[sudo-users] sudo, ksh, $0 - interesting behavior
Todd C. Miller
Todd.Miller at courtesan.com
Fri Aug 5 08:40:07 EDT 2011
On Thu, 04 Aug 2011 11:46:01 EDT, Kevin Shortt wrote:
> I have an interesting issue. $0 in a ksh script is scrubbed and sets
> differently when using sudo and symlinks for the executed script.
Sudo authorizes commands based on the inode number on the filesystem.
As a result, if you had a sudoers rule like:
someuser ALL = /usr/local/bin/
and /usr/local/bin/test.sh was your test script, then if someone
does:
$ ln -s /usr/local/bin/test.sh .
$ sudo ./test.sh
you will get the result you describe. What happens is that sudo
recognizes that ./test.sh and /usr/local/bin/test.sh are the same
but executes /usr/local/bin/test.sh since it is the "safe" path to
the command. If sudo were to run ./test.sh it would create a race
condition where the link could be swapped out with some other
command.
Now, if your rule was:
someuser ALL = ALL
then sudo will execute ./test.sh directly since that matches "ALL".
Hope that helps.
- todd
More information about the sudo-users
mailing list