Bug 872740 - SPACE INVADES SUDO!
Summary: SPACE INVADES SUDO!
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sudo
Version: 6.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Daniel Kopeček
QA Contact: Aleš Mareček
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-11-02 21:09 UTC by seth vidal
Modified: 2018-11-29 19:33 UTC (History)
5 users (show)

Fixed In Version: sudo-1.8.6p3-5.el6
Doc Type: Bug Fix
Doc Text:
Cause: Spaces in the command arguments are not being escaped before passing them to the specified command. Consequence: Wrong arguments passed to the specified command. Fix: Rebase to new upstream version where the escaping of command arguments is done correctly again. Result: Command arguments specified on the command line are passed to the command as expected.
Clone Of:
Environment:
Last Closed: 2013-02-21 09:44:53 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2013:0363 0 normal SHIPPED_LIVE sudo bug fix and enhancement update 2013-02-20 20:52:59 UTC

Description seth vidal 2012-11-02 21:09:46 UTC
Description of problem:
When you use sudo -i and you pass in a command w/arguments that include spaces the wrong arguments are passed to the command b/c the spaces are not escaped.


Version-Release number of selected component (if applicable):
sudo-1.7.4p5-13.el6_3.x86_64


How reproducible:
to test try this:
sudo -i -- python -c 'import sys; print sys.argv'

on a rhel6 system it will output:


 File "<string>", line 1
    import
         ^
SyntaxError: invalid syntax



On fedora 16, 17, or 18 you can do the same command
and get back:

sudo -i -- python -c 'import sys; print sys.argv'
['-c']


I've narrowed it down to being related to this patch:
http://www.sudo.ws/repos/sudo/rev/4c88da5fc510
However I patched and rebuilt the sudo srpm from rhel6 with this patch and it just ended up segfaulting :( So I clearly missed something else important in the change set between 1.7.4 and 1.7.7.

However, I rebuild 1.8.6p3 from fedora18 in mock for rhel6 and the resulting pkg (which built perfectly) works as expected.

Comment 2 Daniel Kopeček 2012-11-05 12:20:25 UTC
We are rebasing to 1.8.6p3 in rhel-6.4 so this is going to be fixed.

Comment 9 errata-xmlrpc 2013-02-21 09:44:53 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0363.html


Note You need to log in before you can comment on or make changes to this bug.