Bugzilla – Bug 397
paths in config that end in *.* let any command be run
Last modified: 2010-03-09 12:41:22 MST
I was trying to figure out why our tech support couldn't run some commands from an /app/bin/ directory. When I tried an experiment with /app/bin/*.*, I found that I could then run any command that I wanted. [~]# sudo /sbin/iptables ... sudo: ldap sudoHost 'ALL' ... MATCH! sudo: ldap sudoCommand '/bin/zcat' ... not sudo: ldap sudoCommand '/usr/local/bin/gem' ... not sudo: ldap sudoCommand '/usr/bin/tail' ... not sudo: ldap sudoCommand '/bin/ls' ... not sudo: ldap sudoCommand '/bin/grep' ... not sudo: ldap sudoCommand '/bin/cat' ... not sudo: ldap sudoCommand '/usr/bin/pear' ... not sudo: ldap sudoCommand '/usr/local/bin/pear' ... not sudo: ldap sudoCommand '/usr/local/php5/bin/pear' ... not sudo: ldap sudoCommand '/usr/bin/gem' ... not sudo: ldap sudoCommand '/usr/bin/nano' ... not sudo: ldap sudoCommand '/usr/bin/rvim' ... not sudo: ldap sudoCommand '/usr/sbin/exim' ... not sudo: ldap sudoCommand '/usr/sbin/exiwhat' ... not sudo: ldap sudoCommand '/usr/sbin/pam_abl' ... not sudo: ldap sudoCommand '/app/bin/*' ... not sudo: ldap sudoCommand '/app/bin/*.*' ... MATCH! sudo: ldap sudoRunAs 'root' ... MATCH! sudo: Perfect Matched! sudo: ldap sudoOption: '!authenticate' sudo: user_matches=-1 sudo: host_matches=-1 sudo: sudo_ldap_check(0)=0x22 iptables v1.3.5: no command specified Try `iptables -h' or 'iptables --help' for more information. This is from a Centos5 box using version 1.6.9p17
This was fixed in a subsequent release. I can reproduce the problem with sudo 1.6.9p17 but not with 1.6.9p19 and above.
Ah, ok. Thank you. I'll file a bug with Redhat then.