On Thu, 27 Oct 2022 at 04:52, Chris Rapier <rapier@xxxxxxx> wrote:
[...]
> Again, it looks there was a change in the wording and exit codes.
> Possibly related to sudo? On 20.04 sudo is version 1.8.31. Under 22.04
> it's version 1.9.9. Seems like it might also be causing problems in
> agent-restrict.
I just ran into this on a new Ubuntu install. I'd previously worked
with Val Baranov off-list debugging a similar problem and wrote some
additional logging for the test, however I never got around to
committing it until now.
It does indeed seem to be a problem with sudo-1.9.9: it prompts for a
password for a command with a full path even though the (stock, in
this case) configuration says not to. It seems to be fixed in sudo
1.9.11. I'm not sure what can be done other than updating sudo or
skipping these tests with known affected versions.
%sudo ALL=(ALL:ALL) NOPASSWD: ALL
$ sudo --version | head -1 # Ubuntu 22.04
Sudo version 1.9.9
$ </dev/null sudo -S -u nobody id
uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)
$ cp `which id` . && </dev/null sudo -S -u nobody `pwd`/id
[sudo] password for builder:
sudo: no password was provided
sudo: a password is required
$ sudo --version | head -1 # Debian sid
Sudo version 1.9.11p3
$ </dev/null sudo -u nobody id
uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)
$ cp `which id` .; </dev/null sudo -u nobody `pwd`/id
uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
