Bug 712

Summary: Various issues when sudo is used twice in pipe
Product: Sudo Reporter: Roel Van de Paar <roel>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: high CC: roel
Priority: normal    
Version: 1.8.6   
Hardware: PC   
OS: Linux   
Attachments: Patch to serialize password prompts on a per-tty basis

Description Roel Van de Paar 2015-08-21 04:36:53 MDT 
$ sudo ls | sudo ls

Gives various issues:
1) The secondary password is shown clear-text on the screen ('123' in the example below)
2) The '[sudo] password for user:' is shown twice (this one is unavoidable I think)
3) The shell goes and hangs in a funny mode - anything typed is no longer visible 
4) Connected with #3, 'Enter' does the following;

[roel@localhost ~]$ sudo ls | sudo ls
[sudo] password for roel: [sudo] password for roel: 
123

Desktop    Downloads  perl5	Public	   Videos
Documents  Music      Pictures	Templates
[roel@localhost ~]$ [roel@localhost ~]$ [roel@localhost ~]$ [roel@localhost ~]$ [roel@localhost ~]$ [roel@localhost ~]$ [roel@localhost ~]$ [roel@localhost ~]$ [roel@localhost ~]$ [roel@localhost ~]$ [roel@localhost ~]$ [roel@localhost ~]$ [roel@localhost ~]$ [roel@localhost ~]$
Comment 1 Todd C. Miller 2015-08-21 13:07:03 MDT 
What's happening is that both sudo processes disable echo on the tty and when the first one reads the password it restores echo.  Then when the other process reads the password echo is back on again.

This is the basic use case for "sudo -v" where you would run "sudo -v" first and then the pipeline.

I'm not sure this is fixable without using a lock file of some sort.
Comment 2 Todd C. Miller 2015-08-21 17:04:35 MDT 
Created attachment 458 [details]
Patch to serialize password prompts on a per-tty basis

The attached patch is one I'm testing.  It should apply cleanly to sudo 1.8.14 or to sudo trunk.
Comment 3 Todd C. Miller 2015-09-09 10:00:57 MDT 
I decided to go in a different direction for sudo 1.8.15.  Instead of adding a new lock when reading the password, sudo will lock a tty-specific record in the time stamp file.  This has the added benefit of deferring time stamp lookups until the user has entered the password which means that for:

$ sudo ls | sudo ls

there will only be a single password prompt.  The changes are in the sudo repo now and I'll update this bug when a beta version of 1.8.15 is available.
Comment 4 Todd C. Miller 2015-09-15 09:51:49 MDT 
The first beta version of sudo 1.8.15 is available.  See http://www.sudo.ws/devel.html
Comment 5 Todd C. Miller 2015-11-01 15:27:29 MST 
Fixed in sudo 1.8.15