First Last Prev Next    This bug is not in your last search results.
Bug 296 - character ranges regression
character ranges regression
Status: RESOLVED FIXED
Product: Sudo
Classification: Unclassified
Component: Sudo
1.6.9
PC Linux
: low high
Assigned To: Todd C. Miller
https://bugs.launchpad.net/ubuntu/+so...
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-07-31 04:05 MDT by Martin Pitt
Modified: 2009-05-11 12:12 MDT (History)
0 users

See Also:

Attachments
Diff to restrict sudo to the C loale (324 bytes, patch)
2008-08-27 15:42 MDT, Todd C. Miller 		Details | Diff
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Pitt 2008-07-31 04:05:14 MDT 
sudoers allows the usage of shell globs and character classes to limit possible arguments. This functionality regressed somewhere in between 1.6.8p12 (where it reportedly still worked) and 1.6.9p10. With a (admittedly bogus) rule like

   joe ALL=/bin/ls -l [A-z]*

joe should be able to do "ls -l foo", but not "ls -l 3". However, sudo always claims that joe is not in the sudoers file and does not allow either command. The same is reportedly true for negative matches, such as "!/bin/ls foo[A-z]*".

Interestingly, using a rule

  joe ALL=/bin/ls -l [a-Z]*

seems to do the right thing. However, ASCIIbetically this is reverse, since upper case letters have lower ASCII values.

POSIX shells such as dash do the asciibetically correct thing ([A-z] matches all letters, while [a-Z] does not match anything). bash seems to have a special case, both [A-z] and [a-Z] match all letters.

In order to not break previously configured rules, sudo should revert to the previous behaviour in 1.6.8.

Thank you!

Martin
Comment 1 Todd C. Miller 2008-08-20 10:25:59 MDT 
I can reproduce this on Linux (though not on BSD).  It is probably related to the switch to using glob(3) instead of fnmatch(3) for matching.
Comment 2 Todd C. Miller 2008-08-22 12:59:17 MDT 
Actually, the behavior I am seeing is different than you describe, though the issues may be related.  In my case, the user is found in sudoers but is not allowed to run "ls foo".

The problem appears to be related to locales.  With LANG=en_US.UTF-8 the fnmatch() routine in glibc does not match "foo" against "[A-z]*", but if LANG is not defined (or if it is defined to "C") the matching happens as expected.  The problem is that [A-z] is fundamentally non-portable when locales are taken into account.  You should either use [[\:alpha\:]] or [A-Za-z].  I'll update the sudo documentation accordingly.

In older sudo revisions, LANG was not preserved during command matching, which is why 1.6.8 doesn't show this behavior.
Comment 3 Todd C. Miller 2008-08-27 15:42:50 MDT 
Created attachment 229 [details]
Diff to restrict sudo to the C loale
Comment 4 Todd C. Miller 2008-08-27 15:44:30 MDT 
I have committed the attached diff which restricts sudo to the C
locale, like older versions did.
Comment 5 Martin Pitt 2009-05-11 12:04:12 MDT 
It seems that this didn't make it into 1.7?
Comment 6 Todd C. Miller 2009-05-11 12:12:48 MDT 
It's not really a bug, the correct range to use is [A-Za-z].  In 1.7 there is now a sudoers_locale Defaults setting that can be used to specify the locale to use when evaluating sudoers globs.
First Last Prev Next    This bug is not in your last search results.