touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #74952
[Bug 1450667] Re: timezone not cleared despite "env_keep -= TZ" in /etc/sudoers
** Description changed:
the sanity check of the TZ env variable implemented in
1.8.9p5-1ubuntu1.1 to address CVE-2014-9680 apparently has the side
effect of carrying forward the TZ variable despite explicit removal in
/etc/sudoers. 1.8.9p5-1ubuntu1 does not exhibit this behavior.
% fgrep env_ /etc/sudoers
Defaults env_reset
Defaults env_keep+="JAVA_HOME"
Defaults env_keep+="SSH_AUTH_SOCK"
Defaults env_keep-="TZ"
with 1.8.9p5-1ubuntu1:
% sudo sudo -V
Sudo version 1.8.9p5
Configure options: --prefix=/usr -v --with-all-insults --with-pam --with-fqdn --with-logging=syslog --with-logfac=authpriv --with-env-editor --with-editor=/usr/bin/editor --with-timeout=15 --with-password-timeout=0 --with-passprompt=[sudo] password for %p: --without-lecture --with-tty-tickets --disable-root-mailer --enable-admin-flag --with-sendmail=/usr/sbin/sendmail --with-timedir=/var/lib/sudo --mandir=/usr/share/man --libexecdir=/usr/lib/sudo --with-sssd --with-sssd-lib=/usr/lib/x86_64-linux-gnu --with-selinux
Sudoers policy plugin version 1.8.9p5
Sudoers file grammar version 43
Sudoers path: /etc/sudoers
Authentication methods: 'pam'
Syslog facility if syslog is being used for logging: authpriv
Syslog priority to use when user authenticates successfully: notice
Syslog priority to use when user authenticates unsuccessfully: alert
Send mail if the user is not in sudoers
Lecture user the first time they run sudo
Require users to authenticate by default
Root may run sudo
Always set $HOME to the target user's home directory
Allow some information gathering to give useful error messages
Require fully-qualified hostnames in the sudoers file
Visudo will honor the EDITOR environment variable
Set the LOGNAME and USER environment variables
Length at which to wrap log file lines (0 for no wrap): 80
Authentication timestamp timeout: 60.0 minutes
Password prompt timeout: 0.0 minutes
Number of tries to enter a password: 3
Umask to use or 0777 to use user's: 022
Path to mail program: /usr/sbin/sendmail
Flags for mail program: -t
Address to send mail to: root
Subject line for mail messages: *** SECURITY information for %h ***
Incorrect password message: Sorry, try again.
Path to authentication timestamp dir: /var/lib/sudo
- Default password prompt: [sudo] password for %p:
+ Default password prompt: [sudo] password for %p:
Default user to run commands as: root
Path to the editor for use by visudo: /usr/bin/editor
When to require a password for 'list' pseudocommand: any
When to require a password for 'verify' pseudocommand: all
File descriptors >= 3 will be closed before executing a command
Reset the environment to a default set of variables
Environment variables to check for sanity:
- TERM
- LINGUAS
- LC_*
- LANGUAGE
- LANG
- COLORTERM
+ TERM
+ LINGUAS
+ LC_*
+ LANGUAGE
+ LANG
+ COLORTERM
Environment variables to remove:
- RUBYOPT
- RUBYLIB
- PYTHONUSERBASE
- PYTHONINSPECT
- PYTHONPATH
- PYTHONHOME
- TMPPREFIX
- ZDOTDIR
- READNULLCMD
- NULLCMD
- FPATH
- PERL5DB
- PERL5OPT
- PERL5LIB
- PERLLIB
- PERLIO_DEBUG
- JAVA_TOOL_OPTIONS
- SHELLOPTS
- GLOBIGNORE
- PS4
- BASH_ENV
- ENV
- TERMCAP
- TERMPATH
- TERMINFO_DIRS
- TERMINFO
- _RLD*
- LD_*
- PATH_LOCALE
- NLSPATH
- HOSTALIASES
- RES_OPTIONS
- LOCALDOMAIN
- CDPATH
- IFS
+ RUBYOPT
+ RUBYLIB
+ PYTHONUSERBASE
+ PYTHONINSPECT
+ PYTHONPATH
+ PYTHONHOME
+ TMPPREFIX
+ ZDOTDIR
+ READNULLCMD
+ NULLCMD
+ FPATH
+ PERL5DB
+ PERL5OPT
+ PERL5LIB
+ PERLLIB
+ PERLIO_DEBUG
+ JAVA_TOOL_OPTIONS
+ SHELLOPTS
+ GLOBIGNORE
+ PS4
+ BASH_ENV
+ ENV
+ TERMCAP
+ TERMPATH
+ TERMINFO_DIRS
+ TERMINFO
+ _RLD*
+ LD_*
+ PATH_LOCALE
+ NLSPATH
+ HOSTALIASES
+ RES_OPTIONS
+ LOCALDOMAIN
+ CDPATH
+ IFS
Environment variables to preserve:
- SSH_AUTH_SOCK
- JAVA_HOME
- XAUTHORIZATION
- XAUTHORITY
- PS2
- PS1
- PATH
- LS_COLORS
- KRB5CCNAME
- HOSTNAME
- HOME
- DISPLAY
- COLORS
+ SSH_AUTH_SOCK
+ JAVA_HOME
+ XAUTHORIZATION
+ XAUTHORITY
+ PS2
+ PS1
+ PATH
+ LS_COLORS
+ KRB5CCNAME
+ HOSTNAME
+ HOME
+ DISPLAY
+ COLORS
Locale to use while parsing sudoers: C
Directory in which to store input/output logs: /var/log/sudo-io
File in which to store the input/output log: %{seq}
Add an entry to the utmp/utmpx file when allocating a pty
PAM service name to use
PAM service name to use for login shells
Create a new PAM session for the command to run in
Maximum I/O log sequence number: 0
Local IP address and netmask pairs:
- 207.241.227.232/255.255.248.0
- fe80::225:90ff:fee4:aef0/ffff:ffff:ffff:ffff::
- fe80::225:90ff:fee4:aef0/ffff:ffff:ffff:ffff::
+ 207.241.227.232/255.255.248.0
+ fe80::225:90ff:fee4:aef0/ffff:ffff:ffff:ffff::
+ fe80::225:90ff:fee4:aef0/ffff:ffff:ffff:ffff::
Sudoers I/O plugin version 1.8.9p5
- % sudo env | g TZ
+ % sudo env | fgrep TZ
[no output]
with sudo 1.8.9p5-1ubuntu1.1:
% sudo sudo -V
Sudo version 1.8.9p5
Configure options: --prefix=/usr -v --with-all-insults --with-pam --with-fqdn --with-logging=syslog --with-logfac=authpriv --with-env-editor --with-editor=/usr/bin/editor --with-timeout=15 --with-password-timeout=0 --with-passprompt=[sudo] password for %p: --without-lecture --with-tty-tickets --disable-root-mailer --enable-admin-flag --with-sendmail=/usr/sbin/sendmail --with-timedir=/var/lib/sudo --mandir=/usr/share/man --libexecdir=/usr/lib/sudo --with-sssd --with-sssd-lib=/usr/lib/x86_64-linux-gnu --with-selinux
Sudoers policy plugin version 1.8.9p5
Sudoers file grammar version 43
Sudoers path: /etc/sudoers
Authentication methods: 'pam'
Syslog facility if syslog is being used for logging: authpriv
Syslog priority to use when user authenticates successfully: notice
Syslog priority to use when user authenticates unsuccessfully: alert
Send mail if the user is not in sudoers
Lecture user the first time they run sudo
Require users to authenticate by default
Root may run sudo
Always set $HOME to the target user's home directory
Allow some information gathering to give useful error messages
Require fully-qualified hostnames in the sudoers file
Visudo will honor the EDITOR environment variable
Set the LOGNAME and USER environment variables
Length at which to wrap log file lines (0 for no wrap): 80
Authentication timestamp timeout: 60.0 minutes
Password prompt timeout: 0.0 minutes
Number of tries to enter a password: 3
Umask to use or 0777 to use user's: 022
Path to mail program: /usr/sbin/sendmail
Flags for mail program: -t
Address to send mail to: root
Subject line for mail messages: *** SECURITY information for %h ***
Incorrect password message: Sorry, try again.
Path to authentication timestamp dir: /var/lib/sudo
- Default password prompt: [sudo] password for %p:
+ Default password prompt: [sudo] password for %p:
Default user to run commands as: root
Path to the editor for use by visudo: /usr/bin/editor
When to require a password for 'list' pseudocommand: any
When to require a password for 'verify' pseudocommand: all
File descriptors >= 3 will be closed before executing a command
Reset the environment to a default set of variables
Environment variables to check for sanity:
- TZ
- TERM
- LINGUAS
- LC_*
- LANGUAGE
- LANG
- COLORTERM
+ TZ
+ TERM
+ LINGUAS
+ LC_*
+ LANGUAGE
+ LANG
+ COLORTERM
Environment variables to remove:
- RUBYOPT
- RUBYLIB
- PYTHONUSERBASE
- PYTHONINSPECT
- PYTHONPATH
- PYTHONHOME
- TMPPREFIX
- ZDOTDIR
- READNULLCMD
- NULLCMD
- FPATH
- PERL5DB
- PERL5OPT
- PERL5LIB
- PERLLIB
- PERLIO_DEBUG
- JAVA_TOOL_OPTIONS
- SHELLOPTS
- GLOBIGNORE
- PS4
- BASH_ENV
- ENV
- TERMCAP
- TERMPATH
- TERMINFO_DIRS
- TERMINFO
- _RLD*
- LD_*
- PATH_LOCALE
- NLSPATH
- HOSTALIASES
- RES_OPTIONS
- LOCALDOMAIN
- CDPATH
- IFS
+ RUBYOPT
+ RUBYLIB
+ PYTHONUSERBASE
+ PYTHONINSPECT
+ PYTHONPATH
+ PYTHONHOME
+ TMPPREFIX
+ ZDOTDIR
+ READNULLCMD
+ NULLCMD
+ FPATH
+ PERL5DB
+ PERL5OPT
+ PERL5LIB
+ PERLLIB
+ PERLIO_DEBUG
+ JAVA_TOOL_OPTIONS
+ SHELLOPTS
+ GLOBIGNORE
+ PS4
+ BASH_ENV
+ ENV
+ TERMCAP
+ TERMPATH
+ TERMINFO_DIRS
+ TERMINFO
+ _RLD*
+ LD_*
+ PATH_LOCALE
+ NLSPATH
+ HOSTALIASES
+ RES_OPTIONS
+ LOCALDOMAIN
+ CDPATH
+ IFS
Environment variables to preserve:
- SSH_AUTH_SOCK
- JAVA_HOME
- XAUTHORIZATION
- XAUTHORITY
- PS2
- PS1
- PATH
- LS_COLORS
- KRB5CCNAME
- HOSTNAME
- HOME
- DISPLAY
- COLORS
+ SSH_AUTH_SOCK
+ JAVA_HOME
+ XAUTHORIZATION
+ XAUTHORITY
+ PS2
+ PS1
+ PATH
+ LS_COLORS
+ KRB5CCNAME
+ HOSTNAME
+ HOME
+ DISPLAY
+ COLORS
Locale to use while parsing sudoers: C
Directory in which to store input/output logs: /var/log/sudo-io
File in which to store the input/output log: %{seq}
Add an entry to the utmp/utmpx file when allocating a pty
PAM service name to use
PAM service name to use for login shells
Create a new PAM session for the command to run in
Maximum I/O log sequence number: 0
Local IP address and netmask pairs:
- 207.241.227.232/255.255.248.0
- fe80::225:90ff:fee4:aef0/ffff:ffff:ffff:ffff::
- fe80::225:90ff:fee4:aef0/ffff:ffff:ffff:ffff::
+ 207.241.227.232/255.255.248.0
+ fe80::225:90ff:fee4:aef0/ffff:ffff:ffff:ffff::
+ fe80::225:90ff:fee4:aef0/ffff:ffff:ffff:ffff::
Sudoers I/O plugin version 1.8.9p5
- % sudo env | g TZ
+ % sudo env | fgrep TZ
TZ=America/Los_Angeles
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: sudo 1.8.9p5-1ubuntu1.1
ProcVersionSignature: Ubuntu 3.13.0-49.83-generic 3.13.11-ckt17
Uname: Linux 3.13.0-49-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.10
Architecture: amd64
Date: Thu Apr 30 15:53:59 2015
ProcEnviron:
- TERM=rxvt-unicode-256color
- PATH=(custom, no user)
- LANG=en_US.UTF-8
- SHELL=/usr/bin/zsh
+ TERM=rxvt-unicode-256color
+ PATH=(custom, no user)
+ LANG=en_US.UTF-8
+ SHELL=/usr/bin/zsh
SourcePackage: sudo
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.sudoers: [modified]
mtime.conffile..etc.sudoers: 2015-04-30T15:26:42.293612
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/1450667
Title:
timezone not cleared despite "env_keep -= TZ" in /etc/sudoers
Status in sudo package in Ubuntu:
New
Bug description:
the sanity check of the TZ env variable implemented in
1.8.9p5-1ubuntu1.1 to address CVE-2014-9680 apparently has the side
effect of carrying forward the TZ variable despite explicit removal in
/etc/sudoers. 1.8.9p5-1ubuntu1 does not exhibit this behavior.
% fgrep env_ /etc/sudoers
Defaults env_reset
Defaults env_keep+="JAVA_HOME"
Defaults env_keep+="SSH_AUTH_SOCK"
Defaults env_keep-="TZ"
with 1.8.9p5-1ubuntu1:
% sudo sudo -V
Sudo version 1.8.9p5
Configure options: --prefix=/usr -v --with-all-insults --with-pam --with-fqdn --with-logging=syslog --with-logfac=authpriv --with-env-editor --with-editor=/usr/bin/editor --with-timeout=15 --with-password-timeout=0 --with-passprompt=[sudo] password for %p: --without-lecture --with-tty-tickets --disable-root-mailer --enable-admin-flag --with-sendmail=/usr/sbin/sendmail --with-timedir=/var/lib/sudo --mandir=/usr/share/man --libexecdir=/usr/lib/sudo --with-sssd --with-sssd-lib=/usr/lib/x86_64-linux-gnu --with-selinux
Sudoers policy plugin version 1.8.9p5
Sudoers file grammar version 43
Sudoers path: /etc/sudoers
Authentication methods: 'pam'
Syslog facility if syslog is being used for logging: authpriv
Syslog priority to use when user authenticates successfully: notice
Syslog priority to use when user authenticates unsuccessfully: alert
Send mail if the user is not in sudoers
Lecture user the first time they run sudo
Require users to authenticate by default
Root may run sudo
Always set $HOME to the target user's home directory
Allow some information gathering to give useful error messages
Require fully-qualified hostnames in the sudoers file
Visudo will honor the EDITOR environment variable
Set the LOGNAME and USER environment variables
Length at which to wrap log file lines (0 for no wrap): 80
Authentication timestamp timeout: 60.0 minutes
Password prompt timeout: 0.0 minutes
Number of tries to enter a password: 3
Umask to use or 0777 to use user's: 022
Path to mail program: /usr/sbin/sendmail
Flags for mail program: -t
Address to send mail to: root
Subject line for mail messages: *** SECURITY information for %h ***
Incorrect password message: Sorry, try again.
Path to authentication timestamp dir: /var/lib/sudo
Default password prompt: [sudo] password for %p:
Default user to run commands as: root
Path to the editor for use by visudo: /usr/bin/editor
When to require a password for 'list' pseudocommand: any
When to require a password for 'verify' pseudocommand: all
File descriptors >= 3 will be closed before executing a command
Reset the environment to a default set of variables
Environment variables to check for sanity:
TERM
LINGUAS
LC_*
LANGUAGE
LANG
COLORTERM
Environment variables to remove:
RUBYOPT
RUBYLIB
PYTHONUSERBASE
PYTHONINSPECT
PYTHONPATH
PYTHONHOME
TMPPREFIX
ZDOTDIR
READNULLCMD
NULLCMD
FPATH
PERL5DB
PERL5OPT
PERL5LIB
PERLLIB
PERLIO_DEBUG
JAVA_TOOL_OPTIONS
SHELLOPTS
GLOBIGNORE
PS4
BASH_ENV
ENV
TERMCAP
TERMPATH
TERMINFO_DIRS
TERMINFO
_RLD*
LD_*
PATH_LOCALE
NLSPATH
HOSTALIASES
RES_OPTIONS
LOCALDOMAIN
CDPATH
IFS
Environment variables to preserve:
SSH_AUTH_SOCK
JAVA_HOME
XAUTHORIZATION
XAUTHORITY
PS2
PS1
PATH
LS_COLORS
KRB5CCNAME
HOSTNAME
HOME
DISPLAY
COLORS
Locale to use while parsing sudoers: C
Directory in which to store input/output logs: /var/log/sudo-io
File in which to store the input/output log: %{seq}
Add an entry to the utmp/utmpx file when allocating a pty
PAM service name to use
PAM service name to use for login shells
Create a new PAM session for the command to run in
Maximum I/O log sequence number: 0
Local IP address and netmask pairs:
207.241.227.232/255.255.248.0
fe80::225:90ff:fee4:aef0/ffff:ffff:ffff:ffff::
fe80::225:90ff:fee4:aef0/ffff:ffff:ffff:ffff::
Sudoers I/O plugin version 1.8.9p5
% sudo env | fgrep TZ
[no output]
with sudo 1.8.9p5-1ubuntu1.1:
% sudo sudo -V
Sudo version 1.8.9p5
Configure options: --prefix=/usr -v --with-all-insults --with-pam --with-fqdn --with-logging=syslog --with-logfac=authpriv --with-env-editor --with-editor=/usr/bin/editor --with-timeout=15 --with-password-timeout=0 --with-passprompt=[sudo] password for %p: --without-lecture --with-tty-tickets --disable-root-mailer --enable-admin-flag --with-sendmail=/usr/sbin/sendmail --with-timedir=/var/lib/sudo --mandir=/usr/share/man --libexecdir=/usr/lib/sudo --with-sssd --with-sssd-lib=/usr/lib/x86_64-linux-gnu --with-selinux
Sudoers policy plugin version 1.8.9p5
Sudoers file grammar version 43
Sudoers path: /etc/sudoers
Authentication methods: 'pam'
Syslog facility if syslog is being used for logging: authpriv
Syslog priority to use when user authenticates successfully: notice
Syslog priority to use when user authenticates unsuccessfully: alert
Send mail if the user is not in sudoers
Lecture user the first time they run sudo
Require users to authenticate by default
Root may run sudo
Always set $HOME to the target user's home directory
Allow some information gathering to give useful error messages
Require fully-qualified hostnames in the sudoers file
Visudo will honor the EDITOR environment variable
Set the LOGNAME and USER environment variables
Length at which to wrap log file lines (0 for no wrap): 80
Authentication timestamp timeout: 60.0 minutes
Password prompt timeout: 0.0 minutes
Number of tries to enter a password: 3
Umask to use or 0777 to use user's: 022
Path to mail program: /usr/sbin/sendmail
Flags for mail program: -t
Address to send mail to: root
Subject line for mail messages: *** SECURITY information for %h ***
Incorrect password message: Sorry, try again.
Path to authentication timestamp dir: /var/lib/sudo
Default password prompt: [sudo] password for %p:
Default user to run commands as: root
Path to the editor for use by visudo: /usr/bin/editor
When to require a password for 'list' pseudocommand: any
When to require a password for 'verify' pseudocommand: all
File descriptors >= 3 will be closed before executing a command
Reset the environment to a default set of variables
Environment variables to check for sanity:
TZ
TERM
LINGUAS
LC_*
LANGUAGE
LANG
COLORTERM
Environment variables to remove:
RUBYOPT
RUBYLIB
PYTHONUSERBASE
PYTHONINSPECT
PYTHONPATH
PYTHONHOME
TMPPREFIX
ZDOTDIR
READNULLCMD
NULLCMD
FPATH
PERL5DB
PERL5OPT
PERL5LIB
PERLLIB
PERLIO_DEBUG
JAVA_TOOL_OPTIONS
SHELLOPTS
GLOBIGNORE
PS4
BASH_ENV
ENV
TERMCAP
TERMPATH
TERMINFO_DIRS
TERMINFO
_RLD*
LD_*
PATH_LOCALE
NLSPATH
HOSTALIASES
RES_OPTIONS
LOCALDOMAIN
CDPATH
IFS
Environment variables to preserve:
SSH_AUTH_SOCK
JAVA_HOME
XAUTHORIZATION
XAUTHORITY
PS2
PS1
PATH
LS_COLORS
KRB5CCNAME
HOSTNAME
HOME
DISPLAY
COLORS
Locale to use while parsing sudoers: C
Directory in which to store input/output logs: /var/log/sudo-io
File in which to store the input/output log: %{seq}
Add an entry to the utmp/utmpx file when allocating a pty
PAM service name to use
PAM service name to use for login shells
Create a new PAM session for the command to run in
Maximum I/O log sequence number: 0
Local IP address and netmask pairs:
207.241.227.232/255.255.248.0
fe80::225:90ff:fee4:aef0/ffff:ffff:ffff:ffff::
fe80::225:90ff:fee4:aef0/ffff:ffff:ffff:ffff::
Sudoers I/O plugin version 1.8.9p5
% sudo env | fgrep TZ
TZ=America/Los_Angeles
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: sudo 1.8.9p5-1ubuntu1.1
ProcVersionSignature: Ubuntu 3.13.0-49.83-generic 3.13.11-ckt17
Uname: Linux 3.13.0-49-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.10
Architecture: amd64
Date: Thu Apr 30 15:53:59 2015
ProcEnviron:
TERM=rxvt-unicode-256color
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/usr/bin/zsh
SourcePackage: sudo
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.sudoers: [modified]
mtime.conffile..etc.sudoers: 2015-04-30T15:26:42.293612
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1450667/+subscriptions
References
