Re: [Ltib] LTIB sudo check fails with Sudo version 1.7.2

[Joe Hershberger]

Hi Stuart,

I'm running the latest ltib snapshot (10-1-1a) which does seem a bit
old.  I'm guessing it's been fixed in the CVS head.

Is the CVS head considered stable?  Are there tags for stable versions
more frequently than the tarball snapshots?

Thanks,
-Joe


On Fri, Sep 3, 2010 at 7:44 AM, Stuart Hughes <address@hidden> wrote:
> Hi Joe,
>
> Which version of LTIB are you running? I can't recall if I fixed this or
> not.
>
> If you can confirm this and the problem still exists, I'll try to fixup
> the regex to work with both old and new.
>
> I just tried on Xubuntu 10.04 which has sudo 1.7.2p1-1ubuntu5.1 and it
> works as expected.  Could this be an OpenSuse weirdness?
>
> Regards, Stuart
>
> Joe Hershberger wrote:
>> Hi LTIB,
>>
>> It seems that the format of the output from 'sudo -l' has changed from
>> Sudo version 1.6.9p17 to Sudo version 1.7.2.  I have 2 build machines,
>> the newer one is running OpenSuSE 11.2 which comes with Sudo version
>> 1.7.2 and cannot pass the sudo check in LTIB.
>>
>> The (old) format that ltib expects looks like this:
>>
>> -----------------------8<----------------------8<----------------------8<----------------------8<------------------------
>>
>>> sudo -l
>> User x may run the following commands on this host:
>>     (ALL) ALL
>>     (root) NOPASSWD: /bin/rpm
>>     (root) NOPASSWD: /opt/freescale/ltib/usr/bin/rpm
>>     (root) NOPASSWD: /opt/ltib/usr/bin/rpm
>>
>> ----------------------->8---------------------->8---------------------->8---------------------->8------------------------
>>
>> The format that Sudo version 1.7.2 produces looks like this:
>>
>> -----------------------8<----------------------8<----------------------8<----------------------8<------------------------
>>
>>> sudo -l
>> Matching Defaults entries for x on this host:
>>     always_set_home, env_reset, env_keep="LANG LC_ADDRESS LC_CTYPE
>> LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY
>> LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE
>>     LINGUAS XDG_SESSION_COOKIE", targetpw
>>
>> User x may run the following commands on this host:
>>     (ALL) ALL
>>     (root) NOPASSWD: /bin/rpm, (root) /opt/freescale/ltib/usr/bin/rpm,
>> (root) /opt/ltib/usr/bin/rpm
>>
>> ----------------------->8---------------------->8---------------------->8---------------------->8------------------------
>>
>> The new sudo also supports a new listing mode that looks like this:
>>
>> -----------------------8<----------------------8<----------------------8<----------------------8<------------------------
>>
>>> sudo -ll
>> Matching Defaults entries for x on this host:
>>     always_set_home, env_reset, env_keep="LANG LC_ADDRESS LC_CTYPE
>> LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY
>> LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE
>>     LINGUAS XDG_SESSION_COOKIE", targetpw
>>
>> User x may run the following commands on this host:
>>
>> Sudoers entry:
>>     RunAsUsers: ALL
>>     Commands:
>>         ALL
>>
>> Sudoers entry:
>>     RunAsUsers: root
>>     Commands:
>>         NOPASSWD: /bin/rpm
>>     RunAsUsers: root
>>     Commands:
>>         /opt/freescale/ltib/usr/bin/rpm
>>     RunAsUsers: root
>>     Commands:
>>         /opt/ltib/usr/bin/rpm
>>
>> ----------------------->8---------------------->8---------------------->8---------------------->8------------------------
>>
>> Naturally this difference kills LTIB's sudo check.  For the moment
>> I've hacked ltib to not check, but that's probably not a good solution
>> for everyone.
>>
>> Best regards,
>> -Joe
>>
>> _______________________________________________
>> LTIB home page: http://ltib.org
>>
>> Ltib mailing list
>> address@hidden
>> http://lists.nongnu.org/mailman/listinfo/ltib
>>
>