Bug 603819 - sudo - fix printing of entries with multiple host entries on a single line.
Summary: sudo - fix printing of entries with multiple host entries on a single line.
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: sudo
Version: 5.5
Hardware: All
OS: Linux
high
high
Target Milestone: rc
: ---
Assignee: Daniel Kopeček
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Keywords: Patch, Regression
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-06-14 16:10 UTC by ritz
Modified: 2018-11-14 19:13 UTC (History)
4 users (show)

(edit)
When the /etc/sudoers file contained entries with multiple hosts, running the "sudo -l" command incorrectly reported that a certain user does not have permissions to use sudo on the system. With this update, the underlying source code has been modified to target this issue, and running the "sudo -l" command now produces the correct output.
Clone Of:
: 603823 (view as bug list)
(edit)
Last Closed: 2011-01-13 23:08:35 UTC


Attachments (Terms of Use)
patch based on upstream (1.05 KB, patch)
2010-06-14 16:13 UTC, ritz
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:0079 normal SHIPPED_LIVE sudo bug fix update 2011-01-12 17:21:55 UTC

Description ritz 2010-06-14 16:10:50 UTC
Created attachment 423888 [details]
sudoers file

Description of problem:
sudo -l ignores configured commands an mixes up configurations for other hosts.

Version-Release number of selected component (if applicable):
- sudo-1.7.2p1-5.el5.x86_64

How reproducible:
always

Steps to Reproduce:
1. place the attached file in "/etc/sudoers"
2. Update "myhostname" in attached file to reflect your system's hostname
3. login as oracle
4. sudo -l
  
Actual results:
$ sudo -l
Sorry, user oracle may not run sudo on localhost.


Expected results:
$ sudo -l
User oracle may run the following commands on this host:
    (ALL) NOPASSWD: /net/nimserv/appldata/oracle/920_64/Disk1/rootpre.sh,
    /net/nimserv/appldata/oracle/10/dvd1/database/rootpre/rootpre.sh,
    /net/nimserv/appldata/oracle/10/oem/cd1/rootpre/rootpre.sh,
    /net/nimserv/appldata/oracle/10/dvd1/database/rootpre/rootpre.sh.aix61,
    /net/nimserv/appldata/oracle/10/Client/Disk/rootpre/rootpre.sh,
    /net/nimserv/appldata/oracle/10/oem/gc/rootpre/rootpre.sh,
    /db/main/oraInventory/orainstRoot.sh, /db/main/ora920/root.sh,
    /db/main/ora102/root.sh, /db/main/ora10204/root.sh,
    /db/main/admin/oms10g/root.sh, /db/main/ora10204/orainstRoot.sh,
    /db/main/agent10g/root.sh, /db/main/agent/root.sh,
    /db/main/oms10g/oms10g/allroot.sh, /db/main/oms10g/allroot.sh,
    /db/main/agent10gR5/agent10g/root.sh, /usr/sbin/slibclean,
    /oracle/*/920_64/root.sh, /tmp/orainstRoot.sh, /sbin/vgdisplay,
    /sbin/lvdisplay, /sbin/lslv, /sbin/lsvg, /tmp/rootpre/rootpre.sh



Additional info:
http://sudo.ws/repos/sudo/rev/226ceaf91d8d

Comment 1 ritz 2010-06-14 16:13:22 UTC
Created attachment 423889 [details]
patch based on upstream

Comment 8 Jaromir Hradilek 2010-11-29 12:58:37 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
When the /etc/sudoers file contained entries with multiple hosts, running the "sudo -l" command incorrectly reported that a certain user does not have permissions to use sudo on the system. With this update, the underlying source code has been modified to target this issue, and running the "sudo -l" command now produces the correct output.

Comment 10 errata-xmlrpc 2011-01-13 23:08:35 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0079.html


Note You need to log in before you can comment on or make changes to this bug.