[sudo-workers] sudoreplay & sudo command in a pipe line

Todd C. Miller Todd.Miller at courtesan.com
Tue Nov 29 09:10:29 MST 2016


The data is logged to the "stdin" file but sudoreplay does not
currently use that file for display purposes.  You generally don't
want the pipe input displayed for commands like "sudo tar xf -" but
I can see how it would be useful in your case.

The best thing to do is probably to allow "stdin" in the filter for
sudoreplay's -f option, which the below diff will do.  Be aware
that the input and output will not line up the same way they do
when input is via a tty.  Due to pipe buffering, the input is
received before the program actually reads it.

So, given your test program:

$ sudo sudoreplay -f stdin,stdout,stderr,ttyout 000A60
Replaying sudo session: /tmp/test.sh
welcome
     Enter a input:All done.

As you can see, "welcome" is displayed first since that is when it
was received.

 - todd

diff -r 8a4ab570d132 plugins/sudoers/sudoreplay.c
--- a/plugins/sudoers/sudoreplay.c	Mon Nov 28 10:47:09 2016 -0700
+++ b/plugins/sudoers/sudoreplay.c	Tue Nov 29 09:04:36 2016 -0700
@@ -222,10 +222,14 @@
 	    /* Set the replay filter. */
 	    def_filter = false;
 	    for (cp = strtok_r(optarg, ",", &ep); cp; cp = strtok_r(NULL, ",", &ep)) {
-		if (strcmp(cp, "stdout") == 0)
+		if (strcmp(cp, "stdin") == 0)
+		    io_log_files[IOFD_STDIN].enabled = true;
+		else if (strcmp(cp, "stdout") == 0)
 		    io_log_files[IOFD_STDOUT].enabled = true;
 		else if (strcmp(cp, "stderr") == 0)
 		    io_log_files[IOFD_STDERR].enabled = true;
+		else if (strcmp(cp, "ttyin") == 0)
+		    io_log_files[IOFD_TTYIN].enabled = true;
 		else if (strcmp(cp, "ttyout") == 0)
 		    io_log_files[IOFD_TTYOUT].enabled = true;
 		else


More information about the sudo-workers mailing list