[sudo-users] fuzzy command acceptance?
Woodward, Andrew
andreww at telenav.com
Tue May 3 19:35:43 EDT 2011
I realize that the last message was excessively long, here's a summary
including some additional testing I performed
+--+---------------------+-------------+-------------+----------+
| #| sudoCommand | called | SudoAllowed | Expected |
+--+---------------------+-------------+-------------+----------+
|1 | test_args.sh | $0 | Yes | Yes |
|2 | test_args.sh | $0 arga | Yes | Yes |
|3 | test_args.sh | $0 arga 1 | Yes | Yes |
+--+---------------------+-------------+-------------+----------+
|4 | test_args.sh arga | $0 arga | Yes | Yes |
|5 | test_args.sh arga | $0 arga 1 | No | No |
+--+---------------------+-------------+-------------+----------+
|6 | test_args.sh arga* | $0 arga 1 | Yes | Yes |
|7 | test_args.sh arga* | $0 argaaba | Yes | Yes |
+--+---------------------+-------------+-------------+----------+
|8 | test_args.sh arga * | "$0 arga" | No | Yes |
|9 | test_args.sh arga * | "$0 arga\ " | Yes | Yes |
|10| test_args.sh arga * | "$0 arga 1" | Yes | Yes |
+--+---------------------+-------------+-------------+----------+
The issue that I'm having is that when I specify a the sudoCommand as
"command" its matched and any arguments are accepted. When I specify
sudoCommand as "command arg1" it will only accept "command arg1" any
additional arguments are rejected. From my testing adding a wildcard (*) to
the sudoCommand creates some un desired results. Case 7 shows that
additional characters could be added to the argument where it is only
desired to require a specific argument and allow additional arguments. Cases
8,9,10 show that placing a space off the wildcard preserves the argument
requirement, but also forces the user to include a space.
I've also tested other wild card options, but ?, and [ ] don't appear to be
accepted from the LDAP side which is a show stopper for us.
-
Andrew Woodward
More information about the sudo-users
mailing list