Bug 451 – sudo with -i escapes commands with backslashes

Bug 451 - sudo with -i escapes commands with backslashes


Summary:	sudo with -i escapes commands with backslashes

Status:	RESOLVED FIXED

Product:	Sudo
Classification:	Unclassified
Component:	Sudo
Version:	1.7.4
Hardware:	Sun Solaris 2.x

Importance:	low normal
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2010-11-15 03:52 MST by mathews.dennis
Modified:	2011-03-03 09:53 MST (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description mathews.dennis 2010-11-15 03:52:11 MST

Since upgrading to 1.7.4p4, sudo -i seems to escape commands with backslashes. 

Config:
Cmnd_Alias   COMMAND=/bin/bash -c /var/tmp/a.sh ,/var/tmp/b.sh
foo         ALL=(bar) NOPASSWD: COMMAND


Command:
foo$ sudo -u bar -i /var/tmp/a.sh
Sorry, user foo is not allowed to execute '/bin/bash -c \/var\/tmp\/a\.sh' as bar on host

The config and commands work fine on 1.7.0, but get the same behavior on 1.7.3 and 1.7.4p4

Not sure if this is related, but this also fails on 1.7.4p4, but works fine on 1.7.0 and 1.7.3 :
foo$ sudo -u bar /var/tmp/b.sh
cannot access parent directories

Just to make sure it has nothing to do with the shell, I've tried the same with ksh with the same results.

Comment 1 Todd C. Miller 2010-11-30 12:10:06 MST

Sudo now escapes non-alphanumerics when running a command through a shell (sudo -i or sudo -s) to prevent quoting issues (see bug #413).  The current behavior, while safe, may be going overboard a bit.

Comment 2 Todd C. Miller 2011-03-03 09:53:18 MST

Fixed in sudo 1.7.5 and 1.8.0.  The escaping now happens immediately before the command is executed which should solve this.