Closed es-fabricemarie closed 7 months ago
Using the following sudoers file in /etc/sudoers.d/test6:
/etc/sudoers.d/test6
Host_Alias SERVERS10=server1,server2,server10 user1,user2,+netgroup hostname1,hostname2,SERVERS10 = CWD=~root /usr/bin/test5, CWD=/tmp /bin/test5
Using the command:
cvtsudoers --defaults=all --output-format=JSON --input-format=SUDOERS --output=- /etc/sudoers.d/test6
We get the following invalid JSON output:
{ "Host_Aliases": { "SERVERS10": [ { "hostname": "server1" }, { "hostname": "server2" }, { "hostname": "server10" } ] }, "User_Specs": [ { "User_List": [ { "username": "user1" }, { "username": "user2" }, { "netgroup": "netgroup" } ], "Host_List": [ { "hostname": "hostname1" }, { "hostname": "hostname2" }, { "hostalias": "SERVERS10" } ], "Cmnd_Specs": [ { "Options": [ { "runchroot": "~root" } ], "Commands": [ { "command": "/usr/bin/test5" } ] }, { "Options": [ { "runchroot": "/tmp" } ], "Commands": [ { "command": "/bin/test5" } ] } ] } ] }
The options here read runchroot when in fact it should read runcwd.
runchroot
runcwd
For reference, this is what the stock sudo-1.9.15 release cvtsudoers returns:
cvtsudoers
{ "Host_Aliases": { "SERVERS10": [ { "hostname": "server1" }, { "hostname": "server2" }, { "hostname": "server10" } ] }, "User_Specs": [ { "User_List": [ { "username": "user1" }, { "username": "user2" }, { "netgroup": "netgroup" } ], "Host_List": [ { "hostname": "hostname1" }, { "hostname": "hostname2" }, { "hostalias": "SERVERS10" } ], "Cmnd_Specs": [ { "Options": [ "runcwd": "~root" ], "Commands": [ { "command": "/usr/bin/test5" } ] }, { "Options": [ "runcwd": "/tmp" ], "Commands": [ { "command": "/bin/test5" } ] } ] } ] }
Fixed by e770c85
millert
commented
7 months ago
Using the following sudoers file in
/etc/sudoers.d/test6:Using the command:
We get the following invalid JSON output:
The options here read
runchrootwhen in fact it should readruncwd.For reference, this is what the stock sudo-1.9.15 release
cvtsudoersreturns: