sudo-rs icon indicating copy to clipboard operation
sudo-rs copied to clipboard

Published 20 hours ago verified publisher icon memorysafety

Parse unknown tags in sudoers file even if we do not know them

Open rnijveld opened this issue 2 years ago • 2 comments

I.e. right now we do not support the noexec tag, but that results in this error:

/etc/sudoers:91:29: expected host name
ALL ALL = (ALL:ALL) NOEXEC: /bin/sh, /bin/less

Instead something like 'noexec is an unsupported tag' would be a nicer error message for people jumping over from ogsudo.

rnijveld avatar Jun 23 '23 12:06 rnijveld

Note: should also add some code in the Def<T> parser so the Xyzzy_Alias syntax warns about attempts to define ambiguous sudoers rules.

squell avatar Jun 23 '23 19:06 squell

The diagnostic (https://github.com/memorysafety/sudo-rs/issues/760#issuecomment-1725826126) is a good idea

Still there should be an extra flag to explicitly reject the configuration when validating when it contains not-yet-supported options. for example when calling visudo -c with extra --no-unsupported. or we can just make visudo -c --strict include that check, without an extra flag.

mkg20001 avatar Sep 19 '23 15:09 mkg20001