When sudo does not require a password, it alters stty as though it is reading a password
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| sudo (Ubuntu) |
Triaged
|
Medium
|
Unassigned | ||
| Jammy |
Confirmed
|
Medium
|
Unassigned | ||
| Kinetic |
Won't Fix
|
Medium
|
Unassigned | ||
Bug Description
Summary:
Executing a sudo (that does not require a password) in a /bin/bash script leaves the terminal as though it is reading a password (-echo, -icrnl, -ixon, -opost, -isig, -icanon, -iexten)
To recreate the problem: (See attached log)
In a fresh install of 22.04.1 (desktop, minimal, do not load updates, no update done beyond iso data, running under Virtualbox on a Mac), I set up a new user that can run "sudo sleep" without a password. In a Terminal, I demonstrate this, running "stty -a" before and after the "sudo sleep". Then I create a bash script with those same commands. When that script is run, the stty after the "sudo sleep" shows that the state of the terminal has been altered (-echo, etc.)
The log starts immediately after the reboot after installing 22.04.1. I decline to do the update when it is offered. (The bug appears even if I do the update on 22.04.1, but I decline the update to make sure this is repeatable.)
Basically, the steps are
Create user "testuser"
Add a file to /etc/sudoers.d that gives testuser sudo privs, with no password required for sleep. (nor for "grep", but I dropped the use of grep in the demo)
su - testuser
Interactively, in the terminal, I show that "sudo sleep 30 &" does not mess with the terminal settings.
I create a /bin/bash script that includes the same commands (stty -a; sudo sleep 10 &; sleep 3; stty -a)
I execute the script, which alters the terminal settings.(Quite visible on the Terminal; not as easily visible in the log file.)
I expect the second "stty -a" to be the same as the first.
I originally saw the bug in 20.04.5 (repeatable but on someone else's computer) for "sudo tcpdump" but wasn't able to reproduce it in a fresh install.
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: sudo 1.9.9-1ubuntu2
ProcVersionSign
Uname: Linux 5.15.0-48-generic x86_64
ApportVersion: 2.20.11-0ubuntu82.1
Architecture: amd64
CasperMD5CheckR
CurrentDesktop: ubuntu:GNOME
Date: Thu Oct 6 10:40:03 2022
InstallationDate: Installed on 2022-10-06 (0 days ago)
InstallationMedia: Ubuntu 22.04.1 LTS "Jammy Jellyfish" - Release amd64 (20220809.1)
ProcEnviron:
TERM=xterm-
PATH=(custom, no user)
XDG_RUNTIME_
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: sudo
UpgradeStatus: No upgrade log present (probably fresh install)
VisudoCheck:
Error: command ['pkexec', '/usr/sbin/visudo', '-c'] failed with exit code 1: /etc/sudoers.
/etc/sudoers: parsed OK
/etc/sudoers.
modified.
modified.
| M Tyson (tyson-3) wrote | #1 |
| Changed in sudo (Ubuntu): | |
| status: | New → Confirmed |
| Seth Arnold (seth-arnold) wrote | #2 |
| Julian Andres Klode (juliank) wrote | #3 |
| Changed in sudo (Ubuntu): | |
| status: | Confirmed → Triaged |
| Changed in sudo (Ubuntu Jammy): | |
| status: | New → Confirmed |
| importance: | Undecided → Medium |
| Changed in sudo (Ubuntu): | |
| importance: | Undecided → Medium |
| Utkarsh Gupta (utkarsh) wrote | #4 |
| Changed in sudo (Ubuntu Kinetic): | |
| status: | Triaged → Won't Fix |
| M Tyson (tyson-3) wrote | #5 |
| M Tyson (tyson-3) wrote | #6 |
I wasn't able to reproduce on 20.04 LTS.
I was able to reproduce on 22.04 LTS.
This little script should work out of the box:
$ cat /tmp/sudo-stty
#!/bin/bash
sudo ls
mkdir /tmp/stty
for i in `seq -w 1 999`; do stty -a > /tmp/stty/
Your terminal won't echo anything you type afterwards if it happens, so it's not exactly subtle :) but with all those outputs saved aside, you can check:
md5sum /tmp/stty/* | sort
to see where exactly the race is lost on your own system.
(reset(1) will restore the terminal to something useful, but clears the output when you run it.)