Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Parse unknown tags in sudoers file even if we do not know them #546

Open
rnijveld opened this issue Jun 23, 2023 · 2 comments
Open

Parse unknown tags in sudoers file even if we do not know them #546

rnijveld opened this issue Jun 23, 2023 · 2 comments
Assignees
@squell
Labels
C-parser Parser/AST
Milestone
Milestone 3

Comments

@rnijveld
Copy link
Collaborator

I.e. right now we do not support the noexec tag, but that results in this error:

/etc/sudoers:91:29: expected host name
ALL ALL = (ALL:ALL) NOEXEC: /bin/sh, /bin/less

Instead something like 'noexec is an unsupported tag' would be a nicer error message for people jumping over from ogsudo.
@rnijveld rnijveld added the C-parser Parser/AST label Jun 23, 2023
@rnijveld rnijveld added this to the Milestone 3 milestone Jun 23, 2023
@squell
Copy link
Member

squell commented Jun 23, 2023

Note: should also add some code in the Def<T> parser so the Xyzzy_Alias syntax warns about attempts to define ambiguous sudoers rules.

@squell squell mentioned this issue Sep 19, 2023
Open
@mkg20001
Copy link

The diagnostic (#760 (comment)) is a good idea

Still there should be an extra flag to explicitly reject the configuration when validating when it contains not-yet-supported options. for example when calling visudo -c with extra --no-unsupported. or we can just make visudo -c --strict include that check, without an extra flag.

@squell squell self-assigned this Mar 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@squell squell

Labels
C-parser Parser/AST
Projects
None yet
Milestone
Milestone 3
Development

No branches or pull requests
3 participants
@rnijveld @squell @mkg20001