Add "list" pseudo-command to allow a user to list another user's

privs. Previously, only root or a user with the ability to run any command as either root or the target user on the current host could use the -U option. For "sudo -l [-U otheruser] command", NewArgv[0] is now set to "list" (just like "sudo -l") and the actual command to be checked starts with NewArgv[1].
2022-12-11 13:46:00 -07:00
parent 8c16c8faf6
commit a514a6eed5
9 changed files with 2577 additions and 2418 deletions
--- a/docs/sudoers.man.in
+++ b/docs/sudoers.man.in
@@ -25,7 +25,7 @@
 .nr BA @BAMAN@
 .nr LC @LCMAN@
 .nr PS @PSMAN@
-.TH "SUDOERS" "@mansectform@" "October 20, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDOERS" "@mansectform@" "December 9, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -1025,9 +1025,12 @@ Edit_Spec ::= "sudoedit" file name+ |
              "sudoedit" regex |
              "sudoedit"

+List_Spec ::= "list"
+
 Cmnd ::= Digest_List? '!'* command |
         '!'* directory |
         '!'* Edit_Spec |
+         '!'* List_Spec |
         '!'* Cmnd_Alias
 .RE
 .fi
@@ -1096,9 +1099,43 @@ character from being interpreted as a regular expression, the
 must be escaped with a
 \(oq\e\(cq.
 .PP
-The built-in command
+There are two commands built into
+\fBsudo\fR
+itself:
+\(lqlist\(rq
+and
+\(lqsudoedit\(rq.
+Unlike other commands, these two must be specified in the
+\fIsudoers\fR
+file
+\fIwithout\fR
+a leading path.
+.PP
+The
+\(lqlist\(rq
+built-in can be used to permit a user to list another user's privileges with
+\fBsudo\fR's
+\fB\-U\fR
+option.
+For example,
+\(lqsudo -l -U otheruser\(rq.
+A user with the
+\(lqlist\(rq
+privilege is able to list another user's privileges even if they
+don't have permission to run commands as that user.
+By default, only root or a user with the ability to run any command as
+either root or the specified
+\fIuser\fR
+on the current host may use the
+\fB\-U\fR
+option.
+No command line arguments may be specified with the
+\(lqlist\(rq
+built-in.
+.PP
+The
 \(lqsudoedit\(rq
-is used to permit a user to run
+built-in is used to permit a user to run
 \fBsudo\fR
 with the
 \fB\-e\fR
--- a/docs/sudoers.mdoc.in
+++ b/docs/sudoers.mdoc.in
@@ -25,7 +25,7 @@
 .nr BA @BAMAN@
 .nr LC @LCMAN@
 .nr PS @PSMAN@
-.Dd October 20, 2022
+.Dd December 9, 2022
 .Dt SUDOERS @mansectform@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -982,9 +982,12 @@ Edit_Spec ::= "sudoedit" file name+ |
              "sudoedit" regex |
              "sudoedit"

+List_Spec ::= "list"
+
 Cmnd ::= Digest_List? '!'* command |
         '!'* directory |
         '!'* Edit_Spec |
+         '!'* List_Spec |
         '!'* Cmnd_Alias
 .Ed
 .Pp
@@ -1052,9 +1055,43 @@ character from being interpreted as a regular expression, the
 must be escaped with a
 .Ql \e .
 .Pp
-The built-in command
+There are two commands built into
+.Nm sudo
+itself:
+.Dq list
+and
+.Dq sudoedit .
+Unlike other commands, these two must be specified in the
+.Em sudoers
+file
+.Em without
+a leading path.
+.Pp
+The
+.Dq list
+built-in can be used to permit a user to list another user's privileges with
+.Nm sudo Ns 's
+.Fl U
+option.
+For example,
+.Dq sudo -l -U otheruser .
+A user with the
+.Dq list
+privilege is able to list another user's privileges even if they
+don't have permission to run commands as that user.
+By default, only root or a user with the ability to run any command as
+either root or the specified
+.Ar user
+on the current host may use the
+.Fl U
+option.
+No command line arguments may be specified with the
+.Dq list
+built-in.
+.Pp
+The
 .Dq sudoedit
-is used to permit a user to run
+built-in is used to permit a user to run
 .Nm sudo
 with the
 .Fl e