Bug 102

Summary: remsh and rlogin does not work if the "mailto" option is used.
Product: Sudo Reporter: Mark Barton <mbarton>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: high CC: thiago
Priority: normal    
Version: 1.6.6   
Hardware: HP   
OS: HP-UX   
Attachments: Fix for "sudo rlogin" on HP-UX
Correct fix for sudo rlogin on HP-UX

Description Mark Barton 2003-03-18 03:33:20 MST 
Hi
   We have over 250 machines and we need to allowsome users to remsh or rlogin 
as root and some other users to most of these machines but we do not want them 
to have root access on the machine they are issuing the command from (the 
central management machine). The way we do this is as follows:
User_Alias      EADC_DBA=%DBA
Cmnd_Alias      EADC_REMSH=/usr/bin/rlogin,\
                          ! /usr/bin/rlogin *mgt*,\
                          /usr/bin/remsh,\
                          ! /usr/bin/remsh *mgt*
EADC_DBA        ALL=(ALL) SU_DBA,EADC_REMSH

This works fine, a cample command is below:
"sudo remsh amsops03"

The issue rises when we try to use the option to send an e-mail whenever sudo 
is used. We do this so nobody can tamper with the sudo file on the remote 
machine, leaving a clearer audit trail. We set the following:
Defaults       mail_always, mailto="me@emailadress.co.uk"

When we issue the command now, the screen either hangs and we have to kill the 
session or just comes back to the same prompt.
   This is happening on HPUX 10 and 11

It does work if we export the display on the remote machine and initiate a 
dtterm, all through sudo. e.g.:
sudo remsh remote_machine "export DISPLAY=curr_machine:0 ;/usr/bin/X11/dtterm" &
but this is not a solution we can live with.
It seems to me there are some issues with the redirection of stdin and stdout.

Could you please help.

Regards
Mark...
Comment 1 Todd C. Miller 2003-03-19 18:44:32 MST 
Created attachment 19 [details]
Fix for "sudo rlogin" on HP-UX

This fixes the problem for me on HP-UX 11.00.  I haven't been able to reproduce
the issue elsewhere.
Comment 2 Todd C. Miller 2003-03-19 19:09:22 MST 
Created attachment 20 [details]
Correct fix for sudo rlogin on HP-UX

I found the real cause of the problem.	This is the fix that will go in sudo
1.6.7.
Comment 3 Todd C. Miller 2003-03-19 19:10:43 MST 
The patch attached to this bug report will be included in sudo 1.6.7, due out in a week or so.
Comment 4 Todd C. Miller 2003-03-19 19:23:08 MST 
*** Bug 76 has been marked as a duplicate of this bug. ***
Comment 5 Mark Barton 2003-03-20 03:49:33 MST 
Thank you so much for your quick response.
I will install V1.6.7 when it comes out. I would install this patch but I do not 
have access to the C-code.

Cheers
Mark...