On Mon, Sep 25, 2023 at 11:14:24AM +0200, Michael wrote: > so i looked into /etc/sudoers and all /etc/sudoers.d/* and found two > suspicous flags: > > /etc/sudoers: > Defaults use_pty > > /etc/sudoers.d/0pwfeedback: > Defaults pwfeedback > > then consulting the sudo manpage convinced me, it was the 'use_pty' flag (in > section SUDOERS OPTIONS). after removing that flag everything works as > 'expected':
Well, that is quite the find. My systems are not freshly installed Debian 12, but rather upgraded from previous releases. Given the presence of an /etc/sudoers.dpkg-dist file on my system, which does in fact contain this: # This fixes CVE-2005-4890 and possibly breaks some versions of kdesu # (#1011624, https://bugs.kde.org/show_bug.cgi?id=452532) Defaults use_pty it looks like you've solved *most* of the mystery. I still don't get why it matters whether the command was executed from bash or dash -- maybe bash sets up the file descriptors differently when performing a command substitution, in a way that has a subtle interaction surprise with sudo's use_pty option. I don't know.
