Bug 580438 - Regression: sudoers parsing fails with Defaults_Type target including "!user"
Regression: sudoers parsing fails with Defaults_Type target including "!user"
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: sudo (Show other bugs)
5.5
All Linux
high Severity high
: rc
: ---
Assigned To: Daniel Kopeček
BaseOS QE Security Team
: Regression
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-04-08 05:41 EDT by Pierre Carrier
Modified: 2011-01-13 18:07 EST (History)
4 users (show)

See Also:
Fixed In Version: sudo-1.7.2p1-10.el5
Doc Type: Bug Fix
Doc Text:
Due to an incorrect definition of a lexical analyzer rule, using a negated user-specific "Defaults" directive failed with a parse error. With this update, such directives are now parsed as expected.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-01-13 18:07:54 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Pierre Carrier 2010-04-08 05:41:20 EDT
Description of problem:

When using a "!user" in User_List in a Default_Type, sudo and visudo fail parsing sudoers.


Version-Release number of selected component (if applicable):

Bug does appear in sudo-1.7.2p1-5.el5 (as in RHEL5.5),
does not appear in sudo-1.6.9p17-5.el5 (as in RHEL5.4).


How reproducible:

Anywhere anytime.


Steps to Reproduce:

1. Add in sudoers:

Defaults: requiretty
Defaults:user !requiretty

2. Execute as any user:

$ sudo ls

3. Replace lines from step 1 in sudoers by:

Defaults:!user requiretty

4. Repeat step 2.


Actual results:

First alternative is accepted, second fails with the following error:

>>> /etc/sudoers: syntax error near line 62 <<<
sudo: parse error in /etc/sudoers near line 64
sudo: no valid sudoers sources found, quitting


Expected results:

Both alternatives should be accepted.


Additional info:

This situation is compatible with the sudoers grammar, as defined in the manpage. Extract:

        Default_Type ::= 'Defaults' |
                         'Defaults' '@' Host_List |
                         'Defaults' ':' User_List |
                         'Defaults' '!' Cmnd_List |
                         'Defaults' '>' Runas_List

        User_List ::= User |
                      User ',' User_List

        User ::= '!'* username |
                 '!'* '#'uid |
                 '!'* '%'group |
                 '!'* '+'netgroup |
                 '!'* '%:'nonunix_group |
                 '!'* User_Alias
Comment 7 Jaromir Hradilek 2010-11-29 07:55:33 EST
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Due to an incorrect definition of a lexical analyzer rule, using a negated user-specific "Defaults" directive failed with a parse error. With this update, such directives are now parsed as expected.
Comment 9 errata-xmlrpc 2011-01-13 18:07:54 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0079.html

Note You need to log in before you can comment on or make changes to this bug.