Bug 334 – Wildcards - [...] Matches any character in the specified range does not work.

Bug 334 - Wildcards - [...] Matches any character in the specified range does not work.


Summary:	Wildcards - [...] Matches any character in the specified range does not work.

Status:	RESOLVED FIXED

Product:	Sudo
Classification:	Unclassified
Component:	Sudo
Version:	1.7.0
Hardware:	IBM AIX

Importance:	normal normal
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2009-02-18 06:51 MST by Andre Visperas
Modified:	2009-03-12 10:10 MDT (History)
CC List:	1 user (show)

See Also:

Attachments
add missing pair of braces (740 bytes, patch) 2009-02-18 10:53 MST, Todd C. Miller	Details \| Diff
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andre Visperas 2009-02-18 06:51:40 MST

Todd, We currently have sudo version 1.6.8p12 on all our system and the wildcard issue identified below on 1.7.0 is ont seen on 1.6.8p12. The issue is seen on AIX 5.3. Your help is appreciated.

Problem description:
         Sudo is not able to parse wildcard characters […] when used either in the path name or as part of a command.

for e.g. A snippet from the test sudoers config file is

Cmnd_Alias      NOPASS_CMD=/usr/bi[a-z]/cat * /home/smith/nopasscm[a-d],\           
                          /bi[a-z]/cat * /home/smith/nopasscm[a-d]                  

smith    ALL = NOPASSWD: NOPASS_CMD

# sudo -l

User smith may run the following commands on this host:
    (root) PASSWD: /home/smith/us?cmd
    (root) NOPASSWD: /usr/bi[a-z]/cat * /home/maw5/nopasscm[a-d], /bi[a-z]/cat * /home/maw5/nopasscm[a-d]

sudo /usr/bin/cat -n /home/smith/nopasscmd
Forest A Password:
Sorry, user smith is not allowed to execute '/usr/bin/cat -n /home/maw5/nopasscmd' as root on host xxxxxx. 

Additional Info:

1. The same wildcard characters […] work fine when used in "Host_Alias" within the sudoers config file.
2. Same problem observed when these commands were used directly on the RULES section instead of defining the commands through "Cmnd_Alias"
3. Editing through visudo exits in a clean manner.
4. There are no conflicting Rules within the test sudoers config file as seen in the result of #sudo -l as above.

Comment 1 Todd C. Miller 2009-02-18 10:53:01 MST

Created attachment 240 [details]
add missing pair of braces

Comment 2 Giulio Fidente 2009-02-19 12:31:41 MST

hi there,

I'm experiencing exactly the same on Fedora 10, where the sudo package is numbered 1.6.9p17-5

here is my test case:

[giulivo@rhst73 ~]$ sudo -l
[sudo] password for giulivo: 
User giulivo may run the following commands on this host:
    (root) /usr/bin/passwd [A-z]*
    (root) !/usr/bin/passwd root
[giulivo@rhst73 ~]$ sudo passwd giulivo
Sorry, user giulivo is not allowed to execute '/usr/bin/passwd giulivo' as root on rhst73.
[giulivo@rhst73 ~]$ 

this isn't very nice because the config I'm using is actually an example which appears in the sudoers man page :P

thanks for helping!

Comment 3 Todd C. Miller 2009-02-19 12:37:41 MST

Due to locale issues you need to use [A-Za-z] as [A-z] does not produce the expected result when a UTF8 locale is in use (the default on Fedora).

Comment 4 Giulio Fidente 2009-02-19 13:00:27 MST

that worked for me, thanks Todd

Comment 5 Andre Visperas 2009-02-20 16:42:16 MST

Todd, Adding those braces fixed it. Thanks a lot!

Comment 6 Todd C. Miller 2009-03-12 10:10:23 MDT

Fixed in sudo 1.7.1.  A beta version of sudo 1.7.1 may be downloaded from http://www.sudo.ws/devel.html