On 25/09/2023 20:21, Greg Wooledge wrote:
On Mon, Sep 25, 2023 at 11:14:24AM +0200, Michael wrote:
so i looked into /etc/sudoers and all /etc/sudoers.d/* and found two
suspicous flags:
/etc/sudoers:
Defaults use_pty
/etc/sudoers.d/0pwfeedback:
Defaults pwfeedback
then consulting the sudo manpage convinced me, it was the 'use_pty' flag (in
section SUDOERS OPTIONS). after removing that flag everything works as
'expected':
Well, that is quite the find.
Indeed! Many thanks Michael.
For background, I followed up some links to get:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657784
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011624
https://bugs.kde.org/show_bug.cgi?id=452532#c28
https://salsa.debian.org/sudo-team/sudo/-/commit/59db341d46aa4c26b54c1270e69f2562e7f3d751
Given the presence of an /etc/sudoers.dpkg-dist file on my system,
which does in fact contain this:
# This fixes CVE-2005-4890 and possibly breaks some versions of kdesu
# (#1011624, https://bugs.kde.org/show_bug.cgi?id=452532)
Defaults use_pty
it looks like you've solved *most* of the mystery.
But @Greg, if you have "Defaults use_pty" why haven't you been getting
the same instant aborts that I was?
I still don't get
why it matters whether the command was executed from bash or dash --
...or ksh or zsh?? Only bash seemed to suffer from having stdin cut off.
Anyway, for my personal purposes, this new behaviour looks too unpredictable
and I plan to fall back on capturing stderr in a tempfile. Kludgy but maybe
more robust than multiple redirections?
:~$ temp=$(mktemp)
:~$ sudo apt-get install nopkg 2>"$temp"
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
:~$ errors=$(<"$temp")
:~$ echo "$errors"
E: Unable to locate package nopkg
:~$ rm "$temp"
It would be nice to unpick the rest of the mystery though...
(Also, if some day bash had a way of making a variable look like a file for
writing.)
--
John
