diff options
author | Todd C. Miller <Todd.Miller@courtesan.com> | 1999-03-29 00:05:15 +0000 |
---|---|---|
committer | Todd C. Miller <Todd.Miller@courtesan.com> | 1999-03-29 00:05:15 +0000 |
commit | b5b95cd6dcbf030902df74418dad261d3d4054a9 (patch) | |
tree | b5b06d44cc15d82752ccdff9341235cc3d936852 /parse.yacc | |
parent | 9f2b9718b2863003de0fadce6665469d2c370887 (diff) | |
download | sudo-b5b95cd6dcbf030902df74418dad261d3d4054a9.tar.gz |
Fix a parser bug that was exposed when mixing different runas specs
and ! commands. For example:
millert ALL=(daemon) /usr/bin/whoami,!/bin/ls
would allow millert to run whoami as root as well as daemon when it should
just allow daemon. The problem was that comma-separated commands in
a list shared the same entry on the matching stack. Now they get
their own entry iff there is a full match. It may be better to just make
the runas spec persistent across all commands in a list like the user
and host entries of the matching stack. However, since that is a
fairly major change it should gets its own minor rev increase.
Diffstat (limited to 'parse.yacc')
-rw-r--r-- | parse.yacc | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/parse.yacc b/parse.yacc index 731274870..db58d7df1 100644 --- a/parse.yacc +++ b/parse.yacc @@ -275,10 +275,15 @@ cmndspec : runasspec nopasswd opcmnd { runas_matches = TRUE; if ($2 == TRUE) no_passwd = TRUE; + push; } else if (printmatches == TRUE) { cm_list[cm_list_len].runas_len = 0; cm_list[cm_list_len].cmnd_len = 0; cm_list[cm_list_len].nopasswd = FALSE; + } else { + cmnd_matches = -1; + runas_matches = -1; + no_passwd = -1; } } ; |