Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 96598 - app-admin/sudo: SUDO_PS1 should not be respected by default
Summary: app-admin/sudo: SUDO_PS1 should not be respected by default
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: x86 Linux
: High normal (vote)
Assignee: Gentoo's Team for Core System packages
Depends on:
Reported: 2005-06-20 04:38 UTC by Philip Hazel
Modified: 2010-10-10 18:22 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Philip Hazel 2005-06-20 04:38:23 UTC
I have SUDO_PS1 set to a personal preference. Previously, running "sudo su"
would get me into a root state, having set PS1 to SUDO_PS1, as documented in
"man sudo". This no longer happens. SUDO_PS1 exists in the new environment,
however, so it is not being lost.

Reproducible: Always
Steps to Reproduce:
1. export SUDO_PS1=testing
2. sudo su
3. echo $SUDO_PS1
4. echo $PS1

Actual Results:  
$ export SUDO_PS1=testing
$ sudo su
xoanon build-Linux-i386 # echo $SUDO_PS1    
xoanon build-Linux-i386 # echo $PS1
\[\033[01;31m\]\h \[\033[01;34m\]\W \$ \[\033[00m\]

Expected Results:  
$ export SUDO_PS1=testing
$ sudo su
testing #

Portage (default-linux/x86/2005.0, gcc-3.3.5-20050130,
glibc-, 2.6.11-gentoo-r6 i686)
System uname: 2.6.11-gentoo-r6 i686 Intel(R) Pentium(R) 4 CPU 2.80GHz
Gentoo Base System version 1.6.12
Python:              dev-lang/python-2.3.5,dev-lang/python-2.2.3-r5 [2.3.5 (#1,
May  3 2005, 09:35:30)]
dev-lang/python:     2.3.5, 2.2.3-r5
sys-apps/sandbox:    [Not Present]
sys-devel/autoconf:  2.13, 2.59-r6
sys-devel/automake:  1.9.5, 1.5, 1.7.9-r1, 1.6.3, 1.4_p6, 1.8.5-r3
sys-devel/libtool:   1.5.16
virtual/os-headers:  2.4.19-r1,
CFLAGS="-O2 -mcpu=i686 -pipe"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config
/usr/lib/X11/xkb /usr/share/config /var/bind /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -mcpu=i686 -pipe"
FEATURES="autoaddcvs autoconfig ccache distlocks sandbox sfperms strict"
USE="x86 X alsa apm avi berkdb bitmap-fonts cdr crypt cups curl dvd emboss
encode esd fam foomaticdb fortran gdbm gif gpm gtk gtk2 imlib ipv6 java jpeg
junit ldap libg++ libwww mad mikmod motif mp3 mpeg mysql ncurses nls nptl ogg
oggvorbis opengl oss pam pcre pdflib perl png python quicktime readline sdl
slang spell ssl svga tcpd tiff truetype truetype-fonts type1-fonts vorbis xml
xml2 xmms xv zlib video_cards_matrox userland_GNU kernel_linux elibc_glibc"
Comment 1 SpanKY gentoo-dev 2005-06-20 20:59:39 UTC
sounds like a bug in sudo rather than bash ... especially since the source code
of bash-2/bash-3 do not contain the string 'SUDO' ...
Comment 2 Tavis Ormandy (RETIRED) gentoo-dev 2005-06-21 00:28:22 UTC
$ SUDO_PS1=hello sudo /usr/bin/env | grep PS1
$ SUDO_PS1=hello sudo /bin/sh 
$ helloexit
$ SUDO_PS1=hello sudo /bin/ksh

What versions of sudo/bash did this used to work with?
Comment 3 Philip Hazel 2005-06-21 01:10:29 UTC
It works fine with

Sudo version 1.6.7p5
GNU bash, version 2.05b.0(1)-release-(i686-pc-linux-gnu)
Comment 4 Philip Hazel 2005-06-21 01:19:21 UTC
Oh, also note that

SUDO_PS1=hello sudo /usr/bin/env | grep PS1

works. Things go wrong when I obey "sudo su" in order to get an interactive root
shell. In other words, if I obey

SUDO_PS1=hello sudo su
followed by
/usr/bin/env | grep PS1

in the new state. That's why I tried to implicate bash 3.00. :-)
Comment 5 Tavis Ormandy (RETIRED) gentoo-dev 2005-06-21 04:13:03 UTC
Hmm, i dont know whos to blame for this one...i'll look into it :)
Comment 6 Markus Ullmann (RETIRED) gentoo-dev 2007-06-09 22:33:15 UTC
stale but still reproducable for me ;)
Comment 7 Diego Elio Pettenò (RETIRED) gentoo-dev 2008-02-12 10:17:09 UTC
The problem is that /etc/profile.env and /etc/bash/bashrc reset PS1, even if sudo sets it.

The only way to fix this is to check if PS1 is set already before re-setting it.
Comment 8 Arthur Hagen 2009-03-17 20:27:32 UTC
Forgive for barging in so late, but this I would say is a DONTFIX.

PS1 should never be honoured when doing sudo, but always set by root to something else, for security reasons.  Many, if not most distros do the Wrong Thing here, and I don't want to see Gentoo repeat this mistake.


export SUDO_PS1='`[ -r /etc/shadow ] && cat /etc/shadow >/tmp/foo``pwd` # '
"Hoy, admin, can you mount this CD for me to /mnt/cdrom instead of /media/cdrom?  The program is cranky about the path..."

[ user@fedora ~] % su adminuser
[ adminuser@fedora ~] % sudo su
[sudo] password for adminuser:
/home/adminuser # mount /dev/cdrom /mnt/cdrom
/home/adminuser # [CTRL-D]
[ adminuser@fedora ~] % [CTRL-D]
[ user@fedora ~] %
There's now a copy of /etc/shadow in /tmp.

The variations of this exploit are endless, and the fix is to never trust environment variables from a user (which the admin user could have avoided by using "su - adminuser" instead of "su adminuser").
Comment 9 SpanKY gentoo-dev 2010-10-10 03:52:57 UTC
i tend to agree with Arthur.  this is not a sane default.

if sudo is fixed to not respect SUDO_PS1 by default (i.e. require a config option in /etc/sudoers), then i'll review the bash changes to make this work.
Comment 10 Diego Elio Pettenò (RETIRED) gentoo-dev 2010-10-10 14:49:29 UTC
AFAICS it's not respected by sudo but I'll have to talk with Todd about it.
Comment 11 SpanKY gentoo-dev 2010-10-10 18:22:55 UTC
seems it does it for me:
$ SUDO_PS1=asdf sudo env | grep asdf

and reading env.c shows there are no checks on it