[Bug 2127080] Re: [SRU] sudo-rs does not accept escaped characters in command-line arguments
Launchpad Bug Tracker
2127080 at bugs.launchpad.net
Fri Oct 17 07:05:12 UTC 2025
This bug was fixed in the package rust-sudo-rs - 0.2.8-1ubuntu5.1
---------------
rust-sudo-rs (0.2.8-1ubuntu5.1) questing; urgency=medium
* SRU: fix escaped equals in sudoers file (LP: #2127080)
-- Simon Johnsson <simon.johnsson at canonical.com> Mon, 13 Oct 2025
10:34:08 +0200
** Changed in: rust-sudo-rs (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rust-sudo-rs in Ubuntu.
https://bugs.launchpad.net/bugs/2127080
Title:
[SRU] sudo-rs does not accept escaped characters in command-line
arguments
Status in rust-sudo-rs package in Ubuntu:
Fix Released
Status in rust-sudo-rs source package in Questing:
Fix Committed
Bug description:
[ Impact ]
The bug prevents sudoers files from including an escaped equal sign in
command arguments. Example:
```
# This is currently allowed
Cmd_Alias FOO_CMD = /bin/foo --bar=1
# ...this gives a syntax error
Cmd_Alias BAR_CMD = /bin/foo --bar\=1
```
The behavior is a regression following the previous fix in version
0.2.8-1ubuntu4, which allowed un-escaped equal signs.
This upload fixes the issue by both setting '=' as an escaped symbol
in commands and adding it as an accepted un-escaped symbol.
[ Test Plan ]
1) Create a file called 'test' with the following contents:
```
Cmd_Alias FOO_CMD = /bin/foo --bar=1
Cmd_Alias BAR_CMD = /bin/foo --bar\=1
```
2) Run visudo on 'test':
```shell
visudo -c -f test
```
3) File should parse successfully
[ Where problems could occur ]
Potential problems would arise in the parsing of commands in sudoers files, in cases where an escaped equal sign is considered illegal syntax.
Problems could also include unpredicted side effects in command parsing when "\=" is used erroneously.
[ Original description ]
In rust-sudo-rs 0.2.8-1ubuntu4 a fix was introduced that allowed for '=' to be used in commands as such:
Cmd_Alias FOO_CMD = /bin/foo --bar=1
However, this fix also made the escaped equivalence generate an
"illegal escape sequence error":
Cmd_Alias BAR_CMD = /bin/foo --bar\=1
-------------------------------------
Steps to reproduce:
1. Create a file called "test" with the following content:
Cmd_Alias FOO_CMD = /bin/foo --bar=1
Cmd_Alias BAR_CMD = /bin/foo --bar\=1
2. Run visudo on the file:
$ visudo -c -f test
3. An error is given:
test:2:36: syntax error: illegal escape sequence
Cmd_Alias BAR_CMD = /bin/foo --bar\=1
^
visudo: invalid sudoers file
-------------------------------------
What I expect to happen:
The sudoers file is parsed correctly without an error.
Release: Ubunutu 25.10
sudo-rs version: 0.2.8-1ubuntu5
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rust-sudo-rs/+bug/2127080/+subscriptions
More information about the foundations-bugs
mailing list