Bug 1065415
| Summary: | -sesh replaces /path/to/myshell with /path/to-myshell instead of -myshell | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Filip Krska <fkrska> | ||||||
| Component: | sudo | Assignee: | Daniel Kopeček <dkopecek> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Dalibor Pospíšil <dapospis> | ||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | medium | ||||||||
| Version: | 6.5 | CC: | dapospis, dspurek, pvrabec | ||||||
| Target Milestone: | rc | Keywords: | EasyFix, Patch | ||||||
| Target Release: | --- | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | sudo-1.8.6p3-13.el6 | Doc Type: | Bug Fix | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | |||||||||
| : | 1065418 1065423 (view as bug list) | Environment: | |||||||
| Last Closed: | 2014-10-14 06:46:01 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 994246, 1065418 | ||||||||
| Attachments: |
|
||||||||
Created attachment 897902 [details]
proposed patch
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2014-1484.html |
Created attachment 863319 [details] sesh loginshell argv[0] replacement patch Description of problem: /usr/libexec/sesh if called as -sesh by sudo executes the login shell with wrongly replaced argv[0]. The last "/" is replaced with "-", but the rest of the path remains intact. I expect login shell should be called as "-shell", not "/bin-shell". This can cause unexpected behaviour e.g. in case /bin/zsh which thinks it was called as /bin-zsh, thus runs in sh emulation mode because bin-zsh starts with "b". Version-Release number of selected component (if applicable): sudo-1.8.6p3-12.el6.x86_64 How reproducible: Always Steps to Reproduce: 1. add %wheel ALL=(ALL) ROLE=unconfined_r TYPE=unconfined_t NOPASSWD: ALL to sudoers (this triggers sesh, without selinux context specified sesh isn't involved) 2. # chsh -s /bin/zsh 3. # usermod -G wheel zshuser 4. [zshuser@rhel6]~% sudo -i Actual results: only # prompt is shown, no zsh specific rc scripts are sourced in sh emulation mode In strace we see: execve("/bin/zsh", ["/bin-zsh"], ... Expected results: [root@rhel62]~# prompt is shown, zsh is launched without emulation In strace we see: execve("/bin/zsh", ["-zsh"], ... Additional info: Reproduces in sudo-1.8.8-1.fc20.x86_64 as well Patch attached