From 5f45fd907bf2ef0bbdd87cd991760f98783693d9 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Thu, 20 Jan 2022 14:05:00 -0700 Subject: [PATCH] Document how commands are passed to the shell for the -i and -s options. The concatenation of command and arguments and escaping of special characters was not documented. Text adapted from GitHub issue #121 from Kris Rinzwind --- docs/sudo.man.in | 22 ++++++++++++++++++---- docs/sudo.mdoc.in | 22 ++++++++++++++++++---- 2 files changed, 36 insertions(+), 8 deletions(-) diff --git a/docs/sudo.man.in b/docs/sudo.man.in index 19b5b170f..4c675018a 100644 --- a/docs/sudo.man.in +++ b/docs/sudo.man.in @@ -449,10 +449,17 @@ This means that login-specific resource files such as or \fI.login\fR will be read by the shell. -If a command is specified, it is passed to the shell for execution -via the shell's +If a command is specified, it is passed to the shell as a simple +command using the \fB\-c\fR option. +The command and any arguments are concatenated, separated by spaces, +after escaping each character +(including white space) +with a backslash +(\(oq\e\(cq) +except for alphanumerics, underscores, +hyphens, and dollar signs. If no command is specified, an interactive shell is executed. \fBsudo\fR attempts to change to that user's home directory before running the @@ -624,10 +631,17 @@ Run the shell specified by the \fRSHELL\fR environment variable if it is set or the shell specified by the invoking user's password database entry. -If a command is specified, it is passed to the shell for execution -via the shell's +If a command is specified, it is passed to the shell as a simple +command using the \fB\-c\fR option. +The command and any arguments are concatenated, separated by spaces, +after escaping each character +(including white space) +with a backslash +(\(oq\e\(cq) +except for alphanumerics, underscores, +hyphens, and dollar signs. If no command is specified, an interactive shell is executed. Note that most shells behave differently when a command is specified as compared to an interactive session; consult the shell's manual diff --git a/docs/sudo.mdoc.in b/docs/sudo.mdoc.in index 9c373615d..a930549ed 100644 --- a/docs/sudo.mdoc.in +++ b/docs/sudo.mdoc.in @@ -426,10 +426,17 @@ This means that login-specific resource files such as or .Pa .login will be read by the shell. -If a command is specified, it is passed to the shell for execution -via the shell's +If a command is specified, it is passed to the shell as a simple +command using the .Fl c option. +The command and any arguments are concatenated, separated by spaces, +after escaping each character +.Pq including white space +with a backslash +.Pq Ql \e +except for alphanumerics, underscores, +hyphens, and dollar signs. If no command is specified, an interactive shell is executed. .Nm attempts to change to that user's home directory before running the @@ -582,10 +589,17 @@ Run the shell specified by the .Ev SHELL environment variable if it is set or the shell specified by the invoking user's password database entry. -If a command is specified, it is passed to the shell for execution -via the shell's +If a command is specified, it is passed to the shell as a simple +command using the .Fl c option. +The command and any arguments are concatenated, separated by spaces, +after escaping each character +.Pq including white space +with a backslash +.Pq Ql \e +except for alphanumerics, underscores, +hyphens, and dollar signs. If no command is specified, an interactive shell is executed. Note that most shells behave differently when a command is specified as compared to an interactive session; consult the shell's manual