| Summary: | sudo-1.8.8-1 (cauldron) breaks iurt | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Barry Jackson <zen25000> |
| Component: | RPM Packages | Assignee: | Pascal Terjan <pterjan> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | major | ||
| Priority: | High | CC: | guillomovitch, krnekit, lmenut, luigiwalser, sam, thierry.vignaud |
| Version: | Cauldron | ||
| Target Milestone: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | sudo-1.8.8-1.mga4.src.rpm | CVE: | |
| Status comment: | |||
|
Description
Barry Jackson
2013-10-04 12:26:37 CEST
It comes from this change in the code in sudoers_policy_deserialize_info() from plugins/sudoers/policy.c:
if (MATCHES(*cur, "lines=")) {
- sudo_user.lines = atoi(*cur + sizeof("lines=") - 1);
+ errno = 0;
+ p = *cur + sizeof("lines=") - 1;
+ lval = strtol(p, &ep, 10);
+ if (*p == '\0' || *ep != '\0')
+ fatalx(_("%s: %s"), *cur, _("invalid value"));
+ if ((errno == ERANGE && (lval == LONG_MAX || lval == LONG_MIN))
+ || (lval > INT_MAX || lval <= 0))
+ fatalx(_("%s: %s"), *cur, _("value out of range"));
+ sudo_user.lines = (int) lval;
continue;
}
The "lines" is the number of rows in the tty that the user is using. It is being read from the info created in get_user_info() in src/sudo.c:
get_ttysize(&ud->ts_lines, &ud->ts_cols);
easprintf(&user_info[++i], "lines=%d", ud->ts_lines);
easprintf(&user_info[++i], "cols=%d", ud->ts_cols);
So is iurt not running sudo with a proper controlling terminal?Assignee:
bugsquad =>
pterjan Barry showed me this process list (ps ax): 4092 pts/5 S+ 0:00 /bin/bash /usr/bin/mk 4130 pts/5 S+ 0:00 Iurt: cauldron x86_64 core/release grig-0.8.0-6.mga4.src.rpm 4202 pts/5 S+ 0:00 Iurt: cauldron x86_64 core/release grig-0.8.0-6.mga4.src.rpm 4203 pts/5 S+ 0:00 sh -c /usr/bin/sudo /usr/sbin/iurt_root_command --urpmi -v --no-verify-rpm --nolock --auto --no-suggests --ignor 4204 pts/5 S+ 0:00 /usr/bin/sudo /usr/sbin/iurt_root_command --urpmi -v --no-verify-rpm --nolock --auto --no-suggests --ignoresize 4205 pts/5 S+ 0:00 /usr/bin/perl /usr/sbin/iurt_root_command --urpmi -v --no-verify-rpm --nolock --auto --no-suggests --ignoresize 4206 pts/5 D+ 0:10 /usr/bin/perl /sbin/urpmi -v --no-verify-rpm --nolock --auto --no-suggests --ignoresize --urpmi-root /home/baz/c So it does have a pseudo-terminal allocated. Why is the size of the terminal coming up as zero? That's not iurt-specific. Running any sudoed command through grep seems enough to trigger the issue, for instance: sudo lsmod | grep foo CC:
(none) =>
guillomovitch ... or any pipe ... sudo lsusb | cut -d' ' -f2 Confirm, lsmod piped to grep fails with the same error. CC:
(none) =>
krnekit
Sam Bailey
2013-10-26 01:00:17 CEST
CC:
(none) =>
sam Commenting out "Defaults requiretty" in /etc/sudoers as suggested in IRC makes no diffence. I also tested the previous version 1.8.7-1 from svn and the problem is not there. Should this be a release blocker? (since it breaks iurt). Priority:
Normal =>
High
Thierry Vignaud
2013-10-30 20:41:43 CET
CC:
(none) =>
thierry.vignaud This bug is due to one of our patch, sudo-1.8.5-pipelist.patch. If I remove this patch, iurt runs fine. Sadly, when I remove this patch, the build doesn't pass the check on iurt; it fails on one test, check_ttyname (it fails only on iurt, check_ttyname pass when building outside iurt). ./check_ttyname check_ttyname: FAIL none (sudo) vs. /dev/pts/2 (libc) Gentoo has a quite similar issue with this check https://bugs.gentoo.org/show_bug.cgi?id=487618 So, I suggest to remove the broken patch, and add a patch to disable check_ttyname. David, if you are agree with these changes, I can commit them. CC:
(none) =>
lmenut Sorry for the delay. Yes I agree with the change. Thierry Vignaud has actually submitted sudo-1.8.8-3.mga4 which should fix this. He only disabled the patch, and didn't have to do anything extra to disable the test. Interesting. Status:
NEW =>
RESOLVED |