[Bug 893235] [NEW] sudo -i invalid escaping

Tuomas Silen 893235 at bugs.launchpad.net
Mon Nov 21 18:18:45 UTC 2011 

Public bug reported:

Ubuntu release: 11.04
Sudo package: 1.7.4p4-5ubuntu7.1

Current sudo version escapes commands so that they can never match
anything in sudoers when using -i parameter (login shell).

What is expected (happens in 1.7.2 (ie. Ubuntu 10.04) and 1.7.5):

sudoers:
Cmnd_Alias   COMMAND=/bin/bash -c /foo/bar/test.sh

command:
$ sudo -i /foo/bar/test.sh

sudo sees the command like this:
COMMAND=/bin/bash -c /foo/bar/test.sh

And the command matches the rule in sudoers and is executed.

What happens instead:
When running
$ sudo -i /foo/bar/test.sh

the command fails because it doesn't match anything in sudoers, because sudo escapes the command to this:
COMMAND=/bin/bash -c \/foo\/bar\/test\.sh

and that won't match the command in sudoers because of the backslashes.
It is also not possible to make similar escaping in sudoers file as you
get syntax error.

I couldn't find any workaround for this, so it seems to be quite
critical. The fix should probably be backported from sudo 1.7.5.

See sudo bug #451 http://www.sudo.ws/sudo/bugs/show_bug.cgi?id=451

** Affects: sudo (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/893235

Title:
  sudo -i invalid escaping

Status in “sudo” package in Ubuntu:
  New

Bug description:
  Ubuntu release: 11.04
  Sudo package: 1.7.4p4-5ubuntu7.1

  Current sudo version escapes commands so that they can never match
  anything in sudoers when using -i parameter (login shell).

  What is expected (happens in 1.7.2 (ie. Ubuntu 10.04) and 1.7.5):

  sudoers:
  Cmnd_Alias   COMMAND=/bin/bash -c /foo/bar/test.sh

  command:
  $ sudo -i /foo/bar/test.sh

  sudo sees the command like this:
  COMMAND=/bin/bash -c /foo/bar/test.sh

  And the command matches the rule in sudoers and is executed.

  What happens instead:
  When running
  $ sudo -i /foo/bar/test.sh

  the command fails because it doesn't match anything in sudoers, because sudo escapes the command to this:
  COMMAND=/bin/bash -c \/foo\/bar\/test\.sh

  and that won't match the command in sudoers because of the
  backslashes. It is also not possible to make similar escaping in
  sudoers file as you get syntax error.

  I couldn't find any workaround for this, so it seems to be quite
  critical. The fix should probably be backported from sudo 1.7.5.

  See sudo bug #451 http://www.sudo.ws/sudo/bugs/show_bug.cgi?id=451

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/893235/+subscriptions

More information about the foundations-bugs mailing list