Ubuntu

sudo init script should set date to epoch, not 1985-01-01

Reported by Marc Deslauriers on 2013-09-10
268
This bug affects 3 people
Affects Status Importance Assigned to Milestone
sudo (Debian)
Fix Released
Unknown
sudo (Ubuntu)
Status tracked in Trusty
Lucid
Undecided
Marc Deslauriers
Precise
Undecided
Marc Deslauriers
Quantal
Undecided
Marc Deslauriers
Saucy
Undecided
Marc Deslauriers
Trusty
Medium
Unassigned

Bug Description

Sudo treats filestamps set to epoch as invalid, so the init script should set the contents of /var/lib/sudo to epoch, and not 19850101.

ie:

find /var/lib/sudo -exec touch -d @0 '{}' \;

instead of:

find /var/lib/sudo -exec touch -t 198501010000 '{}' \;

ProblemType: Bug
DistroRelease: Ubuntu 13.10
Package: sudo 1.8.6p3-0ubuntu3
ProcVersionSignature: Ubuntu 3.11.0-4.9-generic 3.11.0-rc7
Uname: Linux 3.11.0-4-generic x86_64
ApportVersion: 2.12.1-0ubuntu3
Architecture: amd64
Date: Tue Sep 10 07:25:04 2013
InstallationDate: Installed on 2012-11-13 (300 days ago)
InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Release amd64 (20121017.5)
MarkForUpload: True
SourcePackage: sudo
UpgradeStatus: Upgraded to saucy on 2013-08-19 (21 days ago)
modified.conffile..etc.sudoers: [inaccessible: [Errno 13] Permission denied: '/etc/sudoers']
modified.conffile..etc.sudoers.d.README: [inaccessible: [Errno 13] Permission denied: '/etc/sudoers.d/README']

Marc Deslauriers (mdeslaur) wrote :
Changed in sudo (Ubuntu):
status: New → Confirmed
Changed in sudo (Debian):
status: Unknown → New
Changed in sudo (Debian):
status: New → Fix Released
Changed in sudo (Ubuntu):
status: Confirmed → Fix Committed
importance: Undecided → Medium
Brian Murray (brian-murray) wrote :

This is fixed in Trusty:

sudo (1.8.8-2ubuntu1) trusty; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - debian/rules:
      + compile with --without-lecture --with-tty-tickets --enable-admin-flag
      + install man/man8/sudo_root.8 in both flavours
      + install apport hooks
    - debian/sudoers:
      + also grant admin group sudo access
    - debian/source_sudo.py, debian/sudo-ldap.dirs, debian/sudo.dirs:
      + add usr/share/apport/package-hooks
    - debian/sudo.pam:
      + Use pam_env to read /etc/environment and /etc/default/locale
        environment files. Reading ~/.pam_environment is not permitted due to
        security reasons.
    - Remaining patches:
      + keep_home_by_default.patch: Keep HOME in the default environment
      + actually-use-buildflags: Pass LDFLAGS everywhere

 -- Stéphane Graber <email address hidden> Tue, 22 Oct 2013 17:43:37 -0400

sudo (1.8.8-2) unstable; urgency=low

  * fix touch errors on boot, closes: #725193

 -- Bdale Garbee <email address hidden> Tue, 08 Oct 2013 20:11:38 -0600

sudo (1.8.8-1) unstable; urgency=low

  * new upstream release

 -- Bdale Garbee <email address hidden> Mon, 30 Sep 2013 23:08:49 -0600

sudo (1.8.8~rc1-1) experimental; urgency=low

  * upstream release candidate with several of our patches folded in
  * set filestamps to epoch instead of an arbitrary old date in the init
    fragment, closes: #722335

Changed in sudo (Ubuntu):
status: Fix Committed → Fix Released
Changed in sudo (Ubuntu Lucid):
status: New → Confirmed
Changed in sudo (Ubuntu Quantal):
status: New → Confirmed
Changed in sudo (Ubuntu Lucid):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in sudo (Ubuntu Precise):
status: New → Confirmed
Changed in sudo (Ubuntu Saucy):
status: New → Confirmed
Changed in sudo (Ubuntu Precise):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in sudo (Ubuntu Quantal):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in sudo (Ubuntu Saucy):
assignee: nobody → Marc Deslauriers (mdeslaur)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package sudo - 1.8.3p1-1ubuntu3.6

---------------
sudo (1.8.3p1-1ubuntu3.6) precise-security; urgency=medium

  * SECURITY UPDATE: security policy bypass when env_reset is disabled
    - debian/patches/CVE-2014-0106.patch: fix logic inversion in
      plugins/sudoers/env.c.
    - CVE-2014-0106
  * debian/sudo.sudo.init, debian/sudo-ldap.sudo.init: Set timestamps to
    epoch in init scripts so they are properly invalidated. (LP: #1223297)
 -- Marc Deslauriers <email address hidden> Tue, 11 Mar 2014 07:56:53 -0400

Changed in sudo (Ubuntu Precise):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package sudo - 1.8.5p2-1ubuntu1.2

---------------
sudo (1.8.5p2-1ubuntu1.2) quantal-security; urgency=medium

  * debian/sudo.sudo.init, debian/sudo-ldap.sudo.init: Set timestamps to
    epoch in init scripts so they are properly invalidated. (LP: #1223297)
 -- Marc Deslauriers <email address hidden> Tue, 11 Mar 2014 07:58:51 -0400

Changed in sudo (Ubuntu Quantal):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package sudo - 1.8.6p3-0ubuntu3.1

---------------
sudo (1.8.6p3-0ubuntu3.1) saucy-security; urgency=medium

  * debian/sudo.sudo.init, debian/sudo-ldap.sudo.init: Set timestamps to
    epoch in init scripts so they are properly invalidated. (LP: #1223297)
 -- Marc Deslauriers <email address hidden> Tue, 11 Mar 2014 08:00:06 -0400

Changed in sudo (Ubuntu Saucy):
status: Confirmed → Fix Released
Changed in sudo (Ubuntu Lucid):
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.