Bug 583911

Summary: Add comment about the visiblepw option into sudoers
Product: Red Hat Enterprise Linux 5 Reporter: Daniel Kopeček <dkopecek>
Component: sudoAssignee: Daniel Kopeček <dkopecek>
Status: CLOSED ERRATA QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: low    
Version: 5.5CC: amarecek, dkopecek, sgrubb
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: sudo-1.7.2p1-10.el5 Doc Type: Bug Fix
Doc Text:
A comment regarding the "visiblepw" option of the "Defaults" directive has been added to the default /etc/sudoers file to clarify its usage.
Story Points: ---
Clone Of:
: 688640 (view as bug list) Environment:
Last Closed: 2011-01-13 23:08:22 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 688640    
Description Flags
Patch for sudoers
Patch for sudoers none

Description Daniel Kopeček 2010-04-20 07:58:50 UTC
Created attachment 407750 [details]
Patch for sudoers

Description of problem:
The 1.7.0 release of sudo introduced a new option, visiblepw, which is now needed to be enabled in order to allow remote command execution using sudo, e.g.:

 ssh foo@bar sudo baz

Although this can be found in upstream documentation or worked around using ssh's -t option, the sudoers that is shipped with sudo in RHEL 5 mentions only the requiretty option. The visiblepw option should be added to sudoers either commented out (default is off) or not commented out but set to off using negation, i.e.:

Defaults !visiblepw

I'm proposing the later option as that will ensure that this flag is off even when the default value changes.

Version-Release number of selected component (if applicable):

Patch for sudoers attached.

Comment 3 Daniel Kopeček 2010-05-13 11:26:36 UTC
Created attachment 413721 [details]
Patch for sudoers

Comment 7 Jaromir Hradilek 2010-11-29 12:57:43 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    New Contents:
A comment regarding the "visiblepw" option of the "Defaults" directive has been added to the default /etc/sudoers file to clarify its usage.

Comment 9 errata-xmlrpc 2011-01-13 23:08:22 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.