Problems with sudo

Caramel · Post by **Caramel** » Mon Mar 24, 2025 8:09 am

In a script, when a command starts with sudo , the next command starts almost immediately

To visualize the problem, run-as-spot this script

#!/bin/bash

sudo mkdir /testsudo
touch /testsudo/test

The command touch fails (unless you enter the password very quickly)

Another bug, less important, is with the option "no future required in the future" (EDIT : the option is not the problem, see the third post)
If we enter

Code: Select all

run-as-spot sudo mkdir /test

and tick for the option (after typing the correct password), an entry

bash:/bin/mkdir

is created in /root/.sudo-sh-allow
If we re-enter the command, no more popup window asking the password

But if we enter

Code: Select all

run-as-spot sudo /bin/mkdir /test

and tick for the option, the created entry is

bash:/bin/busybox

(/usr/bin/mkdir is a link to /usr/bin/busybox)

And the password is still asked if we re-enter the command (EDIT : I got a different result in another test)

EDIT:
Another bug
If we enter a wrong password, the command is not executed but if we click on OK without entering anything, the command is executed !
EDIT2 (for the EDIT)
line 92 of /usr/bin/sudo.sh

rootHASH="$(busybox cryptpw -m SHA512 -S ${rootSALT} ${rootPW})"

if no password is entered, then rootPW=""
We need a test, just before this line, to verify that rootPW is no an empty variable (new EDIT: or initializing rootPW, line 54, by a value not empty but differnet of the root password)

EDIT : correction of a important error. I had forgotten the sudo in code line

Caramel · Post by **Caramel** » Mon Mar 24, 2025 4:04 pm

For the first bug , I tested

in /usr/bin/sudo
line 23

Code: Select all

 exec sudo-sh ${PPID} ${C}

replaced by

Code: Select all

 sudo-sh ${PPID} ${C}
 TESTGTKDIALOG=0
 while [[ $TESTGTKDIALOG -eq 0 ]]
  do 
   sleep 1
   ps | grep "gtkdialog --program=SUDOSH_DLG" | grep -v grep 2>&1 /dev/null
   TESTGTKDIALOG=$?
  done

The variable TESTGTKDIALOG equals 0 while gtkdialog --program=SUDOSH_DLG is present in the ouptut of ps (There is a test all the seconds) that is while the gtkdialog window to enter the password is open.
When the dialog window is closed, TESTGTKDIALOG becomes 1. The while loop stops, and therefore also the script sudo.

EDIT : works with the command mkdir but not with a command that writes results like ls

Caramel · Post by **Caramel** » Mon Mar 24, 2025 6:08 pm

Back to the test

Code: Select all

run-as-spot sudo /bin/mkdir /test

Actually it doesn't work as the executed command is in reality /usr/bin/busybox /test

The problem comes from the lines 19 to 25 in /usr/bin/sudo.sh

Code: Select all

RP="$(realpath -e "$2" 2>/dev/null)"
if [ ! -x "${RP}" ];then
 RP="$(which "$2")"
 if [ ! "$RP" ];then
  exit 1
 fi
fi

Here $2=/bin/mkdir and so RP=/usr/bin/busybox

(Note if $2=mkdir then RP=/usr/bin/mkdir)

EDIT :, A switch in the code works for /bin/mkdir.
I do not know if it creates other problems (NEW EDIT : this code is wrong, see fourth post)

Code: Select all

RP="$(which "$2")"
if [ $? eq 1 ];then
 RP="$(realpath -e "$2" 2>/dev/null)"
  if [ ! "$RP" ];then
  exit 1
 fi
fi

Another considered solution is to replace the 2 lines

Code: Select all

exec ${RP} ${*}

by

Code: Select all

 exec $2 ${*}

Remark : In /usr/bin/sudo the options -v and - l should be added in the line 8

EDIT
Remark 2:
/usr/bin/sudo.sh line 39

Code: Select all

grep -q -F "${EXE}:${RP}" /root/.sudo-sh-allow

colud be replaced by

Code: Select all

grep -q -F -x "${EXE}:${RP}" /root/.sudo-sh-allow

If not, if a line script.sh:program is present in /.sudo-sh-allow, the grep test with sh:program will succeed too.

Caramel · Post by **Caramel** » Tue Mar 25, 2025 12:28 pm

Caramel wrote: Mon Mar 24, 2025 6:08 pm
Back to the test
Code: Select all
run-as-spot sudo /bin/mkdir /test
Actually it doesn't work as the executed command is in reality /usr/bin/busybox /test

The problem comes from the lines 19 to 25 in /usr/bin/sudo.sh
Code: Select all
RP="$(realpath -e "$2" 2>/dev/null)"
if [ ! -x "${RP}" ];then
 RP="$(which "$2")"
 if [ ! "$RP" ];then
  exit 1
 fi
fi
Here $2=/bin/mkdir and so RP=/usr/bin/busybox

(Note if $2=mkdir then RP=/usr/bin/mkdir)

EDIT :, A switch in the code works for /bin/mkdir.
I do not know if it creates other problems
Code: Select all
RP="$(which "$2")"
if [ $? eq 1 ];then
 RP="$(realpath -e "$2" 2>/dev/null)"
  if [ ! "$RP" ];then
  exit 1
 fi
fi
...

Problem with the line

Code: Select all

if [ $? eq 1 ];then

The script (sudo.h) is executed is ash, not in bash (see the line 1 : #!/bin/ash) (I do not know why)

But for ash, eq is an "unknown operand"
New try :

Code: Select all

if [ "$(which "$2")" > /dev/null ]; then
 RP="$(which "$2")"
else
 RP="$(realpath -e "$2" 2>/dev/null)"
  if [ ! "$RP" ];then
   exit 1
  fi
fi

EDIT: eq is not usable but -eq is
EDIT: Still problems, see the post "Bug of the which commnd?" below

Caramel · Post by **Caramel** » Tue Mar 25, 2025 2:21 pm

Another problem
.
The commands

Code: Select all

run-as-spot sudo /usr/bin/install -d /testdir1

Code: Select all

run-as-spot sudo /usr/bin/install -d -o spot /testdir2

Code: Select all

run-as-spot sudo /usr/bin/install -d -g spot /testdir3

succeed

but not the command

Code: Select all

run-as-spot sudo /usr/bin/install -d -o spot -g spot /testdir4

It seems sudo.sh is not launched by sudo-sh

(Tested with and without the modifications of sudo and sudo.sh in the previous posts)

EDIT: A more direct test
Try 1

Code: Select all

run-as-spot sudo-sh 1 install -d -g spot /testdir

sudo.sh is launched and the gtkdialog is displayed

Try 2

Code: Select all

run-as-spot sudo-sh 1 install -d -g spot -o spot /testdir

Nothing happens

EDIT: possible cause of the problem:
sudo-sh code in C : https://bkhome.org/news/202306/light-we ... -sudo.html
The code was written for at most 7 parameters

EDIT2:
I've spent many hours looking at scripts and I barely understand them. And I don't understand the C one at all.

I also don't understand how a simple user can have root rights because the setuid right is not activated on sudo-sh as it was marked on the bkhome blog page

As usual @BarryK did an amazing job.

Caramel · Post by **Caramel** » Thu Mar 27, 2025 6:11 am

In /usr/bin, echo and mkdir are both symbolik links to /usr/bin/busybox

Code: Select all

# which mkdir
/usr/bin/mkdir

Code: Select all

# which echo

Edit: It's a feature of which as echo is a buit-in command of the shell

EDIT:
New try with (in /usr/bin/sudo.sh)

Code: Select all

#RP="$(realpath -e "$2" 2>/dev/null)"
#if [ ! -x "${RP}" ];then
 #RP="$(which "$2")"
 #if [ ! "$RP" ];then
  #exit 1
 #fi
#fi

replaced by (EDIT corrections of two stupid errors)

Code: Select all

LANG=C TYPE="$(type $2)"
RP="$(echo $TYPE | cut -d " " -f3)"
FirstCharacter="$(echo $RP | cut -c 1)"
if [ $FirstCharacter = "\/" ];then
 EXEC="exec"
else
 RP=$2
 EXEC=""
fi

and

the lines

Code: Select all

exec ${RP} ${*}

replaced by

Code: Select all

$EXEC ${RP} ${*}

Caramel · Post by **Caramel** » Thu Mar 27, 2025 3:08 pm

Caramel wrote: Tue Mar 25, 2025 2:21 pm
...

EDIT: possible cause of the problem:
sudo-sh code in C : https://bkhome.org/news/202306/light-we ... -sudo.html
The code was written for at most 7 parameters

...

The code has changed since this article
https://bkhome.org/news/202306/workarou ... nored.html

For an arbitrary number of parameters, I looked at dozens of web pages. The solution could be to use execvpe (instead of execle)

int execvpe(const char *file, char *const argv[], char *const envp[]);

Code idea

Code: Select all

 int shiftargc;
 shiftargc=argc+1;
 char * shiftargv[shiftargc];
 shiftargv[0] = "ash";
 shiftargv[1] = "/usr/bin/sudo.sh";
 int i;
 for (i = 1; i < shiftargc; ++i)
  {
    shiftargv[i+1]=argv[i];
  }

 execvpe("ash",shiftargv,envp2);

Edit : switcharg replaced by shiftarg in the code

Caramel · Post by **Caramel** » Fri Mar 28, 2025 6:41 am

Caramel wrote: Mon Mar 24, 2025 8:09 am
In a script, when a command starts with sudo , the next command starts almost immediately
...

Caramel wrote: Mon Mar 24, 2025 4:04 pm
For the first bug , I tested

in /usr/bin/sudo
line 23
Code: Select all
 exec sudo-sh ${PPID} ${C}
replaced by
Code: Select all
 sudo-sh ${PPID} ${C}
 TESTGTKDIALOG=0
 while [[ $TESTGTKDIALOG -eq 0 ]]
  do 
   sleep 1
   ps | grep "gtkdialog --program=SUDOSH_DLG" | grep -v grep 2>&1 /dev/null
   TESTGTKDIALOG=$?
  done
The variable TESTGTKDIALOG equals 0 while gtkdialog --program=SUDOSH_DLG is present in the ouptut of ps (There is a test all the seconds) that is while the gtkdialog window to enter the password is open.
When the dialog window is closed, TESTGTKDIALOG becomes 1. The while loop stops, and therefore also the script sudo.

EDIT : works with the command mkdir but not with a command that writes results like ls

New method
The script sudo is not modified by renamed (here it becomes sudo-real)
A new sudo script is created. This script launchs sudo-real and then waits the closure of the gtkdialog window

Code: Select all

#!/bin/ash

sudo-real "$@"

TESTGTKDIALOG=0
 while [ $TESTGTKDIALOG -eq 0 ]
  do 
   sleep 1
   ps | grep "gtkdialog --program=SUDOSH_DLG" | grep -v grep 2>&1 >/dev/null
   TESTGTKDIALOG=$?
  done

Edit : addition of sleep 1 in the code

Caramel · Post by **Caramel** » Fri Mar 28, 2025 6:58 am

It could be useful to add the possibilty of disabling the ask for the password during several minutes. (5 minutes in the screenshot and in the code above)

: capture8717.png (23.65 KiB) Viewed 265 times

In /usr/bin/sudo.sh, addition of these 3 pieces of code

Code: Select all

if [ -f /root/.sudo-date ]; then
  DATESUDO="$(cat /root/.sudo-date)"
  DATE="$(date +%s)"
  difference=$((DATE - DATESUDO))
  if [ $difference -lt 300 ];then
   # exec ${RP} ${*} (original script)
   $EXEC ${RP} ${*} # (modified script)
   exit # (modified script)
  fi
fi

Code: Select all

    <checkbox>
     <label>$(gettext 'Tick if no password required in the next 5 minutes')</label>
     <variable>ALLOW_CHK2</variable>
    </checkbox>

Code: Select all

 if [ "$ALLOW_CHK2" == "true" ];then
 date +%s > /root/.sudo-date
 fi

Caramel · Post by **Caramel** » Fri Mar 28, 2025 10:59 am

sudotest-0.1.pet: (7.46 KiB) Not downloaded yet

This pet contains 3 scripts and a binary executable
- the script sudo as described above (viewtopic.php?p=145565#p145565)
- the script sudo-real that is the file sudo from EasyOS Scarthgap 6.6.3
- the script sudo.sh with the commands realpath and which replaced by the command type (viewtopic.php?p=145501#p145501) and the addition of an option to disabling the ask for the password 5 minutes (viewtopic.php?p=145566#p145566)
- A executable resulting from the compilation of the file sudo-sh.c (gcc sudo-sh.c -o sudo-sh)

sudo-sh.c :

Code: Select all

//wrapper to run sudo.sh, see /usr/sbin/bootmanager example.
//sudo-sh must be root:root 4711 (setuid). sudo.sh root:root 0700
#define _GNU_SOURCE
#include <stdlib.h>
#include <stdio.h>
#include <unistd.h>
#include <string.h>
#include <fcntl.h>

int main(int argc, char *argv[], char *envp[]) {
 setuid(0);
 //execv("/usr/bin/sudo.sh",argv);
 //the above works, but maybe, very maybe, a security weakness:
 // https://unix.stackexchange.com/questions/364/allow-setuid-on-shell-scripts
 //so do it this way, run the ash interpreter here...
 //also, don't pass envp...
 
 extern char **environ;
 char *lang;
 lang=getenv("LANG");
 char langenv[] = "LANG=";
 strcat(langenv,lang);
 char *display;
 display=getenv("DISPLAY");
 char displayenv[] = "DISPLAY=";
 strcat(displayenv,display);
 
 char *envp2[] = { displayenv,
  "XDG_CACHE_HOME=/root/.cache",
  "XDG_CONFIG_DIRS=/etc/xdg",
  "XDG_CONFIG_HOME=/root/.config",
  "XDG_DATA_DIRS=/usr/share:/usr/local/share",
  "XDG_DATA_HOME=/root/.local/share",
  "XLIB_SKIP_ARGB_VISUALS=1",
  "QT5DIR=/usr",
  "QT_QPA_PLATFORMTHEME=gtk2",
  "QT_XFT=true",
  "RGBDEF=/usr/share/X11/rgb.txt",
  "SHELL=/bin/bash",
  "PULSE_RUNTIME_PATH=/run/pulse",
  "PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin",
  "OSTYPE=linux-gnu",
  "MOZILLA_FIVE_HOME=/usr/lib/seamonkey",
  "MOZ_DISABLE_PANGO=1",
  "MOZ_PLUGIN_PATH=/usr/lib/mozilla/plugins",
  "NO_AT_BRIDGE=1",
  "OOO_FORCE_DESKTOP=gnome",
  "LS_COLORS=bd=33:cd=33",
  "LIBASOUND_THREAD_SAFE=0",
  "INPUTRC=/etc/inputrc",
  "GTK2_RC_FILES=/root/.gtkrc-2.0",
  "G_FILENAME_ENCODING=@locale",
  langenv,
 NULL};

 //the idea is that if sudo-sh setuid has been ignored (ex: electron app)
 //then write the params to sudosh_pass file, which will be read by /root/Startup/sudo-sh-ipc
 //which will call /usr/bin/sudo-sh as root, with the params.
 int euid = geteuid();
 if (euid != 0) {
  char ipcfile[] = "/tmp/pup_event_ipc/sudosh_pass";
//  char outmsg[512];
  char outmsg[1024];
  int x;
  //argv[0] is name of this prog, ignore that...
  outmsg[0]=0;
  for (x=1; x<argc; x++) {
   strcat(outmsg,argv[x]);
   strcat(outmsg," ");
  }
  int ipcdescr = open(ipcfile, O_WRONLY|O_APPEND); //|O_CREAT
  if (ipcdescr > 0) {
   int wr = write(ipcdescr,outmsg,strlen(outmsg));
   close(ipcdescr);
  }
  //wait for ack from /root/Startup/sudo-sh-ipc...
  system("inotifywait -q -q -t 2 -e modify /tmp/pup_event_ipc/sudosh_ack");
  exit(0);
 }
 
 //i don't know C well enough to do this for an arbitrary # of params...
 //note, argv[0] has name of this script. argv[1] has pid of caller-of-caller
 char binash[] = "/bin/ash";
 //char ash[] = "ash";
 //char *ash[] = "ash" ;
 char sudosh[] = "/usr/bin/sudo.sh";
 int shiftargc;
 shiftargc=argc+1;
 char * shiftargv[shiftargc];
 //argv[0] = "ash /usr/bin/sudo.sh";

 shiftargv[0] = "ash";
 shiftargv[1] = "/usr/bin/sudo.sh";
 int i;
 for (i = 1; i < shiftargc; ++i)
  {
    shiftargv[i+1]=argv[i];
  }


 execvpe("ash",shiftargv,envp2);

}

The code comes from the articles of the blog. The modifications are : execle was replaced by execvpe (viewtopic.php?p=145532#p145532),
#define _GNU_SOURCE and #include <fcntl.h> was added.
And finally the size of outmsg has been doubled (from 512 to 1024) as 512 was too small for one of my test.

BarryK · Post by **BarryK** » Fri Mar 28, 2025 1:20 pm

Oh God, that stuff is complicated!
Implemented in 2023, ok will have a go at remembering how it was all done.
Thanks for reporting,

BarryK · Post by **BarryK** » Fri Mar 28, 2025 2:24 pm

Caramel wrote: Mon Mar 24, 2025 8:09 am
In a script, when a command starts with sudo , the next command starts almost immediately

To visualize the problem, run-as-spot this script
Code: Select all
#!/bin/bash

sudo mkdir /testsudo
touch /testsudo/test
The command touch fails (unless you enter the password very quickly)

Another bug, less important, is with the option "no future required in the future" (EDIT : the option is not the problem, see the third post)
If we enter
Code: Select all
run-as-spot sudo mkdir /test

There is a bug, /usr/bin/sudo-sh does not have suid bit set. Do this:

Code: Select all

# chmod 4711 /usr/bin/sudo-sh

I am confused by your first post. Anyway, it looks like you are calling sudo twice, when launch the script, then inside the script.

/test can be this:

Code: Select all

#!/bin/bash
mkdir -p /testsudo
touch /testsudo/test

Now test:

Code: Select all

# su spot
# sudo /test

...popup asks for password once, and script works.

Caramel · Post by **Caramel** » Fri Mar 28, 2025 4:13 pm

BarryK wrote: Fri Mar 28, 2025 2:24 pm
...
I am confused by your first post. Anyway, it looks like you are calling sudo twice, when launch the script, then inside the script.
...

The test is

Code: Select all

run-as-spot script

where script is

Code: Select all

#!/bin/bash

sudo mkdir /testsudo
touch /testsudo/test

Caramel · Post by **Caramel** » Fri Mar 28, 2025 4:47 pm

-First problem
In a script, when a command starts with sudo , the next command starts almost immediately
Proposed solution: use another script to launch sudo (see viewtopic.php?p=145565#p145565)

-Second problem
Errors with

Code: Select all

sudo /bin/mkdir /test

and

Code: Select all

sudo  echo text

Proposed solution:replace realpath and which by the command type (see viewtopic.php?p=145501#p145501)

-Third Problem
if we click on OK without entering anything ih the password field, the command is executed ! (See end of the first post)

-Fourth Problem
The number of parameters after sudo is limited.
Test with

Code: Select all

run-as-spot sudo /usr/bin/install -d -o spot -g spot /testdir4

that do anything
Proposed solution : In the code of sudo-sh, replace execle by execvpe (see viewtopic.php?p=145532#p145532)
(But the number of characters remains limited)

-Improvement proposal
See viewtopic.php?p=145566#p145566

Caramel · Post by **Caramel** » Fri Mar 28, 2025 4:52 pm

BarryK wrote: Fri Mar 28, 2025 2:24 pm
...
There is a bug, /usr/bin/sudo-sh does not have suid bit set. Do this:
Code: Select all
# chmod 4711 /usr/bin/sudo-sh
...

It was no more necessary after the modifications you did :https://www.bkhome.org/news/202306/work ... nored.html

BarryK · Post by **BarryK** » Sat Mar 29, 2025 12:19 pm

Have made a start, see blog post:

https://bkhome.org/news/202503/sudo-sh-fix.html

EDIT:
fixed empty $rootPW
The fourth problem, might delay looking at it. Get what has been done so far, out in the next release.

BarryK · Post by **BarryK** » Sun Mar 30, 2025 9:11 am

sudo-sh handle more params:

https://bkhome.org/news/202503/sudo-sh- ... eters.html

Puppy Linux Discussion Forum

Problems with sudo

Problems with sudo

Re: Problems with sudo

Re: Problems with sudo

Re: Problems with sudo

Re: Problems with sudo

Bug of the which comand ?

Re: Problems with sudo

Re: Problems with sudo(new method for the first bug)

improvement proposal for sudo

Modified version of sudo

Re: Problems with sudo

Re: Problems with sudo

Re: Problems with sudo

Problems with sudo (summary)

Re: Problems with sudo

Re: Problems with sudo

Re: Problems with sudo