Bugzilla – Bug 817
Null username is converted to root without warning
Last modified: 2018-01-16 13:59:04 MST
If -u is passed "" as an argument, the user is assumed to be root. Example: $ user= $ sudo -u "$user" id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),19(log) Here's the same with a non-null $user variable $ user=ravi $ sudo -u "$user" id uid=1000(ravi) gid=1000(ravi) groups=1000(ravi),6(disk),7(lp),10(wheel),90(network),91(video),93(optical),95(storage),96(scanner),98(power) This is especially dangerous in scripts where the username may be unset (variable name mistyped perhaps?) or null. The behaviour fails towards the worst possible case (maximal permissions). $ sudo --version Sudo version 1.8.21p2 Sudoers policy plugin version 1.8.21p2 Sudoers file grammar version 46 Sudoers I/O plugin version 1.8.21p2 $
An empty runas user was treated as if no runas user was specified so runas_default was used. I've added some extra input validation so that empty arguments are no longer accepted for anything but the prompt. This is fixed by: https://www.sudo.ws/repos/sudo/rev/143be1bc8316 https://www.sudo.ws/repos/sudo/rev/93cc4f4761f3
Fixed in sudo 1.8.22, out now.