-
-
Notifications
You must be signed in to change notification settings - Fork 227
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Handling of double quotes in command arguments #182
Comments
Double quotes can be used to escape special characters in certain cases, but not command line arguments. The use of "" in command line arguments is a special case that means no command line arguments are allowed. I've verified that this works as expected:
|
Firstly, I think this is not stated clearly in the man page. Secondly using |
Your shell is interpreting those quotes, they are not passed verbatim to sudo. However, I don't see the behavior you are describing:
|
That's incorrect. Of course they are passed verbatim to
Results in:
|
Sorry, you are correct, I didn't notice that you have the "" in single quotes. That is indeed a bug. |
Thanks for acknowledging. And I had initially forgotten the |
If the empty string is specified in sudoers, no user args are allowed. GitHub issue #182.
Actually, I realise this issue is not just about double quotes, but spaces too. I.e.
Would allow both |
That's a different problem. Sudo concatenates all the command line arguments into a single string before matching so there is no way for it to tell the difference. The matching of command line arguments is far from ideal but fixing it by, say, requiring double quotes for command line arguments that contain whitespace in sudoers risks breaking existing configurations. This at least is documented in sudoers, which says "Command line arguments are matched as a single, concatenated string." |
I see. Thanks for pointing out where in the manual it says that, I had missed it. My thoughts on this is that it's worth changing how command-line arguments are matched in order to allow distinguishing e.g. |
As far as I understand from the manual, double quotes can be used to escape special characters in any context and they should always be balanced (or escaped with a
\
). When it comes to command-line arguments though, I observe the following behaviour (on version 1.9.9 and prior; apologies I'm not able to test on the latest version):The following entry:
results in user
test
being able to run these two commands:but not what is expected:
and the following entry:
results in user
test
being able to run both:The text was updated successfully, but these errors were encountered: