[sudo-users] Sudo with directory allows .. to be added. How do I avoid this.
Todd C. Miller
Todd.Miller at courtesan.com
Tue Nov 23 10:31:11 EST 2010
The problem is that sudo does not have any real knowledge of whether
a command's arguments should be interpreted as pathnames or not.
Now, in the case of sudoedit or "sudo -e", any arguments should be
files to edit and so that assumption is valid. This means that
sudo can require that slash ('/') characters on the command line
match those in the sudoers file, regardless of any '*' globs. I've
checked in changes to this effect that will be part of sudo 1.7.5.
I've included the patch in question below which applies cleanly to
sudo 1.7.4.
- todd
diff -r 12da5b3249a3 -r 6087ba0064ff match.c
--- match.c Sat Nov 20 16:27:04 2010 -0500
+++ match.c Mon Nov 22 10:28:07 2010 -0500
@@ -366,6 +366,34 @@
return(matched);
}
+static int
+command_args_match(sudoers_cmnd, sudoers_args)
+ char *sudoers_cmnd;
+ char *sudoers_args;
+{
+ int flags = 0;
+
+ /*
+ * If no args specified in sudoers, any user args are allowed.
+ * If the empty string is specified in sudoers, no user args are allowed.
+ */
+ if (!sudoers_args ||
+ (!user_args && sudoers_args && !strcmp("\"\"", sudoers_args)))
+ return TRUE;
+ /*
+ * If args are specified in sudoers, they must match the user args.
+ * If running as sudoedit, all args are assumed to be paths.
+ */
+ if (sudoers_args) {
+ /* For sudoedit, all args are assumed to be pathnames. */
+ if (strcmp(sudoers_cmnd, "sudoedit") == 0)
+ flags = FNM_PATHNAME;
+ if (fnmatch(sudoers_args, user_args ? user_args : "", flags) == 0)
+ return TRUE;
+ }
+ return FALSE;
+}
+
/*
* If path doesn't end in /, return TRUE iff cmnd & path name the same inode;
* otherwise, return TRUE if user_cmnd names one of the inodes in path.
@@ -386,10 +414,7 @@
if (strcmp(sudoers_cmnd, "sudoedit") != 0 ||
strcmp(user_cmnd, "sudoedit") != 0)
return(FALSE);
- if (!sudoers_args ||
- (!user_args && sudoers_args && !strcmp("\"\"", sudoers_args)) ||
- (sudoers_args &&
- fnmatch(sudoers_args, user_args ? user_args : "", 0) == 0)) {
+ if (command_args_match(sudoers_cmnd, sudoers_args)) {
efree(safe_cmnd);
safe_cmnd = estrdup(sudoers_cmnd);
return(TRUE);
@@ -423,10 +448,7 @@
*/
if (fnmatch(sudoers_cmnd, user_cmnd, FNM_PATHNAME) != 0)
return(FALSE);
- if (!sudoers_args ||
- (!user_args && sudoers_args && !strcmp("\"\"", sudoers_args)) ||
- (sudoers_args &&
- fnmatch(sudoers_args, user_args ? user_args : "", 0) == 0)) {
+ if (command_args_match(sudoers_cmnd, sudoers_args)) {
if (safe_cmnd)
free(safe_cmnd);
safe_cmnd = estrdup(user_cmnd);
@@ -500,10 +522,7 @@
if (cp == NULL)
return(FALSE);
- if (!sudoers_args ||
- (!user_args && sudoers_args && !strcmp("\"\"", sudoers_args)) ||
- (sudoers_args &&
- fnmatch(sudoers_args, user_args ? user_args : "", 0) == 0)) {
+ if (command_args_match(sudoers_cmnd, sudoers_args)) {
efree(safe_cmnd);
safe_cmnd = estrdup(user_cmnd);
return(TRUE);
@@ -544,10 +563,7 @@
(user_stat->st_dev != sudoers_stat.st_dev ||
user_stat->st_ino != sudoers_stat.st_ino))
return(FALSE);
- if (!sudoers_args ||
- (!user_args && sudoers_args && !strcmp("\"\"", sudoers_args)) ||
- (sudoers_args &&
- fnmatch(sudoers_args, user_args ? user_args : "", 0) == 0)) {
+ if (command_args_match(sudoers_cmnd, sudoers_args)) {
efree(safe_cmnd);
safe_cmnd = estrdup(sudoers_cmnd);
return(TRUE);
More information about the sudo-users
mailing list