Bug 551347 - sudo selectively execute file, * wildcard on dir set with "(ALL) NOPASSWD:".
sudo selectively execute file, * wildcard on dir set with "(ALL) NOPASSWD:".
Status: CLOSED DUPLICATE of bug 521778
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: sudo (Show other bugs)
5.4
x86_64 Linux
low Severity high
: rc
: ---
Assigned To: Daniel Kopeček
BaseOS QE Security Team
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-12-30 02:16 EST by garlumh
Modified: 2010-01-11 05:00 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Linux c-in3sf--02-04 2.6.18-164.2.1.el5 #1 SMP Mon Sep 21 04:37:42 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
Last Closed: 2010-01-07 11:25:04 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description garlumh 2009-12-30 02:16:50 EST
Description of problem:
sudo selectively execute file in a directory, * wildcard on dir set with "(ALL) NOPASSWD:".

I created a script called "script1.sh" in a directory.   When I execute this script with sudo, it ask me for password which not suppose to happen.  I break out with ctrl+c.

I then copy script1.sh to a new file in the same directory as "script2.sh".
Now I execute "script1.sh" again with sudo, now it will execute.

There is no change on script1.sh, All I done is created a new file in the directory.  But now sudo do not ask me password any more.

At this point I can execute both scripts with sudo with no password.  Which is normal.

Now I delete "script2.sh".  Now the directory has only 1 file again "script1.sh".  I execute script1.sh now it will ask me for password again.

All executable file should be executable regardless, I don't know why this is happening.  Number of files in directory affects sudo?


Version-Release number of selected component (if applicable):
[mdrop@c-in3sf--02-04 bin]$ rpm -qa | grep sudo
sudo-1.6.9p17-5.el5

How reproducible:
Everytime.

Steps to Reproduce:
Here is the command sequence from the terminal:
===============================================
[mdrop@c-in3sf--02-04 bin]$ pwd
/usr/local/site/operations/dsh/bin
[mdrop@c-in3sf--02-04 bin]$ sudo -l | grep dsh
    (ALL) NOPASSWD: /usr/local/site/mailscripts/spf/bin/*, /usr/local/site/mailscripts/ws/bin/*, /usr/local/site/operations/dsh/bin/*, /usr/local/site/operations/bin/*
[mdrop@c-in3sf--02-04 bin]$ ls -l
total 0
[mdrop@c-in3sf--02-04 bin]$ echo "echo test123" > script1.sh ; chmod +x script1.sh
[mdrop@c-in3sf--02-04 bin]$ ls -l
total 4
-rwx------ 1 mdrop mdrop 13 Dec 30 07:04 script1.sh
[mdrop@c-in3sf--02-04 bin]$ sudo /usr/local/site/operations/dsh/bin/script1.sh 
Password: 
[mdrop@c-in3sf--02-04 bin]$ cp script1.sh script2.sh 
[mdrop@c-in3sf--02-04 bin]$ ls -l
total 8
-rwx------ 1 mdrop mdrop 13 Dec 30 07:04 script1.sh
-rwx------ 1 mdrop mdrop 13 Dec 30 07:04 script2.sh
[mdrop@c-in3sf--02-04 bin]$ sudo /usr/local/site/operations/dsh/bin/script1.sh 
test123
[mdrop@c-in3sf--02-04 bin]$ sudo /usr/local/site/operations/dsh/bin/script2.sh 
test123
[mdrop@c-in3sf--02-04 bin]$ rm script2.sh 
[mdrop@c-in3sf--02-04 bin]$ ls -l
total 4
-rwx------ 1 mdrop mdrop 13 Dec 30 07:04 script1.sh
[mdrop@c-in3sf--02-04 bin]$ sudo /usr/local/site/operations/dsh/bin/script1.sh 
Password: 
[mdrop@c-in3sf--02-04 bin]$ 
============================================================
  
Actual results:
$ sudo /usr/local/site/operations/dsh/bin/script1.sh 
Password: 

Expected results:
$ sudo /usr/local/site/operations/dsh/bin/script1.sh 
test123

Additional info:
Comment 1 Daniel Kopeček 2010-01-07 11:24:37 EST
This seems to be the same issue as reported in bz#521778. Closing as duplicate.
Comment 2 Daniel Kopeček 2010-01-07 11:25:04 EST

*** This bug has been marked as a duplicate of bug 521778 ***
Comment 3 garlumh 2010-01-11 05:00:01 EST
Fixed by removing * from /.

e.g. use "/usr/local/site/operation/dsh/bin/" instead of "/usr/local/site/operation/dsh/bin/*".

Note You need to log in before you can comment on or make changes to this bug.