On 2012-09-10 14:50, Oswald Buddenhagen wrote:
> Package: sudo
> Version: 1.8.5p2-1
> Severity: normal
>
> sudo apparently sets the wrong requesting user (which is just the real
> uid of the process, iirc) when calling the pam stack, which breaks at
> least pam_xauth. compare the debug outputs:
I can confirm this.
Background: sudoers(5) says
# Run X applications through sudo; HOME is used to find the
# .Xauthority file. Note that other programs use HOME to find
# configuration files and this may lead to privilege escalation!
Defaults env_keep += "DISPLAY HOME"
This works for root because root can access the original
$HOME/.Xauthority. non-root users, however, cannot.
Using pam_xauth(8) should solve this problem. pam_xauth can conveniently
transfer (and later revoke) an authorization. Adding
session optional pam_xauth.so debug
is sufficient. There's a primitive access control involved, but it's not
relevant to this issue.
The following commands illustrate the problem (they correspond to
Oswald's debug output below). Running
foo@...$ su -c xterm bar
will cause pam_xauth to transfer a key from foo to bar, after which an
xterm is opened. With sudo, however,
foo@...$ sudo -u bar xterm
pam_xauth attempts to transfer an xauth key from *root* to bar, which
fails because root of course cannot provide a key only *foo* has.
> compare the debug outputs:
>
> === su (works) ===
> pam_unix(su:session): session opened for user root by obuddenh(uid=1002)
> pam_xauth(su:session): requesting user 1002/1002, target user 0/0
> pam_xauth(su:session): /home/obuddenh/.xauth/export does not exist, ignoring
> pam_xauth(su:session): /root/.xauth/import does not exist, ignoring
> pam_xauth(su:session): reading keys from `/home/obuddenh/.Xauthority'
> pam_xauth(su:session): running "/usr/bin/xauth -f /home/obuddenh/.Xauthority
> nlist :0" as 1002/0
> pam_xauth(su:session): writing key `0100 0007 74726f6c6c3038 0001 30 0012
> 4d49542d4d414749432d434f4f4b49452d31 0010 8977806e7957465e43f8847d0562c87d '
> to temporary file `/root/.xauthyPpqBT'
> pam_xauth(su:session): running "/usr/bin/xauth -f /root/.xauthyPpqBT nmerge
> -" as 0/0
> === sudo (broken) ===
> pam_unix(sudo:session): session opened for user root by obuddenh(uid=0)
> pam_xauth(sudo:session): requesting user 0/0, target user 0/0
> pam_xauth(sudo:session): /root/.xauth/export does not exist, ignoring
> pam_xauth(sudo:session): /root/.xauth/import does not exist, ignoring
> pam_xauth(sudo:session): reading keys from `/root/.Xauthority'
> pam_xauth(sudo:session): running "/usr/bin/xauth -f /root/.Xauthority nlist
> :0" as 0/1002
> pam_xauth(sudo:session): no key
>
> the same bug appears to be reported at:
> https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/370607
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
