[sudo-users] sudo, ksh, $0 - interesting behavior

Kevin Shortt kevinshortt at gmail.com
Mon Aug 15 16:41:12 EDT 2011 

Todd,

Thank you for the response. It definitely puts some reasons behind what I
came to discover after testing everything.
The line that was causing my condition was the following:        root
ALL=(ALL) ALL

Well, I seem to have another issue around this condition.  Now that I expect
it to behave one way, I have run into an issue where it works one way on
Linux, and a another on Solaris.

I have the above rule in place on both servers.  The following script is
being used as a test along with the following test results from each server.
 I am looking for the Solaris results to be the same with and without using
sudo.

Can anyone remark on what may be happening here?

BEGIN ==== test.sh
#!/bin/ksh
TESTVAR=$(dirname $0)
cd $TESTVAR >> /dev/null
export TESTVAR=$(pwd)

echo "$ 0:[$0]";
echo "$ TESTVAR:[$TESTVAR]";
END ==== test.sh


===== Test Results ======
==== Solaris
serverA:/opt/what/ever/path/we/need:$ ls -l ./test.sh
lrwxrwxrwx   1 kevinshortt   staff      22 Aug 11 16:39 ./test.sh ->
/usr/local/bin/test.sh

serverA:/opt/what/ever/path/we/need:$ sudo ./test.sh
$ 0:[/usr/local/bin/test.sh]
$ TESTVAR:[/usr/local/bin]

serverA:/opt/what/ever/path/we/need:$ ./test.sh
$ 0:[./test.sh]
$ TESVAR:[/opt/what/ever/path/we/need]

serverA:/opt/what/ever/path/we/need:$ sudo -V
Sudo version 1.6.9p16
serverA:/opt/what/ever/path/we/need:$ uname -a
SunOS serverA 5.10 Generic_142900-12 sun4v sparc SUNW,T5240

==== Linux
serverB:/opt/what/ever/path/we/need:$ ls -l test.sh
lrwxrwxrwx 1 kevinshortt staff 22 2011-08-15 13:44 test.sh ->
/usr/local/bin/test.sh

serverB:/opt/what/ever/path/we/need:$ sudo ./test.sh
$ 0:[./test.sh]
$ TESTVAR:[/opt/what/ever/path/we/need]

serverB:/opt/what/ever/path/we/need:$ ./test.sh
$ 0:[./test.sh]
$ TESTVAR:[/opt/what/ever/path/we/need]

serverB:/opt/what/ever/path/we/need:$ sudo -V
Sudo version 1.6.9p17
serverB:/opt/what/ever/path/we/need:$ uname -a
Linux serverB 2.6.32.19-0.3-default #1 SMP 2010-09-17 20:28:21 +0200 x86_64
x86_64 x86_64 GNU/Linux


On Fri, Aug 5, 2011 at 8:40 AM, Todd C. Miller <Todd.Miller at courtesan.com>wrote:

> On Thu, 04 Aug 2011 11:46:01 EDT, Kevin Shortt wrote:
>
> > I have an interesting issue.  $0 in a ksh script is scrubbed and sets
> > differently when using sudo and symlinks for the executed script.
>
> Sudo authorizes commands based on the inode number on the filesystem.
> As a result, if you had a sudoers rule like:
>
>    someuser ALL = /usr/local/bin/
>
> and /usr/local/bin/test.sh was your test script, then if someone
> does:
>
>    $ ln -s /usr/local/bin/test.sh .
>    $ sudo ./test.sh
>
> you will get the result you describe.  What happens is that sudo
> recognizes that ./test.sh and /usr/local/bin/test.sh are the same
> but executes /usr/local/bin/test.sh since it is the "safe" path to
> the command.  If sudo were to run ./test.sh it would create a race
> condition where the link could be swapped out with some other
> command.
>
> Now, if your rule was:
>
>    someuser ALL = ALL
>
> then sudo will execute ./test.sh directly since that matches "ALL".
>
> Hope that helps.
>
>  - todd
>

More information about the sudo-users mailing list