cvtsudoers: regression in JSON output (CHROOT != CWD) · Issue #371 · sudo-project/sudo (original) (raw)

Using the following sudoers file in /etc/sudoers.d/test6:

Host_Alias SERVERS10=server1,server2,server10
user1,user2,+netgroup hostname1,hostname2,SERVERS10 = CWD=~root /usr/bin/test5, CWD=/tmp /bin/test5

Using the command:

cvtsudoers --defaults=all --output-format=JSON --input-format=SUDOERS --output=- /etc/sudoers.d/test6

We get the following invalid JSON output:

{ "Host_Aliases": { "SERVERS10": [ { "hostname": "server1" }, { "hostname": "server2" }, { "hostname": "server10" } ] }, "User_Specs": [ { "User_List": [ { "username": "user1" }, { "username": "user2" }, { "netgroup": "netgroup" } ], "Host_List": [ { "hostname": "hostname1" }, { "hostname": "hostname2" }, { "hostalias": "SERVERS10" } ], "Cmnd_Specs": [ { "Options": [ { "runchroot": "~root" } ], "Commands": [ { "command": "/usr/bin/test5" } ] }, { "Options": [ { "runchroot": "/tmp" } ], "Commands": [ { "command": "/bin/test5" } ] } ] } ] }

The options here read runchroot when in fact it should read runcwd.

For reference, this is what the stock sudo-1.9.15 release cvtsudoers returns:

{ "Host_Aliases": { "SERVERS10": [ { "hostname": "server1" }, { "hostname": "server2" }, { "hostname": "server10" } ] }, "User_Specs": [ { "User_List": [ { "username": "user1" }, { "username": "user2" }, { "netgroup": "netgroup" } ], "Host_List": [ { "hostname": "hostname1" }, { "hostname": "hostname2" }, { "hostalias": "SERVERS10" } ], "Cmnd_Specs": [ { "Options": [ "runcwd": "~root" ], "Commands": [ { "command": "/usr/bin/test5" } ] }, { "Options": [ "runcwd": "/tmp" ], "Commands": [ { "command": "/bin/test5" } ] } ] } ] }