Package: sudo
Version: 1.8.11p1-1
Severity: grave
In 1.8.11p1-1, sudo silently exits(1) without creating a new
shell. Here's output from a simple test case, as root: "sudo id"
tests whether it functions:
# strace -v -s 100 sudo id
...
connect(8, {sa_family=AF_LOCAL, sun_path="/dev/log"}, 110) = 0
sendto(8, "<85>Oct 11 08:44:26 sudo: root : TTY=pts/1 ; PWD=/mnt/usb ;
USER=root ; COMMAND=/usr/bin/id", 95, MSG_NOSIGNAL, NULL, 0) = 95
close(8) = 0
setresuid(4294967295, 4294967295, 4294967295) = 0
setresgid(4294967295, 4294967295, 4294967295) = 0
close(5) = 0
munmap(0x7fa18b97b000, 4096) = 0
socket(PF_NETLINK, SOCK_RAW, NETLINK_AUDIT) = -1 EPROTONOSUPPORT (Protocol not
supported)
setresuid(4294967295, 4294967295, 4294967295) = 0
setresgid(4294967295, 4294967295, 4294967295) = 0
close(3) = 0
close(4) = 0
exit_group(1) = ?
+++ exited with 1 +++
Sudo seems to give up when it finds that linux does not support AUDIT.
Indeed, /proc/cmdline contains "audit=0", as I have disabled that on
purpose.
In 1.8.10p3-1, this works fine. The similar chunk of strace output
includes:
...
connect(8, {sa_family=AF_LOCAL, sun_path="/dev/log"}, 110) = 0
sendto(8, "<85>Oct 11 08:53:19 sudo: root : TTY=pts/1 ; PWD=/tmp ;
USER=root ; COMMAND=/usr/bin/id", 91, MSG_NOSIGNAL, NULL, 0) = 91
close(8) = 0
setresuid(4294967295, 4294967295, 4294967295) = 0
setresgid(4294967295, 4294967295, 4294967295) = 0
close(5) = 0
munmap(0x7f0e1e326000, 4096) = 0
socket(PF_NETLINK, SOCK_RAW, NETLINK_AUDIT) = -1 EPROTONOSUPPORT (Protocol not
supported)
setresuid(4294967295, 4294967295, 4294967295) = 0
setresgid(4294967295, 4294967295, 4294967295) = 0
close(3) = 0
close(4) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
open("/etc/group", O_RDONLY|O_CLOEXEC) = 4
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 5
lseek(5, 0, SEEK_CUR) = 0
...
and continues to clone() and eventually exits(0).
Looks like the conditional is backwards in linux_audit_open():
/* Kernel may not have audit support. */
if (errno != EINVAL && errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT) {
sudo_warn(U_("unable to open audit system"));
au_fd = AUDIT_NOT_CONFIGURED;
}
This should be:
if (errno == EINVAL || errno == EPROTONOSUPPORT || errno == EAFNOSUPPORT) {
au_fd = AUDIT_NOT_CONFIGURED;
}
(P.S. I hope the new sudo_warn() doesn't go to the terminal.)
Thanks for maintaining sudo!
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages sudo depends on:
ii libaudit1 1:2.4-1
ii libc6 2.19-11
ii libpam-modules 1.1.8-3.1
ii libpam0g 1.1.8-3.1
ii libselinux1 2.3-2
-- no debconf information
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
