Bug 437 - Syntax Error on LOG_INPUT/LOG_OUTPUT Tags
Syntax Error on LOG_INPUT/LOG_OUTPUT Tags
Status: RESOLVED FIXED
Product: Sudo
Classification: Unclassified
Component: Visudo
1.7.4
IBM AIX
: low normal
Assigned To: Todd C. Miller
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2010-09-07 16:10 MDT by Chris Wheeler
Modified: 2011-01-15 12:21 MST (History)
0 users

See Also:


Attachments
Replacement toke.c for sudo 1.7.4p4 (117.65 KB, text/plain)
2010-09-07 17:14 MDT, Todd C. Miller
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Wheeler 2010-09-07 16:10:38 MDT
After compiling Sudo 1.7.4p4 on AIX, both visudo and sudo throw syntax errors when using any of the new I/O logging command tags (LOG_INPUT, LOG_OUTPUT, NOLOG_INPUT, NOLOG_OUTPUT).  Here is an example of the usage...

testuser ALL = LOG_INPUT: /usr/bin/su -

When this entry appears in the sudoers file, visudo displays the following when attempting to save the file...

>>> /etc/sudoers: syntax error near line 227 <<<
What now?

It appears that the I/O logging is working otherwise.  If it is configured with "Defaults log_input", it captures the session input as expected.
Comment 1 Todd C. Miller 2010-09-07 17:14:26 MDT
Created attachment 292 [details]
Replacement toke.c for sudo 1.7.4p4

The lexer is missing support for LOG_INPUT/LOG_OUTPUT.  If you build the attached toke.c instead it should work as documented.
Comment 2 Chris Wheeler 2010-09-08 10:55:07 MDT
Thanks.  Looks like that did the trick.
Comment 3 Todd C. Miller 2011-01-15 12:21:02 MST
Fixed in sudo 1.7.4p5
Comment 4 Todd C. Miller 2011-01-15 12:21:30 MST
Fixed in sudo 1.7.4p5