sudo emails contain random buffer contents if hostname can't be resolved
Bug #530073 reported by
Nikolaus Rath
This bug affects 9 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sudo |
Unknown
|
Unknown
|
|||
sudo (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: sudo
To reproduce:
1. instal libnss-extrausers
2. make sure the hostname cannot be resolved by removing it from /etc/hosts:
# hostname
spitzer
# hostname -f
hostname: Unknown host
Now run
# sudo -u "$admin_user" /bin/true
sudo: unable to resolve host spitzer
This will send a completely garbled error message to the administrator that gives no clue of what went wrong and where to look for it:
To: <email address hidden>
From: <email address hidden>
Auto-Submitted: auto-generated
Subject: *** SECURITY information for spitzer ***
spitzer : Feb 26 06:25:01 : root : /usr/lib/
Changed in sudo (Ubuntu): | |
status: | New → Confirmed |
To post a comment you must log in.
I have identified this bug too, but worse, it seems to be sending an uninitialised buffer in the emails!
(I was doing a "sudo -s" rather than "sudo /bin/true" or whatever.)
To: <email address hidden>
Subject: *** SECURITY information for arya ***
arya : Apr 20 16:13:28 : tobyc : `¨g
To: <email address hidden>
Subject: *** SECURITY information for arya ***
arya : Apr 20 16:15:16 : tobyc : `d