Created attachment 347 [details]
tar package of the used scripts and binaries:

Hi team

Looks that a new regression introduced in sudo 1.7.9.0 due to the following change:
"If none of the standard input, output or error are connected to a tty device, sudo will now check its parent's standard input, output or error for the tty name on systems with /proc and BSD systems that support the KERN_PROC_PID sysctl. This allows tty-based tickets to work properly even when, e.g. standard input, output and error are redirected to /dev/null. "

On AIX systems this change could cause sudo to hang in case the user try to use sudo without tty device. In my tests I was able to reproduce the issue in the following way:

Used scripts:
test_server@user:/tmp $ cat /tmp/test
#!/usr/bin/ksh
date
whoami

test_server@user:/tmp $ cat /tmp/test2
#!/usr/bin/ksh
/usr/local/bin/sudo /tmp/test

POC:
test_server@user:/tmp $ ssh localhost /tmp/test2

Sudoers content:
test_server@user:/tmp $ sudo egrep -v "^#|^$" /etc/sudoers
Defaults !env_reset                             # deny to replace ENV
Defaults !lecture                               # stops the silly message
Defaults root_sudo                              # root is allowed to run sudo too
Defaults logfile=/var/adm/sudo.log              # place for log
Defaults loglinelen=0                           # do not wrap lines
Defaults log_host,log_year                      # additional logging parameters
root ALL=(ALL) ALL
user ALL = NOPASSWD: ALL

After I execute the command (ssh localhost /tmp/test2) the session hangs, and nothing happens. On the process list I can see the 2 forked processes, but neither goes anywhere:

test_server@user:/tmp $ ps -ef |grep test
 user 3735662 4849784   3 09:09:24  pts/1  0:00 ssh localhost /tmp/test2
 user 4260000 5832778   0 09:09:24      -  0:00 /usr/local/bin/sudo /tmp/test
 user 5832778 6094946   0 09:09:24      -  0:00 /usr/bin/ksh /tmp/test2
 user 6422548 3342444   2 09:09:28  pts/0  0:00 grep test
 
In fact - If I terminate the ssh command with Ctrl+C, the session quit, but the processes are remain on the process list (owner would be PID 1)
test_server@user:/tmp $ ps -ef |grep test
 user 2425026 3342444   2 09:16:51  pts/0  0:00 grep test
 user 4260000 5832778   0 09:09:24      -  0:00 /usr/local/bin/sudo /tmp/test
 user 5832778       1   0 09:09:24      -  0:00 /usr/bin/ksh /tmp/test2

Here are my observations:
- Issue happens only in case the user using ksh instead of ksh93. Unfortunately ksh is the default on AIX servers
- Tested on AIX 5.3 (TL12, SP5), 6.1 (TL7, SP3)
- ssh version is irrelevant. 
- The same POC works without issue with sudo version 1.7.8p1

To make sure that the tty change caused the issue, I altered the 1.7.9 used sudo.c and changed back the tty check to the 1.7.8p1 used way. 

devel_box@root:/ # diff /tmp/sudo-src/sudo-1.7.9.gabor/sudo.c /tmp/sudo-src/sudo-1.7.9/sudo.c
628,631c628,630
<
<     if ((p = ttyname(STDIN_FILENO)) || (p = ttyname(STDOUT_FILENO)) ||
<         (p = ttyname(STDERR_FILENO))) {
<         user_tty = user_ttypath = estrdup(p);
---
>
>     if ((p = get_process_ttyname()) != NULL) {
>       user_tty = user_ttypath = p;

Compiled this code with the same gcc flags and it works fine:

test_server@user:/tmp $ cat test.sudo1790.gabor_ksh
#!/usr/bin/ksh
/usr/local/bin/sudo.1.7.9.0.gabor /tmp/test

test_server@user:/tmp $ cat /tmp/test
#!/usr/bin/ksh
date
whoami

test_server@user:/tmp $ /usr/local/bin/sudo.1.7.9.0.gabor -V |head -1
Sudo version 1.7.9

test_server@user:/tmp $ ssh localhost /tmp/test.sudo1790.gabor_ksh
Thu May 24 09:30:34 GMT 2012
root

Attaching the binaries to the ticket

#Note - tried the same issue on different linux systems, but as I see only AIX with ksh is affected.