From owner-freebsd-ports@FreeBSD.ORG  Mon Jul 23 04:02:05 2007
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id DD8EF16A469
	for <ports@freebsd.org>; Mon, 23 Jul 2007 04:02:05 +0000 (UTC)
	(envelope-from tmclaugh@sdf.lonestar.org)
Received: from straycat.dhs.org (c-24-63-86-11.hsd1.ma.comcast.net
	[24.63.86.11]) by mx1.freebsd.org (Postfix) with ESMTP id 111B813C478
	for <ports@freebsd.org>; Mon, 23 Jul 2007 04:02:04 +0000 (UTC)
	(envelope-from tmclaugh@sdf.lonestar.org)
Received: from [192.168.1.127] (bofh.straycat.dhs.org [192.168.1.127])
	by straycat.dhs.org (8.13.8/8.13.8) with ESMTP id l6N422xG028968;
	Mon, 23 Jul 2007 00:02:03 -0400 (EDT)
From: Tom McLaughlin <tmclaugh@sdf.lonestar.org>
To: Paul Fraser <pfraser@gmail.com>
In-Reply-To: <1185137280.1955.77.camel@localhost>
References: <f82eafcc0707220245v24da9f88h197b6e076cdd72f2@mail.gmail.com>
	<1185137280.1955.77.camel@localhost>
Content-Type: text/plain
Date: Mon, 23 Jul 2007 00:02:01 -0400
Message-Id: <1185163321.1955.89.camel@localhost>
Mime-Version: 1.0
X-Mailer: Evolution 2.10.2 FreeBSD GNOME Team Port 
Content-Transfer-Encoding: 7bit
Cc: ports@freebsd.org
Subject: Re: Unusual sudo / w behaviour - 0 users?
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Jul 2007 04:02:05 -0000

On Sun, 2007-07-22 at 16:48 -0400, Tom McLaughlin wrote:
> On Sun, 2007-07-22 at 19:45 +1000, Paul Fraser wrote:
> > Hi Tom (and ports list by CC),
> > 
> > After an upgrade to sudo v1.6.9 on my 6-STABLE workstation, I've
> > noticed some interesting behaviour with regards to interaction between
> > sudo and w.
> > 
> > Check the output below for an example.
> > 
> > [pfraser@odyssey ~]$ sudo -V
> > Sudo version 1.6.9
> > [pfraser@odyssey ~]$ w
> >  7:42PM  up 8 days,  7:46, 1 user, load averages: 0.11, 0.10, 0.15
> > USER             TTY      FROM              LOGIN@  IDLE WHAT
> > pfraser          p0       core-server01     7:38PM     - w
> > [pfraser@odyssey ~]$ sudo -s
> > Last login: Sun Jul 22 19:36:22 on ttyp1
> > [root@odyssey ~]# w
> >  7:42PM  up 8 days,  7:46, 0 users, load averages: 0.10, 0.09, 0.15
> > USER             TTY      FROM              LOGIN@  IDLE WHAT
> > [root@odyssey ~]#
> > 
> > Note there is now no active session listed? If I then drop out of the
> > sudo session, the problem persists.
> > 
> > [root@odyssey ~]# exit
> > exit
> > [pfraser@odyssey ~]$ w
> >  7:44PM  up 8 days,  7:47, 0 users, load averages: 0.27, 0.15, 0.17
> > USER             TTY      FROM              LOGIN@  IDLE WHAT
> > [pfraser@odyssey ~]$
> > 
> > I'm afraid I'm not familiar enough with the inner workings of all the
> > related systems and can't be of much more assistance (at least
> > initially), but I'm quite welcome to perform any testing you require.
> > You may just need to hold my hand a little bit!
> > 
> 
> I'm not sure if this is a sudo bug or a -STABLE bug.  I can only
> reproduce this on -STABLE with sudo 1.6.9.  -CURRENT with 1.6.9 and
> 1.6.8p12 works fine and -STABLE with sudo 1.6.8p12 works fine.  I did a
> little more experimenting and saw this behavior below.
> 
> -STABLE:
> [tom@releng-6-fbsd tom]$ last
> tom              ttyp2    bofh             Sun Jul 22 16:16   still logged in
> ...
> [tom@releng-6-fbsd tom]$ sudo -s
> # last | head -n 5
> root             ttyp2                     Sun Jul 22 16:16 - 16:16  (00:00)
> tom              ttyp2    bofh             Sun Jul 22 16:16 - 16:16  (00:00)
> ...
> # ^D
> [tom@releng-6-fbsd tom]$ last
> root             ttyp2                     Sun Jul 22 16:16 - 16:16  (00:00)
> tom              ttyp2    bofh             Sun Jul 22 16:16 - 16:16  (00:00)
> 
> 
> -CURRENT:
> [tom@releng-7-fbsd tom]$ last
> tom              ttyp1    bofh             Sun Jul 22 16:18   still logged in
> ...
> [tom@releng-7-fbsd tom]$ sudo -s
> # last | head -n 6 
> tom              ttyp1    bofh             Sun Jul 22 16:18   still logged in
> ...
> # ^D
> [tom@releng-7-fbsd tom]$ last
> tom              ttyp1    bofh             Sun Jul 22 16:18   still logged in
> 
> 
> I'm going to do a little more digging and figure out if this is caused
> by a behavior difference in sudo or FreeBSD.
> 
> tom

Yeah, I was totally wrong above.  The issue is caused by pam_lastlog.  I
forgot I had commented out the session line in the pam file on my
-CURRENT box to shutup the login message everytime I ran a command via
sudo.  It's not an issue on my CentOS box so it appears to be an issue
with our pam_lastlog.  I'm going to ask on freebsd-security@

tom

-- 
| tmclaugh at sdf.lonestar.org             tmclaugh at FreeBSD.org |
| FreeBSD                                   http://www.FreeBSD.org |