Bug 728

Summary: Sudo truncates the final environment variable to 8 characters
Product: Sudo Reporter: Melvyn Sopacua <melvyn>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED WORKSFORME    
Severity: high    
Priority: low    
Version: 1.8.15   
Hardware: PC   
OS: FreeBSD   

Description Melvyn Sopacua 2015-11-07 08:45:41 MST 
For this bug to work, all of the following must be true:

- The affected variable is the final one in the original user's environment, as printed by the env(1) utility;
- The last variable in the original user's environment must be in keep_env sudo configuration;
- The environment must be appended with account related variables, such as USERNAME as is done in ;
- For the bug to be noticed, the variablename, equals sign and the variable's value must exceed 8 characters.

First noticed this bug, when sudoedit on a vty reported unknown terminal. The terminal was set to xterm, which should be (and is) available on a system level and on a vty happens to be the last variable printed. The one before that was/is PATH.
After more careful reading noticed that the reported unknown terminal was "xte".

So a couple of tests:

   sudo env: TERM=xte
   env TERM=xterm sudo env: env: not found
   env TERM=xterm env|tail -1: PATH=....
   env TERM=xterm env|head -1: TERM=xterm
   env TERM=xterm sudo /usr/bin/env |grep PATH: PATH=/sb
   env -i NONEXISTENT=true sudo env |grep NONEXISTENT: empty
   env -i NONEXISTENT=true sudo -E env | grep NONEXISTENT: NONEXISTENT=true
   # Note, CPP is in env_keep
   env -i CPP=56789 sudo env|grep CPP: CPP=5678

Repeated this with -A1 on greps, and each time USERNAME or USER was the next.
Comment 1 Todd C. Miller 2015-11-07 13:03:36 MST 
That's an odd one.  I haven't been able to reproduce the problem, what version of FreeBSD are you running?

Please add the following to /etc/sudo.conf:

Debug sudoers.so Debug sudoers.so /var/log/sudoers_debug env@debug
and attach the log file to this bug.
Comment 2 Todd C. Miller 2017-05-10 10:40:11 MDT 
Are you able to reproduce this problem with the latest version of sudo, 1.8.20?
Comment 3 Todd C. Miller 2018-01-16 14:02:57 MST 
Ive been unable to reproduce this problem.  If it still occurs with sudo 1.8.22 please re-open the bug and attach debug log output.