Bug 449 – wildcards in command alias match space

Bug 449 - wildcards in command alias match space


Summary:	wildcards in command alias match space

Status:	RESOLVED WONTFIX

Product:	Sudo
Classification:	Unclassified
Component:	Configure
Version:	1.7.4
Hardware:	All All

Importance:	normal normal
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2010-11-06 10:45 MDT by Luca Berra
Modified:	2010-11-30 12:31 MST (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Luca Berra 2010-11-06 10:45:46 MDT

with an entry like:
luser ALL=(ALL) NOPASSWD: /bin/cat /var/log/fubar/*
sudo allows luser to run commands like
sudo /bin/cat /var/log/fubar/foo /etc/shadow
quick workaround is making an entry like
luser ALL=(ALL) NOPASSWD: /bin/cat /var/log/fubar/*,!/bin/cat /var/log/fubar/* *

Comment 1 Todd C. Miller 2010-11-30 12:31:31 MST

The command line arguments are matched as a single string, which is why * matches a space.  This is less than ideal but it is the historic behavior.  A future version of sudo will include regular expression support for more flexible matching.