603819 – sudo - fix printing of entries with multiple host entries on a single line.

Bug 603819 - sudo - fix printing of entries with multiple host entries on a single line.

Summary: sudo - fix printing of entries with multiple host entries on a single line.

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	sudo
Sub Component:
Version:	5.5
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Daniel Kopeček
QA Contact:	BaseOS QE Security Team
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2010-06-14 16:10 UTC by ritz
Modified:	2018-11-14 19:13 UTC (History)
CC List:	4 users (show)
Fixed In Version:	sudo-1.7.2p1-10.el5
Doc Type:	Bug Fix
Doc Text:	When the /etc/sudoers file contained entries with multiple hosts, running the "sudo -l" command incorrectly reported that a certain user does not have permissions to use sudo on the system. With this update, the underlying source code has been modified to target this issue, and running the "sudo -l" command now produces the correct output.
Clone Of:
Clones:	603823 (view as bug list)
Environment:
Last Closed:	2011-01-13 23:08:35 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
patch based on upstream (1.05 KB, patch) 2010-06-14 16:13 UTC, ritz	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2011:0079	0	normal	SHIPPED_LIVE	sudo bug fix update	2011-01-12 17:21:55 UTC

Description ritz 2010-06-14 16:10:50 UTC

Created attachment 423888 [details]
sudoers file

Description of problem:
sudo -l ignores configured commands an mixes up configurations for other hosts.

Version-Release number of selected component (if applicable):
- sudo-1.7.2p1-5.el5.x86_64

How reproducible:
always

Steps to Reproduce:
1. place the attached file in "/etc/sudoers"
2. Update "myhostname" in attached file to reflect your system's hostname
3. login as oracle
4. sudo -l
  
Actual results:
$ sudo -l
Sorry, user oracle may not run sudo on localhost.


Expected results:
$ sudo -l
User oracle may run the following commands on this host:
    (ALL) NOPASSWD: /net/nimserv/appldata/oracle/920_64/Disk1/rootpre.sh,
    /net/nimserv/appldata/oracle/10/dvd1/database/rootpre/rootpre.sh,
    /net/nimserv/appldata/oracle/10/oem/cd1/rootpre/rootpre.sh,
    /net/nimserv/appldata/oracle/10/dvd1/database/rootpre/rootpre.sh.aix61,
    /net/nimserv/appldata/oracle/10/Client/Disk/rootpre/rootpre.sh,
    /net/nimserv/appldata/oracle/10/oem/gc/rootpre/rootpre.sh,
    /db/main/oraInventory/orainstRoot.sh, /db/main/ora920/root.sh,
    /db/main/ora102/root.sh, /db/main/ora10204/root.sh,
    /db/main/admin/oms10g/root.sh, /db/main/ora10204/orainstRoot.sh,
    /db/main/agent10g/root.sh, /db/main/agent/root.sh,
    /db/main/oms10g/oms10g/allroot.sh, /db/main/oms10g/allroot.sh,
    /db/main/agent10gR5/agent10g/root.sh, /usr/sbin/slibclean,
    /oracle/*/920_64/root.sh, /tmp/orainstRoot.sh, /sbin/vgdisplay,
    /sbin/lvdisplay, /sbin/lslv, /sbin/lsvg, /tmp/rootpre/rootpre.sh



Additional info:
http://sudo.ws/repos/sudo/rev/226ceaf91d8d

Comment 1 ritz 2010-06-14 16:13:22 UTC

Created attachment 423889 [details]
patch based on upstream

Comment 8 Jaromir Hradilek 2010-11-29 12:58:37 UTC

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
When the /etc/sudoers file contained entries with multiple hosts, running the "sudo -l" command incorrectly reported that a certain user does not have permissions to use sudo on the system. With this update, the underlying source code has been modified to target this issue, and running the "sudo -l" command now produces the correct output.

Comment 10 errata-xmlrpc 2011-01-13 23:08:35 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0079.html

Note You need to log in before you can comment on or make changes to this bug.