FS#55544 - sudo fails to excute command when authorizing a new session if a pam_exec line present in PAM config
Attached to Project:
Arch Linux
Opened by Liam (sourcesmith) - Thursday, 07 September 2017, 10:32 GMT
Last edited by Evangelos Foutras (foutrelis) - Thursday, 07 September 2017, 13:16 GMT
Opened by Liam (sourcesmith) - Thursday, 07 September 2017, 10:32 GMT
Last edited by Evangelos Foutras (foutrelis) - Thursday, 07 September 2017, 13:16 GMT
|
Details
Description:
If a PAM configuration, in my case /etc/pam.d/system-auth, contains a pam_exec invocation then sudo fails to execute the given command after entering the password. It does, however, authorize the session so that repeating the sudo command executes the command without a further password prompt. This occurs with package versions 1.8.21.p1-1 to 1.8.21.p1-3. The following config is sufficient to reproduce: #%PAM-1.0 auth required pam_unix.so try_first_pass nullok # Addition of the following line. auth [success=ignore default=1] pam_exec.so quiet /usr/bin/true auth optional pam_permit.so auth required pam_env.so account required pam_unix.so account optional pam_permit.so account required pam_time.so password required pam_unix.so try_first_pass nullok sha512 shadow password optional pam_permit.so session required pam_limits.so session required pam_unix.so session optional pam_permit.so |
This task depends upon
Closed by Evangelos Foutras (foutrelis)
Thursday, 07 September 2017, 13:16 GMT
Reason for closing: Fixed
Additional comments about closing: sudo 1.8.21.p2-1
Thursday, 07 September 2017, 13:16 GMT
Reason for closing: Fixed
Additional comments about closing: sudo 1.8.21.p2-1
Comment by
Evangelos Foutras (foutrelis) -
Thursday, 07 September 2017, 12:23 GMT
Appears to be fixed in sudo 1.8.21.p2 (in [testing]); probably had
the same cause as
https://bugzilla.sudo.ws/show_bug.cgi?id=801.