Bug 768967 - sudo fails to close FD 3
sudo fails to close FD 3
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: sudo (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Daniel Kopeček
BaseOS QE Security Team
Depends On:
  Show dependency treegraph
Reported: 2011-12-19 09:47 EST by Tzafrir Cohen
Modified: 2013-03-13 08:49 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-03-13 08:49:41 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
fix for the off-by-1 issue (975 bytes, patch)
2011-12-19 09:47 EST, Tzafrir Cohen
no flags Details | Diff

  None (edit)
Description Tzafrir Cohen 2011-12-19 09:47:52 EST
Created attachment 548605 [details]
fix for the off-by-1 issue

Description of problem:
sudo should (by default) close all file descriptors above 2. It actually closes all file descriptors above 3.

Version-Release number of selected component (if applicable):
Centos 5.7, sudo-1.7.2p1-10.el5. Verified to apply to the source package from RHEL.

How reproducible:
On a RHEL 5.7 system (with sudo 1.7.2p1-10.el5 . Didn't check earlier versions).

Steps to Reproduce:

# As root, run:
cat <<EOF >script
cat <&$1
chmod +x script
sudo script 3 <&3 /etc/fstab

Actual results:
Prints the file.

Expected results:
script: line 2: 0: Bad file descriptor

Additional info:
Attached patch sudo-close-fd3.diff demonstrates the fix: def_closefrom defaults to STDERR_FILENO + 1. No need to further increment it.
Comment 1 RHEL Product and Program Management 2012-06-11 21:33:25 EDT
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.

Note You need to log in before you can comment on or make changes to this bug.