Your message dated Wed, 13 Mar 2024 08:41:21 +0100
with message-id <[email protected]>
and subject line Re: Bug#1066109: sudo: pam-script env variables not populated
because of sudo change
has caused the Debian Bug report #1066109,
regarding sudo: pam-script env variables not populated because of sudo change
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1066109: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066109
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: sudo
Version: 1.9.13p3-1+deb12u1
Severity: important
Tags: patch
X-Debbugs-Cc: [email protected]
Dear Maintainer,
>From sudo version 1.9.4 to version 1.9.14, there is a bug breaking pam-script
environment variables: https://github.com/sudo-project/sudo/issues/318
Because of this bug, pam-script called through a sudo command are not getting
called with the necessary filled PAM_* environment variables for the pam scripts
to perform their checks.
For example, if the command executed is "sudo ls", then a pam-script should get
the PAM_SERVICE populated to be "sudo". That is not the case with debian 12
sudo package where PAM_SERVICE, in this sudo scenario, is simply empty.
Would it be possible to backport the upstream fix or update sudo to 1.9.15 in
the Debian 12 repositories? We are experiencing the same issue described in
the Github link.
-- System Information:
Debian Release: 12.5
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-cl-1-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages sudo depends on:
ii init-system-helpers 1.65.2
ii libaudit1 1:3.0.9-1
ii libc6 2.36-9+deb12u4
ii libpam-modules 1.5.2-6+deb12u1
ii libpam0g 1.5.2-6+deb12u1
ii libselinux1 3.4-1+b6
ii zlib1g 1:1.2.13.dfsg-1
sudo recommends no packages.
sudo suggests no packages.
-- Configuration Files:
/etc/sudoers [Errno 13] Permission denied: '/etc/sudoers'
/etc/sudoers.d/README [Errno 13] Permission denied: '/etc/sudoers.d/README'
-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 1.9.15p5-3
Control: tags -1 wontfix
On Tue, Mar 12, 2024 at 06:14:45PM +0000, Andy Roulin wrote:
> From sudo version 1.9.4 to version 1.9.14, there is a bug breaking pam-script
> environment variables: https://github.com/sudo-project/sudo/issues/318
Yes, that's a sad bug.
> For example, if the command executed is "sudo ls", then a pam-script should
> get
> the PAM_SERVICE populated to be "sudo". That is not the case with debian 12
> sudo package where PAM_SERVICE, in this sudo scenario, is simply empty.
What is this usually used for? Pardon my igorance, but I need to know
about use cases to judge how annoying the issue is.
> Would it be possible to backport the upstream fix or update sudo to 1.9.15 in
> the Debian 12 repositories? We are experiencing the same issue described in
> the Github link.
As a rule, Debian doesn't update package versions after a stable version
has been released. Stable means "it doesn't change". Only security
relevant bugs do get fixed quickly in stable. Does the issue you're
complaining about have a CVE number, or is it just a convenience issue?
As an exception from the rule, Debian does "point releases" where update
rules are a bit relaxed, we do fix assorted release critical bugs at the
discretion of the package maintainer.
At the current time, you have neither convinced me that this is a
release critical bug nor that this is an issue that urgently needs
fixing in stable. With bookworm being out of the door for more than half
a year now, I think that a release critical issue would have surfaced
earlier.
I am therefore tagging this bug wontfix, and marking it as fixed in the
version that is currently in trixie. That means that this bug report
will remain visible as reference for people searching for bugs in Debian
12 "bookworm". Thanks for reporting the issue.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
--- End Message ---
