enforcing argument restrictions in sudoers?
nocturne at arepa.com
Tue Nov 21 13:30:27 EST 2000
Sudo seems to use a Berkeley fnmatch(3) to compare the config-file argument
pattern with the actual command the user specified.
Which seems to yield the result that this sudoers entry:
ALL ALL = /bin/cat /foo/*
allows users to run "cat /foo/bar /etc/shadow" with no complaints.
Is there any way to tighten this up, assuming the user has no write access
to /foo ? Any way of adjusting the sudoers entry to allow multiple arguments
all of which start with "/foo/", or even simply to allow only a single
argument which starts with "/foo/" ?
I've read the sudoers manpage many times now but remain unenlightened; there
seems to have been only brief mention of this issue over the last year on
this maillist, and I was unable to find any reply to the actual question. I
tracked things through the source enough to see that fnmatch is comparing
the sudoers args with the user args, but fnmatch is a bit too dense for me
to try second-guessing its manpage before asking what I can only imagine
must be a fairly common question.
Yes, I could write a wrapper around cat which performs argument validation,
and then have that invoked via sudo, but it's really hard for me to believe
that this problem has not been solved _inside_ of sudo in almost 10 years of
Thanks for your time.
More information about the sudo-users