Bug 1478761 - Double sudo no longer sets USER environment variable
Double sudo no longer sets USER environment variable
Status: NEW
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sudo (Show other bugs)
7.6
x86_64 Linux
unspecified Severity unspecified
: rc
: ---
Assigned To: Daniel Kopeček
BaseOS QE Security Team
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-08-06 20:45 EDT by tiernan.messmer
Modified: 2017-08-07 03:09 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description tiernan.messmer 2017-08-06 20:45:28 EDT
Description of problem:
When sudo is used to switch user, the environment variable USER is set with the new username. After the latest security patch, this appears to have broken when sudo is used twice in a row, eg userA sudos to userB, which then sudos to userC - after the final sudo the USER environment variable is still equal to userB not userC as expected.

This behaviour worked correctly on earlier patch versions of sudo on RHEL7

Version-Release number of selected component (if applicable):
sudo.x86_64 1.8.19p2-10.el7

How reproducible:
Completely reproducible

Steps to Reproduce:
1. On a system create 2 users, userA and userB. root will be used as the third user, but the specific users do not matter
2. Add the following to the sudoers file

userA ALL=(ALL) ALL

2. Login to the system as userA
3. Run the following commands as per actual results. Notice the final echo $USER outputs the wrong username. It doesn't seem to matter which users are used, as long as sudo is invoked twice.

Actual results:

[userA@system ~] echo $USER
usera
[userA@system ~] sudo -s
[root@system ~] echo $USER
root
[root@system ~] sudo -s -u userB
[userB@system ~] echo $USER
root


Expected results:
On a system with an older version of sudo the following is observed:

[userA@system ~] echo $USER
usera
[userA@system ~] sudo -s
[root@system ~] echo $USER
root
[root@system ~] sudo -s -u userB
[userB@system ~] echo $USER
userB


Additional info:
env_reset is set and env_keep does not contain USER as per the defaults in /etc/sudoers.

Note You need to log in before you can comment on or make changes to this bug.