feat: implement runcwd Defaults option#1542
Conversation
Add support for the `runcwd` sudoers Defaults setting, which is the Defaults equivalent of the `CWD` command tag. This allows administrators to configure the working directory policy globally rather than per-rule. When `tag.cwd` is not set on a command spec, the `runcwd` Defaults value is used as a fallback. Explicit `CWD` tags still take precedence. Closes trifectatechfoundation#1448
| pub struct Judgement { | ||
| flags: Option<Tag>, | ||
| settings: Settings, | ||
| runcwd: Option<tokens::ChDir>, |
There was a problem hiding this comment.
Since runcwd is already a part of Settings, I would prefer to not have it duplicated here; I believe it can be fed into the tokens::ChDir::construct function further below. Otherwise things can get confusing.
| ); | ||
| } | ||
|
|
||
| #[test] |
There was a problem hiding this comment.
Integration tests are good, but they should go in the test-framework folder so they are also verified for compliance against original sudo. In any case, I find this particular test-case to be a bit "dense".
There was a problem hiding this comment.
The changes in defaults/mod.rs and the Judgement::authorization function are fine.
However, I would like to see:
-
runcwd_defaults_integration_testto be replaced with a proper "full up" compliance test in thetest-framework/folder. As it stands this test looks rather complex (even though the addition ofruncwdisn't too complex), and secondly an integration test can be expressed much more succinctly and provide more confidence over there. -
There's no need to add
runcwdto theJudgementobject.
Also, I don't know if LLM's were used to generate (parts of) this PR, but if so, take note of our stance on genAI.
…uite Fold the runcwd default into tag.cwd when no explicit CWD is set instead of storing it on Judgement, and replace the dense in-tree integration test with a compliance test under test-framework that is verified against original sudo.
|
Addressed both points:
|
2 participants
Summary
Implements the
runcwdsudoers Defaults setting (theDefaultsequivalent of theCWDcommand tag), allowing admins to set the working directory policy globally instead of per-rule.Defaults runcwd=*permits--chdirfor all commands (same asCWD=*)Defaults runcwd=/pathsets a specific working directoryCWDtags on command specs still take precedenceDefaults !runcwdresets to default behaviorCloses #1448
Changes
runcwdto thedefaults!macro as anOption<Box<str>>text settingChDirinJudgementso theDirChangereference lifetime is correctruncwdwhen noCWDtag is present on the matched command spectag.cwd.as_ref()→tag.cwd.as_ref().or(self.runcwd.as_ref())Test plan
runcwddirect manipulation onJudgement(runcwd=*, runcwd=/path, CWD override)Defaults runcwd=*,runcwd=/path, CWD override, and!runcwdnegationDefaults runcwd = *,Defaults runcwd = /usr/local,Defaults !runcwd