[sudo-workers] use_pty option is broken

Todd C. Miller Todd.Miller at courtesan.com
Wed Sep 6 09:43:11 MDT 2017


This only appeared to work in sudo 1.8.19p2.  If you run, for example:

    ssh root at localhost "sudo tty > /tmp/ttyname"

you'll find that the contents of /tmp/ttyname is "not a tty" in
both sudo versions.  In contrast:

    ssh -t root at localhost "tty > /tmp/ttyname"

shows that standard input is connected to a pty.

Previously, sudo would use a pipe to connect stdin, stdout and
stderr in this case.  As a fix for bug #786 it no longer does so:
    https://bugzilla.sudo.ws/show_bug.cgi?id=786

A goal for a future sudo release is to make use_pty the default
while matching the behavior of !use_pty as closely as possible.
The idea is to avoid the security issues that come from running
a command as another user on the same tty.

Rather than change the use_pty behavior I'd rather add a "fork_pty"
option if users want to force the use of a pty when a terminal is
not otherwise in use.

 - todd


More information about the sudo-workers mailing list