First Last Prev Next    This bug is not in your last search results.
Bug 392 - Wildcard matches slash
Wildcard matches slash
Status: RESOLVED INVALID
Product: Sudo
Classification: Unclassified
Component: Sudo
1.6.9
PC Linux
: low security
Assigned To: Todd C. Miller
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2010-02-08 11:06 MST by Aubort Jean-Baptiste
Modified: 2010-02-08 11:20 MST (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Aubort Jean-Baptiste 2010-02-08 11:06:03 MST 
in the man page of sudoers, we read:

---
Note that a forward slash (’/’) will not be matched by wildcards used in the pathname.
---

But if we put this line in the sudoers:
user ALL=/bin/cat /somedir/*

the user will then have the right to do:
sudo cat /somedir/../etc/shadow

Observed on 1.6.9p17 (Ubuntu 9.04, Redhat 5.3 Debian 5.0.3)
Comment 1 Todd C. Miller 2010-02-08 11:20:48 MST 
That statement refers to the command, not the command line args, where * matches any character.
First Last Prev Next    This bug is not in your last search results.