← Back to team overview

debcrafters-packages team mailing list archive

  1. debcrafters-packages team
  2. Mailing list archive
  3. Message #06596

[Bug 2121898] Re: sudo hangs when hostname resolution fails due to FQDN lookup being enabled by default (--with-fqdn)

  Thread PreviousDate PreviousThread Next 
Looks like compiling sudo with --with-fqdn is a deliberate choice, and
Debian and Ubuntu system has that flag for a long time. Dropping it may
fix the delay in your (slightly misconfigured system) scenario, but it
is certainly going to break other use cases. I do not believe the flag
can be easily dropped from the sudo configure flags.

In any case, if you think this is a discussion worth having, I suggest
opening a Debian bug for this. Ubuntu is unlikely to deviate from the
Debian default in this regard.

Bugs for the Debian "sudo" source package: https://bugs.debian.org/cgi-
bin/pkgreport.cgi?src=sudo

** Changed in: sudo (Ubuntu)
       Status: New => Opinion

-- 
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/2121898

Title:
  sudo hangs when hostname resolution fails due to FQDN lookup being
  enabled by default (--with-fqdn)

Status in sudo package in Ubuntu:
  Opinion

Bug description:
  sudo on Ubuntu (tested on 24.04) is compiled with the --with-fqdn
  flag, which causes it to perform FQDN resolution on the machine's own
  hostname before executing any command (even when there is no Defaults
  fqdn line in /etc/sudoers).

  This can lead to noticeable hangs (30–60 seconds or more) if hostname resolution fails. For example:
  - If the system hostname is changed via hostnamectl or GNOME Settings, but /etc/hosts is not updated accordingly (a common and silent misconfiguration).
  - If /etc/nsswitch.conf falls through to DNS and DNS is blocked (e.g. by a VPN kill-switch).
  - If systemd-resolved has no cached answer and cannot reach upstream nameservers.

  In this scenario, sudo hangs until name resolution times out, then
  eventually proceeds.

  Notably, upstream sudo does not enable FQDN resolution by default.
  This behavior comes from a Debian and Ubuntu-specific build option
  (--with-fqdn). Other distributions, such as Fedora and Arch, do not
  compile sudo with this option and therefore do not exhibit this
  behavior unless Defaults fqdn is explicitly set in the sudoers file.

  ---
  System Information:
  - Ubuntu version: 24.04.2 LTS
  - sudo version: 1.9.15p5-3ubuntu5.24.04.1

  ---

  For a detailed write-up and reproduction scenario see:
  https://anagogistis.com/posts/sudo-hang/

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/2121898/+subscriptions

References

  Thread PreviousDate PreviousThread Next