trifectatechfoundation / sudo-rs

A memory safe implementation of sudo and su.
Other
2.9k stars 79 forks source link

sudo user flag: `-U` uppercase flag reserved for usage with `-l` flag / fails where `-u` works. #680

Open BriocheBerlin opened 1 year ago

BriocheBerlin commented 1 year ago

-U and -u flags are different. The manual states:

-U user, --other-user=user Used in conjunction with the -l option to list the privileges for user instead of for the invoking user. The security policy may restrict listing other users' privileges. When using the sudoers policy, the -U option is restricted to the root user and users with either the “list” privilege for the specified user or the ability to run any command as root or user on the current host.

When the -U option is used instead of -u lowercase, it should fail.

relevant test:

https://github.com/memorysafety/sudo-rs/blob/2f5d3b7a88bf101d4f60d34369e9a1131274c16c/test-framework/sudo-compliance-tests/src/flag_user.rs#L43-L56

sudo stderr sudo: the -U option may only be used with the -l option

sudo-rs does not fail: sudo-rs stdout uid=0(root) gid=0(root) groups=0(root)

As of now, --list is not yet implemented. When it is, this is the test for -U -l flag passed together: https://github.com/memorysafety/sudo-rs/blob/2f5d3b7a88bf101d4f60d34369e9a1131274c16c/test-framework/sudo-compliance-tests/src/flag_list.rs#L52-L72