Bugzilla – Bug 626
sudo /bin/ls failes on directories where root does not have permissions and NOEXEC is set
Last modified: 2014-01-08 14:32:51 MST
As far as I have been able to verify, this problem exists from version 1.8.1p2 onwards. Versions 1.8.0 and 1.7.10p6 does not seem to have this problem. Here is the sudoRole object: sudoCommand: /usr/bin/ls sudoOption: !authenticate sudoOption: !lecture sudoOption: noexec sudoUser: <myusername> objectClass: sudoRole objectClass: top sudoHost: ALL To reproduce the problem: # mkdir /tmp/a /tmp/b # chmod 700 /tmp/a /tmp/b # chown root:root /tmp/a # chown bin:bin /tmp/b On directory /tmp/a, which is owned by root, there is no problem: $ sudo /usr/bin/ls -l /tmp/a total 0 But on /tmp/b which is owned by bin, I do not get access, even when I sudo to user root: # sudo /usr/bin/ls -l /tmp/b /tmp/b: Permission denied total 16 If I remove the NOEXEC option, however, I can also access /tmp/b: $ sudo /usr/bin/ls -l /tmp/b total 0 I need the NOEXEC option, so removing it is only good for testing.
It looks like the PRIV_PROC_EXEC permission is disabling more than just execution of subcommands and is affecting DAC file permissions too. As a workaround you should be able to edit config.h and comment out the line: #define HAVE_PRIV_SET 1 and rebuild sudo.
Created attachment 389 [details] Workaround for solaris noexec problem I'm not sure why this would be required but the attached patch seems to work around the issue.
I have tried the supplied patch, and can comfirm that it worked.
Sudo 1.8.9 is now out and contains the workaround.