Open Source Development

Power Open Source Development

Explore the open source tools and capabilities for building and deploying modern applications on IBM Power platforms including AIX, IBM i, and Linux.


#Power


#Power

 View Only
Back to discussions
Expand all | Collapse all

sudo 1.9.17p2

  • 1.  sudo 1.9.17p2

    Posted Wed August 20, 2025 10:51 AM

    Hello OSS Team,

    I ask you kindly to build the latest sudo version 1.9.17p2 because of the following fix:

    • Fixed a bug introduced in sudo 1.9.16 that could result in sudo sending SIGHUP to all processes on the system in certain rare cases. The bug could manifest if sudo is running a command in a pseudo-terminal, sudo terminates the command due to an internal error, and the user's terminal is revoked. GitHub issue #458. (https://www.sudo.ws/releases/stable/#1.9.17p2)

    Even though the bug manifests only in certain rare cases (could not find out more about it) the effect of the bug would certainly be considered "high impact"...



    ------------------------------
    ------------------------------
    Thanks and regards,
    Roman
    ------------------------------
    ------------------------------

    #AIXOpenSource


  • 2.  RE: sudo 1.9.17p2

    Posted Thu August 21, 2025 07:10 AM

    Hello Team, hello Roman,

    thats what I just to wanna ask for, because we have an issue with sudo_ids-1.9.17p1-1.ppc too.
    In in AIX 7.3 TL3 SP1, with this version the "who am i" command is not working properly. We found out, that this version doesn't produce an entry in /var/adm/wtmp after a "sudo -i".
    So the "who am i" shows root instead of the logged in user.

    In TL1:

    root#id
uid=0(root) gid=0(system) groups=2(bin),3(sys),7(security),8(cron),10(audit),11(lp)
root#who am i
user1    pts/1       Aug 21 10:45


root#logname
user1

     

    in TL3:

    root#id
uid=0(root) gid=0(system) groups=2(bin),3(sys),7(security),8(cron),10(audit),11(lp)
root#who am i
root      pts/11
root#logname
user1

     

    This is a part of the truss output:

    truss of sudo in TL1:

    kioctl(14, 536900678, 0x0FFFFFFFFFFFEE70, 0x0000000000000000) = 0
    kioctl(14, 536900679, 0x0FFFFFFFFFFFEDC0, 0x0000000000000000) = 0
    kioctl(14, 22529, 0x0FFFFFFFFFFFE848, 0x0000000000000000) = 0
    statx("/dev/pts/2", 0x0FFFFFFFFFFFE968, 176, 0) = 0
    statx("/dev/pts/2", 0x0FFFFFFFFFFFEDC8, 176, 0) = 0
    kopen("/dev/pts/2", O_RDWR|O_NOCTTY) = 15
    chown("/dev/pts/2", 0, 4294967295) = 0
    kopen("/etc/utmp", O_RDWR|O_CREAT, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH) = 16
    kioctl(16, -2147195266, 0x0FFFFFFFFFFFE8A0, 0x0000000000000000) = 0
    kioctl(16, -2147195267, 0x0FFFFFFFFFFFE8A0, 0x0000000000000000) = 0

    And here in TL3:

    kioctl(14, 536900678, 0x0FFFFFFFFFFFEE70, 0x0000000000000000) = 0
    kioctl(14, 536900679, 0x0FFFFFFFFFFFEDC0, 0x0000000000000000) = 0
    kioctl(14, 22529, 0x0FFFFFFFFFFFE848, 0x0000000000000000) = 0
    statx("/dev/pts/3", 0x0FFFFFFFFFFFE968, 176, 0) = 0
    statx("/dev/pts/3", 0x0FFFFFFFFFFFEDC8, 176, 0) = 0
    kopen("/dev/pts/3", O_RDWR|O_NOCTTY) = 15
    chown("/dev/pts/3", 0, 4294967295) = 0
    kopen("", O_RDWR|O_CREAT, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH) Err#14 EFAULT
    _getpid() = 8061372
    kopen("", O_RDWR|O_CREAT, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH) Err#14 EFAULT
    socketpair(1, 1, 0, 0x0FFFFFFFFFFFF100) = 0
    kfcntl(16, F_SETFD, 0x0000000000000001) = 0
    kfcntl(17, F_SETFD, 0x0000000000000001) = 0

    kind regards,
    Joerg

    PS: Version 1.9.16p2-1 is working fine, but with the security issue.
    So we would need the new version as soon as possible.
    Many thanks in advance.

    Kind regards
    Joerg



    ------------------------------
    Joerg Kauke
    Unix Administrator
    COOP Switzerland
    ------------------------------

    Original Message


  • 3.  RE: sudo 1.9.17p2

    Posted Thu August 21, 2025 11:57 PM

    Hi All,
    We are working on sudo 1.9.17p2. It will be available from AIX Toolbox in 1-2 weeks.



    ------------------------------
    RESHMA KUMAR
    ------------------------------

    Original Message


  • 4.  RE: sudo 1.9.17p2

    Posted Fri August 22, 2025 04:34 AM

    Hello Kumar,

    thanks for the effort.
    In the meanwhile we found out, that the problem we have is more complicated.
    As sudo_ids-1.9.16p2-1 was working after downgrading, now it is not. Same problem as we had with the latest version before.
    Now I updated again to sudo_ids-1.9.17p1-1 and it is working... We are so confused. It's just happening in AIX 7.3 TL3 SP1.
    After a while it is not working anymore.
    I opened a Ticket at IBM support as well if you want to check that too.
    Ticket number: TS020047402
    We stopped the whole upgrade process for TL3 now.

    Kind regards,
    Joerg



    ------------------------------
    Joerg Kauke
    Unix Administrator
    COOP Switzerland
    ------------------------------

    Original Message


  • 5.  RE: sudo 1.9.17p2

    Posted Mon August 25, 2025 11:36 AM

    Hi Joerg,
    We tested the following in AIX 7.3 TL3 SP1 using sudo 1.9.17p1.
    As user "sudouser", 

    sudouser # sudo -i

    root # who am i
    sudouser    pts/2       Aug 25 09:26                     

    root # logname
    sudouser

    The output of "who am i" shows "sudouser" in this case. 

    Could you please let us know if you are executing any additional steps or configurations?





    ------------------------------
    RESHMA KUMAR
    ------------------------------

    Original Message


  • 6.  RE: sudo 1.9.17p2

    Posted Wed August 27, 2025 02:02 AM

    Hello Reshma,

    Sorry for my late response, I was on sick leave.

    We are doing the exact same steps:

    user2@svrsinst6-0:~:sudo -i
 AIX OS Level: 7300-03-01-2520

[YOU HAVE NEW MAIL]
svrsinst6-0:/root#id
uid=0(root) gid=0(system) groups=2(bin),3(sys),7(security),8(cron),10(audit),11(lp)
svrsinst6-0:/root#who am I
root      pts/1
svrsinst6-0:/root#logname
user2

svrsinst6-0:/root#dnf downgrade sudo_ids
Loaded plugins: changelog, config-manager, debug, generate_completion_cache, repoclosure, repodiff, repograph, repomanage, reposync
DNF version: 4.2.17
cachedir: /var/cache/dnf
os-release file not found
os-release: falling back to basic User-Agent: missing NAME or VERSION_ID
repo: using cache for: AIX_Toolbox
AIX_Toolbox: using metadata from Fri Aug 22 12:31:42 2025.
repo: using cache for: AIX_Toolbox_73
AIX_Toolbox_73: using metadata from Mon Jul 28 12:29:57 2025.
repo: using cache for: AIX_Toolbox_noarch
AIX_Toolbox_noarch: using metadata from Mon Jul 28 13:03:35 2025.
repo: using cache for: COOP_RPMS_noarch
COOP_RPMS_noarch: using metadata from Fri Aug 22 12:33:29 2025.
Last metadata expiration check: 1 day, 13:54:40 ago on Mon Aug 25 18:01:10 2025.
No module defaults found
Completion plugin: Generating completion cache...
--> Starting dependency resolution
---> Package sudo_ids.ppc 1.9.16p2-1 will be a downgrade
--> Finished dependency resolution
Dependencies resolved.
=======================================================================================================================================================================================================================
 Package                                             Architecture                                   Version                                               Repository                                              Size
=======================================================================================================================================================================================================================
Downgrading:
 sudo_ids                                            ppc                                            1.9.16p2-1                                            AIX_Toolbox                                            4.9 M

Transaction Summary
=======================================================================================================================================================================================================================
Downgrade  1 Package

Total size: 4.9 M
Is this ok [y/N]: y
Downloading Packages:
[SKIPPED] sudo_ids-1.9.16p2-1.aix7.1.ppc.rpm: Already downloaded
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                                                               1/1
  Downgrading      : sudo_ids-1.9.16p2-1.ppc                                                                                                                                                                       1/2
warning: /etc/sudoers created as /etc/sudoers.rpmnew

  Running scriptlet: sudo_ids-1.9.16p2-1.ppc                                                                                                                                                                       1/2
This sudo is built with /etc/sudo-ldap.conf as the ldap configuration file. Run "sudo -V" to check build configure options

  Cleanup          : sudo_ids-1.9.17p1-1.ppc                                                                                                                                                                       2/2
  Verifying        : sudo_ids-1.9.16p2-1.ppc                                                                                                                                                                       1/2
  Verifying        : sudo_ids-1.9.17p1-1.ppc                                                                                                                                                                       2/2
Completion plugin: Generating completion cache...

Downgraded:
  sudo_ids-1.9.16p2-1.ppc

Complete!

svrsinst6-0:/root#exit
user2@svrsinst6-0:~:sudo -i
 AIX OS Level: 7300-03-01-2520

[YOU HAVE NEW MAIL]
svrsinst6-0:/root#who -m
user2       pts/1       Aug 27 07:56
svrsinst6-0:/root#logname
user2

    After a while, the same problem appears again.


    kind regards,
    Joerg



    ------------------------------
    Joerg Kauke
    Unix Administrator
    COOP Switzerland
    ------------------------------

    Original Message


  • 7.  RE: sudo 1.9.17p2

    Posted Wed August 27, 2025 03:39 AM

    So, after one hour, "who am i" or "sudo -i"  is not working as expected anymore.

    user2@svrsinst6-0:~:rpm -q sudo_ids
sudo_ids-1.9.16p2-1.ppc
user2@svrsinst6-0:~:sudo -i
 AIX OS Level: 7300-03-01-2520

[YOU HAVE NEW MAIL]
svrsinst6-0:/root#who am I
root      pts/1
svrsinst6-0:/root#logname
user2

    I attached the truss output of "sudo -i" when "who am i" was working right and a truss output when its not working.
    Maybe you see more than I do.

    Many thanks for your effort.



    ------------------------------
    Joerg Kauke
    Unix Administrator
    COOP Switzerland
    ------------------------------

    Attachment(s)

    txt
    sudo_ids-1.9.16p2-1_not_working.truss.txt   2.26 MB 1 version
    txt
    sudo_ids-1.9.16p2-1_working.truss.txt   2.25 MB 1 version
    Original Message


  • 8.  RE: sudo 1.9.17p2

    Posted Thu August 28, 2025 02:38 AM

    Hello Reshma,

    as additional info:
    Yesterday I decided to install sudo_ids-1.8.31p1-3 for testing.

    Now, one day later, everything is still working.

    kind regards,
    Joerg



    ------------------------------
    Joerg Kauke
    Unix Administrator
    COOP Switzerland
    ------------------------------

    Original Message


  • 9.  RE: sudo 1.9.17p2

    Posted Thu August 28, 2025 11:34 AM

    Hi Joerg,
    Thanks for sharing the logs. We will analyse and get back to you.



    ------------------------------
    RESHMA KUMAR
    ------------------------------

    Original Message


  • 10.  RE: sudo 1.9.17p2

    Posted Fri August 29, 2025 04:23 AM

    Dear Reshma,

    new findings from our side. The problem is only with sudo_64, sudo_32 behaves normal in AIX 7.3 TL3.
    The reason why it works directly after it is installed is, we are switching the /opt/freeware/bin/sudo link to sudo_64 within the salt highstate every two hours.
    I never thought this could be the Problem.
    So, only sudo_64 has a problem in TL3.

    Thanks again for getting into it.

    kind regards,
    Joerg



    ------------------------------
    Joerg Kauke
    Unix Administrator
    COOP Switzerland
    ------------------------------

    Original Message


  • 11.  RE: sudo 1.9.17p2

    Posted Wed September 10, 2025 03:54 AM

    Hello Reshma,

    do you have any findings on that? Could you reproduce this behavior?
    And most important, could you fix it?

    Many thanks in advance.
    Kind regards



    ------------------------------
    Joerg Kauke
    Unix Administrator
    COOP Switzerland
    ------------------------------

    Original Message


  • 12.  RE: sudo 1.9.17p2

    Posted Mon September 15, 2025 02:14 AM

    Hi Jeorg
    We are able to reproduce this behaviour. 
    We are debugging the issue and will update this thread with our findings.



    ------------------------------
    RESHMA KUMAR
    ------------------------------

    Original Message


  • 13.  RE: sudo 1.9.17p2

    Posted Mon October 06, 2025 10:04 AM

    Hello Reshma,

    do you have any news on this? 
    Thanks in advance.

    Kind regards



    ------------------------------
    Joerg Kauke
    Unix Administrator
    COOP Switzerland
    ------------------------------

    Original Message


Related Content