Summary: | security/sudo: listpw=never does not work as expected | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Victor Sudakov <vas> | ||||
Component: | Individual Port(s) | Assignee: | Renato Botelho <garga> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Some People | CC: | vas | ||||
Priority: | --- | Flags: | bugzilla:
maintainer-feedback?
(garga) |
||||
Version: | Latest | ||||||
Hardware: | Any | ||||||
OS: | Any | ||||||
Attachments: |
|
Description
Victor Sudakov
2019-01-08 17:00:16 UTC
Could you give me more details about how to reproduce it? I've tested here and couldn't . Created attachment 200951 [details]
A complete sudoers file
(In reply to Renato Botelho from comment #1) I have attached my complete sudoers file without any redacting. However when a member of the "user" group runs "sudo -l" she is asked for a password. Have you been able to reproduce the problem with my sudoers file? Just in case they are useful, I'm posting the build options: Options : AUDIT : on DISABLE_AUTH : off DISABLE_ROOT_SUDO: off DOCS : on EXAMPLES : on GSSAPI_BASE : off GSSAPI_HEIMDAL : off GSSAPI_MIT : off INSULTS : off LDAP : off NLS : off NOARGS_SHELL : off OPIE : off PAM : on SSSD : off ping! I managed to reproduce the issue here and opened a ticket upstream [1]. While it's not fixed you can workaround it using listpw=any and configuring an entry allowing %user to run /usr/bin/false with NOPASSWD: set [1] https://bugzilla.sudo.ws/show_bug.cgi?id=869 A commit references this bug: Author: garga Date: Tue Jan 22 13:51:16 UTC 2019 New revision: 490951 URL: https://svnweb.freebsd.org/changeset/ports/490951 Log: security/sudo: Fix listpw=never When listpw=never is set, 'sudo -l' is expected to run without asking for a password. PR: 234756 Reported by: vas@mpeks.tomsk.su Obtained from: https://bugzilla.sudo.ws/show_bug.cgi?id=869 Sponsored by: Rubicon Communications, LLC (Netgate) Changes: head/security/sudo/Makefile head/security/sudo/files/patch-plugins_sudoers_parse.c Fix committed to 1.8.27_1 |