cvtsudoers: regression in JSON output (CHROOT != CWD)
es-fabricemarie opened this issue · 1 comments
es-fabricemarie commented
Using the following sudoers file in /etc/sudoers.d/test6:
Host_Alias SERVERS10=server1,server2,server10
user1,user2,+netgroup hostname1,hostname2,SERVERS10 = CWD=~root /usr/bin/test5, CWD=/tmp /bin/test5
Using the command:
cvtsudoers --defaults=all --output-format=JSON --input-format=SUDOERS --output=- /etc/sudoers.d/test6We get the following invalid JSON output:
{
"Host_Aliases": {
"SERVERS10": [
{ "hostname": "server1" },
{ "hostname": "server2" },
{ "hostname": "server10" }
]
},
"User_Specs": [
{
"User_List": [
{ "username": "user1" },
{ "username": "user2" },
{ "netgroup": "netgroup" }
],
"Host_List": [
{ "hostname": "hostname1" },
{ "hostname": "hostname2" },
{ "hostalias": "SERVERS10" }
],
"Cmnd_Specs": [
{
"Options": [
{ "runchroot": "~root" }
],
"Commands": [
{ "command": "/usr/bin/test5" }
]
},
{
"Options": [
{ "runchroot": "/tmp" }
],
"Commands": [
{ "command": "/bin/test5" }
]
}
]
}
]
}The options here read runchroot when in fact it should read runcwd.
For reference, this is what the stock sudo-1.9.15 release cvtsudoers returns:
{
"Host_Aliases": {
"SERVERS10": [
{ "hostname": "server1" },
{ "hostname": "server2" },
{ "hostname": "server10" }
]
},
"User_Specs": [
{
"User_List": [
{ "username": "user1" },
{ "username": "user2" },
{ "netgroup": "netgroup" }
],
"Host_List": [
{ "hostname": "hostname1" },
{ "hostname": "hostname2" },
{ "hostalias": "SERVERS10" }
],
"Cmnd_Specs": [
{
"Options": [
"runcwd": "~root"
],
"Commands": [
{ "command": "/usr/bin/test5" }
]
},
{
"Options": [
"runcwd": "/tmp"
],
"Commands": [
{ "command": "/bin/test5" }
]
}
]
}
]
}