sudo returns exit code 0 if child is killed with SIGTERM
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sudo |
Unknown
|
Unknown
|
|||
sudo (Ubuntu) |
Fix Released
|
Medium
|
Balint Reczey | ||
Xenial |
Fix Released
|
Medium
|
Unassigned | ||
Yakkety |
Won't Fix
|
Medium
|
Unassigned | ||
Zesty |
Fix Released
|
Medium
|
Unassigned | ||
Artful |
Fix Released
|
Medium
|
Balint Reczey |
Bug Description
[Impact]
* sudo returns exit code 0 if child is killed with signals other than SIGINT
* This can break scripts assuming successful execution of the command ran by
sudo
[Test Case]
* Open two separate shells
1. In shell 1. run:
ubuntu@
2. In shell 2. run:
root@
3. In broken versions shell 1. shows this:
ubuntu@
0
4. Install fixed version
5. Execute steps 1. and 2.
6. In fixed version shell 1. shows this:
ubuntu@
Terminated
143
[Regression Potential]
* sudo may exit with a different status than expected
[Other Info]
original bug description:
Please backport upstream sudo changeset 10917:50b988d0c97f "The fix for Bug #722 contained a typo/thinko that resulted in the" to xenial, yakkety, and zesty versions of sudo.
This will fix a regression documented by this upstream bug report: https:/
sudo 1.8.15 changeset 10229:153f016db8f1 "When the command sudo is running is killed by a signal, sudo will" introduced a regression where the exit status is always 0 when a command is killed by a signal other than SIGINT. https:/
This will be fixed in sudo 1.8.20 with changeset 10917:50b988d0c97f "The fix for Bug #722 contained a typo/thinko that resulted in the". https:/
trusty sudo is based off sudo 1.8.9 and is not affected. xenial sudo based off sudo 1.8.16, yaketty sudo based off sudo 1.8.16, and zesty sudo based off 1.8.19 need the fix.
description: | updated |
tags: | added: xenial yakkety zesty |
information type: | Public → Public Security |
tags: | added: rls-aa-incoming |
tags: | added: artful |
Changed in sudo (Ubuntu): | |
assignee: | nobody → Balint Reczey (rbalint) |
description: | updated |
Changed in sudo (Ubuntu Zesty): | |
importance: | Undecided → Medium |
Changed in sudo (Ubuntu Yakkety): | |
importance: | Undecided → Medium |
Changed in sudo (Ubuntu Xenial): | |
importance: | Undecided → Medium |
Changed in sudo (Ubuntu Yakkety): | |
status: | Fix Committed → Won't Fix |
This may have security implications in edge cases. E.g. if an application is checking the status code of `sudo` and using `0` as "good to go", this may allow for access to a resource to be permitted when it should not be.