Ubuntu
bash package

sudo should autocomplete all file paths if already authenticated

Bug #346710 reported by Jack Wasey
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
bash (Ubuntu)
Won't Fix
Undecided
Unassigned

Bug Description

Binary package hint: sudo

with "nopasswd: all" in your sudoers file, or if authentication has already been performed during previous recent sudo commands, then using TAB should acquire root privileges in order to autocomplete paths.

A classic example is /dev/my-volume-group/ which has root-only read permissions, and therefore cannot be auto-completed in a command like:

sudo mount /dev/my-volume-group/[TAB] does NOT list my lvm partitions, but I think it should.

Revision history for this message
YoBoY (yoboy-leguesh) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. Please answer these questions:

* can you detail with more precision what you mean with "acquire root privileges" ?
* have you uncommented the auto completion in your /root/.bashrc and in your personnal .bashrc ?
* have you another exemple more reproductible by anyone ?

This will help us to find and resolve the problem.

Revision history for this message
Jack Wasey (jackwasey) wrote :

hi- here is the example in more detail. i haven't messed with the auto completion ever, and i'm working on a new jaunty installation.

do the following, where <TAB> = hit the tab key.

jack@albans:~$ cd /tmp
jack@albans:/tmp$ mkdir test
jack@albans:/tmp$ sudo chown root test
jack@albans:/tmp$ sudo chmod 600 test
jack@albans:/tmp$ sudo touch test/touched
jack@albans:/tmp$ ls test
ls: cannot open directory test: Permission denied
jack@albans:/tmp$ sudo ls test/touched
test/touched
jack@albans:/tmp$ sudo ls test/<TAB>

the final line should produce an autocompletion of test/touched, but it does not.

by "acquire root privliges", i mean authenticating, if necessary, after performing an sudo command. in the default ubuntu config, I believe you authenticate first with your password, and this is remembered for about ten minutes.

my bug is about the fact that, although sudo "knows" that I am allowed to run commands as super user, it does not let me autocomplete paths which only root can read. sorry if this was not clear.

Revision history for this message
YoBoY (yoboy-leguesh) wrote :

Tanks for you reply, since it's only a bash completion problem and not realy a sudo one (you have the same issue without the sudo), i reassign to the right package.

After tried your procedure, i also tried with a newly created user, changing the owner to that user. Same issue.
I also played with the chmod to see what i need to make the completion work.

So the completion only work finaly when you the user connected have the right to read in the folder.
More clearly for the directory TEST, and the owner USER :
drw------- USER USER TEST << work
drw------- ROOT USER TEST << don't work
drw-r----- ROOT USER TEST << work
drw-r----- ROOT ROOT TEST << don't work
drw-r--r-- ROOT ROOT TEST << work

Don't realy know if it's a bug, or a feature request, it's only a privilège problem of the bash-completion and the user who use it.

Changed in sudo:
status: New → Confirmed
Revision history for this message
Jack Wasey (jackwasey) wrote :

good work - guess we can call it an enhancement, but it does seem like expected behaviour is not met.

Revision history for this message
YoBoY (yoboy-leguesh) wrote :

After some reflexion (and after deactivating the bash-completion) i change back to the bash package (sorry everyone, still learning).

So the enhancement should be a temporary root permission for the completion mechanisms in bash when only one sudo with valid password have been entered in the session and for the time of this "sudo privilege session" is active. This is what you want?

For me this can be a source of security problems but i am not a very technical person :)

Is this what you wanted finaly? Try to change the subject and the description to reflect this if you have time and add every information who can help the developpers to understand this.

Tanks

Revision history for this message
Jack Wasey (jackwasey) wrote :

this is exactly it. not an easy way to summarise in a line - i did my best already!

the security problem might be limited to elevating privileges to read-only superuser access. no idea how this is done.

Revision history for this message
Fernando Miguel (fernandomiguel) wrote :

I would set wont fix.
Although a nice feature, it would be a security exploit point.

if you need to run as root, sudo -i will do it nicely.

will welcome other pov.

Revision history for this message
James Westby (james-w) wrote :

Hi,

I'm going to "Won't Fix" this at this time, sorry.

The reason for this is that while it's not revealing any information that you
can't already get, so isn't a security problem in that sense, it does require
more code running as root than before.

bash itself provides the paths, and it runs as your user, so it can't complete
the paths, as only root can see them. In order to fix this bash itself would have
to sudo to root, which would mean that you were using a root shell permanently,
which is not a good idea. The other solution would be to have some helper to
complete paths, and run it under sudo, with sudo in a mode that exited silently
when you weren't authenticated. That would be inefficient, and a whole lot of
work to add all of that.

If you feel strongly about this then and would still like to see it happen then I suggest
you discuss it with the bash developers, who are better placed to make the change.

Thanks,

James

Changed in bash (Ubuntu):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.