[sudo-users] double-backslash

Todd C. Miller Todd.Miller at courtesan.com
Thu Oct 10 12:06:17 MDT 2013

On Thu, 10 Oct 2013 10:59:52 +0100, Tim Bradshaw wrote:

When sudo parses:

ALL ALL = (ALL:ALL) /usr/bin/find /my/dir -type f -exec my-command {} \\;

it will replace the double backslash with a single one, e.g.

ALL ALL = (ALL:ALL) /usr/bin/find /my/dir -type f -exec my-command {} \;

However, when it comes time to actually match the arguments, the
presence of the '\' character causes fnmatch() to be used instead
of a literal string match.  fnmatch() also handles backslash escaping
so it will treat '\;' as ';'.

So the backslash gets removed in two different places, which is not
really what we want.  I don't see the behavior you describe with
multiple backslashes, though.  Given:

millert ALL = /bin/echo \\;

I am able to run:

$ sudo /bin/echo \;

as the shell needs the ';' escaped.  However, for

millert ALL = /bin/echo \\\\;

I can only run:

$ sudo /bin/echo \\\;

 - todd

More information about the sudo-users mailing list