Release Date:
December 6, 2009
Summary:
A flaw exists in sudo versions 1.7.0 to 1.7.2p1 that caused the
negation operator to have no effect when used in a Cmnd_Alias.
Sudo versions affected:
1.7.0 through 1.7.2p1 inclusive.
Details:
Sudo uses the
Cmnd_Alias syntax for named groups of commands
the
sudoers file. The
Cmnd_Alias is expanded
when command matching is performed as sudo checks whether
a user is allowed to run a particular command.
There is a flaw in the code that matches lists of commands where
the negation operator was applied twice. This can result in a
command being allowed that was intended to be explicitly disallowed.
For example, give the following
sudoers file fragment:
Cmnd_Alias PASSWORD = /usr/bin/passwd [A-Za-z0-9]*, !/usr/bin/passwd root, !/usr/bin/passwd ""
millert ALL = PASSWORD
User millert should not be allowed to change root's password.
However, due to the bug, running either
sudo password root
or
sudo password would succeed.
Impact:
Users that should be allowed to run a limited set of commands may
be able to run unauthorized commands.
Fix:
The bug is fixed in sudo 1.7.2p2.