The following line in sudoers (in reality it's one long line): %user ALL = SHUTDOWN, NOPASSWD: sha256:307271e238f3ab9f9e359100b5d7f72d383b33a6d04fc79e64208ce3693e82e9 /usr/local/sbin/vm causes the following error: $ sudo vm list cannot open /dev/fd/4: No such file or directory If I remove the hash from sudoers, the command works: $ sudo vm list NAME DATASTORE LOADER CPU MEMORY VNC AUTOSTART STATE mail default bhyveload 1 1G - Yes [5] Running (2365) proxy default bhyveload 1 1G - Yes [1] Running (1672)
Tested on current version and it's working as expected with /bin/ls binary. If it fails specifically with /usr/local/sbin/vm it should be reported upstream since it is not a FreeBSD port specific issue
(In reply to Renato Botelho from comment #1) Yes, it's working as expected with /bin/ls binary. But /usr/local/sbin/vm is not a binary, it's a shell script. Shell scripts used like these do work in Linux (tested on Ubuntu 16.04), so it is probably FreeBSD-specific. Please reopen and and test with a shell script.
Sorry, it does seem FreebBSD-specific. The problem does not exist on Ubuntu.
I could reproduce it with a shell script and opened a bug upstream https://bugzilla.sudo.ws/show_bug.cgi?id=831
This is a bug in FreeBSD, not sudo. Unlike Linux and Solaris, FreeBSD seems unable to execute a script using the fexecve() system call. You can work around this limitation by adding the following in your sudoers file: Defaults fdexec=never At compile time, if you set ac_cv_func_fexecve=no in the environment, fexecve() support will not be built-in to sudo. That may be best from a ports perspective.
Created attachment 192752 [details] fexecve() test program The following test program can be used to reproduce the fexecve() problem on FreeBSD. Works: ./fdexec /bin/ls Fails: ./fdexec /some/script.sh
(In reply to Todd C. Miller from comment #5) Thanks for the advice, Todd. JFYI, as documented in fexecve manpage: CAVEATS If a program is setuid to a non-super-user, but is executed when the real uid is ``root'', then the program has some of the powers of a super-user as well. When executing an interpreted program through fexecve(), kernel supplies /dev/fd/n as a second argument to the interpreter, where n is the file descriptor passed in the fd argument to fexecve(). For this construction to work correctly, the fdescfs(5) filesystem shall be mounted on /dev/fd. so I tested it and when /dev/fd is mounted, fexecve is cappable of running a shell script. I'm considering to add, as you suggested, ac_cv_func_fexecve=no to build environment to get it disabled and keep things working. Do you see any negative side effect of it? Thanks
A commit references this bug: Author: garga Date: Mon Apr 23 18:40:51 UTC 2018 New revision: 468129 URL: https://svnweb.freebsd.org/changeset/ports/468129 Log: Add a patch to fix cryptographic digest in command specification for shell scripts and other interpreted files. Error happens because fexecve() requires /dev/fd to be mounted. This patch detects if /dev/fd/N exists before attempt to use fexecve and workaround the issue. PR: 223587 Submitted by: Todd C. Miller <Todd.Miller@sudo.ws> Reported by: vas@mpeks.tomsk.su Obtained from: https://www.sudo.ws/repos/sudo/rev/30f7c5d64104 MFH: 2018Q2 Sponsored by: Rubicon Communications, LLC (Netgate) Changes: head/security/sudo/Makefile head/security/sudo/files/patch-fix-fexecve
A commit references this bug: Author: garga Date: Tue Apr 24 11:07:12 UTC 2018 New revision: 468197 URL: https://svnweb.freebsd.org/changeset/ports/468197 Log: Add a patch to fix cryptographic digest in command specification for shell scripts and other interpreted files. Error happens because fexecve() requires /dev/fd to be mounted. This patch detects if /dev/fd/N exists before attempt to use fexecve and workaround the issue. PR: 223587 Submitted by: Todd C. Miller <Todd.Miller@sudo.ws> Reported by: vas@mpeks.tomsk.su Obtained from: https://bugzilla.sudo.ws/show_bug.cgi?id=831 MFH: 2018Q2 Sponsored by: Rubicon Communications, LLC (Netgate) Changes: head/security/sudo/Makefile head/security/sudo/files/patch-plugins_sudoers_match.c
1.8.22_4 contains the proper fixed. Thanks!
Created attachment 192781 [details] Test program to show fexecve() issue on Solaris with scripts There is still an fexecve() kernel issue on FreeBSD. According to POSIX: The fexecve() function shall be equivalent to the execve() function except that the file to be executed is determined by the file descriptor fd instead of a pathname. The file offset of fd is ignored. However, on FreeBSD the file offset of fd is *not* ignored when fd refers to a script. I've updated the test program to show this behavior. If you run a script via fdexec, on FreeBSD it will simply exit since the file offset is at EOF.
A commit references this bug: Author: garga Date: Tue Apr 24 16:52:49 UTC 2018 New revision: 468221 URL: https://svnweb.freebsd.org/changeset/ports/468221 Log: Add a new version of the patch committed in r468197 that fixes a regression introduced by that version. PR: 223587 Submitted by: Todd C. Miller <Todd.Miller@sudo.ws> Reported by: vas@mpeks.tomsk.su Obtained from: https://bugzilla.sudo.ws/show_bug.cgi?id=831 MFH: 2018Q2 Sponsored by: Rubicon Communications, LLC (Netgate) Changes: head/security/sudo/Makefile head/security/sudo/files/patch-plugins_sudoers_match.c
Now it's working as expected.