On Fri, Jan 08, 2016 at 12:04:15PM +0200, Alexey Kurinnij wrote:
> And what about difference? Explain please.
>
> > > I discovered an article about sudo and globbing[1] and
> > > there's difference how it does work on Linux and OpenBSD.
> >
> > http://zurlinux.com/?p=2244
> >
> > > - openbsd
> > >
> > > # su -s /usr/local/bin/bash - nobody
> > > No home directory /nonexistent!
> > > Logging in with home = "/".
> > > -bash-4.3$ sudo bash -c "ls -l /var/tor/cache*"
> > > -rw------- 1 _tor _tor 20442 Dec 10 11:32 /var/tor/cached-certs
> > > -rw------- 1 _tor _tor 1409287 Jan 7 15:56
> > /var/tor/cached-microdesc-consensus
> > > -rw------- 1 _tor _tor 5107307 Jan 7 17:23 /var/tor/cached-microdescs
> > > -rw------- 1 _tor _tor 0 Jan 7 17:23
> > /var/tor/cached-microdescs.new
> > > -bash-4.3$ sudo -s bash -c "ls -l /var/tor/cache*"
> > > .cshrc .profile altroot bin bsd bsd.rd bsd.sp dev
> > etc home mnt root sbin sys tftpboot tmp
> > usr var
^^^ here '*' gets expanded inside original user's shell.
> > > - linux
> > >
> > > [root@slot-1 ~]# su -s /bin/bash nobody
> > > bash-4.2$ sudo bash -c "ls -l /var/cache/ldconfig/aux*"
> > > -rw-------. 1 root root 26470 Dec 22 17:52 /var/cache/ldconfig/aux-cache
> > > bash-4.2$ sudo -s bash -c "ls -l /var/cache/ldconfig/aux*"
> > > -rw-------. 1 root root 26470 Dec 22 17:52 /var/cache/ldconfig/aux-cache
^^^ here '*' gets expanded probably later, as original user does
not have access to /var/cache/ldconfig at all.
In both cases original user does not have access to /var/tor, respecively
to /var/cache/ldconfig.
So the question is: why does same command on equally "restricted" dir
path gets different output - why on openbsd does '*' get expanded
immediatelly but on linux is it taken into account somehow by sudo (?)...
j.
