isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove warning about wildcards. Now that we use glob() the bug is fixed.

Browse Source
This commit is contained in:
Todd C. Miller
2004-10-07 18:57:41 +00:00
parent 1b06f3e81d
commit d56b543a13
3 changed files with 108 additions and 224 deletions
Download Patch File Download Diff File Expand all files Collapse all files

280
sudoers.cat
View File

@@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN
1.6.9 October 4, 2004 1 1.6.9 October 7, 2004 1
@@ -127,7 +127,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.6.9 October 4, 2004 2 1.6.9 October 7, 2004 2
@@ -193,7 +193,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.6.9 October 4, 2004 3 1.6.9 October 7, 2004 3
@@ -259,7 +259,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.6.9 October 4, 2004 4 1.6.9 October 7, 2004 4
@@ -325,7 +325,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.6.9 October 4, 2004 5 1.6.9 October 7, 2004 5
@@ -391,7 +391,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.6.9 October 4, 2004 6 1.6.9 October 7, 2004 6
@@ -457,7 +457,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.6.9 October 4, 2004 7 1.6.9 October 7, 2004 7
@@ -523,7 +523,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.6.9 October 4, 2004 8 1.6.9 October 7, 2004 8
@@ -589,7 +589,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.6.9 October 4, 2004 9 1.6.9 October 7, 2004 9
@@ -655,7 +655,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.6.9 October 4, 2004 10 1.6.9 October 7, 2004 10
@@ -721,7 +721,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.6.9 October 4, 2004 11 1.6.9 October 7, 2004 11
@@ -787,7 +787,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.6.9 October 4, 2004 12 1.6.9 October 7, 2004 12
@@ -853,7 +853,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.6.9 October 4, 2004 13 1.6.9 October 7, 2004 13
@@ -919,7 +919,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.6.9 October 4, 2004 14 1.6.9 October 7, 2004 14
@@ -985,7 +985,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.6.9 October 4, 2004 15 1.6.9 October 7, 2004 15
@@ -1051,7 +1051,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
1.6.9 October 4, 2004 16 1.6.9 October 7, 2004 16
@@ -1068,30 +1068,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
match _/_u_s_r_/_b_i_n_/_w_h_o but not _/_u_s_r_/_b_i_n_/_X_1_1_/_x_t_e_r_m. match _/_u_s_r_/_b_i_n_/_w_h_o but not _/_u_s_r_/_b_i_n_/_X_1_1_/_x_t_e_r_m.
WARNING: a pathname with wildcards will nnoott match a user
command that consists of a relative path. In other words,
given the following _s_u_d_o_e_r_s entry:
billy workstation = /usr/bin/*
user billy will be able to run any command in /usr/bin as
root, such as _/_u_s_r_/_b_i_n_/_w. The following two command will
be allowed (the first assumes that _/_u_s_r_/_b_i_n is in the
user's path):
$ sudo w
$ sudo /usr/bin/w
However, this will not:
$ cd /usr/bin
$ sudo ./w
For this reason you should only ggrraanntt access to commands
using wildcards and never rreessttrriicctt access using them.
This limitation will be removed in a future version of
ssuuddoo.
EExxcceeppttiioonnss ttoo wwiillddccaarrdd rruulleess EExxcceeppttiioonnss ttoo wwiillddccaarrdd rruulleess
The following exceptions apply to the above rules: The following exceptions apply to the above rules:
@@ -1114,18 +1090,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
#include /etc/sudoers.local #include /etc/sudoers.local
1.6.9 October 4, 2004 17
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
When ssuuddoo reaches this line it will suspend processing of When ssuuddoo reaches this line it will suspend processing of
the current file (_/_e_t_c_/_s_u_d_o_e_r_s) and switch to _/_e_t_c_/_s_u_d_o_<08> the current file (_/_e_t_c_/_s_u_d_o_e_r_s) and switch to _/_e_t_c_/_s_u_d_o_<08>
_e_r_s_._l_o_c_a_l. Upon reaching the end of _/_e_t_c_/_s_u_d_o_e_r_s_._l_o_c_a_l, _e_r_s_._l_o_c_a_l. Upon reaching the end of _/_e_t_c_/_s_u_d_o_e_r_s_._l_o_c_a_l,
@@ -1150,6 +1114,18 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
_a_l_i_a_s called AALLLL as the built-in alias will be used in _a_l_i_a_s called AALLLL as the built-in alias will be used in
preference to your own. Please note that using AALLLL can be preference to your own. Please note that using AALLLL can be
dangerous since in a command context, it allows the user dangerous since in a command context, it allows the user
1.6.9 October 7, 2004 17
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
to run aannyy command on the system. to run aannyy command on the system.
An exclamation point ('!') can be used as a logical _n_o_t An exclamation point ('!') can be used as a logical _n_o_t
@@ -1180,18 +1156,6 @@ EEXXAAMMPPLLEESS
is important. In general, you should structure _s_u_d_o_e_r_s is important. In general, you should structure _s_u_d_o_e_r_s
such that the Host_Alias, User_Alias, and Cmnd_Alias spec<65> such that the Host_Alias, User_Alias, and Cmnd_Alias spec<65>
ifications come first, followed by any Default_Entry ifications come first, followed by any Default_Entry
1.6.9 October 4, 2004 18
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
lines, and finally the Runas_Alias and user specifica<63> lines, and finally the Runas_Alias and user specifica<63>
tions. The basic rule of thumb is you cannot reference an tions. The basic rule of thumb is you cannot reference an
Alias that has not already been defined. Alias that has not already been defined.
@@ -1208,6 +1172,26 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
Runas_Alias OP = root, operator Runas_Alias OP = root, operator
Runas_Alias DB = oracle, sybase Runas_Alias DB = oracle, sybase
1.6.9 October 7, 2004 18
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
# Host alias specification # Host alias specification
Host_Alias SPARC = bigtime, eclipse, moet, anchor :\ Host_Alias SPARC = bigtime, eclipse, moet, anchor :\
SGI = grolsch, dandelion, black :\ SGI = grolsch, dandelion, black :\
@@ -1242,22 +1226,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
the year in each log line since the log entries will be the year in each log line since the log entries will be
kept around for several years. kept around for several years.
1.6.9 October 4, 2004 19
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
# Override built-in defaults # Override built-in defaults
Defaults syslog=auth Defaults syslog=auth
Defaults>root !set_logname Defaults>root !set_logname
@@ -1279,6 +1247,17 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
Full time sysadmins (mmiilllleerrtt, mmiikkeeff, and ddoowwddyy) may run Full time sysadmins (mmiilllleerrtt, mmiikkeeff, and ddoowwddyy) may run
any command on any host without authenticating themselves. any command on any host without authenticating themselves.
1.6.9 October 7, 2004 19
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
PARTTIMERS ALL = ALL PARTTIMERS ALL = ALL
Part time sysadmins (bboossttlleeyy, jjwwffooxx, and ccrraawwll) may run Part time sysadmins (bboossttlleeyy, jjwwffooxx, and ccrraawwll) may run
@@ -1313,17 +1292,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root
1.6.9 October 4, 2004 20
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
The user ppeettee is allowed to change anyone's password The user ppeettee is allowed to change anyone's password
except for root on the _H_P_P_A machines. Note that this except for root on the _H_P_P_A machines. Note that this
assumes _p_a_s_s_w_d(1) does not take multiple usernames on the assumes _p_a_s_s_w_d(1) does not take multiple usernames on the
@@ -1344,6 +1312,18 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser +secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser
Users in the sseeccrreettaarriieess netgroup need to help manage the Users in the sseeccrreettaarriieess netgroup need to help manage the
1.6.9 October 7, 2004 20
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
printers as well as add and remove users, so they are printers as well as add and remove users, so they are
allowed to run those commands on all machines. allowed to run those commands on all machines.
@@ -1379,17 +1359,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
On his personal workstation, valkyrie, mmaatttt needs to be On his personal workstation, valkyrie, mmaatttt needs to be
able to kill hung processes. able to kill hung processes.
1.6.9 October 4, 2004 21
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
WEBMASTERS www = (www) ALL, (root) /usr/bin/su www WEBMASTERS www = (www) ALL, (root) /usr/bin/su www
On the host www, any user in the _W_E_B_M_A_S_T_E_R_S User_Alias On the host www, any user in the _W_E_B_M_A_S_T_E_R_S User_Alias
@@ -1409,6 +1378,18 @@ SSEECCUURRIITTYY NNOOTTEESS
It is generally not effective to "subtract" commands from It is generally not effective to "subtract" commands from
ALL using the '!' operator. A user can trivially circum<75> ALL using the '!' operator. A user can trivially circum<75>
vent this by copying the desired command to a different vent this by copying the desired command to a different
1.6.9 October 7, 2004 21
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
name and then executing that. For example: name and then executing that. For example:
bill ALL = ALL, !SU, !SHELLS bill ALL = ALL, !SU, !SHELLS
@@ -1444,18 +1425,6 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS
the ability to override default library func<6E> the ability to override default library func<6E>
tions by pointing an environment variable (usu<73> tions by pointing an environment variable (usu<73>
ally LD_PRELOAD) to an alternate shared library. ally LD_PRELOAD) to an alternate shared library.
1.6.9 October 4, 2004 22
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
On such systems, ssuuddoo's _n_o_e_x_e_c functionality can On such systems, ssuuddoo's _n_o_e_x_e_c functionality can
be used to prevent a program run by ssuuddoo from be used to prevent a program run by ssuuddoo from
executing any other programs. Note, however, executing any other programs. Note, however,
@@ -1475,6 +1444,18 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
File containing dummy exec functions: File containing dummy exec functions:
then ssuuddoo may be able to replace the exec family then ssuuddoo may be able to replace the exec family
1.6.9 October 7, 2004 22
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
of functions in the standard library with its of functions in the standard library with its
own that simply return an error. Unfortunately, own that simply return an error. Unfortunately,
there is no foolproof way to know whether or not there is no foolproof way to know whether or not
@@ -1510,18 +1491,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
can transparently intercept a new command, allow can transparently intercept a new command, allow
or deny it based on _s_u_d_o_e_r_s, and log the result. or deny it based on _s_u_d_o_e_r_s, and log the result.
This does require that ssuuddoo become a daemon that This does require that ssuuddoo become a daemon that
1.6.9 October 4, 2004 23
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
persists until the command and all its descen<65> persists until the command and all its descen<65>
dents have exited. dents have exited.
@@ -1542,6 +1511,17 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
and Linux. See <http://www.systrace.org/> for and Linux. See <http://www.systrace.org/> for
more information. more information.
1.6.9 October 7, 2004 23
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
Note that restricting shell escapes is not a panacea. Note that restricting shell escapes is not a panacea.
Programs running as root are still capable of many poten<65> Programs running as root are still capable of many poten<65>
tially hazardous operations (such as changing or overwrit<69> tially hazardous operations (such as changing or overwrit<69>
@@ -1576,18 +1556,6 @@ SSUUPPPPOORRTT
Limited free support is available via the sudo-users mail<69> Limited free support is available via the sudo-users mail<69>
ing list, see http://www.sudo.ws/mail<69> ing list, see http://www.sudo.ws/mail<69>
man/listinfo/sudo-users to subscribe or search the man/listinfo/sudo-users to subscribe or search the
1.6.9 October 4, 2004 24
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
archives. archives.
DDIISSCCLLAAIIMMEERR DDIISSCCLLAAIIMMEERR
@@ -1611,40 +1579,6 @@ DDIISSCCLLAAIIMMEERR
1.6.9 October 7, 2004 24
1.6.9 October 4, 2004 25

30
sudoers.man.in
View File

@@ -149,7 +149,7 @@
.\" ======================================================================== .\" ========================================================================
.\" .\"
.IX Title "SUDOERS @mansectform@" .IX Title "SUDOERS @mansectform@"
.TH SUDOERS @mansectform@ "October 4, 2004" "1.6.9" "MAINTENANCE COMMANDS" .TH SUDOERS @mansectform@ "October 7, 2004" "1.6.9" "MAINTENANCE COMMANDS"
.SH "NAME" .SH "NAME"
sudoers \- list of which users may execute what sudoers \- list of which users may execute what
.SH "DESCRIPTION" .SH "DESCRIPTION"
@@ -1030,34 +1030,6 @@ wildcards. This is to make a path like:
.Ve .Ve
.PP .PP
match \fI/usr/bin/who\fR but not \fI/usr/bin/X11/xterm\fR. match \fI/usr/bin/who\fR but not \fI/usr/bin/X11/xterm\fR.
.PP
\&\s-1WARNING:\s0 a pathname with wildcards will \fBnot\fR match a user command
that consists of a relative path. In other words, given the
following \fIsudoers\fR entry:
.PP
.Vb 1
\& billy workstation = /usr/bin/*
.Ve
.PP
user billy will be able to run any command in /usr/bin as root, such
as \fI/usr/bin/w\fR. The following two command will be allowed (the first
assumes that \fI/usr/bin\fR is in the user's path):
.PP
.Vb 2
\& $ sudo w
\& $ sudo /usr/bin/w
.Ve
.PP
However, this will not:
.PP
.Vb 2
\& $ cd /usr/bin
\& $ sudo ./w
.Ve
.PP
For this reason you should only \fBgrant\fR access to commands using
wildcards and never \fBrestrict\fR access using them. This limitation
will be removed in a future version of \fBsudo\fR.
.Sh "Exceptions to wildcard rules" .Sh "Exceptions to wildcard rules"
.IX Subsection "Exceptions to wildcard rules" .IX Subsection "Exceptions to wildcard rules"
The following exceptions apply to the above rules: The following exceptions apply to the above rules:

22
sudoers.pod
View File

@@ -942,28 +942,6 @@ wildcards. This is to make a path like:
match F</usr/bin/who> but not F</usr/bin/X11/xterm>. match F</usr/bin/who> but not F</usr/bin/X11/xterm>.
WARNING: a pathname with wildcards will B<not> match a user command
that consists of a relative path. In other words, given the
following I<sudoers> entry:
billy workstation = /usr/bin/*
user billy will be able to run any command in /usr/bin as root, such
as F</usr/bin/w>. The following two command will be allowed (the first
assumes that F</usr/bin> is in the user's path):
$ sudo w
$ sudo /usr/bin/w
However, this will not:
$ cd /usr/bin
$ sudo ./w
For this reason you should only B<grant> access to commands using
wildcards and never B<restrict> access using them. This limitation
will be removed in a future version of B<sudo>.
=head2 Exceptions to wildcard rules =head2 Exceptions to wildcard rules
The following exceptions apply to the above rules: The following exceptions apply to the above rules: