[sudo-users] Parsing the sudoers file

Tim Bradshaw tfb at tfeb.org
Mon Sep 23 05:09:27 MDT 2013

As a final comment on this thread, I think it would be an extremely good thing if sudo had a mode which simply parses the sudoers file and spits out the parse tree in some widely-known form: JSON would be ideal I think, but some XML thing would be OK as well.  Then some other application could walk the tree and make deductions from it. That would avoid the problem of things that want to do this having to reinvent sudo's parser, and getting it wrong (in all cases that I've seen), with resulting possible security excitements.

I realise that this is nearly a canonical example of the annoying "this free tool should have some new feature but I am not willing to help provide that feature" thing, and I apologise for that: I did look at the code and decided my C was no longer good enough to do this, especially for a security-sensitive tool like sudo.  I'm also obviously not expecting someone to implement it for me, I just think it would be useful if it existed.


More information about the sudo-users mailing list