Bugzilla – Bug 712
Various issues when sudo is used twice in pipe
Last modified: 2015-11-01 15:27:29 MST
$ sudo ls | sudo ls Gives various issues: 1) The secondary password is shown clear-text on the screen ('123' in the example below) 2) The '[sudo] password for user:' is shown twice (this one is unavoidable I think) 3) The shell goes and hangs in a funny mode - anything typed is no longer visible 4) Connected with #3, 'Enter' does the following; [roel@localhost ~]$ sudo ls | sudo ls [sudo] password for roel: [sudo] password for roel: 123 Desktop Downloads perl5 Public Videos Documents Music Pictures Templates [roel@localhost ~]$ [roel@localhost ~]$ [roel@localhost ~]$ [roel@localhost ~]$ [roel@localhost ~]$ [roel@localhost ~]$ [roel@localhost ~]$ [roel@localhost ~]$ [roel@localhost ~]$ [roel@localhost ~]$ [roel@localhost ~]$ [roel@localhost ~]$ [roel@localhost ~]$ [roel@localhost ~]$
What's happening is that both sudo processes disable echo on the tty and when the first one reads the password it restores echo. Then when the other process reads the password echo is back on again. This is the basic use case for "sudo -v" where you would run "sudo -v" first and then the pipeline. I'm not sure this is fixable without using a lock file of some sort.
Created attachment 458 [details] Patch to serialize password prompts on a per-tty basis The attached patch is one I'm testing. It should apply cleanly to sudo 1.8.14 or to sudo trunk.
I decided to go in a different direction for sudo 1.8.15. Instead of adding a new lock when reading the password, sudo will lock a tty-specific record in the time stamp file. This has the added benefit of deferring time stamp lookups until the user has entered the password which means that for: $ sudo ls | sudo ls there will only be a single password prompt. The changes are in the sudo repo now and I'll update this bug when a beta version of 1.8.15 is available.
The first beta version of sudo 1.8.15 is available. See http://www.sudo.ws/devel.html
Fixed in sudo 1.8.15