Re: sudo and globbing
There are so many differences between Linux and every other flavour of UNIX; like OpenBSD, AIX, Solaris, etc, that WTF is your point?? Really? What about Gnu's Not UNIX don't you get? This crap is just trolling, IMHO. On Fri, Jan 8, 2016, at 09:27 AM, Alexander Hall wrote: > On January 8, 2016 11:52:32 AM GMT+01:00, Jiri B wrote: > >On Fri, Jan 08, 2016 at 12:04:15PM +0200, Alexey Kurinnij wrote: > >> And what about difference? Explain please. > >> > >> > > I discovered an article about sudo and globbing[1] and > >> > > there's difference how it does work on Linux and OpenBSD. > >> > > >> > http://zurlinux.com/?p=2244 > >> > > >> > > - openbsd > >> > > > >> > > # su -s /usr/local/bin/bash - nobody > >> > > No home directory /nonexistent! > >> > > Logging in with home = "/". > >> > > -bash-4.3$ sudo bash -c "ls -l /var/tor/cache*" > >> > > -rw--- 1 _tor _tor20442 Dec 10 11:32 > >/var/tor/cached-certs > >> > > -rw--- 1 _tor _tor 1409287 Jan 7 15:56 > >> > /var/tor/cached-microdesc-consensus > >> > > -rw--- 1 _tor _tor 5107307 Jan 7 17:23 > >/var/tor/cached-microdescs > >> > > -rw--- 1 _tor _tor0 Jan 7 17:23 > >> > /var/tor/cached-microdescs.new > >> > > -bash-4.3$ sudo -s bash -c "ls -l /var/tor/cache*" > >> > > .cshrc .profile altroot bin bsd bsd.rd bsd.sp > >dev > >> > etc home mnt root sbin sys tftpboot tmp > >> > usr var > > > >^^^ here '*' gets expanded inside original user's shell. > > I see no way that glob would result in the contents of the root > directory. > > Here's my guess: everything after -s is concatenated and whitespace > separated, effectively turning the example into > > bash -c ls -l /var/tor/cache* > > Thus, start bash and ask it to run "ls". Also pass "-l" and > /var/tor/cache* as $0, $1... The latter of which is pretty pointless. > > Thus could be a matter of different default configurations between $LINUX > and openbsd. > > /Alexander > > > > >> > > - linux > >> > > > >> > > [root@slot-1 ~]# su -s /bin/bash nobody > >> > > bash-4.2$ sudo bash -c "ls -l /var/cache/ldconfig/aux*" > >> > > -rw---. 1 root root 26470 Dec 22 17:52 > >/var/cache/ldconfig/aux-cache > >> > > bash-4.2$ sudo -s bash -c "ls -l /var/cache/ldconfig/aux*" > >> > > -rw---. 1 root root 26470 Dec 22 17:52 > >/var/cache/ldconfig/aux-cache > > > >^^^ here '*' gets expanded probably later, as original user does > >not have access to /var/cache/ldconfig at all. > > > >In both cases original user does not have access to /var/tor, > >respecively > >to /var/cache/ldconfig. > > > >So the question is: why does same command on equally "restricted" dir > >path gets different output - why on openbsd does '*' get expanded > >immediatelly but on linux is it taken into account somehow by sudo > >(?)... > > > >j.
Re: sudo and globbing
You are comparing two very different versions of sudo. The sudo that used to ship with OpenBSD is version 1.7.2p8 which is rather ancient. On Linux you probably have some variant of sudo 1.8.x. Newer versions of sudo escape spaces in the command run via "sudo -s" whereas the ancient 1.7.2p8 does not. That probably explains the difference. If you install sudo from ports you will get the same behavior you see on linux. - todd
Re: sudo and globbing
On January 8, 2016 11:52:32 AM GMT+01:00, Jiri B wrote: >On Fri, Jan 08, 2016 at 12:04:15PM +0200, Alexey Kurinnij wrote: >> And what about difference? Explain please. >> >> > > I discovered an article about sudo and globbing[1] and >> > > there's difference how it does work on Linux and OpenBSD. >> > >> > http://zurlinux.com/?p=2244 >> > >> > > - openbsd >> > > >> > > # su -s /usr/local/bin/bash - nobody >> > > No home directory /nonexistent! >> > > Logging in with home = "/". >> > > -bash-4.3$ sudo bash -c "ls -l /var/tor/cache*" >> > > -rw--- 1 _tor _tor20442 Dec 10 11:32 >/var/tor/cached-certs >> > > -rw--- 1 _tor _tor 1409287 Jan 7 15:56 >> > /var/tor/cached-microdesc-consensus >> > > -rw--- 1 _tor _tor 5107307 Jan 7 17:23 >/var/tor/cached-microdescs >> > > -rw--- 1 _tor _tor0 Jan 7 17:23 >> > /var/tor/cached-microdescs.new >> > > -bash-4.3$ sudo -s bash -c "ls -l /var/tor/cache*" >> > > .cshrc .profile altroot bin bsd bsd.rd bsd.sp >dev >> > etc home mnt root sbin sys tftpboot tmp >> > usr var > >^^^ here '*' gets expanded inside original user's shell. I see no way that glob would result in the contents of the root directory. Here's my guess: everything after -s is concatenated and whitespace separated, effectively turning the example into bash -c ls -l /var/tor/cache* Thus, start bash and ask it to run "ls". Also pass "-l" and /var/tor/cache* as $0, $1... The latter of which is pretty pointless. Thus could be a matter of different default configurations between $LINUX and openbsd. /Alexander > >> > > - linux >> > > >> > > [root@slot-1 ~]# su -s /bin/bash nobody >> > > bash-4.2$ sudo bash -c "ls -l /var/cache/ldconfig/aux*" >> > > -rw---. 1 root root 26470 Dec 22 17:52 >/var/cache/ldconfig/aux-cache >> > > bash-4.2$ sudo -s bash -c "ls -l /var/cache/ldconfig/aux*" >> > > -rw---. 1 root root 26470 Dec 22 17:52 >/var/cache/ldconfig/aux-cache > >^^^ here '*' gets expanded probably later, as original user does >not have access to /var/cache/ldconfig at all. > >In both cases original user does not have access to /var/tor, >respecively >to /var/cache/ldconfig. > >So the question is: why does same command on equally "restricted" dir >path gets different output - why on openbsd does '*' get expanded >immediatelly but on linux is it taken into account somehow by sudo >(?)... > >j.
Re: sudo and globbing
On Thu, Jan 07, 2016 at 04:43:14PM GMT, Jiri B wrote: > I discovered an article about sudo and globbing[1] and > there's difference how it does work on Linux and OpenBSD. AFAIK, globbing is done by shell and sudo doesn't take part in it. > # su -s /usr/local/bin/bash - nobody ^ > [root@slot-1 ~]# su -s /bin/bash nobody > [...] > Could anybody explain the difference? One thing I can see is that on OpenBSD, you run bash as a login shell but not on Linux. My guess is that your bash login shell options, or globbing options between the systems in general, are the cause of the above. Regards, Raf
Re: sudo and globbing
2016-01-08 11:52 GMT+01:00 Jiri B : > > So the question is: why does same command on equally "restricted" dir > path gets different output - why on openbsd does '*' get expanded > immediatelly but on linux is it taken into account somehow by sudo (?)... > > j. > you put a dash between the shell and the user in the command on openbsd. You didn't put that dash on linux.
Re: sudo and globbing
On 2016 Jan 08 (Fri) at 05:52:32 -0500 (-0500), Jiri B wrote: :On Fri, Jan 08, 2016 at 12:04:15PM +0200, Alexey Kurinnij wrote: :> And what about difference? Explain please. :> :> > > I discovered an article about sudo and globbing[1] and :> > > there's difference how it does work on Linux and OpenBSD. :> > :> > http://zurlinux.com/?p=2244 :> > :> > > - openbsd :> > > :> > > # su -s /usr/local/bin/bash - nobody :> > > No home directory /nonexistent! :> > > Logging in with home = "/". :> > > -bash-4.3$ sudo bash -c "ls -l /var/tor/cache*" :> > > -rw--- 1 _tor _tor20442 Dec 10 11:32 /var/tor/cached-certs :> > > -rw--- 1 _tor _tor 1409287 Jan 7 15:56 :> > /var/tor/cached-microdesc-consensus :> > > -rw--- 1 _tor _tor 5107307 Jan 7 17:23 /var/tor/cached-microdescs :> > > -rw--- 1 _tor _tor0 Jan 7 17:23 :> > /var/tor/cached-microdescs.new :> > > -bash-4.3$ sudo -s bash -c "ls -l /var/tor/cache*" :> > > .cshrc .profile altroot bin bsd bsd.rd bsd.sp dev :> > etc home mnt root sbin sys tftpboot tmp :> > usr var : :^^^ here '*' gets expanded inside original user's shell. : :> > > - linux :> > > :> > > [root@slot-1 ~]# su -s /bin/bash nobody :> > > bash-4.2$ sudo bash -c "ls -l /var/cache/ldconfig/aux*" :> > > -rw---. 1 root root 26470 Dec 22 17:52 /var/cache/ldconfig/aux-cache :> > > bash-4.2$ sudo -s bash -c "ls -l /var/cache/ldconfig/aux*" :> > > -rw---. 1 root root 26470 Dec 22 17:52 /var/cache/ldconfig/aux-cache : :^^^ here '*' gets expanded probably later, as original user does :not have access to /var/cache/ldconfig at all. : :In both cases original user does not have access to /var/tor, respecively :to /var/cache/ldconfig. : :So the question is: why does same command on equally "restricted" dir :path gets different output - why on openbsd does '*' get expanded :immediatelly but on linux is it taken into account somehow by sudo (?)... : :j. : $ ls -l /var/spool/smtpd/* | head ls: /var/spool/smtpd/*: No such file or directory $ ls -l /var/spool/smtpd ls: smtpd: Permission denied $ doas bash -c "ls -l /var/spool/smtpd/*" | head /var/spool/smtpd/corrupt: /var/spool/smtpd/incoming: /var/spool/smtpd/offline: /var/spool/smtpd/purge: total 352 drwx-- 2 _smtpq wheel 512 Jan 14 2015 1040272804 drwx-- 2 _smtpq wheel 512 Jan 14 2015 1056615683 $ sudo bash -c "ls -l /var/spool/smtpd/*" | head /var/spool/smtpd/corrupt: /var/spool/smtpd/incoming: /var/spool/smtpd/offline: /var/spool/smtpd/purge: total 352 drwx-- 2 _smtpq wheel 512 Jan 14 2015 1040272804 drwx-- 2 _smtpq wheel 512 Jan 14 2015 1056615683 $ uname -a OpenBSD dante.berlin.hsgate.de 5.9 GENERIC.MP#2 amd64 I can't reproduce your failure on -current. I'm assuming there was some spaces or quotation failures when you generated your example. -- "A radioactive cat has eighteen half-lives."
Re: sudo and globbing
On Fri, Jan 08, 2016 at 12:04:15PM +0200, Alexey Kurinnij wrote: > And what about difference? Explain please. > > > > I discovered an article about sudo and globbing[1] and > > > there's difference how it does work on Linux and OpenBSD. > > > > http://zurlinux.com/?p=2244 > > > > > - openbsd > > > > > > # su -s /usr/local/bin/bash - nobody > > > No home directory /nonexistent! > > > Logging in with home = "/". > > > -bash-4.3$ sudo bash -c "ls -l /var/tor/cache*" > > > -rw--- 1 _tor _tor20442 Dec 10 11:32 /var/tor/cached-certs > > > -rw--- 1 _tor _tor 1409287 Jan 7 15:56 > > /var/tor/cached-microdesc-consensus > > > -rw--- 1 _tor _tor 5107307 Jan 7 17:23 /var/tor/cached-microdescs > > > -rw--- 1 _tor _tor0 Jan 7 17:23 > > /var/tor/cached-microdescs.new > > > -bash-4.3$ sudo -s bash -c "ls -l /var/tor/cache*" > > > .cshrc .profile altroot bin bsd bsd.rd bsd.sp dev > > etc home mnt root sbin sys tftpboot tmp > > usr var ^^^ here '*' gets expanded inside original user's shell. > > > - linux > > > > > > [root@slot-1 ~]# su -s /bin/bash nobody > > > bash-4.2$ sudo bash -c "ls -l /var/cache/ldconfig/aux*" > > > -rw---. 1 root root 26470 Dec 22 17:52 /var/cache/ldconfig/aux-cache > > > bash-4.2$ sudo -s bash -c "ls -l /var/cache/ldconfig/aux*" > > > -rw---. 1 root root 26470 Dec 22 17:52 /var/cache/ldconfig/aux-cache ^^^ here '*' gets expanded probably later, as original user does not have access to /var/cache/ldconfig at all. In both cases original user does not have access to /var/tor, respecively to /var/cache/ldconfig. So the question is: why does same command on equally "restricted" dir path gets different output - why on openbsd does '*' get expanded immediatelly but on linux is it taken into account somehow by sudo (?)... j.
Re: sudo and globbing
And what about difference? Explain please. On Thu, Jan 7, 2016 at 7:03 PM, Jiri B wrote: > On Thu, Jan 07, 2016 at 11:43:14AM -0500, Jiri B wrote: > > I discovered an article about sudo and globbing[1] and > > there's difference how it does work on Linux and OpenBSD. > > I forgot to put the url > > http://zurlinux.com/?p=2244 > > > - openbsd > > > > # su -s /usr/local/bin/bash - nobody > > No home directory /nonexistent! > > Logging in with home = "/". > > -bash-4.3$ sudo bash -c "ls -l /var/tor/cache*" > > -rw--- 1 _tor _tor20442 Dec 10 11:32 /var/tor/cached-certs > > -rw--- 1 _tor _tor 1409287 Jan 7 15:56 > /var/tor/cached-microdesc-consensus > > -rw--- 1 _tor _tor 5107307 Jan 7 17:23 /var/tor/cached-microdescs > > -rw--- 1 _tor _tor0 Jan 7 17:23 > /var/tor/cached-microdescs.new > > -bash-4.3$ sudo -s bash -c "ls -l /var/tor/cache*" > > .cshrc .profile altroot bin bsd bsd.rd bsd.sp dev > etc home mnt root sbin sys tftpboot tmp > usr var > > > > - linux > > > > [root@slot-1 ~]# su -s /bin/bash nobody > > bash-4.2$ exit > > [root@slot-1 ~]# visudo > > [root@slot-1 ~]# su -s /bin/bash nobody > > bash-4.2$ sudo bash -c "ls -l /var/cache/ldconfig/aux*" > > -rw---. 1 root root 26470 Dec 22 17:52 /var/cache/ldconfig/aux-cache > > bash-4.2$ sudo -s bash -c "ls -l /var/cache/ldconfig/aux*" > > -rw---. 1 root root 26470 Dec 22 17:52 /var/cache/ldconfig/aux-cache
Re: sudo and globbing
On Thu, Jan 07, 2016 at 11:43:14AM -0500, Jiri B wrote: > I discovered an article about sudo and globbing[1] and > there's difference how it does work on Linux and OpenBSD. I forgot to put the url http://zurlinux.com/?p=2244 > - openbsd > > # su -s /usr/local/bin/bash - nobody > No home directory /nonexistent! > Logging in with home = "/". > -bash-4.3$ sudo bash -c "ls -l /var/tor/cache*" > -rw--- 1 _tor _tor20442 Dec 10 11:32 /var/tor/cached-certs > -rw--- 1 _tor _tor 1409287 Jan 7 15:56 > /var/tor/cached-microdesc-consensus > -rw--- 1 _tor _tor 5107307 Jan 7 17:23 /var/tor/cached-microdescs > -rw--- 1 _tor _tor0 Jan 7 17:23 /var/tor/cached-microdescs.new > -bash-4.3$ sudo -s bash -c "ls -l /var/tor/cache*" > .cshrc .profile altroot bin bsd bsd.rd bsd.sp dev etc >home mnt root sbin sys tftpboot tmp usr var > > - linux > > [root@slot-1 ~]# su -s /bin/bash nobody > bash-4.2$ exit > [root@slot-1 ~]# visudo > [root@slot-1 ~]# su -s /bin/bash nobody > bash-4.2$ sudo bash -c "ls -l /var/cache/ldconfig/aux*" > -rw---. 1 root root 26470 Dec 22 17:52 /var/cache/ldconfig/aux-cache > bash-4.2$ sudo -s bash -c "ls -l /var/cache/ldconfig/aux*" > -rw---. 1 root root 26470 Dec 22 17:52 /var/cache/ldconfig/aux-cache