FS#69047 - sudo 1.9.4.p1-2 handles 'sudo -i' incorrect
Attached to Project:
Arch Linux
Opened by mark (qinohe) - Monday, 21 December 2020, 07:11 GMT
Last edited by Evangelos Foutras (foutrelis) - Monday, 21 December 2020, 16:08 GMT
Opened by mark (qinohe) - Monday, 21 December 2020, 07:11 GMT
Last edited by Evangelos Foutras (foutrelis) - Monday, 21 December 2020, 16:08 GMT
|
Details
Description:
sudo 1.9.4.p1-2 is vulnerable to a bug at least when using 'sudo -i' Summary: I'm unable to use history and my PS1 shows my hostname instead of 'root@hostname' There may be more problems I haven't discovered. Additional info: I have build sudo-1.9.4.p2-1 and this version has this problem resolved. Details: I'm probably not the only one facing this issue. Thanks. |
This task depends upon
Closed by Evangelos Foutras (foutrelis)
Monday, 21 December 2020, 16:08 GMT
Reason for closing: Fixed
Additional comments about closing: sudo 1.9.4.p2-2
Monday, 21 December 2020, 16:08 GMT
Reason for closing: Fixed
Additional comments about closing: sudo 1.9.4.p2-2
1) Do you get the same or similar bad behavior from `sudo su` or `sudo -s`?
2) Assuming you're running bash, after `sudo -i`, your $HISTFILE would normally be `/root/.bash_history` but your description indicates this may be blank. Can you confirm?
3) Would you mind pasting the sudo and/or audit logs from the systemd journal around when you sudo? If you have two shells running and leave `journalctl -f` up in one while you `sudo -i` in the other, you should get some lines like this:
Dec 21 07:58:35 ED-209 audit[397412]: USER_ACCT pid=397412 uid=1000 auid=1000 ses=1 msg='op=PAM:accounting grantors=pam_unix,pam_permit,pam_time acct="ejsav" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/7 res=success'
Dec 21 07:58:35 ED-209 kernel: audit: type=1101 audit(1608537515.902:264): pid=397412 uid=1000 auid=1000 ses=1 msg='op=PAM:accounting grantors=pam_unix,pam_permit,pam_time acct="ejsav" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/7 res=success'
Dec 21 07:58:35 ED-209 kernel: audit: type=1110 audit(1608537515.902:265): pid=397412 uid=1000 auid=1000 ses=1 msg='op=PAM:setcred grantors=pam_faillock,pam_u2f acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/7 res=success'
Dec 21 07:58:35 ED-209 audit[397412]: CRED_REFR pid=397412 uid=1000 auid=1000 ses=1 msg='op=PAM:setcred grantors=pam_faillock,pam_u2f acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/7 res=success'
Dec 21 07:58:35 ED-209 sudo[397412]: ejsav : TTY=pts/7 ; PWD=/root ; USER=root ; COMMAND=/bin/bash
Dec 21 07:58:35 ED-209 sudo[397412]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000)
Dec 21 07:58:35 ED-209 audit[397412]: USER_START pid=397412 uid=1000 auid=1000 ses=1 msg='op=PAM:session_open grantors=pam_limits,pam_unix,pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/7 res=success'
Dec 21 07:58:35 ED-209 kernel: audit: type=1105 audit(1608537515.912:266): pid=397412 uid=1000 auid=1000 ses=1 msg='op=PAM:session_open grantors=pam_limits,pam_unix,pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/7 res=success'
1. 'sudo su is okay 'sudo -s shows the same behavior.
2. I'm starting from a zsh shell and yes root runs bash.
SHELL=/bin/bash
SUDO_COMMAND=/usr/bin/zsh
3. Dec 21 09:13:46 asterope audit[246288]: USER_ACCT pid=246288 uid=1000 auid=1000 ses=1 subj==unconfined msg='op=PAM:accounting grantors=pam_unix,pam_permit,pam_time acct="mark" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/15 res=success'
Dec 21 09:13:46 asterope audit[246288]: CRED_REFR pid=246288 uid=1000 auid=1000 ses=1 subj==unconfined msg='op=PAM:setcred grantors=pam_faillock,pam_permit,pam_env,pam_faillock acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/15 res=success'
Dec 21 09:13:46 asterope sudo[246288]: mark : TTY=pts/15 ; PWD=/root ; USER=root ; COMMAND=/usr/bin/zsh
Dec 21 09:13:46 asterope sudo[246288]: pam_unix(sudo:session): session opened for user root(uid=0) by mark(uid=1000)
Dec 21 09:13:46 asterope audit[246288]: USER_START pid=246288 uid=1000 auid=1000 ses=1 subj==unconfined msg='op=PAM:session_open grantors=pam_limits,pam_unix,pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/15 res=success'
Dec 21 09:13:50 asterope sudo[246288]: pam_unix(sudo:session): session closed for user root
Dec 21 09:13:50 asterope audit[246288]: USER_END pid=246288 uid=1000 auid=1000 ses=1 subj==unconfined msg='op=PAM:session_close grantors=pam_limits,pam_unix,pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/15 res=success'
Dec 21 09:13:50 asterope audit[246288]: CRED_DISP pid=246288 uid=1000 auid=1000 ses=1 subj==unconfined msg='op=PAM:setcred grantors=pam_faillock,pam_permit,pam_env,pam_faillock acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/15 res=success'
When user2 (bash) runs «sudo -i» a bash is started for root despite:
# getent passwd root
root:x:0:0:root:/root:/bin/zsh
«SHELL=/bin/zsh sudo -i» starts a zsh for root.