Sudo-rs canonicalizes commands too aggressively.
squell opened this issue · comments
Marc R. Schoolderman commented
Introduced in e322f89; this is most evident when trying to do something like sudo pkill
; pkill is a symbolic link to pgrep
, but pgrep does care how it was invoked.
Easy fix is of course to revert the commit, but putting the canonicalization step before permission check had a purpose (and it was mostly to deal with directories being symlinks, not the actual commands).
We should probably also add a few regression tests for this situation.
Marc R. Schoolderman commented
Note: best solution is probably to modify the arg0
to contain the invoking, unresolved command.
Marc R. Schoolderman commented
Note: the above-proposed fix works for symlinked binaries, but not for symlinked shell scripts.