[sudo-users] path expansion

Aaron Spangler as at insight.rr.com
Sun Aug 1 22:40:09 EDT 2004

This is what I found so far:  (Testing on Knoppix/Debian Linux using 
latest Sudo)

# cat /etc/sudoers
user    ALL=(root) /bin/df

user$ sudo /bin/df        #works
user$ sudo df                #works since /bin is in path
user$ cd /bin; sudo ./df    # fails even though it probably should not

My theory is that things with a partial path are treated as a full path 
and thus not matched.  This also should means (horrifically) that say 
!/bin/sh is in /etc/sudoers and the person simply does cd /bin; sudo 
./sh would not prevent the user from getting a shell.

# cat /etc/sudoers
user   ALL=(root) ALL,!/bin/sh

user$ sudo df                 #works as it should
user$ sudo /bin/sh        # fails as it should
user$ cd /bin; sudo ./sh        # OUCH -  works, though it should fail

I'll try the same tests it against a much older sudo.


Galen Johnson wrote:

>Yes it does.  I thought that maybe it had to do with the path but even after I added it to my path I get the same thing.  Strange thing is it doesn't seem to be entirely consistant.  I mistakenly typed a cat command and it showed '/bin/cat /etc/sudoers' as not being allowed (at least the error expanded the path if nothing else).
>I verified this by
>cd /usr/local/sbin
>sudo -u root ./visudo
>I'd be very surprised if this behavior was exhibited on a different OS (not HPUX IPF 11.23) but I can't check that at the moment.
>-----Original Message-----
>From: Todd C. Miller [mailto:Todd.Miller at courtesan.com] 
>Sent: Saturday, July 31, 2004 5:57 PM
>To: Galen Johnson
>Cc: sudo-users at sudo.ws
>Subject: Re: [sudo-users] path expansion 
>That's definately unexpected behavior, if you cvan check whether
>this happens with the release candidate that would be useful.
> - todd
>sudo-users mailing list <sudo-users at sudo.ws>
>For list information, options, or to unsubscribe, visit:

More information about the sudo-users mailing list