Greg Troxel <g...@lexort.com> writes:
> After a lot of investigating including writing a quick read/printf
> program to examine the sudo timestamp files, the problem appears to be
> that the timestamp records are "TS_PPID" rather than "TS_TTY". The
> parent is something deep in make, and thus different every time. So
> this is not really a pkgsrc issue.
Followup for the archives.
There are two problems that combine for hard-to-debug bad behavior.
1) devname(3)
devname(3) converts a device major/minor to a pathname. sudo uses this.
However, it uses /var/run/dev.cdb, which is created by dev_mkdb(8) which
runs at boot.
So if you boot your system with /dev/ttyp*, mount ptyfs, rm /dev/ttyp*,
and log out and back in, you will still get e.g. /dev/ttyp5 from
devname. (I saw this in the sudo logs.)
2) sudo bugs
sudo's default is 'tty'. It gets the major/minor. But it doesn't just
store that in the timestamp file. It calls devname, and if it can't
stat the result, *silently*, even with respeect to debugging statements,
switches to ppid mode. If it can stat, it stores the dev_t in the file.
See plugins/sudoers/timestamp.c, line 415, where it checks that stat
succeeds on the path.
The bad bug is that failure to stat a path that should be valid should
be fatal, not a silent flip to ppid. The lesser bug is that if the
thing that matters is the dev_t, it should just use that.
Once realizing, re-running dev_mkdb caused devname to return /dev/pts/5
instead, and things work as I would expect.
