On January 8, 2016 11:52:32 AM GMT+01:00, Jiri B <ji...@devio.us> wrote: >On Fri, Jan 08, 2016 at 12:04:15PM +0200, Alexey Kurinnij wrote: >> And what about difference? Explain please. >> >> > > I discovered an article about sudo and globbing[1] and >> > > there's difference how it does work on Linux and OpenBSD. >> > >> > http://zurlinux.com/?p=2244 >> > >> > > - openbsd >> > > >> > > # su -s /usr/local/bin/bash - nobody >> > > No home directory /nonexistent! >> > > Logging in with home = "/". >> > > -bash-4.3$ sudo bash -c "ls -l /var/tor/cache*" >> > > -rw------- 1 _tor _tor 20442 Dec 10 11:32 >/var/tor/cached-certs >> > > -rw------- 1 _tor _tor 1409287 Jan 7 15:56 >> > /var/tor/cached-microdesc-consensus >> > > -rw------- 1 _tor _tor 5107307 Jan 7 17:23 >/var/tor/cached-microdescs >> > > -rw------- 1 _tor _tor 0 Jan 7 17:23 >> > /var/tor/cached-microdescs.new >> > > -bash-4.3$ sudo -s bash -c "ls -l /var/tor/cache*" >> > > .cshrc .profile altroot bin bsd bsd.rd bsd.sp >dev >> > etc home mnt root sbin sys tftpboot tmp >> > usr var > > ^^^ here '*' gets expanded inside original user's shell.
I see no way that glob would result in the contents of the root directory. Here's my guess: everything after -s is concatenated and whitespace separated, effectively turning the example into bash -c ls -l /var/tor/cache* Thus, start bash and ask it to run "ls". Also pass "-l" and /var/tor/cache* as $0, $1... The latter of which is pretty pointless. Thus could be a matter of different default configurations between $LINUX and openbsd. /Alexander > >> > > - linux >> > > >> > > [root@slot-1 ~]# su -s /bin/bash nobody >> > > bash-4.2$ sudo bash -c "ls -l /var/cache/ldconfig/aux*" >> > > -rw-------. 1 root root 26470 Dec 22 17:52 >/var/cache/ldconfig/aux-cache >> > > bash-4.2$ sudo -s bash -c "ls -l /var/cache/ldconfig/aux*" >> > > -rw-------. 1 root root 26470 Dec 22 17:52 >/var/cache/ldconfig/aux-cache > > ^^^ here '*' gets expanded probably later, as original user does >not have access to /var/cache/ldconfig at all. > >In both cases original user does not have access to /var/tor, >respecively >to /var/cache/ldconfig. > >So the question is: why does same command on equally "restricted" dir >path gets different output - why on openbsd does '*' get expanded >immediatelly but on linux is it taken into account somehow by sudo >(?)... > >j.
