Bug 1411050
Summary: | sudo NOEXEC broken in F25 | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Citadel <bugzilla> |
Component: | sudo | Assignee: | Tomas Sykora <tosykora> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 25 | CC: | bugzilla, dkopecek, kzak, rsroka, tosykora |
Target Milestone: | --- | Keywords: | Triaged |
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-05-22 08:00:16 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Citadel
2017-01-07 21:16:24 UTC
Hi, I used your reproducer: foo localhost=(root) NOEXEC: NOPASSWD: /usr/bin/less /home/foo/test where /home/foo/test is an ordinary file. I could not reproduce it. What did you mean by a restricted file? Must it be something special? less command normally worked for me. By restricted file, I just mean a file that only root can access (owned by root, only readable by owner). I still can't reproduce it. But, from the upstream changelog: "Need to link sudo_noexec.so with -ldl for dlsym() on some platforms. Otherwise, the wordexp(3) wrapper will fail due to an undefined symbol." It seems that could be the issue. And the upstream commit in sudo 1.8.19: https://www.sudo.ws/repos/sudo/rev/120a317ce25b Why is this flagged as needinfo? I do not see a new question since the last one that I answered. I have no idea why you cannot reproduce this. Are you certain that you are testing sudo-1.8.18p1-1.fc25.x86_64? I just tried the latest Fedora 25 package (sudo-1.8.19p2-1.fc25.x86_64) and the problem is fixed. (In reply to Citadel from comment #4) > Why is this flagged as needinfo? I do not see a new question since the last > one that I answered. > > I have no idea why you cannot reproduce this. Are you certain that you are > testing sudo-1.8.18p1-1.fc25.x86_64? I just tried the latest Fedora 25 > package (sudo-1.8.19p2-1.fc25.x86_64) and the problem is fixed. Great, thanks for the info. Closing. |