Ubuntu
sudo package

Bug #1823202
Comment #4

Comment 4 for bug 1823202

Revision history for this message

Ryan K. McKee (ryan-k-mckee-deactivatedaccount) wrote on 2019-04-04: Re: [Bug 1823202] Re: HOME points to something not owned by user in sudo

So does this mean sudo -s doesn't work? If not, why the implementation? Why
does an "-s" switch exist if it provides no functionality?

On Thu, Apr 4, 2019, 11:55 AM Seth Arnold <email address hidden>
wrote:

> You should use sudo -i to get a clean root login without your local user
> configuration seeping into the shell.
>
> Thanks
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1823202
>
> Title:
> HOME points to something not owned by user in sudo
>
> Status in sudo package in Ubuntu:
> New
> Status in zsh package in Ubuntu:
> New
>
> Bug description:
> <CcxWrk> You shouldn't use interactive shell, or any program with
> executable configuration, while your HOME points to something not
> owned by your user. That's the big issue and it's with sudo, not zsh,
> not omz, not any other shell or application you launch. <CcxWrk> You
> can go shout "you are doing security wrong" at Ubuntu. Good luck.
>
> ╭─rkm@Khadas ~
> ╰─➤ id rkm && getent passwd rkm
> uid=1001(rkm) gid=1001(rkm)
> groups=1001(rkm),0(root),4(adm),5(tty),6(disk),20(dialout),21(fax),24(cdrom),25(floppy),26(tape),27(sudo),29(audio),30(dip),44(video),46(plugdev),50(staff),60(games),100(users),101(systemd-journal),104(input),108(netdev),112(bluetooth),113(lpadmin),121(pulse-access)
> rkm:x:1001:1001:Ryan McKee,,,,:/home/rkm:/usr/bin/zsh
>
> ╭─rkm@Khadas ~
> ╰─➤ sudo /usr/bin/env
> 1 ↵
> LC_MESSAGES=en_US.UTF-8
> LANG=en_US.UTF-8
> LANGUAGE=en_US.UTF-8
> TERM=xterm-256color
> XAUTHORITY=/home/rkm/.Xauthority
> COLORTERM=truecolor
> DISPLAY=:0.0
>
> PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
> HOME=/home/rkm
> LC_CTYPE=en_US.UTF-8
>
> LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:
> MAIL=/var/mail/root
> LOGNAME=root
> USER=root
> USERNAME=root
> SHELL=/bin/bash
> SUDO_COMMAND=/usr/bin/env
>
>
> SUDO_USER=rkm
> SUDO_UID=1001
> SUDO_GID=1001
> ╭─rkm@Khadas ~
> ╰─➤
>
> <Eickmeyer> CyberManifest: sudo is a package. Also, once filed, add
> zsh to the bug since it could be a bug in zsh's package as well.
>
> <Eickmeyer> Not necessarily zsh itself, but the packaging.
>
> ProblemType: Bug
> DistroRelease: Ubuntu 18.04
> Package: sudo 1.8.21p2-3ubuntu1
> Uname: Linux 4.9.40 aarch64
> ApportVersion: 2.20.9-0ubuntu7.6
> Architecture: arm64
> CurrentDesktop: XFCE
> Date: Thu Apr 4 11:07:42 2019
> SourcePackage: sudo
> UpgradeStatus: No upgrade log present (probably fresh install)
> VisudoCheck:
> /etc/sudoers: parsed OK
> /etc/sudoers.d/README: parsed OK
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1823202/+subscriptions
>

So does this mean sudo -s doesn't work? If not, why the implementation? Why
does an "-s" switch exist if it provides no functionality?

On Thu, Apr 4, 2019, 11:55 AM Seth Arnold <1823202@bugs.launchpad.net>
wrote:

> You should use sudo -i to get a clean root login without your local user
> configuration seeping into the shell.
>
> Thanks
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1823202
>
> Title:
>   HOME points to something not owned by user in sudo
>
> Status in sudo package in Ubuntu:
>   New
> Status in zsh package in Ubuntu:
>   New
>
> Bug description:
>   <CcxWrk> You shouldn't use interactive shell, or any program with
>   executable configuration, while your HOME points to something not
>   owned by your user. That's the big issue and it's with sudo, not zsh,
>   not omz, not any other shell or application you launch. <CcxWrk> You
>   can go shout "you are doing security wrong" at Ubuntu. Good luck.
>
>   ╭─rkm@Khadas ~
>   ╰─➤  id rkm && getent passwd rkm
>   uid=1001(rkm) gid=1001(rkm)
> groups=1001(rkm),0(root),4(adm),5(tty),6(disk),20(dialout),21(fax),24(cdrom),25(floppy),26(tape),27(sudo),29(audio),30(dip),44(video),46(plugdev),50(staff),60(games),100(users),101(systemd-journal),104(input),108(netdev),112(bluetooth),113(lpadmin),121(pulse-access)
>   rkm:x:1001:1001:Ryan McKee,,,,:/home/rkm:/usr/bin/zsh
>
>   ╭─rkm@Khadas ~
>   ╰─➤  sudo /usr/bin/env
>     1 ↵
>   LC_MESSAGES=en_US.UTF-8
>   LANG=en_US.UTF-8
>   LANGUAGE=en_US.UTF-8
>   TERM=xterm-256color
>   XAUTHORITY=/home/rkm/.Xauthority
>   COLORTERM=truecolor
>   DISPLAY=:0.0
>
> PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
>   HOME=/home/rkm
>   LC_CTYPE=en_US.UTF-8
>
> LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:
>   MAIL=/var/mail/root
>   LOGNAME=root
>   USER=root
>   USERNAME=root
>   SHELL=/bin/bash
>   SUDO_COMMAND=/usr/bin/env
>
>
>   SUDO_USER=rkm
>   SUDO_UID=1001
>   SUDO_GID=1001
>   ╭─rkm@Khadas ~
>   ╰─➤
>
>   <Eickmeyer> CyberManifest: sudo is a package. Also, once filed, add
>   zsh to the bug since it could be a bug in zsh's package as well.
>
>   <Eickmeyer> Not necessarily zsh itself, but the packaging.
>
>   ProblemType: Bug
>   DistroRelease: Ubuntu 18.04
>   Package: sudo 1.8.21p2-3ubuntu1
>   Uname: Linux 4.9.40 aarch64
>   ApportVersion: 2.20.9-0ubuntu7.6
>   Architecture: arm64
>   CurrentDesktop: XFCE
>   Date: Thu Apr  4 11:07:42 2019
>   SourcePackage: sudo
>   UpgradeStatus: No upgrade log present (probably fresh install)
>   VisudoCheck:
>    /etc/sudoers: parsed OK
>    /etc/sudoers.d/README: parsed OK
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1823202/+subscriptions
>

Ubuntusudo package

Comment 4 for bug 1823202

Ubuntu
sudo package