor when I searched the bugzilla site. Because of consistancy accross sudo and visudo this shouldn't be much of a problem, unless the user is editing their sudoers file w/something other than visudo. 

This was tested with Sudo version 1.6.8p12 on x86 RHEL release 4 (Nahant Update 1). I have access to a wide array of arch/os systems at my work and will be happy to test this on any systems you want. Note that this was a binary built from source using the following configuration command:
./configure --prefix=/usr --with-pam --with-fqdn --with-ignore_dot --with-password_timeout=0 --with-loglen=1024 --with-mailto=sudo --with-tty_tickets --with-logging=both --with-logpath=/var/log/sudo.log

Also note that the man page for sudoers is inconsistant on the issue of #uid entries:
"A User_List is made up of one or more usernames, uids (prefixed with '#'),"
"A Runas_List is similar to a User_List except that it can also contain uids (prefixed with '#')"

########################################################################
# Case #1 (works)
########################################################################
mmills          froggy=(ALL) ALL
User_Alias      SUDOTEST=sudotest # comments here are fine.
Runas_Alias     DAEMON=daemon
SUDOTEST        froggy=(DAEMON) /usr/bin/whoami


-bash-3.00$ whoami
sudotest
-bash-3.00$ sudo -u daemon whoami
daemon

########################################################################
# Case #2 (doesn't work)
########################################################################
mmills          froggy=(ALL) ALL
User_Alias      SUDOTEST=sudotest # comments here are fine.
Runas_Alias     DAEMON=daemon # comments here break stuff. 
SUDOTEST        froggy=(DAEMON) /usr/bin/whoami

bash-3.00# /usr/sbin/visudo 
>>> sudoers file: syntax error, line 2 <<<
Warning: undeclared Runas_Alias `DAEMON' referenced near line 4
What now?

Again, sorry for mentioning such a minor bug. I'll be happy to help resolve this in any way that I can (though my lex/yacc skills are kinda rusty). I'll also be happy to try out any patch on a variety of arch's.

Happy Holidays.

Comment 1 Todd C. Miller 2007-08-21 09:24:02 MDT

Fixed in cvs, the fix will appear in the next sudo release.  The comment parsing code was not enabled for RunasAliases since it would also match #uid.  I added a separate rule to match comments that don't also match the uid rule.  The man page bug has already been fixed.