[sudo-users] double-backslash
Todd C. Miller
Todd.Miller at courtesan.com
Thu Oct 10 12:06:17 MDT 2013
On Thu, 10 Oct 2013 10:59:52 +0100, Tim Bradshaw wrote:
When sudo parses:
ALL ALL = (ALL:ALL) /usr/bin/find /my/dir -type f -exec my-command {} \\;
it will replace the double backslash with a single one, e.g.
ALL ALL = (ALL:ALL) /usr/bin/find /my/dir -type f -exec my-command {} \;
However, when it comes time to actually match the arguments, the
presence of the '\' character causes fnmatch() to be used instead
of a literal string match. fnmatch() also handles backslash escaping
so it will treat '\;' as ';'.
So the backslash gets removed in two different places, which is not
really what we want. I don't see the behavior you describe with
multiple backslashes, though. Given:
millert ALL = /bin/echo \\;
I am able to run:
$ sudo /bin/echo \;
as the shell needs the ';' escaped. However, for
millert ALL = /bin/echo \\\\;
I can only run:
$ sudo /bin/echo \\\;
- todd
More information about the sudo-users
mailing list