From afaeb0ed5710921e75b65c5ea361a46c818f0af7 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Thu, 29 Sep 2022 13:43:20 -0600 Subject: [PATCH] Mark code that escapes/unescapes "sudo -s cmd args..." for removal. A future version of the plugin API will defer any such escaping to the policy plugin so it can be configurable. --- plugins/sudoers/strlcpy_unesc.c | 3 +++ plugins/sudoers/sudoers.c | 1 + src/parse_args.c | 1 + 3 files changed, 5 insertions(+) diff --git a/plugins/sudoers/strlcpy_unesc.c b/plugins/sudoers/strlcpy_unesc.c index ee6276e76..c8c89ac69 100644 --- a/plugins/sudoers/strlcpy_unesc.c +++ b/plugins/sudoers/strlcpy_unesc.c @@ -29,6 +29,9 @@ #include "sudoers.h" +/* + * Like strlcpy() but collapses non-space chars escaped with a backslash. + */ size_t strlcpy_unescape(char *dst, const char *src, size_t size) { diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c index abe63147d..c079ea3fb 100644 --- a/plugins/sudoers/sudoers.c +++ b/plugins/sudoers/sudoers.c @@ -1047,6 +1047,7 @@ set_cmnd(void) * When running a command via a shell, the sudo front-end * escapes potential meta chars. We unescape non-spaces * for sudoers matching and logging purposes. + * TODO: move escaping to the policy plugin instead */ user_args = strvec_join(NewArgv + 1, ' ', strlcpy_unescape); } else { diff --git a/src/parse_args.c b/src/parse_args.c index 1128604ed..56f207e8f 100644 --- a/src/parse_args.c +++ b/src/parse_args.c @@ -606,6 +606,7 @@ parse_args(int argc, char **argv, int *old_optind, int *nargc, char ***nargv, /* * For shell mode we need to rewrite argv + * TODO: move this to the policy plugin and make escaping configurable */ if (ISSET(flags, MODE_SHELL|MODE_LOGIN_SHELL) && ISSET(mode, MODE_RUN)) { char **av, *cmnd = NULL;