Bug 395 – Policies that are working on Sudo 1.6.8 are set but not working on 1.6.9

Bug 395 - Policies that are working on Sudo 1.6.8 are set but not working on 1.6.9


Summary:	Policies that are working on Sudo 1.6.8 are set but not working on 1.6.9

Status:	RESOLVED FIXED

Product:	Sudo
Classification:	Unclassified
Component:	Sudo
Version:	1.6.9
Hardware:	All Linux

Importance:	low normal
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2010-03-01 12:56 MST by SebastianC
Modified:	2010-05-07 13:40 MDT (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description SebastianC 2010-03-01 12:56:18 MST

I a policy defined and working fine on sudo 1.6.8, I am using the official RPM from Red Hat sudo-1.6.8p12-10

The line looks like this:

myuser ALL = /home/anotheruser/scripts/mycommand.pl [A-z]*

If I go to the user:

[myuser@server ~]$ sudo -l
User myuser may run the following commands on this host:
    (root) /home/anotheruser/scripts/mycommand.pl [A-z]*

The command runs fine when I type: sudo /home/anotheruser/scripts/mycommand.pl test

If I update to 1.6.9, also original RPM from Red Hat sudo-1.6.9p17-6 this rule stops working. sudo -l command still shows it as an available command but I get this:

[myuser@server ~]$ sudo /home/anotheruser/scripts/mycommand.pl test
Sorry, user scaballaro is not allowed to execute '/home/anotheruser/scripts/mycommand.pl test' as root on server.

Comment 1 SebastianC 2010-03-01 13:16:39 MST

(In reply to comment #0)
> I a policy defined and working fine on sudo 1.6.8, I am using the
> official RPM from Red Hat sudo-1.6.8p12-10
> The line looks like this:
> myuser ALL = /home/anotheruser/scripts/mycommand.pl [A-z]*
> If I go to the user:
> [myuser@server ~]$ sudo -l
> User myuser may run the following commands on this host:
>     (root) /home/anotheruser/scripts/mycommand.pl [A-z]*
> The command runs fine when I type: sudo
> /home/anotheruser/scripts/mycommand.pl test
> If I update to 1.6.9, also original RPM from Red Hat sudo-1.6.9p17-6
> this rule stops working. sudo -l command still shows it as an available
> command but I get this:
> [myuser@server ~]$ sudo /home/anotheruser/scripts/mycommand.pl test
> Sorry, user scaballaro is not allowed to execute
> '/home/anotheruser/scripts/mycommand.pl test' as root on server.

Just as an update, this seems to be corrected in the latest stable version (1.7.2p5)

Comment 2 Todd C. Miller 2010-05-07 13:40:14 MDT

I'm going to mark this as fixed but note that [A-z] is not a valid character range in UTF8 locales, which is probably what was causing you problems.  You should use [A-Za-z] instead.  Later versions of sudo parse the sudoers file in the C locale unless otherwise specified.