From: Todd C. Miller Date: Fri, 7 Aug 2015 18:37:15 +0000 (-0600) Subject: Emphasize that wildcards are not regexps. Bug #692 X-Git-Tag: SUDO_1_8_15^2~90 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=796911b3fab51e27c1ca4892bef5b92fb1aa6224;p=sudo Emphasize that wildcards are not regexps. Bug #692 --- diff --git a/doc/sudoers.cat b/doc/sudoers.cat index 4f5dabad3..ae7c8a95b 100644 --- a/doc/sudoers.cat +++ b/doc/sudoers.cat @@ -675,43 +675,47 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT ssuuddoo allows shell-style _w_i_l_d_c_a_r_d_s (aka meta or glob characters) to be used in host names, path names and command line arguments in the _s_u_d_o_e_r_s file. Wildcard matching is done via the glob(3) and fnmatch(3) functions - as specified by IEEE Std 1003.1 (``POSIX.1''). Note that these are _n_o_t - regular expressions. + as specified by IEEE Std 1003.1 (``POSIX.1''). - * Matches any set of zero or more characters. + * Matches any set of zero or more characters (including white + space). - ? Matches any single character. + ? Matches any single character (including white space). [...] Matches any character in the specified range. - [!...] Matches any character nnoott in the specified range. + [!...] Matches any character _n_o_t in the specified range. \x For any character `x', evaluates to `x'. This is used to escape special characters such as: `*', `?', `[', and `]'. - Character classes may also be used if your system's glob(3) and - fnmatch(3) functions support them. However, because the `:' character - has special meaning in _s_u_d_o_e_r_s, it must be escaped. For example: + NNoottee tthhaatt tthheessee aarree nnoott rreegguullaarr eexxpprreessssiioonnss.. Unlike a regular expression + there is no way to match one or more characters within a range. + + Character classes may be used if your system's glob(3) and fnmatch(3) + functions support them. However, because the `:' character has special + meaning in _s_u_d_o_e_r_s, it must be escaped. For example: /bin/ls [[\:alpha\:]]* Would match any file name beginning with a letter. - Note that a forward slash (`/') will nnoott be matched by wildcards used in + Note that a forward slash (`/') will _n_o_t be matched by wildcards used in the file name portion of the command. This is to make a path like: /usr/bin/* match _/_u_s_r_/_b_i_n_/_w_h_o but not _/_u_s_r_/_b_i_n_/_X_1_1_/_x_t_e_r_m. - When matching the command line arguments, however, a slash ddooeess get + When matching the command line arguments, however, a slash _d_o_e_s get matched by wildcards since command line arguments may contain arbitrary strings and not just path names. WWiillddccaarrddss iinn ccoommmmaanndd lliinnee aarrgguummeennttss sshhoouulldd bbee uusseedd wwiitthh ccaarree.. Command line arguments are matched as a single, concatenated string. - This mean a wildcard such as `?' or `*' will match _m_u_l_t_i_p_l_e words. For - example, while a sudoers entry like: + This mean a wildcard character such as `?' or `*' will match across word + boundaries, which may be unexpected. For example, while a sudoers entry + like: %operator ALL = /bin/cat /var/log/messages* @@ -723,14 +727,15 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT $ sudo cat /var/log/messages /etc/shadow - which is probably not what was intended. + which is probably not what was intended. In most cases it is better to + do command line processing outside of _s_u_d_o_e_r_s in a scripting language. EExxcceeppttiioonnss ttoo wwiillddccaarrdd rruulleess The following exceptions apply to the above rules: "" If the empty string "" is the only command line argument in the _s_u_d_o_e_r_s entry it means that command is not allowed to be run - with aannyy arguments. + with _a_n_y arguments. sudoedit Command line arguments to the _s_u_d_o_e_d_i_t built-in command should always be path names, so a forward slash (`/') will not be @@ -782,7 +787,7 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT manager or editor temporary/backup files. Files are parsed in sorted lexical order. That is, _/_e_t_c_/_s_u_d_o_e_r_s_._d_/_0_1___f_i_r_s_t will be parsed before _/_e_t_c_/_s_u_d_o_e_r_s_._d_/_1_0___s_e_c_o_n_d. Be aware that because the sorting is lexical, - not numeric, _/_e_t_c_/_s_u_d_o_e_r_s_._d_/_1___w_h_o_o_p_s would be loaded aafftteerr + not numeric, _/_e_t_c_/_s_u_d_o_e_r_s_._d_/_1___w_h_o_o_p_s would be loaded _a_f_t_e_r _/_e_t_c_/_s_u_d_o_e_r_s_._d_/_1_0___s_e_c_o_n_d. Using a consistent number of leading zeroes in the file names can be used to avoid such problems. @@ -804,7 +809,7 @@ SSUUDDOOEERRSS FFIILLEE FFOORRMMAATT User_Alias, Runas_Alias, or Host_Alias. You should not try to define your own _a_l_i_a_s called AALLLL as the built-in alias will be used in preference to your own. Please note that using AALLLL can be dangerous - since in a command context, it allows the user to run aannyy command on the + since in a command context, it allows the user to run _a_n_y command on the system. An exclamation point (`!') can be used as a logical _n_o_t operator in a diff --git a/doc/sudoers.man.in b/doc/sudoers.man.in index 745310006..3ea41689f 100644 --- a/doc/sudoers.man.in +++ b/doc/sudoers.man.in @@ -1463,22 +1463,19 @@ and fnmatch(3) functions as specified by IEEE Std 1003.1 (\(LqPOSIX.1\(Rq). -Note that these are -\fInot\fR -regular expressions. .TP 10n \fR*\fR -Matches any set of zero or more characters. +Matches any set of zero or more characters (including white space). .TP 10n \fR\&?\fR -Matches any single character. +Matches any single character (including white space). .TP 10n \fR[...]\fR Matches any character in the specified range. .TP 10n \fR[!...]\fR Matches any character -\fBnot\fR +\fInot\fR in the specified range. .TP 10n \fR\ex\fR @@ -1493,7 +1490,11 @@ This is used to escape special characters such as: and \(oq]\&\(cq. .PP -Character classes may also be used if your system's +\fBNote that these are not regular expressions.\fR +Unlike a regular expression there is no way to match one or more +characters within a range. +.PP +Character classes may be used if your system's glob(3) and fnmatch(3) @@ -1517,7 +1518,7 @@ Would match any file name beginning with a letter. Note that a forward slash (\(oq/\(cq) will -\fBnot\fR +\fInot\fR be matched by wildcards used in the file name portion of the command. This is to make a path like: @@ -1534,20 +1535,18 @@ but not \fI/usr/bin/X11/xterm\fR. .PP When matching the command line arguments, however, a slash -\fBdoes\fR +\fIdoes\fR get matched by wildcards since command line arguments may contain arbitrary strings and not just path names. .PP \fBWildcards in command line arguments should be used with care.\fR .br Command line arguments are matched as a single, concatenated string. -This mean a wildcard such as +This mean a wildcard character such as \(oq\&?\(cq or \(oq*\(cq -will match -\fImultiple\fR -words. +will match across word boundaries, which may be unexpected. For example, while a sudoers entry like: .nf .sp @@ -1573,6 +1572,10 @@ $ sudo cat /var/log/messages /etc/shadow .fi .PP which is probably not what was intended. +In most cases it is better to do command line processing +outside of +\fIsudoers\fR +in a scripting language. .SS "Exceptions to wildcard rules" The following exceptions apply to the above rules: .TP 10n @@ -1582,7 +1585,7 @@ If the empty string is the only command line argument in the \fIsudoers\fR entry it means that command is not allowed to be run with -\fBany\fR +\fIany\fR arguments. .TP 10n sudoedit @@ -1709,7 +1712,7 @@ will be parsed before Be aware that because the sorting is lexical, not numeric, \fI/etc/sudoers.d/1_whoops\fR would be loaded -\fBafter\fR +\fIafter\fR \fI/etc/sudoers.d/10_second\fR. Using a consistent number of leading zeroes in the file names can be used to avoid such problems. @@ -1757,7 +1760,7 @@ as the built-in alias will be used in preference to your own. Please note that using \fBALL\fR can be dangerous since in a command context, it allows the user to run -\fBany\fR +\fIany\fR command on the system. .PP An exclamation point diff --git a/doc/sudoers.mdoc.in b/doc/sudoers.mdoc.in index d1f1f9e34..e704dd328 100644 --- a/doc/sudoers.mdoc.in +++ b/doc/sudoers.mdoc.in @@ -1368,19 +1368,16 @@ and .Xr fnmatch 3 functions as specified by .St -p1003.1 . -Note that these are -.Em not -regular expressions. .Bl -tag -width 8n .It Li * -Matches any set of zero or more characters. +Matches any set of zero or more characters (including white space). .It Li \&? -Matches any single character. +Matches any single character (including white space). .It Li [...] Matches any character in the specified range. .It Li [!...] Matches any character -.Sy not +.Em not in the specified range. .It Li \ex For any character @@ -1395,7 +1392,13 @@ and .Ql ]\& . .El .Pp -Character classes may also be used if your system's +.Bf -symbolic +Note that these are not regular expressions. +.Ef +Unlike a regular expression there is no way to match one or more +characters within a range. +.Pp +Character classes may be used if your system's .Xr glob 3 and .Xr fnmatch 3 @@ -1416,7 +1419,7 @@ Would match any file name beginning with a letter. Note that a forward slash .Pq Ql / will -.Sy not +.Em not be matched by wildcards used in the file name portion of the command. This is to make a path like: @@ -1430,7 +1433,7 @@ but not .Pa /usr/bin/X11/xterm . .Pp When matching the command line arguments, however, a slash -.Sy does +.Em does get matched by wildcards since command line arguments may contain arbitrary strings and not just path names. .Pp @@ -1439,13 +1442,11 @@ Wildcards in command line arguments should be used with care. .Ef .br Command line arguments are matched as a single, concatenated string. -This mean a wildcard such as +This mean a wildcard character such as .Ql \&? or .Ql * -will match -.Em multiple -words. +will match across word boundaries, which may be unexpected. For example, while a sudoers entry like: .Bd -literal -offset 4n %operator ALL = /bin/cat /var/log/messages* @@ -1462,6 +1463,10 @@ $ sudo cat /var/log/messages /etc/shadow .Ed .Pp which is probably not what was intended. +In most cases it is better to do command line processing +outside of +.Em sudoers +in a scripting language. .Ss Exceptions to wildcard rules The following exceptions apply to the above rules: .Bl -tag -width 8n @@ -1471,7 +1476,7 @@ If the empty string is the only command line argument in the .Em sudoers entry it means that command is not allowed to be run with -.Sy any +.Em any arguments. .It sudoedit Command line arguments to the @@ -1586,7 +1591,7 @@ will be parsed before Be aware that because the sorting is lexical, not numeric, .Pa /etc/sudoers.d/1_whoops would be loaded -.Sy after +.Em after .Pa /etc/sudoers.d/10_second . Using a consistent number of leading zeroes in the file names can be used to avoid such problems. @@ -1634,7 +1639,7 @@ as the built-in alias will be used in preference to your own. Please note that using .Sy ALL can be dangerous since in a command context, it allows the user to run -.Sy any +.Em any command on the system. .Pp An exclamation point