[sudo-workers] display_privs return value
Radovan Sroka
rsroka at redhat.com
Thu Aug 31 06:24:59 MDT 2017
Hi sudo-workers,
I think that return value of display_privs shoud be always 1.
There are two users: userallowed, usernotallowed
When you add this inside of sudoers:
userallowed ALL=(ALL) ALL
And run:
userallowed $ sudo -l -U usernotallowed
User usernotallowed is not allowed to run sudo on ..
userallowed $ echo $?
1
I think this should be 0 because userallowed is able to use sudo even
there is nothing to print.
usernotallowed $ sudo -l
some output...
userallowed $ echo $?
1
This is ok because usernotallowed is not able to use sudo.
This behavior was changed 2 years ago and I think that makes sense to
have it back.
--- ./plugins/sudoers/sudo_nss.c.display-privs 2017-01-13
23:30:15.000000000 -0500
+++ ./plugins/sudoers/sudo_nss.c.display-privs 2017-08-31
07:41:02.764738698 -0400
@@ -348,7 +348,11 @@ display_privs(struct sudo_nss_list *snl,
sudo_lbuf_destroy(&defs);
sudo_lbuf_destroy(&privs);
- debug_return_int(count > 0);
+/*
+ * This is ok, we return 1 which is success in this case
+ * and we don't want return failure even when there is nothing to print
+ */
+ debug_return_int(1);
bad:
sudo_lbuf_destroy(&defs);
sudo_lbuf_destroy(&privs);
--
--
---------------------------------------------------------
Radovan Sroka
Associate Software Engineer | Security Technologies | Red hat, Inc.
More information about the sudo-workers
mailing list