This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 583911 - Add comment about the visiblepw option into sudoers
Add comment about the visiblepw option into sudoers
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: sudo (Show other bugs)
5.5
All Linux
low Severity medium
: rc
: ---
Assigned To: Daniel Kopeček
BaseOS QE Security Team
:
Depends On:
Blocks: 688640
  Show dependency treegraph
 
Reported: 2010-04-20 03:58 EDT by Daniel Kopeček
Modified: 2011-03-17 11:59 EDT (History)
3 users (show)

See Also:
Fixed In Version: sudo-1.7.2p1-10.el5
Doc Type: Bug Fix
Doc Text:
A comment regarding the "visiblepw" option of the "Defaults" directive has been added to the default /etc/sudoers file to clarify its usage.
Story Points: ---
Clone Of:
: 688640 (view as bug list)
Environment:
Last Closed: 2011-01-13 18:08:22 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Patch for sudoers (1.63 KB, patch)
2010-04-20 03:58 EDT, Daniel Kopeček
no flags Details | Diff
Patch for sudoers (530 bytes, patch)
2010-05-13 07:26 EDT, Daniel Kopeček
no flags Details | Diff

  None (edit)
Description Daniel Kopeček 2010-04-20 03:58:50 EDT
Created attachment 407750 [details]
Patch for sudoers

Description of problem:
The 1.7.0 release of sudo introduced a new option, visiblepw, which is now needed to be enabled in order to allow remote command execution using sudo, e.g.:

 ssh foo@bar sudo baz

Although this can be found in upstream documentation or worked around using ssh's -t option, the sudoers that is shipped with sudo in RHEL 5 mentions only the requiretty option. The visiblepw option should be added to sudoers either commented out (default is off) or not commented out but set to off using negation, i.e.:

Defaults !visiblepw

I'm proposing the later option as that will ensure that this flag is off even when the default value changes.

Version-Release number of selected component (if applicable):
1.7.2p1-6

Patch for sudoers attached.
Comment 3 Daniel Kopeček 2010-05-13 07:26:36 EDT
Created attachment 413721 [details]
Patch for sudoers
Comment 7 Jaromir Hradilek 2010-11-29 07:57:43 EST
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
A comment regarding the "visiblepw" option of the "Defaults" directive has been added to the default /etc/sudoers file to clarify its usage.
Comment 9 errata-xmlrpc 2011-01-13 18:08:22 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0079.html

Note You need to log in before you can comment on or make changes to this bug.