Bug 830 – remote ssh combined with log_output hangs

Bug 830 - remote ssh combined with log_output hangs


Summary:	remote ssh combined with log_output hangs

Status:	RESOLVED DUPLICATE of bug 826

Product:	Sudo
Classification:	Unclassified
Component:	Sudo
Version:	1.8.6
Hardware:	PC Linux

Importance:	low normal
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2018-04-04 13:48 MDT by woody weaver
Modified:	2018-06-28 20:56 MDT (History)
CC List:	1 user (show)

See Also:

Attachments
Fix for I/O log hang on Linux present in sudo < 1.8.23 (854 bytes, patch) 2018-06-28 20:55 MDT, Todd C. Miller	Details \| Diff
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description woody weaver 2018-04-04 13:48:41 MDT

We recently implemented 

Defaults log_input, log_output
Defaults iolog_dir=/var/log/sudo-io/%{user}

/etc/sudoers also has

weaverw ALL=(ALL) NOPASSWD: /bin/netstat -napv


Prior to implementation, a (simplified) shell script script.sh with 
  w
  sudo netstat -napv
  w
  exit

when invoked as 

ssh -tt weaverw@thishost 'bash -s ' < script.sh

worked fine, but after the log_input, log_output it executes the sudo netstat command then hangs -- visually, the script remains at a command prompt for thishost, but doesn't accept commands.

Doesn't seem to be a good workaround -- it just hangs after the sudo.

$ rpm -q -i sudo
Name        : sudo                         Relocations: (not relocatable)
Version     : 1.8.6p3                           Vendor: Red Hat, Inc.
Release     : 29.el6_9                      Build Date: Wed 07 Jun 2017 11:30:10 AM EDT
Install Date: Thu 13 Jul 2017 09:31:50 PM EDT      Build Host: x86-041.build.eng.bos.redhat.com
Group       : Applications/System           Source RPM: sudo-1.8.6p3-29.el6_9.src.rpm

Comment 1 Todd C. Miller 2018-04-04 14:25:05 MDT

Sudo 1.8.6 is quite old now.  I realize that this may be the latest version RedHat provides but it's not a version I can really support.

There have been a number of fixes for I/O logging hangs, including one that will be in the upcoming sudo 1.8.23 release.  I tested your script on a Linux host with the latest beta version of sudo 1.8.23 and it did not hang.

Is there any way you could try either sudo 1.8.22 (latest release) or the 1.8.23 beta?

You'll find RPMs for 1.8.22 at:

https://www.sudo.ws/download.html#binary 

And for 1.8.23b2:

https://www.sudo.ws/dist/beta/packages/index.html

Comment 2 woody weaver 2018-04-04 15:47:52 MDT

I'm in an accredited environment, with the OS controlled by the cloud service provider, so am trying to see what I can do.  I only discovered that 1.8.6p3 is more than five years old after submitting the bug.

Thanks for the rapid response.  I'll see if the CSP can get support from Red Hat.  And thanks for an amazing product.

Comment 3 Todd C. Miller 2018-06-28 20:55:01 MDT

Created attachment 511 [details]
Fix for I/O log hang on Linux present in sudo < 1.8.23

Comment 4 Todd C. Miller 2018-06-28 20:55:39 MDT

RedHat has contacted me about the bug and I have given them the attached patch.

Comment 5 Todd C. Miller 2018-06-28 20:56:49 MDT

Same as bug #826 which was fixed in sudo 1.8.23.

*** This bug has been marked as a duplicate of bug 826 ***