touch-packages team mailing list archive

Thread
Date

[Bug 1458031] [NEW] sudo not properly cleaning out timestamp directory

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Marc Deslauriers <marc.deslauriers@xxxxxxxxxxxxx>
Date: Fri, 22 May 2015 19:28:10 -0000
Reply-to: Bug 1458031 <1458031@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

*** This bug is a security vulnerability ***

Public security bug reported:

Sudo 1.8.10 switched to a new time stamp file format that uses the
monotonic clock. Timestamp files moved from /var/lib/sudo to
/var/lib/sudo/ts.

At boot, the contents of the /var/lib/sudo/ts directory needs to be
deleted, as per the warning in the build log:

configure: Warning: the /var/lib/sudo/ts directory must be cleared at boot time.
configure:          You may need to create a startup item to do this.

The sudo package ships with both an init script and a systemd unit file.
Unfortunately, the init script sets the date on the timestamp files to
epoch, which is no longer the proper way to invalidate them. The systemd
unit file doesn't seem to work at all.

** Affects: sudo (Ubuntu)
     Importance: Undecided
         Status: Confirmed

** Affects: sudo (Ubuntu Wily)
     Importance: Undecided
         Status: Confirmed

** Affects: sudo (Debian)
     Importance: Unknown
         Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/1458031

Title:
  sudo not properly cleaning out timestamp directory

Status in sudo package in Ubuntu:
  Confirmed
Status in sudo source package in Wily:
  Confirmed
Status in sudo package in Debian:
  Unknown

Bug description:
  Sudo 1.8.10 switched to a new time stamp file format that uses the
  monotonic clock. Timestamp files moved from /var/lib/sudo to
  /var/lib/sudo/ts.

  At boot, the contents of the /var/lib/sudo/ts directory needs to be
  deleted, as per the warning in the build log:

  configure: Warning: the /var/lib/sudo/ts directory must be cleared at boot time.
  configure:          You may need to create a startup item to do this.

  The sudo package ships with both an init script and a systemd unit
  file. Unfortunately, the init script sets the date on the timestamp
  files to epoch, which is no longer the proper way to invalidate them.
  The systemd unit file doesn't seem to work at all.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1458031/+subscriptions

Follow ups

[Bug 1458031] Re: sudo not properly cleaning out timestamp directory
From: Launchpad Bug Tracker, 2015-06-22
[Bug 1458031] Re: sudo not properly cleaning out timestamp directory
From: Launchpad Bug Tracker, 2015-06-05
[Bug 1458031] Re: sudo not properly cleaning out timestamp directory
From: Bug Watch Updater, 2015-05-22
[Bug 1458031] Re: sudo not properly cleaning out timestamp directory
From: Marc Deslauriers, 2015-05-22
[Bug 1458031] [NEW] sudo not properly cleaning out timestamp directory
From: Marc Deslauriers, 2015-05-22

References

[Bug 1458031] [NEW] sudo not properly cleaning out timestamp directory
From: Marc Deslauriers, 2015-05-22