[sudo-users] sudo, ksh, $0 - interesting behavior

Kevin Shortt kevinshortt at gmail.com
Mon Aug 15 16:41:12 EDT 2011


Thank you for the response. It definitely puts some reasons behind what I
came to discover after testing everything.
The line that was causing my condition was the following:        root

Well, I seem to have another issue around this condition.  Now that I expect
it to behave one way, I have run into an issue where it works one way on
Linux, and a another on Solaris.

I have the above rule in place on both servers.  The following script is
being used as a test along with the following test results from each server.
 I am looking for the Solaris results to be the same with and without using

Can anyone remark on what may be happening here?

BEGIN ==== test.sh
TESTVAR=$(dirname $0)
cd $TESTVAR >> /dev/null
export TESTVAR=$(pwd)

echo "$ 0:[$0]";
echo "$ TESTVAR:[$TESTVAR]";
END ==== test.sh

===== Test Results ======
==== Solaris
serverA:/opt/what/ever/path/we/need:$ ls -l ./test.sh
lrwxrwxrwx   1 kevinshortt   staff      22 Aug 11 16:39 ./test.sh ->

serverA:/opt/what/ever/path/we/need:$ sudo ./test.sh
$ 0:[/usr/local/bin/test.sh]
$ TESTVAR:[/usr/local/bin]

serverA:/opt/what/ever/path/we/need:$ ./test.sh
$ 0:[./test.sh]
$ TESVAR:[/opt/what/ever/path/we/need]

serverA:/opt/what/ever/path/we/need:$ sudo -V
Sudo version 1.6.9p16
serverA:/opt/what/ever/path/we/need:$ uname -a
SunOS serverA 5.10 Generic_142900-12 sun4v sparc SUNW,T5240

==== Linux
serverB:/opt/what/ever/path/we/need:$ ls -l test.sh
lrwxrwxrwx 1 kevinshortt staff 22 2011-08-15 13:44 test.sh ->

serverB:/opt/what/ever/path/we/need:$ sudo ./test.sh
$ 0:[./test.sh]
$ TESTVAR:[/opt/what/ever/path/we/need]

serverB:/opt/what/ever/path/we/need:$ ./test.sh
$ 0:[./test.sh]
$ TESTVAR:[/opt/what/ever/path/we/need]

serverB:/opt/what/ever/path/we/need:$ sudo -V
Sudo version 1.6.9p17
serverB:/opt/what/ever/path/we/need:$ uname -a
Linux serverB #1 SMP 2010-09-17 20:28:21 +0200 x86_64
x86_64 x86_64 GNU/Linux

On Fri, Aug 5, 2011 at 8:40 AM, Todd C. Miller <Todd.Miller at courtesan.com>wrote:

> On Thu, 04 Aug 2011 11:46:01 EDT, Kevin Shortt wrote:
> > I have an interesting issue.  $0 in a ksh script is scrubbed and sets
> > differently when using sudo and symlinks for the executed script.
> Sudo authorizes commands based on the inode number on the filesystem.
> As a result, if you had a sudoers rule like:
>    someuser ALL = /usr/local/bin/
> and /usr/local/bin/test.sh was your test script, then if someone
> does:
>    $ ln -s /usr/local/bin/test.sh .
>    $ sudo ./test.sh
> you will get the result you describe.  What happens is that sudo
> recognizes that ./test.sh and /usr/local/bin/test.sh are the same
> but executes /usr/local/bin/test.sh since it is the "safe" path to
> the command.  If sudo were to run ./test.sh it would create a race
> condition where the link could be swapped out with some other
> command.
> Now, if your rule was:
>    someuser ALL = ALL
> then sudo will execute ./test.sh directly since that matches "ALL".
> Hope that helps.
>  - todd

More information about the sudo-users mailing list