sudo -l will show info for everyone with the use of any ALL flag. · Issue #134 · sudo-project/sudo (original) (raw)

Unfortunately, this change causes a segmentation fault when sssd is in use. The problem is that the code does not check whether the list of runas users is NULL and dereferences a NULL pointer.

Some distributions (like SLES12 and SLES15) have backported this change to previous versions even of the 1.8.x variety and now suffer from this problem in environments that use sssd.

I'll work on preparing a patch to fix at least the segmentation fault, but I also think that the approach is misguided anyway. It links the right to list commands with the right to run commands, which is precisely NOT what one wants. A support person may want to be able to find out whether a user could run a command without it actually being able to run it.