Bug 1031 – The path of the loaded Python plugins can be overwrriten by standard Python search path

Bug 1031 - The path of the loaded Python plugins can be overwrriten by standard Python search path


Summary:	The path of the loaded Python plugins can be overwrriten by standard Python s...

Status:	RESOLVED FIXED

Product:	Sudo
Classification:	Unclassified
Component:	Sudo
Version:	1.9.10
Hardware:	PC Linux

Importance:	low normal
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2022-06-05 11:03 MDT by Jerome
Modified:	2022-06-06 13:09 MDT (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jerome 2022-06-05 11:03:57 MDT

I tried to implement the example of the Python Audit Plugin. So I wrote a file named /root/audit.py.

I changed the configuration of /etc/sudo.conf to load it :

Plugin python_audit python_plugin.so ModulePath=/root/audit.py ClassName=MyAuditPlugin Id=123

However, each time I try to use "sudo", it prints the following error messages :

Failed to find plugin class 'MyAuditPlugin'
Failed during loading plugin class

If I change the name of the Python file and rename it "audit2.py" (and of course I change the content of /etc/sudo.conf), the errors are no longer displayed.

So I did a "git clone" and I noticed the problem is in file "plugins/python/python_plugin_common.c", where you call the function "_append_python_path" which adds the Plugin directory AT THE END of the standard Python list.

On my host, the debug mode displays:

Python path became: /usr/lib64/python39.zip:/usr/lib64/python3.9/site-packages/:<more directories here>:/root

Unfortunetaly, there is already an "audit" file under /usr/lib64/python3.9/site-packages.

Don't you think that the Plugin directory (here: "/root") should be inserted AT THE BEGINNING of the search path list ?

Comment 1 Todd C. Miller 2022-06-05 13:32:50 MDT

I considered adding it to the front of the path but that could also be problematic.  Now you have the possibility of overriding standard Python modules with your own, which is even harder to debug.

There is no good solution here but I think that appending to module path is the least bad.  Perhaps it is worth suggesting that sudo Python modules use a "Sudo" prefix or something similar to reduce the chance of namespace collisions.

Comment 2 Jerome 2022-06-06 00:22:09 MDT

I understand your choice but maybe could you change the name /root/audit.py in the documentation and/or add a precision about the search path precedence ?

Comment 3 Todd C. Miller 2022-06-06 13:09:24 MDT

I updated the sudo blog articles and renamed the Python files from, e.g. audit.py to sudo_audit.py and added the following to the sudo_plugin_python manual page:

The parent directory of "ModulePath" will be appended to Python's module search path (there is currently no way to force Python to load a module from a fully-qualified path).  It is good practice to use a prefix for the module file that is unlikely to conflict with other installed Python modules, for example, "sudo_policy.py".  Otherwise, if the there is an installed Python module with the same file name as the sudo Python plugin file (without the directory), the wrong file will be loaded.