Add test for matching a literal "" command line argument as "" in sud…

…oers. GitHub issue #182.
sudo-project · Oct 5, 2022 · 2e2dd48 · 2e2dd48
1 parent fa952bf
commit 2e2dd48
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 0 deletions.
diff --git a/MANIFEST b/MANIFEST
@@ -1020,6 +1020,8 @@ plugins/sudoers/regress/testsudoers/test17.out.ok
 plugins/sudoers/regress/testsudoers/test17.sh
 plugins/sudoers/regress/testsudoers/test18.out.ok
 plugins/sudoers/regress/testsudoers/test18.sh
+plugins/sudoers/regress/testsudoers/test19.out.ok
+plugins/sudoers/regress/testsudoers/test19.sh
 plugins/sudoers/regress/testsudoers/test2.inc
 plugins/sudoers/regress/testsudoers/test2.out.ok
 plugins/sudoers/regress/testsudoers/test2.sh

diff --git a/plugins/sudoers/regress/testsudoers/test19.out.ok b/plugins/sudoers/regress/testsudoers/test19.out.ok
@@ -0,0 +1,20 @@
+Parses OK
+
+Entries for user root:
+
+ALL = /bin/ls ""
+	host  matched
+	runas matched
+	cmnd  allowed
+
+Command allowed
+Parses OK
+
+Entries for user root:
+
+ALL = /bin/ls ""
+	host  matched
+	runas matched
+	cmnd  unmatched
+
+Command unmatched
diff --git a/plugins/sudoers/regress/testsudoers/test19.sh b/plugins/sudoers/regress/testsudoers/test19.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+#
+# Verify that "" in sudoers does not match a literal "" on the command line.
+#
+
+: ${TESTSUDOERS=testsudoers}
+
+exec 2>&1
+
+# This should succeed
+$TESTSUDOERS root /bin/ls <<'EOF'
+root ALL = /bin/ls ""
+EOF
+
+# This should fail
+$TESTSUDOERS root /bin/ls '""' <<'EOF'
+root ALL = /bin/ls ""
+EOF
+
+exit 0