sudo asks for wrong password

Bug #148498 reported by ingo
8
Affects Status Importance Assigned to Milestone
sudo (Debian)
Fix Released
Unknown
sudo (Ubuntu)
Low
Martin Pitt

Bug Description

Binary package hint: sudo

[Gusty beta]

for security reasons I enabled the root account with a strong password, while the user pw is more convenient.
Especially administrators serving several PC's will setup a separate root-account for maintainance.
In /etc/sudoers I had to extend the line:

Defaults !lecture,tty_tickets,!fqdn,targetpw,timestamp_timeout = 0

If now calling sudo I am asked for the user-password like this:

sudo aptget-upgrade
[sudo] password for ingo:

which is definitely wrong, because the target-password (for root) has to be entered, /etc/sudoers has been ignored.
Why not leave it correctly as in Feisty, just asking 'Password:'? Or better correct the confusing Bug?

Related branches

Revision history for this message
Kees Cook (kees) wrote :

Thanks for the report! This bug came from sudo upstream changes, and we'll need to get them involved to fix it.

Changed in sudo:
importance: Undecided → Low
status: New → Confirmed
Revision history for this message
Patrick Schoenfeld (schoenfeld-debian) wrote :

Hi,

what do you mean by upstream in this case? Debian? Or the sudo developers? I think the problem with sudo is the same as in Debian Sid, there referred to as #454409 [1]. The problem has a simple and a less trivial solution:

1) The easy one first: Change debian/rules to not set default-prompt to "[sudo] password for %u", because %u is always replaced by the invoking user. Soo simply removing "for %u" helps. See Debian BTS for the patch. According to the Debian maintainer of sudo this will be done in the next upload.

Unfortunately there is no alternative to %u that respects def_rootpw (or def_targetpw (?) in this case), so
the alternative is to

2) .. patch sudo to have a placeholder that is proper for this case. I created a patch for Debian (where the problem was with the def_rootpw option, but now I see that this patch is incomplete, because I've forgotten that def_targetpw exists. So my patch needs to be updated.

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454409

Revision history for this message
Patrick Schoenfeld (schoenfeld-debian) wrote :

Hi again,

I've written a patch to handle every possible *pw flag (rootpw, targetpw and runaspw) for Debian. Maybe this might be of interest for you too. See the Debian BTS for further information.

Best Regards,
Patrick

Revision history for this message
Ming Hua (minghua) wrote :

Patrick's patch has been acceptted by Debian and included in version 1.6.9p10-1. We may want to consider merging the new version from Debian.

Changed in sudo:
status: Unknown → Fix Released
Revision history for this message
Martin Pitt (pitti) wrote :

Thanks, Patrick! Will merge.

Changed in sudo:
assignee: nobody → pitti
status: Confirmed → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package sudo - 1.6.9p10-1ubuntu1

---------------
sudo (1.6.9p10-1ubuntu1) hardy; urgency=low

  * Merge with Debian unstable. Remaining Ubuntu changes:
    - debian/rules: Disable lecture, enable tty_tickets by default. (Ubuntu
      specific)
    - Add debian/sudo_root.8: Explanation of root handling through sudo.
      Install it in debian/rules. (Ubuntu specific)
    - sudo.c: If the user successfully authenticated and he is in the 'admin'
      group, then create a stamp ~/.sudo_as_admin_successful. Our default bash
      profile checks for this and displays a short intro about sudo if the
      flag is not present. (Ubuntu specific)
  * The password prompt asks for the target user's password now, not the
    invoking one's. (LP: #148498)

sudo (1.6.9p10-1) unstable; urgency=low

  * new upstream version
  * tweak default password prompt as %u doesn't make sense. Accept patch from
    Patrick Schoenfeld (recommend upstream accept it too) that adds a %p and
    uses it by default, closes: #454409
  * accept patch from Martin Pitt that adds a prerm making it difficult to
    "accidentally" remove sudo when there is no root password set on the
    system, closes: #451241

 -- Martin Pitt <email address hidden> Wed, 02 Jan 2008 08:56:12 +0100

Changed in sudo:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.