Bug 816 – Avoid duplicates or wrong entry in sudo -l output

Bug 816 - Avoid duplicates or wrong entry in sudo -l output


Summary:	Avoid duplicates or wrong entry in sudo -l output

Status:	NEW

Product:	Sudo
Classification:	Unclassified
Component:	Sudo
Version:	1.8.21
Hardware:	All All

Importance:	low enhancement
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2017-12-07 04:05 MST by Daniele Palumbo
Modified:	2017-12-07 04:05 MST (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniele Palumbo 2017-12-07 04:05:52 MST

Given the configuration
root@build-jessie-amd64:~# cat /etc/sudoers
Defaults log_output
Defaults !log_output
Defaults log_output
Defaults syslog
Defaults !syslog
Defaults !logfile
Defaults logfile=/var/log/sudo.log
root ALL = NOPASSWD: ALL
daniele ALL = NOPASSWD: ALL
root@build-jessie-amd64:~# 

The following is listed:
root@build-jessie-amd64:~# sudo -l
Matching Defaults entries for root on build-jessie-amd64:
    log_output, !log_output, log_output, syslog, !syslog, !logfile, logfile=/var/log/sudo.log

User root may run the following commands on build-jessie-amd64:
    (root) NOPASSWD: ALL
root@build-jessie-amd64:~# 

Defaults are repeated and last one has to be matched.

- For Defaults that negate the previous one only the latest should be printed.
- For entry that are written multiple time and/or fully overrinding the previous one, only the latest should be printed.