On Fri, Sep 15, 2017 at 06:06:02PM -0300, x9p wrote:
> > sudo(8) says:
> >
> >      sudo supports a plugin architecture for security policies and
> > input/output logging.  Third parties can develop and distribute their
> > own policy and I/O logging plugins to work seamlessly with the sudo
> > front end.  The default security policy is sudoers, which is configured
> > via the file /etc/sudoers, or via LDAP.
> >
> > And LDAP means TCP, and TCP usually mean DNS requests.
> >
> > So it's unusual (sudo does not exhibit such behavior here), but
> > possible.
> >
> Agree there are situations where sudo does TCP. Disagree with that
> occurring in my simplistic setup. sudo should not hang for X seconds if my
> DNS servers are incorrect.
> > A stray nameserver in resolv.conf, which can happen if resolvconf is
> > used carelessly. Even more weird things are always possible with
> > NetworkManager.
> Am too old, I like /etc/resolv.conf being just a file. Am avoiding to turn
> this into a systemd talk.

Was not my intention. All those things can happen if one's using

> >> > Specifically I'm interested with:
> >> >
> >> > grep hosts /etc/nsswitch.conf
> >> >
> >> > grep localhost /etc/hosts
> >> >
> >> > Reco
> >> >
> >>
> >> Did not touched these, are the default from stretch:
> >>
> >> root@localhost:~# grep hosts /etc/nsswitch.conf
> >> hosts:          files mdns4_minimal [NOTFOUND=return] dns myhostname
> >> root@localhost:~# grep localhost /etc/hosts
> >>       localhost
> >>       localhost
> >> ::1     localhost ip6-localhost ip6-loopback
> >
> > Curious. Can you reproduce the behaviour if sudo is run as root?
> > I propose to simplify things a bit (needs to be run as root):
> >
> strace was already run as root (did "sudo su" as root to prove the point),
> otherwise strace would fail with "effective uid is not 0".

Your snippet of strace output on pastebin is lacking the beginning.
What I'm currently interested in are:

1) Libraries and configuration files that sudo is opening (hence the
'open' syscall). Thinking about it, make it 'open,stat'.

2) What kind of network sockets (short of kinda obvious UDP) sudo is
opening (hence the 'connect' syscall).

Feel free to edit out all unnecessary details of course.

PS Replying to debian-user@lists.debian.org is sufficient. There's no
need to CC me, I'm subscribed to the list.


Reply via email to