Bug 768967
| Summary: | sudo fails to close FD 3 | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Tzafrir Cohen <tzafrir> | ||||
| Component: | sudo | Assignee: | Daniel Kopeček <dkopecek> | ||||
| Status: | CLOSED WONTFIX | QA Contact: | BaseOS QE Security Team <qe-baseos-security> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 5.7 | CC: | amarecek, dkopecek | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2013-03-13 12:49:41 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unfortunately unable to address this request at this time. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux. |
Created attachment 548605 [details] fix for the off-by-1 issue Description of problem: sudo should (by default) close all file descriptors above 2. It actually closes all file descriptors above 3. Version-Release number of selected component (if applicable): Centos 5.7, sudo-1.7.2p1-10.el5. Verified to apply to the source package from RHEL. How reproducible: On a RHEL 5.7 system (with sudo 1.7.2p1-10.el5 . Didn't check earlier versions). Steps to Reproduce: # As root, run: cat <<EOF >script #!/bin/sh cat <&$1 EOF chmod +x script sudo script 3 <&3 /etc/fstab Actual results: Prints the file. Expected results: script: line 2: 0: Bad file descriptor Additional info: Attached patch sudo-close-fd3.diff demonstrates the fix: def_closefrom defaults to STDERR_FILENO + 1. No need to further increment it.