[Bug 227397] New: sudo yast module can produce sudoers file which cannot be parsed
https://bugzilla.novell.com/show_bug.cgi?id=227397 Summary: sudo yast module can produce sudoers file which cannot be parsed Product: openSUSE 10.2 Version: RC 5 Platform: Other OS/Version: Other Status: NEW Severity: Enhancement Priority: P5 - None Component: YaST2 AssignedTo: kmachalkova@novell.com ReportedBy: anicka@novell.com QAContact: jsrain@novell.com When using yast2 sudo module, it is possible to create a configuration which cannot be later parsed with sudo. It would be a good idea to add some sanity check and do not allow to save a configuration which cannot be parsed later. For example: Create a new rule and add some command without a full path. Sudo module will produce line like this to /etc/sudoers: username ALL = (ALL) NOPASSWD: halt When a user will try to run command halt, it will end up like this: user@host:~> sudo halt
sudoers file: syntax error, line 21 <<< sudo: parse error in /etc/sudoers near line 21
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=227397 kmachalkova@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Component|YaST2 |YaST2 Product|openSUSE 10.2 |openSUSE 10.3 Resolution| |LATER Version|RC 5 |unspecified ------- Comment #1 from kmachalkova@novell.com 2007-01-18 03:26 MST ------- Yes, both are good points. Created file should be checked by 'visudo -c' before saving. Newly added command should be a valid path to file, directory or alias and user should be notified about any errors -> SL10.3 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=227397 kmachalkova@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|LATER | ------- Comment #2 from kmachalkova@novell.com 2007-02-23 04:51 MST ------- Reopening as I'm going to fix this -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=227397 kmachalkova@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |FIXED ------- Comment #3 from kmachalkova@novell.com 2007-02-26 07:16 MST ------- Now every entered command is checked, if it is a valid file, directory, or command alias. Moreover, at the end check by means of 'visudo -c' is performed and if it fails, user can go back and revisit the configuration. But as commands are already validated, it should never get to that point :-) Fixed in yast2-sudo 2.15.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=227397 kmachalkova@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |bluedzins@wp.pl ------- Comment #4 from kmachalkova@novell.com 2007-04-10 01:24 MST ------- *** Bug 261386 has been marked as a duplicate of this bug. *** -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
participants (1)
-
bugzilla_noreply@novell.com