[sudo-users] Sudo -C FreeBSD no longer working
Matt Randell
matt at desert.net
Wed Aug 6 18:50:08 MDT 2014
Sudo Users Group,
I'm having troubles getting sudo -C on FreeBSD working.
Sudo version: 1.8.10p3
Last known tested and working sudo version: 1.8.8
FreeBSD version: 10.0-RELEASE p7
Added this to /etc/sudoers:
Defaults closefrom_override
<user> ALL=(nobody) NOPASSWD: /tmp/sudo_test.pl
Testing Scripts:
sudo_test.pl:
#!/usr/bin/perl
use warnings;
use strict;
undef $/;
open(my $fh, "+<&=5") or die "$!\n";
print <$fh>;
close($fh);
run_sudo_test.pl:
#!/usr/bin/perl
use warnings;
use strict;
use POSIX qw( F_SETFD dup2 );
my $test_script = $ARGV[0];
my $test_file = $ARGV[1];
my $dup2fd = 5;
open(my $fh, '<', $test_file) or die "$!\n";
print "original fileno: ", fileno($fh), "\n";
print " dup2 fileno: $dup2fd\n", '-' x 40, "\n";
fcntl($fh, F_SETFD, 0); # clear close-on-exec
dup2(fileno($fh), $dup2fd);
exec('/usr/bin/sudo', '-u', 'nobody', '-C', $dup2fd + 1, $test_script)
or die "$!\n";
Execution:
echo 'it worked!' > /tmp/foo
/tmp/run_sudo_test.pl /tmp/sudo_test.pl /tmp/foo
Results when working:
original fileno: 3
dup2 fileno: 5
----------------------------------------
it worked!
Results when failing:
original fileno: 3
dup2 fileno: 5
----------------------------------------
Bad file descriptor
Our interpretation is that it is closing the descriptors regardless of
whether we use the -C argument or not.
Any help would be appreciated.
Thanks,
Matt Randell
matt at desert.net
More information about the sudo-users
mailing list