[sudo-workers] use_pty option is broken
Radovan Sroka
rsroka at redhat.com
Thu Sep 7 10:09:02 MDT 2017
Hi Todd,
I can see your point. I think that forkpty option is not needed. But
documentation about use_pty has to be updated.
Because now it seems like use_pty should force creating of pseudo-pty for
command and it doesn't matter whether sudo is running in some pty or not.
*******************************************************************************************
Documentation says:
If set, sudo will run the command in a pseudo-pty even if no I/O logging is
being gone. A malicious program run under sudo could conceivably fork a
background process that retains
to the user's terminal device after the main program has finished
executing. Use of this option will make that impossible. This flag is off
by default.
I suggest something like:
If set and if sudo is running in some pty, sudo will run the command in a
new separate pseudo-pty even if no I/O logging is being gone. Otherwise
sudo won't run the command in pty at all.
******************************************************************************************
Another thing is that it should be noted somewhere:
E.G. Without pty and using use_pty, stdout of the command is connected to
stdout sudo so sudo is printing out stdout of the command.
This is a change of behavior because before that "interpose" in code,
command output was always redirected to the pipe.
When log_output is in sudoers, sudo redirects command output to some
pipe again so nothing will be printed on sudo stdout.
On Wed, Sep 6, 2017 at 6:10 PM Radovan Sroka <rsroka at redhat.com> wrote:
> I think that we are talking about two different things. But I have to do
> some other checks and I let you know.
>
> On Wed, Sep 6, 2017 at 5:43 PM Todd C. Miller <Todd.Miller at courtesan.com>
> wrote:
>
>> This only appeared to work in sudo 1.8.19p2. If you run, for example:
>>
>> ssh root at localhost "sudo tty > /tmp/ttyname"
>>
>> you'll find that the contents of /tmp/ttyname is "not a tty" in
>> both sudo versions. In contrast:
>>
>> ssh -t root at localhost "tty > /tmp/ttyname"
>>
>> shows that standard input is connected to a pty.
>>
>> Previously, sudo would use a pipe to connect stdin, stdout and
>> stderr in this case. As a fix for bug #786 it no longer does so:
>> https://bugzilla.sudo.ws/show_bug.cgi?id=786
>>
>> A goal for a future sudo release is to make use_pty the default
>> while matching the behavior of !use_pty as closely as possible.
>> The idea is to avoid the security issues that come from running
>> a command as another user on the same tty.
>>
>> Rather than change the use_pty behavior I'd rather add a "fork_pty"
>> option if users want to force the use of a pty when a terminal is
>> not otherwise in use.
>>
>> - todd
>>
> --
> --
> ---------------------------------------------------------
>
> Radovan Sroka
> Associate Software Engineer | Security Technologies | Red hat, Inc.
>
--
--
---------------------------------------------------------
Radovan Sroka
Associate Software Engineer | Security Technologies | Red hat, Inc.
More information about the sudo-workers
mailing list