Bug 1350828

Summary: [RHEL7] visudo ignores -q flag
Product: Red Hat Enterprise Linux 7 Reporter: Stefan Kremen <skremen>
Component: sudoAssignee: Daniel Kopeček <dkopecek>
Status: CLOSED ERRATA QA Contact: Stefan Kremen <skremen>
Severity: low Docs Contact:
Priority: medium    
Version: 7.3CC: dapospis, dkopecek, ebenes, pkis, pvrabec, rsroka, savsingh
Target Milestone: rcKeywords: Patch
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: sudo-1.8.6p7-20.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1197885 Environment:
Last Closed: 2016-11-03 20:33:15 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1197885    
Bug Blocks:    
Attachments:
Description Flags
proposed patch none

Description Stefan Kremen 2016-06-28 13:24:44 UTC 
+++ This bug was initially created as a clone of Bug #1197885 +++

Description of problem:
visudo ignores the -q (quiet) option and prints out syntax errors.

Version-Release number of selected component (if applicable):
sudo-1.8.6p3-15.el6.x86_64
Also in the version present in RHEL 7.0

How reproducible:
Any sort of syntax error or warning present in sudoers file.  As an example:
Remove a ")" resulting in a syntax error:
## Same thing without a password
%wheel  ALL=(ALL        NOPASSWD: ALL


Steps to Reproduce:
1. Create syntax error in /etc/sudoers
2. Run 'visudo -c -q'


Actual results:
visudo -c -q
visudo: >>> /etc/sudoers: syntax error near line 108 <<<
parse error in /etc/sudoers near line 108


Expected results:
No output, with an exit value of 1


Additional info:
Based on a code review it does not appear to be honoring the '-q' flag         
at all:                                                                        
                                                                               
It's initialized to false to start:                                            
/*                                                                             
     * Arg handling.                                                           
     */                                                                        
    checkonly = oldperms = quiet = strict = false;                             
                                                                               
Then when the args get parsed:                                                 
case 's':                                                                      
        strict = true;      /* strict mode */                                  
        break;                                                                 
        case 'q':                                                              
        quiet = false;      /* quiet mode */                                   
                                                                               
                                                                               
quiet doesn't appear to ever be set to true.                                   
                                                                               
                                                                               
Found some upstream references that this flag was broken in 1.8.6,             
which both RHEL 6 and RHEL 7 are based off.
Comment 2 Daniel Kopeček 2016-07-19 14:02:17 UTC 
Created attachment 1181645 [details]
proposed patch
Comment 6 errata-xmlrpc 2016-11-03 20:33:15 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2593.html