Bug 102 – remsh and rlogin does not work if the "mailto" option is used.

Bug 102 - remsh and rlogin does not work if the "mailto" option is used.


Summary:	remsh and rlogin does not work if the "mailto" option is used.

Status:	RESOLVED FIXED

Product:	Sudo
Classification:	Unclassified
Component:	Sudo
Version:	1.6.6
Hardware:	HP HP-UX

Importance:	normal high
Assigned To:	Todd C. Miller

URL:

Duplicates:	76 (view as bug list)
Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2003-03-18 03:33 MST by Mark Barton
Modified:	2003-03-20 07:49 MST (History)
CC List:	1 user (show)

See Also:

Attachments
Fix for "sudo rlogin" on HP-UX (359 bytes, patch) 2003-03-19 18:44 MST, Todd C. Miller	Details \| Diff
Correct fix for sudo rlogin on HP-UX (1.01 KB, patch) 2003-03-19 19:09 MST, Todd C. Miller	Details \| Diff
Show Obsolete (1) Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mark Barton 2003-03-18 03:33:20 MST

Hi
   We have over 250 machines and we need to allowsome users to remsh or rlogin 
as root and some other users to most of these machines but we do not want them 
to have root access on the machine they are issuing the command from (the 
central management machine). The way we do this is as follows:
User_Alias      EADC_DBA=%DBA
Cmnd_Alias      EADC_REMSH=/usr/bin/rlogin,\
                          ! /usr/bin/rlogin *mgt*,\
                          /usr/bin/remsh,\
                          ! /usr/bin/remsh *mgt*
EADC_DBA        ALL=(ALL) SU_DBA,EADC_REMSH

This works fine, a cample command is below:
"sudo remsh amsops03"

The issue rises when we try to use the option to send an e-mail whenever sudo 
is used. We do this so nobody can tamper with the sudo file on the remote 
machine, leaving a clearer audit trail. We set the following:
Defaults       mail_always, mailto="me@emailadress.co.uk"

When we issue the command now, the screen either hangs and we have to kill the 
session or just comes back to the same prompt.
   This is happening on HPUX 10 and 11

It does work if we export the display on the remote machine and initiate a 
dtterm, all through sudo. e.g.:
sudo remsh remote_machine "export DISPLAY=curr_machine:0 ;/usr/bin/X11/dtterm" &
but this is not a solution we can live with.
It seems to me there are some issues with the redirection of stdin and stdout.

Could you please help.

Regards
Mark...

Comment 1 Todd C. Miller 2003-03-19 18:44:32 MST

Created attachment 19 [details]
Fix for "sudo rlogin" on HP-UX

This fixes the problem for me on HP-UX 11.00.  I haven't been able to reproduce
the issue elsewhere.

Comment 2 Todd C. Miller 2003-03-19 19:09:22 MST

Created attachment 20 [details]
Correct fix for sudo rlogin on HP-UX

I found the real cause of the problem.	This is the fix that will go in sudo
1.6.7.

Comment 3 Todd C. Miller 2003-03-19 19:10:43 MST

The patch attached to this bug report will be included in sudo 1.6.7, due out in a week or so.

Comment 4 Todd C. Miller 2003-03-19 19:23:08 MST

*** Bug 76 has been marked as a duplicate of this bug. ***

Comment 5 Mark Barton 2003-03-20 03:49:33 MST

Thank you so much for your quick response.
I will install V1.6.7 when it comes out. I would install this patch but I do not 
have access to the C-code.

Cheers
Mark...