Date: Mon, 23 Jul 2007 00:02:01 -0400 From: Tom McLaughlin <tmclaugh@sdf.lonestar.org> To: Paul Fraser <pfraser@gmail.com> Cc: ports@freebsd.org Subject: Re: Unusual sudo / w behaviour - 0 users? Message-ID: <1185163321.1955.89.camel@localhost> In-Reply-To: <1185137280.1955.77.camel@localhost> References: <f82eafcc0707220245v24da9f88h197b6e076cdd72f2@mail.gmail.com> <1185137280.1955.77.camel@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 2007-07-22 at 16:48 -0400, Tom McLaughlin wrote: > On Sun, 2007-07-22 at 19:45 +1000, Paul Fraser wrote: > > Hi Tom (and ports list by CC), > > > > After an upgrade to sudo v1.6.9 on my 6-STABLE workstation, I've > > noticed some interesting behaviour with regards to interaction between > > sudo and w. > > > > Check the output below for an example. > > > > [pfraser@odyssey ~]$ sudo -V > > Sudo version 1.6.9 > > [pfraser@odyssey ~]$ w > > 7:42PM up 8 days, 7:46, 1 user, load averages: 0.11, 0.10, 0.15 > > USER TTY FROM LOGIN@ IDLE WHAT > > pfraser p0 core-server01 7:38PM - w > > [pfraser@odyssey ~]$ sudo -s > > Last login: Sun Jul 22 19:36:22 on ttyp1 > > [root@odyssey ~]# w > > 7:42PM up 8 days, 7:46, 0 users, load averages: 0.10, 0.09, 0.15 > > USER TTY FROM LOGIN@ IDLE WHAT > > [root@odyssey ~]# > > > > Note there is now no active session listed? If I then drop out of the > > sudo session, the problem persists. > > > > [root@odyssey ~]# exit > > exit > > [pfraser@odyssey ~]$ w > > 7:44PM up 8 days, 7:47, 0 users, load averages: 0.27, 0.15, 0.17 > > USER TTY FROM LOGIN@ IDLE WHAT > > [pfraser@odyssey ~]$ > > > > I'm afraid I'm not familiar enough with the inner workings of all the > > related systems and can't be of much more assistance (at least > > initially), but I'm quite welcome to perform any testing you require. > > You may just need to hold my hand a little bit! > > > > I'm not sure if this is a sudo bug or a -STABLE bug. I can only > reproduce this on -STABLE with sudo 1.6.9. -CURRENT with 1.6.9 and > 1.6.8p12 works fine and -STABLE with sudo 1.6.8p12 works fine. I did a > little more experimenting and saw this behavior below. > > -STABLE: > [tom@releng-6-fbsd tom]$ last > tom ttyp2 bofh Sun Jul 22 16:16 still logged in > ... > [tom@releng-6-fbsd tom]$ sudo -s > # last | head -n 5 > root ttyp2 Sun Jul 22 16:16 - 16:16 (00:00) > tom ttyp2 bofh Sun Jul 22 16:16 - 16:16 (00:00) > ... > # ^D > [tom@releng-6-fbsd tom]$ last > root ttyp2 Sun Jul 22 16:16 - 16:16 (00:00) > tom ttyp2 bofh Sun Jul 22 16:16 - 16:16 (00:00) > > > -CURRENT: > [tom@releng-7-fbsd tom]$ last > tom ttyp1 bofh Sun Jul 22 16:18 still logged in > ... > [tom@releng-7-fbsd tom]$ sudo -s > # last | head -n 6 > tom ttyp1 bofh Sun Jul 22 16:18 still logged in > ... > # ^D > [tom@releng-7-fbsd tom]$ last > tom ttyp1 bofh Sun Jul 22 16:18 still logged in > > > I'm going to do a little more digging and figure out if this is caused > by a behavior difference in sudo or FreeBSD. > > tom Yeah, I was totally wrong above. The issue is caused by pam_lastlog. I forgot I had commented out the session line in the pam file on my -CURRENT box to shutup the login message everytime I ran a command via sudo. It's not an issue on my CentOS box so it appears to be an issue with our pam_lastlog. I'm going to ask on freebsd-security@ tom -- | tmclaugh at sdf.lonestar.org tmclaugh at FreeBSD.org | | FreeBSD http://www.FreeBSD.org |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1185163321.1955.89.camel>