** Description changed: - In rust-sudo-rs 0.2.8-1ubuntu4 a fix was introduced that allowed for '=' - to be used in commands as such: + [ Impact ] + + The bug prevents sudoers files from including an escaped equal sign in + command arguments. Example: + + ``` + # This is currently allowed + Cmd_Alias FOO_CMD = /bin/foo --bar=1 + # ...this gives a syntax error + Cmd_Alias BAR_CMD = /bin/foo --bar\=1 + ``` + + The behavior is a regression following the previous fix in version + 0.2.8-1ubuntu4, which allowed un-escaped equal signs. + + This upload fixes the issue by both setting '=' as an escaped symbol in + commands and adding it as an accepted un-escaped symbol. + + [ Test Plan ] + + 1) Create a file called 'test' with the following contents: + ``` + Cmd_Alias FOO_CMD = /bin/foo --bar=1 + Cmd_Alias BAR_CMD = /bin/foo --bar\=1 + ``` + 2) Run visudo on 'test': + ```shell + visudo -c -f test + ``` + 3) File should parse successfully + + [ Where problems could occur ] + + Potential problems would arise in the parsing of commands in sudoers files, in cases where an escaped equal sign is considered illegal syntax. + Problems could also include unpredicted side effects in command parsing when "\\=" is used erroneously. + + [ Original description ] + In rust-sudo-rs 0.2.8-1ubuntu4 a fix was introduced that allowed for '=' to be used in commands as such: Cmd_Alias FOO_CMD = /bin/foo --bar=1 However, this fix also made the escaped equivalence generate an "illegal escape sequence error": Cmd_Alias BAR_CMD = /bin/foo --bar\=1 ------------------------------------- Steps to reproduce: 1. Create a file called "test" with the following content: Cmd_Alias FOO_CMD = /bin/foo --bar=1 Cmd_Alias BAR_CMD = /bin/foo --bar\=1 2. Run visudo on the file: $ visudo -c -f test 3. An error is given: test:2:36: syntax error: illegal escape sequence Cmd_Alias BAR_CMD = /bin/foo --bar\=1 ^ visudo: invalid sudoers file ------------------------------------- What I expect to happen: The sudoers file is parsed correctly without an error. Release: Ubunutu 25.10 sudo-rs version: 0.2.8-1ubuntu5
** Description changed: [ Impact ] The bug prevents sudoers files from including an escaped equal sign in command arguments. Example: ``` # This is currently allowed Cmd_Alias FOO_CMD = /bin/foo --bar=1 # ...this gives a syntax error Cmd_Alias BAR_CMD = /bin/foo --bar\=1 ``` The behavior is a regression following the previous fix in version 0.2.8-1ubuntu4, which allowed un-escaped equal signs. This upload fixes the issue by both setting '=' as an escaped symbol in commands and adding it as an accepted un-escaped symbol. [ Test Plan ] 1) Create a file called 'test' with the following contents: ``` Cmd_Alias FOO_CMD = /bin/foo --bar=1 Cmd_Alias BAR_CMD = /bin/foo --bar\=1 ``` 2) Run visudo on 'test': ```shell visudo -c -f test ``` 3) File should parse successfully [ Where problems could occur ] - Potential problems would arise in the parsing of commands in sudoers files, in cases where an escaped equal sign is considered illegal syntax. - Problems could also include unpredicted side effects in command parsing when "\\=" is used erroneously. + Potential problems would arise in the parsing of commands in sudoers files, in cases where an escaped equal sign is considered illegal syntax. + Problems could also include unpredicted side effects in command parsing when "\=" is used erroneously. [ Original description ] In rust-sudo-rs 0.2.8-1ubuntu4 a fix was introduced that allowed for '=' to be used in commands as such: Cmd_Alias FOO_CMD = /bin/foo --bar=1 However, this fix also made the escaped equivalence generate an "illegal escape sequence error": Cmd_Alias BAR_CMD = /bin/foo --bar\=1 ------------------------------------- Steps to reproduce: 1. Create a file called "test" with the following content: Cmd_Alias FOO_CMD = /bin/foo --bar=1 Cmd_Alias BAR_CMD = /bin/foo --bar\=1 2. Run visudo on the file: $ visudo -c -f test 3. An error is given: test:2:36: syntax error: illegal escape sequence Cmd_Alias BAR_CMD = /bin/foo --bar\=1 ^ visudo: invalid sudoers file ------------------------------------- What I expect to happen: The sudoers file is parsed correctly without an error. Release: Ubunutu 25.10 sudo-rs version: 0.2.8-1ubuntu5 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2127080 Title: [SRU] sudo-rs does not accept escaped characters in command-line arguments To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rust-sudo-rs/+bug/2127080/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
