[Touch-packages] [Bug 1823202] Re: HOME points to something not owned by user in sudo

Thu, 04 Apr 2019 15:17:56 -0700 

[16:51:24] <slacker_nl> that patch that they added in ... 1.7.4p4-5ubuntu6 
breaks the default sudo compared to upstream (both sudo and debian)
[16:52:36] <slacker_nl> you can reference to 
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/760140

Basically I resolved my sudo -s issue by 
creating a new file: /etc/sudoers.d/01_env_keep
with the following contents:

Defaults env_keep -= "HOME"

and then chmod 440 /etc/sudoers.d/01_env_keep

and then confirming with sudo sudo -V

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/1823202

Title:
  HOME points to something not owned by user in sudo

Status in sudo package in Ubuntu:
  New
Status in zsh package in Ubuntu:
  New

Bug description:
  <CcxWrk> You shouldn't use interactive shell, or any program with
  executable configuration, while your HOME points to something not
  owned by your user. That's the big issue and it's with sudo, not zsh,
  not omz, not any other shell or application you launch. <CcxWrk> You
  can go shout "you are doing security wrong" at Ubuntu. Good luck.

  ╭─rkm@Khadas ~  
  ╰─➤  id rkm && getent passwd rkm
  uid=1001(rkm) gid=1001(rkm) 
groups=1001(rkm),0(root),4(adm),5(tty),6(disk),20(dialout),21(fax),24(cdrom),25(floppy),26(tape),27(sudo),29(audio),30(dip),44(video),46(plugdev),50(staff),60(games),100(users),101(systemd-journal),104(input),108(netdev),112(bluetooth),113(lpadmin),121(pulse-access)
  rkm:x:1001:1001:Ryan McKee,,,,:/home/rkm:/usr/bin/zsh

  ╭─rkm@Khadas ~  
  ╰─➤  sudo /usr/bin/env                                                      1 
↵
  LC_MESSAGES=en_US.UTF-8
  LANG=en_US.UTF-8
  LANGUAGE=en_US.UTF-8
  TERM=xterm-256color
  XAUTHORITY=/home/rkm/.Xauthority
  COLORTERM=truecolor
  DISPLAY=:0.0
  PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
  HOME=/home/rkm
  LC_CTYPE=en_US.UTF-8
  
LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:
  MAIL=/var/mail/root
  LOGNAME=root
  USER=root
  USERNAME=root
  SHELL=/bin/bash
  SUDO_COMMAND=/usr/bin/env

  
  SUDO_USER=rkm
  SUDO_UID=1001
  SUDO_GID=1001
  ╭─rkm@Khadas ~  
  ╰─➤  

  <Eickmeyer> CyberManifest: sudo is a package. Also, once filed, add
  zsh to the bug since it could be a bug in zsh's package as well.

  <Eickmeyer> Not necessarily zsh itself, but the packaging.

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: sudo 1.8.21p2-3ubuntu1
  Uname: Linux 4.9.40 aarch64
  ApportVersion: 2.20.9-0ubuntu7.6
  Architecture: arm64
  CurrentDesktop: XFCE
  Date: Thu Apr  4 11:07:42 2019
  SourcePackage: sudo
  UpgradeStatus: No upgrade log present (probably fresh install)
  VisudoCheck:
   /etc/sudoers: parsed OK
   /etc/sudoers.d/README: parsed OK

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1823202/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to