Document reserved words that cannot be used as alias names.

Bug #941

NEWS

@@ -67,9 +67,10 @@ What's new in Sudo 1.9.3
 
  * It is now possible to set the working directory or change the
    root directory on a per-command basis using the CWD and CHROOT
-   options.  There are also new Defaults settings, runchroot and
-   runcwd, that can be used to set the working directory or root
-   directory on a more global basis.
+   options.  CWD and CHROOT are now reserved words in sudoers--they
+   can no longer be used as alias names.  There are also new Defaults
+   settings, runchroot and runcwd, that can be used to set the
+   working directory or root directory on a more global basis.
 
  * New -D (--chdir) and -R (--chroot) command line options can be
    used to set the working directory or root directory if the sudoers

doc/UPGRADE

@@ -3,6 +3,12 @@ Notes on upgrading from an older release
 
 o Upgrading from a version prior to 1.9.3:
 
+    Due to the addition of the CHROOT and CWD options, it is no
+    longer possible to declare an alias with one of those names.
+    If a sudoers file has an alias with one of those names, sudo
+    and visudo will report a syntax error with a message like
+    "syntax error: unexpected CHROOT, expecting ALIAS".
+
     Starting with version 1.9.3, sudoers rules must end in either
     a newline or the end-of-file.  This makes it possible to provide
     better error messages.  Previously, it was possible to include
@@ -97,6 +103,13 @@ o Upgrading from a version prior to 1.8.23:
 
 o Upgrading from a version prior to 1.8.20:
 
+    Due to the addition of the TIMEOUT, NOTBEFORE and NOTAFTTER
+    options, it is no longer possible to declare an alias with one
+    of those names.  If a sudoers file has an alias with one of
+    those names, sudo and visudo will report a syntax error with a
+    message like "syntax error: unexpected TIMEOUT, expecting ALIAS".
+
+    Starting with version 1.9.3, sudoers rules must end in either
     Prior to version 1.8.20, when log_input, log_output or use_pty
     were enabled, if any of the standard input, output or error
     were not connected to a terminal, sudo would use a pipe.  The

doc/sudoers.man.in

@@ -25,7 +25,7 @@
 .nr BA @BAMAN@
 .nr LC @LCMAN@
 .nr PS @PSMAN@
-.TH "SUDOERS" "@mansectform@" "September 9, 2020" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDOERS" "@mansectform@" "September 25, 2020" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -1380,6 +1380,10 @@ subsequent
 in the
 \fRCmnd_Spec_List\fR,
 inherit that option unless it is overridden by another option.
+Note that the option names are reserved words in
+\fIsudoers\fR.
+This means that none of the valid option names (see below) can be used
+when declaring an alias.
 .if \n(SL \{\
 .SS "SELinux_Spec"
 On systems with SELinux support,
@@ -2128,17 +2132,42 @@ It can be used wherever one might otherwise use a
 \fRRunas_Alias\fR,
 or
 \fRHost_Alias\fR.
-You should not try to define your own
+Attempting to define an
 \fIalias\fR
-called
+named
 \fBALL\fR
-as the built-in alias will be used in preference to your own.
+will result in a syntax error.
 Please note that using
 \fBALL\fR
 can be dangerous since in a command context, it allows the user to run
 \fIany\fR
 command on the system.
 .PP
+The following option names permitted in an
+\fROption_Spec\fR
+are also considered reserved words:
+\fRCHROOT\fR,
+.if \n(PS \{\
+\fRPRIVS\fR,
+.\}
+.if \n(PS \{\
+\fRLIMITPRIVS\fR,
+.\}
+.if \n(SL \{\
+\fRROLE\fR,
+.\}
+.if \n(SL \{\
+\fRTYPE\fR,
+.\}
+\fRCMND_TIMEOUT\fR,
+\fRCWD\fR,
+\fRNOTBEFORE\fR
+and
+\fRNOTAFTER\fR.
+Attempting to define an
+\fIalias\fR
+with the same name as one of the options will result in a syntax error.
+.PP
 An exclamation point
 (\(oq\&!\(cq)
 can be used as a logical

doc/sudoers.man.in.sed

@@ -114,3 +114,29 @@ s/^\(.TH .*\)/.nr SL @SEMAN@\
 	    }
 	}
 }
+
+/^\\fRPRIVS\\fR,/ {
+    i\
+.if \\n(PS \\{\\
+    a\
+.\\}
+}
+/^\\fRLIMITPRIVS\\fR,/ {
+    i\
+.if \\n(PS \\{\\
+    a\
+.\\}
+}
+
+/^\\fRROLE\\fR,/ {
+    i\
+.if \\n(SL \\{\\
+    a\
+.\\}
+}
+/^\\fRTYPE\\fR,/ {
+    i\
+.if \\n(SL \\{\\
+    a\
+.\\}
+}

doc/sudoers.mdoc.in

@@ -24,7 +24,7 @@
 .nr BA @BAMAN@
 .nr LC @LCMAN@
 .nr PS @PSMAN@
-.Dd September 9, 2020
+.Dd September 25, 2020
 .Dt SUDOERS @mansectform@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -1308,6 +1308,10 @@ subsequent
 in the
 .Li Cmnd_Spec_List ,
 inherit that option unless it is overridden by another option.
+Note that the option names are reserved words in
+.Em sudoers .
+This means that none of the valid option names (see below) can be used
+when declaring an alias.
 .if \n(SL \{\
 .Ss SELinux_Spec
 On systems with SELinux support,
@@ -2004,17 +2008,38 @@ It can be used wherever one might otherwise use a
 .Li Runas_Alias ,
 or
 .Li Host_Alias .
-You should not try to define your own
+Attempting to define an
 .Em alias
-called
+named
 .Sy ALL
-as the built-in alias will be used in preference to your own.
+will result in a syntax error.
 Please note that using
 .Sy ALL
 can be dangerous since in a command context, it allows the user to run
 .Em any
 command on the system.
 .Pp
+The following option names permitted in an
+.Li Option_Spec
+are also considered reserved words:
+.Li CHROOT ,
+.if \n(PS \{\
+.Li PRIVS ,
+.Li LIMITPRIVS ,
+.\}
+.if \n(SL \{\
+.Li ROLE ,
+.Li TYPE ,
+.\}
+.Li CMND_TIMEOUT ,
+.Li CWD ,
+.Li NOTBEFORE
+and
+.Li NOTAFTER .
+Attempting to define an
+.Em alias
+with the same name as one of the options will result in a syntax error.
+.Pp
 An exclamation point
 .Pq Ql \&!
 can be used as a logical