Wildcards broken in sudo / sudoers
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sudo |
Fix Released
|
Unknown
|
|||
sudo (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Hardy |
Fix Released
|
High
|
Martin Pitt |
Bug Description
Binary package hint: sudo
Sudo allows wildcards to be used in pathnames or command line arguments. This behavior appears to be broken in hardy, whereas I can verify that it worked in 7.04 and 7.10.
As an example, if you had a user bob who you wanted to be able to install software via apt-get, but didn't want him to remove software you might add the following entry to your sudoers file via visudo:
bob ALL=/usr/
This would enable bob to run "apt-get install $FOO", but not "apt-get remove $FOO"
Under Hardy, bob is out of luck. Bob gets a "Sorry, user bob is not allowed to execute '/usr/bin/apt-get install foo' as root on hostname." error
The "sudoers" man page suggests that the wildcard matching is done via the POSIX fnmatch(3) routine. Could it be that this is failing? I'm not sure how to test for that.
Furthermore, there is a possible (though probably edge-case) local security risk for people bringing rulesets forward that involve wildcard deny statements. As a simple example, I'd like alice to be able to list any file or directory as root, except if the file / directory begins with "foo" because those directories are top secret:
alice ALL = /bin/ls, !/bin/ls foo[A-z]*
I can verify that sudo improperly allows alice to "sudo ls fooSecret"
Sudo behaves correctly when the wildcard match is removed from the negation statement:
alice ALL = /bin/ls, !/bin/ls foo
alice$> sudo ls bar
these files are not secret
alice$> sudo ls foo
Sorry, user alice is not allowed to execute '/bin/ls foo' as root on hostname.
Changed in sudo: | |
status: | Unknown → Confirmed |
Changed in sudo: | |
status: | Confirmed → In Progress |
Changed in sudo: | |
status: | In Progress → Fix Released |
Hmm... Has anyone looked at this? Sudo would seem like a bad application to have counter-documented behavior in?