From: Todd C. Miller Date: Thu, 7 Oct 2004 18:57:41 +0000 (+0000) Subject: Remove warning about wildcards. Now that we use glob() the bug is fixed. X-Git-Tag: SUDO_1_7_0~883 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d56b543a1310cf28682cdf9c6b68719985a21984;p=sudo Remove warning about wildcards. Now that we use glob() the bug is fixed. --- diff --git a/sudoers.cat b/sudoers.cat index 9bd88b6b9..c1eaedd79 100644 --- a/sudoers.cat +++ b/sudoers.cat @@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN -1.6.9 October 4, 2004 1 +1.6.9 October 7, 2004 1 @@ -127,7 +127,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9 October 4, 2004 2 +1.6.9 October 7, 2004 2 @@ -193,7 +193,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9 October 4, 2004 3 +1.6.9 October 7, 2004 3 @@ -259,7 +259,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9 October 4, 2004 4 +1.6.9 October 7, 2004 4 @@ -325,7 +325,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9 October 4, 2004 5 +1.6.9 October 7, 2004 5 @@ -391,7 +391,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9 October 4, 2004 6 +1.6.9 October 7, 2004 6 @@ -457,7 +457,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9 October 4, 2004 7 +1.6.9 October 7, 2004 7 @@ -523,7 +523,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9 October 4, 2004 8 +1.6.9 October 7, 2004 8 @@ -589,7 +589,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9 October 4, 2004 9 +1.6.9 October 7, 2004 9 @@ -655,7 +655,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9 October 4, 2004 10 +1.6.9 October 7, 2004 10 @@ -721,7 +721,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9 October 4, 2004 11 +1.6.9 October 7, 2004 11 @@ -787,7 +787,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9 October 4, 2004 12 +1.6.9 October 7, 2004 12 @@ -853,7 +853,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9 October 4, 2004 13 +1.6.9 October 7, 2004 13 @@ -919,7 +919,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9 October 4, 2004 14 +1.6.9 October 7, 2004 14 @@ -985,7 +985,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9 October 4, 2004 15 +1.6.9 October 7, 2004 15 @@ -1051,7 +1051,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.6.9 October 4, 2004 16 +1.6.9 October 7, 2004 16 @@ -1068,30 +1068,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) match _/_u_s_r_/_b_i_n_/_w_h_o but not _/_u_s_r_/_b_i_n_/_X_1_1_/_x_t_e_r_m. - WARNING: a pathname with wildcards will nnoott match a user - command that consists of a relative path. In other words, - given the following _s_u_d_o_e_r_s entry: - - billy workstation = /usr/bin/* - - user billy will be able to run any command in /usr/bin as - root, such as _/_u_s_r_/_b_i_n_/_w. The following two command will - be allowed (the first assumes that _/_u_s_r_/_b_i_n is in the - user's path): - - $ sudo w - $ sudo /usr/bin/w - - However, this will not: - - $ cd /usr/bin - $ sudo ./w - - For this reason you should only ggrraanntt access to commands - using wildcards and never rreessttrriicctt access using them. - This limitation will be removed in a future version of - ssuuddoo. - EExxcceeppttiioonnss ttoo wwiillddccaarrdd rruulleess The following exceptions apply to the above rules: @@ -1114,18 +1090,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) #include /etc/sudoers.local - - - -1.6.9 October 4, 2004 17 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - When ssuuddoo reaches this line it will suspend processing of the current file (_/_e_t_c_/_s_u_d_o_e_r_s) and switch to _/_e_t_c_/_s_u_d_o_­ _e_r_s_._l_o_c_a_l. Upon reaching the end of _/_e_t_c_/_s_u_d_o_e_r_s_._l_o_c_a_l, @@ -1150,6 +1114,18 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) _a_l_i_a_s called AALLLL as the built-in alias will be used in preference to your own. Please note that using AALLLL can be dangerous since in a command context, it allows the user + + + +1.6.9 October 7, 2004 17 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + to run aannyy command on the system. An exclamation point ('!') can be used as a logical _n_o_t @@ -1180,18 +1156,6 @@ EEXXAAMMPPLLEESS is important. In general, you should structure _s_u_d_o_e_r_s such that the Host_Alias, User_Alias, and Cmnd_Alias spec­ ifications come first, followed by any Default_Entry - - - -1.6.9 October 4, 2004 18 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - lines, and finally the Runas_Alias and user specifica­ tions. The basic rule of thumb is you cannot reference an Alias that has not already been defined. @@ -1208,6 +1172,26 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) Runas_Alias OP = root, operator Runas_Alias DB = oracle, sybase + + + + + + + + + + + +1.6.9 October 7, 2004 18 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + # Host alias specification Host_Alias SPARC = bigtime, eclipse, moet, anchor :\ SGI = grolsch, dandelion, black :\ @@ -1242,22 +1226,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) the year in each log line since the log entries will be kept around for several years. - - - - - - - -1.6.9 October 4, 2004 19 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - # Override built-in defaults Defaults syslog=auth Defaults>root !set_logname @@ -1279,6 +1247,17 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) Full time sysadmins (mmiilllleerrtt, mmiikkeeff, and ddoowwddyy) may run any command on any host without authenticating themselves. + + +1.6.9 October 7, 2004 19 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + PARTTIMERS ALL = ALL Part time sysadmins (bboossttlleeyy, jjwwffooxx, and ccrraawwll) may run @@ -1313,17 +1292,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root - - -1.6.9 October 4, 2004 20 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - The user ppeettee is allowed to change anyone's password except for root on the _H_P_P_A machines. Note that this assumes _p_a_s_s_w_d(1) does not take multiple usernames on the @@ -1344,6 +1312,18 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) +secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser Users in the sseeccrreettaarriieess netgroup need to help manage the + + + +1.6.9 October 7, 2004 20 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + printers as well as add and remove users, so they are allowed to run those commands on all machines. @@ -1379,17 +1359,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) On his personal workstation, valkyrie, mmaatttt needs to be able to kill hung processes. - - -1.6.9 October 4, 2004 21 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - WEBMASTERS www = (www) ALL, (root) /usr/bin/su www On the host www, any user in the _W_E_B_M_A_S_T_E_R_S User_Alias @@ -1409,6 +1378,18 @@ SSEECCUURRIITTYY NNOOTTEESS It is generally not effective to "subtract" commands from ALL using the '!' operator. A user can trivially circum­ vent this by copying the desired command to a different + + + +1.6.9 October 7, 2004 21 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + name and then executing that. For example: bill ALL = ALL, !SU, !SHELLS @@ -1444,18 +1425,6 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS the ability to override default library func­ tions by pointing an environment variable (usu­ ally LD_PRELOAD) to an alternate shared library. - - - -1.6.9 October 4, 2004 22 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - On such systems, ssuuddoo's _n_o_e_x_e_c functionality can be used to prevent a program run by ssuuddoo from executing any other programs. Note, however, @@ -1475,6 +1444,18 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) File containing dummy exec functions: then ssuuddoo may be able to replace the exec family + + + +1.6.9 October 7, 2004 22 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + of functions in the standard library with its own that simply return an error. Unfortunately, there is no foolproof way to know whether or not @@ -1510,18 +1491,6 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) can transparently intercept a new command, allow or deny it based on _s_u_d_o_e_r_s, and log the result. This does require that ssuuddoo become a daemon that - - - -1.6.9 October 4, 2004 23 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - persists until the command and all its descen­ dents have exited. @@ -1542,6 +1511,17 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) and Linux. See for more information. + + +1.6.9 October 7, 2004 23 + + + + + +SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + + Note that restricting shell escapes is not a panacea. Programs running as root are still capable of many poten­ tially hazardous operations (such as changing or overwrit­ @@ -1576,18 +1556,6 @@ SSUUPPPPOORRTT Limited free support is available via the sudo-users mail­ ing list, see http://www.sudo.ws/mail­ man/listinfo/sudo-users to subscribe or search the - - - -1.6.9 October 4, 2004 24 - - - - - -SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) - - archives. DDIISSCCLLAAIIMMEERR @@ -1611,40 +1579,6 @@ DDIISSCCLLAAIIMMEERR - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -1.6.9 October 4, 2004 25 +1.6.9 October 7, 2004 24 diff --git a/sudoers.man.in b/sudoers.man.in index a64f28330..d0f7d6373 100644 --- a/sudoers.man.in +++ b/sudoers.man.in @@ -149,7 +149,7 @@ .\" ======================================================================== .\" .IX Title "SUDOERS @mansectform@" -.TH SUDOERS @mansectform@ "October 4, 2004" "1.6.9" "MAINTENANCE COMMANDS" +.TH SUDOERS @mansectform@ "October 7, 2004" "1.6.9" "MAINTENANCE COMMANDS" .SH "NAME" sudoers \- list of which users may execute what .SH "DESCRIPTION" @@ -1030,34 +1030,6 @@ wildcards. This is to make a path like: .Ve .PP match \fI/usr/bin/who\fR but not \fI/usr/bin/X11/xterm\fR. -.PP -\&\s-1WARNING:\s0 a pathname with wildcards will \fBnot\fR match a user command -that consists of a relative path. In other words, given the -following \fIsudoers\fR entry: -.PP -.Vb 1 -\& billy workstation = /usr/bin/* -.Ve -.PP -user billy will be able to run any command in /usr/bin as root, such -as \fI/usr/bin/w\fR. The following two command will be allowed (the first -assumes that \fI/usr/bin\fR is in the user's path): -.PP -.Vb 2 -\& $ sudo w -\& $ sudo /usr/bin/w -.Ve -.PP -However, this will not: -.PP -.Vb 2 -\& $ cd /usr/bin -\& $ sudo ./w -.Ve -.PP -For this reason you should only \fBgrant\fR access to commands using -wildcards and never \fBrestrict\fR access using them. This limitation -will be removed in a future version of \fBsudo\fR. .Sh "Exceptions to wildcard rules" .IX Subsection "Exceptions to wildcard rules" The following exceptions apply to the above rules: diff --git a/sudoers.pod b/sudoers.pod index 9ba4c25da..eebc72849 100644 --- a/sudoers.pod +++ b/sudoers.pod @@ -942,28 +942,6 @@ wildcards. This is to make a path like: match F but not F. -WARNING: a pathname with wildcards will B match a user command -that consists of a relative path. In other words, given the -following I entry: - - billy workstation = /usr/bin/* - -user billy will be able to run any command in /usr/bin as root, such -as F. The following two command will be allowed (the first -assumes that F is in the user's path): - - $ sudo w - $ sudo /usr/bin/w - -However, this will not: - - $ cd /usr/bin - $ sudo ./w - -For this reason you should only B access to commands using -wildcards and never B access using them. This limitation -will be removed in a future version of B. - =head2 Exceptions to wildcard rules The following exceptions apply to the above rules: