Bug 848 – -i / --login on AIX does not initialize LOGIN environment variable like su -

Bug 848 - -i / --login on AIX does not initialize LOGIN environment variable like su -


Summary:	-i / --login on AIX does not initialize LOGIN environment variable like su -

Status:	RESOLVED FIXED

Product:	Sudo
Classification:	Unclassified
Component:	Sudo
Version:	1.8.21
Hardware:	IBM AIX

Importance:	low normal
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2018-08-28 11:15 MDT by Edward Davignon
Modified:	2018-09-05 06:27 MDT (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Edward Davignon 2018-08-28 11:15:27 MDT

From the AIX login command manual:

The login command also sets the LOGIN and LOGNAME environment variables.


sudoers(5) does not mention the LOGIN environment variable.


From the AIX su command manual, the hyphen flag:

Specifies that the process environment is to be set as if the user had logged in to the system using the login command. Nothing in the current environment is propagated to the new shell.


Example:

$ su - -c env | sort > su.env
root's Password:
$ sudo -i env | sort > sudo.env
$ comm -23 su.env sudo.env
AUTHSTATE=compat
LOGIN=root
$ comm -13 su.env sudo.env | grep -v '^SUDO_'
USERNAME=root
$ uname
AIX
$ oslevel -s
7200-02-02-1832
$ sudo lssec -f /etc/security/login.cfg -s usw -a auth_type
usw auth_type=STD_AUTH
$ find /usr/*bin -inum $(ls -i /usr/sbin/login | awk '{print $1}')
/usr/sbin/getty
/usr/sbin/login
/usr/sbin/tsm
$

Comment 1 Edward Davignon 2018-08-28 11:23:56 MDT

Possible work arounds include using $USER or $(/usr/bin/id -un) instead of $LOGIN in login scripts.

Comment 2 Todd C. Miller 2018-08-28 11:40:12 MDT

LOGIN appears to be AIX-specific.  I'll look into adding support for it to sudo 1.8.25

Comment 3 Todd C. Miller 2018-09-05 06:27:52 MDT

Fixed in sudo 1.8.25