[sudo-users] Please help

Simon K k_simon78 at yahoo.com
Fri Sep 28 07:37:26 EDT 2012 

Hi All ,

Machine : HP-UX

Architecture : 11.31

Sudo Version : 1.7.10b1


Sudo does not adequately filter out the information provided by the
DISPLAY_LAST_LOGIN variable in /etc/default/security and also corrupts the
formatting of the output of the command being run when non-su-like commands are
run through sudo. 

Example:
 
# sudo ls /stand
Last
successful login:       Mon Sep 24 10:31:14 MDT
2012
                                                           
Last authentication failure: Fri Aug 24 07:02:23 MDT 2012
user-xxxx-yyy.com
                              
.kc.lock         
current          
last_install      vmunix
backup           
ext_ioconfig     
lost+found        vpdb
boot.sys         
ext_ioconfig.lkg 
nextboot          vpdb.100608
bootconf         
ioconfig          rootconf         
vpdb.b4.upgrade
bootfs           
ioconfig.lkg     
system            vpmon
crashconfig      
krs              
system.prev
 
Note
the printing of the last login information AND the formatting problems on the
2nd and 3rd lines of output - all for an ls command, which is not a command for
which one would need to see last login information.  The only way I can
'fix' this is to disable the DISPLAY_LAST_LOGIN setting in
/etc/default/security, which is really little more than a band-aid fix for the
real problem.  This does not occur on other flavors of UNIX, so this is
apparently something specific to HP-UX.  Is this a by-design feature with
the Sudo tool, or is there some plan to fix this?
 
Here
is my current sudoers configuration:
Defaults
env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET"
Defaults
log_output
Defaults
log_input
Defaults
iolog_dir=/var/log/sudo-io/%{user}
Defaults!/usr/bin/sudoreplay
!log_output
Defaults!/usr/local/bin/sudoreplay
!log_output
Defaults!/sbin/reboot
!log_output
Defaults
always_set_home
Defaults
env_reset
Defaults
syslog=auth
Defaults
loglinelen=0
Defaults
!lecture
Defaults
!authenticate
Defaults
log_year, log_host, logfile=/var/adm/sudo/sudo.log
 
root
ALL=(ALL) ALL
 
ALL
ALL=(ALL) NOPASSWD: ALL
 
 

If
you have any guidance you could lend, I would greatly appreciate the
assistance. 


Waiting for the response.

Thanks & Regards,
Simon K

More information about the sudo-users mailing list