-s option command string manipulation

[greyltc]

The manpage for the -s option says:

     -s, --shell
                 Run the shell specified by the SHELL environment variable if it is set or the shell specified by the invoking user's password database entry.  If a command is specified, it is passed to the shell for execution via
                 the shell's -c option.  If no command is specified, an interactive shell is executed.  Note that most shells behave differently when a command is specified as compared to an interactive session; consult the shell's
                 manual for details.

So if my SHELL is bash, I expect $ sudo -s "whoami; whoami" to be the same as running bash -c "whoami; whoami" as the root user. But that doesn't work:

$ sudo -s "whoami; whoami"
/bin/bash: line 1: whoami; whoami: command not found

Of course

# bash -c "whoami; whoami"
root
root

works fine.

Could my sudo be misconfigured or compiled with a missing/incorrect option for this to work correctly?
Or is this a bug in sudo or its man page?
Or is it a bug in my understanding?

I'm using Sudo version 1.9.4p2 via Arch Linux.

[noproto]

sudo doesn't take the entire argument as a single string. What you're doing is the equivalent of this:

bash -c '"whoami; whoami"'

As far as sudo can tell, maybe you really do want to call a program called "whoami; whoami"? bash interprets the quotes, so all sudo will see is the literal value whoami; whoami. The correct way to invoke it here is by either calling sudo twice or by doing something like sudo sh -c "whoami; whoami".

[greyltc]

@noproto @millert
I see. If I understand correctly, when I run sudo -s "whoami; whoami", sudo takes the whoami; whoami string I gave it and wraps it in additional single quotes and gives it as the -c argument to the shell. That matches exactly what I see. I wonder what the benefit is of sudo doing that additional wrapping though. Is that a bug or is it intended behavior? Would it be possible or advisable for sudo to not do that additional wrapping of the string? or at least the documentation being clarified to state that it's going to do it.

Would you consider a PR that I might make to change this behavior so that sudo does not add any additional quote wrapping to the command string? I imagine that way the user could decide themselves if they'd like the shell call to be $SHELL -c '"whoami; whoami"' by doing sudo -s '"whoami; whoami"' or $SHELL -c "whoami; whoami" by doing sudo -s "whoami; whoami".

EDIT: After looking at the code and running in debug mode I'm beginning to understand this a bit better now. It seems this comment is mostly nonsense. Please ignore :-)

[greyltc]

I've looked at the code for this a bit.

sudo/src/parse_args.c

Lines 625 to 627 in 888f63a

	/* quote potential meta characters */
	if (!isalnum((unsigned char)*src) && *src != '_' && *src != '-' && *src != '$')
	*dst++ = '\\';

Are the space and the ; in my command string being manipulated? Why?

How is this list of non escaped "potential meta characters" chosen? Why is it only the nonalphanums -,_ and $ that avoid escape? Should ; also be in that list? What about space?

[greyltc]

Seems to be solved by #86

but I'd love to better understand why the escaping was going on in the first place to figure out if just removing it is the right thing to do!