[sudo-users] double-backslash
Tim Bradshaw
tfb at tfeb.org
Thu Oct 10 03:59:52 MDT 2013
sudo's handling of backslash seems to be at best odd and at worst buggy.
I came across lines in a sudoers which look like this:
ALL ALL = (ALL:ALL) /usr/bin/find /my/dir -type f -exec my-command {} \\;
Well, that's obviously deeply confused, the backslash you need in the shell is simply to make the ';' not be special to the shell, so the command line doesn't have any backslashes in by the time sudo sees it.
But this works. And it seems to work because sudo treats '\\' as nothing at all! The line
ALL ALL = (ALL:ALL) /usr/bin/find /my/dir -type f -exec my-command {} ;
licenses the same command as the first one.
Indeed, any even number of backslashes seems to be elided.
Looking at the manual for sudoers, it is fairly vague about where you can use backslash altogether: it doesn't seem to be the case that '\x' means the normal 'x, but without any special meaning of x in the grammar', because '\' is not legal everywhere. But it is legal in some places where it should probably not be if I read the manual correctly: '\ ' works in commands, though I am not sure if it means anything different than ' '.
And this elision of '\\' means that you can never have commands that have a '\' in I think.
(Or, possibly, I can't read the manual properly).
More information about the sudo-users
mailing list