FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > ArchLinux > ArchLinux Pacman Development

 
 
LinkBack Thread Tools
 
Old 06-17-2010, 01:28 PM
Andres P
 
Default makepkg: do not ask sudo password twice

On Thu, Jun 17, 2010 at 8:49 AM, Allan McRae <allan@archlinux.org> wrote:
> On 17/06/10 22:44, Andres P wrote:
>>
>> Fixes a regression in 05ff276eefc with passwd_timeout=0 in sudoers.
>>
>> Passwords were being asked twice for *every* operation.
>>
>> Signed-off-by: Andres P<aepd87@gmail.com>
>> ---
>>
>> makepkg shouldn't make assumptions about the site's security settings,
>> specially something as innocuous as passwd_timeout.
>>
>> A cleaner way that also involves less forks is to process sudo's $?, if
>> possible:
>> * * * *sudo $PACMAN $PACMAN_OPTS "$@" || ret=$?
>> * * * *if [[ $? = 4 ]]; then
>> * * * * * * * *error "$(gettext "You are not authorized to use sudo
>> pacman.")"
>> * * * * * * * *exit $E_AUTH
>> * * * *fi
>> Note that 4 is just an example
>>
>
>
> I do not understand you at all here... *As far as I can tell, "sudo -l"
> never asks for a password. *Also, passwd_timeout=0 sets sudo to only ever
> ask for a password once. *I am completely lost at what you are trying to
> achieve with this!
>
> Allan
>

My bad, it's timestamp_timeout

Run pacman 3.3's makepkg with timestamp_timeout=0 then 3.4...

It will ask you twice


Actually, just do this

sudo -l /bin/true && sudo /bin/true

*with* timestamp_timeout=0

Andres P
 
Old 06-17-2010, 01:35 PM
Andres P
 
Default makepkg: do not ask sudo password twice

On Thu, Jun 17, 2010 at 9:04 AM, Allan McRae <allan@archlinux.org> wrote:
> Um... *no it does not... * sudo -l does not ask for a password even with
> timestamp_timeout=0.
>
> Allan

Yes it does... man sudoers

Defaults timestamp_timeout=0, passwd_timeout=0

sudo -l /bin/true && sudo /bin/true

will ask you twice... come on now :/

Andres P



--
Andres P
 
Old 06-17-2010, 01:49 PM
Andres P
 
Default makepkg: do not ask sudo password twice

On Thu, Jun 17, 2010 at 9:17 AM, Allan McRae <allan@archlinux.org> wrote:
> On 17/06/10 23:35, Andres P wrote:
>>
>> On Thu, Jun 17, 2010 at 9:04 AM, Allan McRae<allan@archlinux.org> *wrote:
>>>
>>> Um... *no it does not... * sudo -l does not ask for a password even with
>>> timestamp_timeout=0.
>>>
>>> Allan
>>
>> Yes it does... man sudoers
>>
>> Defaults *timestamp_timeout=0, passwd_timeout=0
>>
>> sudo -l /bin/true&& *sudo /bin/true
>>
>> will ask you twice... *come on now :/
>>
>
> allan@mugen ~
>> sudo -l
> Matching Defaults entries for allan on this host:
> * *timestamp_timeout=0, passwd_timeout=0
>
> User allan may run the following commands on this host:
> * *(ALL) ALL
>
> allan@mugen ~
>> sudo -l /bin/true && sudo /bin/true
> /bin/true
> Password:
>
> allan@mugen ~
>>
>
> I count one password request...
>

I advice that you create a new user with a fresh leash.

I'm using sudo 1.7.2p7-1 and could go through the trouble of naggging
folks to post their sudo output just to get this fixed

My sudoers verbatim:
# Defaults specification
Defaults rootpw, timestamp_timeout=0, passwd_timeout=0

# User privilege specification
root ALL=(ALL) ALL

# Uncomment to allow people in group wheel to run all commands
%wheel ALL=(ALL) ALL

Nothing exotic... the only relevant setting is timestamp

Andres P
 
Old 06-17-2010, 02:13 PM
Dan McGee
 
Default makepkg: do not ask sudo password twice

On Thu, Jun 17, 2010 at 8:49 AM, Andres P <aepd87@gmail.com> wrote:
> On Thu, Jun 17, 2010 at 9:17 AM, Allan McRae <allan@archlinux.org> wrote:
>> On 17/06/10 23:35, Andres P wrote:
>>>
>>> On Thu, Jun 17, 2010 at 9:04 AM, Allan McRae<allan@archlinux.org> *wrote:
>>>>
>>>> Um... *no it does not... * sudo -l does not ask for a password even with
>>>> timestamp_timeout=0.
>>>>
>>>> Allan
>>>
>>> Yes it does... man sudoers
>>>
>>> Defaults *timestamp_timeout=0, passwd_timeout=0
>>>
>>> sudo -l /bin/true&& *sudo /bin/true
>>>
>>> will ask you twice... *come on now :/
>>>
>>
>> allan@mugen ~
>>> sudo -l
>> Matching Defaults entries for allan on this host:
>> * *timestamp_timeout=0, passwd_timeout=0
>>
>> User allan may run the following commands on this host:
>> * *(ALL) ALL
>>
>> allan@mugen ~
>>> sudo -l /bin/true && sudo /bin/true
>> /bin/true
>> Password:
>>
>> allan@mugen ~
>>>
>>
>> I count one password request...
>>
>
> I advice that you create a new user with a fresh leash.
>
> I'm using sudo 1.7.2p7-1 and could go through the trouble of naggging
> folks to post their sudo output just to get this fixed
>
> My sudoers verbatim:
> # Defaults specification
> Defaults *rootpw, timestamp_timeout=0, passwd_timeout=0
>
> # User privilege specification
> root * *ALL=(ALL) ALL
>
> # Uncomment to allow people in group wheel to run all commands
> %wheel *ALL=(ALL) ALL
>
> Nothing exotic... the only relevant setting is timestamp

Dude, the ball is in your court to prove this, I can't get it to do
anything resembling asking for my password twice. I added the two
options to my sudoers file and look at hte following sequence. Note
that the only time it asks for my password is on the actual execution
of the command, not on the '-l' usage.

dmcgee@galway ~/projects/pacman (master)
$ sudo -l /bin/true
/bin/true

dmcgee@galway ~/projects/pacman (master)
$ sudo /bin/true
Password:

dmcgee@galway ~/projects/pacman (master)
$ sudo /bin/true
Password:

dmcgee@galway ~/projects/pacman (master)
$ sudo -l /bin/true
/bin/true
 
Old 06-17-2010, 02:37 PM
Andres P
 
Default makepkg: do not ask sudo password twice

On Thu, Jun 17, 2010 at 10:00 AM, Allan McRae <allan@archlinux.org> wrote:
> I think I have found the issue here. * We obviously have a NOPASSWD entry in
> our sudoers file so "sudo -l" does not require a password.
>
> So the bug is confirmed. *However the fix is not fully functional as if I
> have sudo installed but can not use it for pacman, then I can no longer fall
> back to using "su -c". *I'd choose excess password typing over functionality
> loss.
>
Eureka! I was just about to mail the sudo maintainer.

Anyhow,

What if there's a check for sudo's retval like I posted in the comments?

Andres P
 
Old 06-17-2010, 02:45 PM
Dan McGee
 
Default makepkg: do not ask sudo password twice

On Thu, Jun 17, 2010 at 9:37 AM, Andres P <aepd87@gmail.com> wrote:
> On Thu, Jun 17, 2010 at 10:00 AM, Allan McRae <allan@archlinux.org> wrote:
>> I think I have found the issue here. * We obviously have a NOPASSWD entry in
>> our sudoers file so "sudo -l" does not require a password.
>>
>> So the bug is confirmed. *However the fix is not fully functional as if I
>> have sudo installed but can not use it for pacman, then I can no longer fall
>> back to using "su -c". *I'd choose excess password typing over functionality
>> loss.
>>
> Eureka! I was just about to mail the sudo maintainer.

I'm terribly confused still.

$ sudo cat /etc/sudoers
Password:

Defaults editor = /usr/bin/vim:/usr/bin/vi

root ALL=(ALL) ALL
%wheel ALL=(ALL) ALL
dmcgee ALL= NOPASSWD: /usr/sbin/vpnc, /usr/sbin/vpnc-disconnect
dmcgee ALL= NOPASSWD: /usr/bin/openconnect

I don't see any exemption for `sudo -l` in there, but it never prompts
me for a passwd (even if adding those timeout defaults). Or is it just
the presence of any NOPASSWD entry at all? If that is the case, that
seems downright silly...

>
> Anyhow,
>
> What if there's a check for sudo's retval like I posted in the comments?

There is no way to tell the difference between the retval of sudo and
the retval of the called program as far as I can tell, so this
wouldn't quite work.

-Dan
 
Old 06-17-2010, 03:01 PM
Andres P
 
Default makepkg: do not ask sudo password twice

On Thu, Jun 17, 2010 at 10:15 AM, Dan McGee <dpmcgee@gmail.com> wrote:
> I'm terribly confused still.
>
> $ sudo cat /etc/sudoers
> Password:
>
> Defaults editor = /usr/bin/vim:/usr/bin/vi
>
> root * *ALL=(ALL) ALL
> %wheel *ALL=(ALL) ALL
> dmcgee *ALL= NOPASSWD: /usr/sbin/vpnc, /usr/sbin/vpnc-disconnect
> dmcgee *ALL= NOPASSWD: /usr/bin/openconnect
>
> I don't see any exemption for `sudo -l` in there, but it never prompts
> me for a passwd (even if adding those timeout defaults). Or is it just
> the presence of any NOPASSWD entry at all? If that is the case, that
> seems downright silly...
>
My config is pretty vanilla so try that instead? Since the
misbehaviour happened there.

>>
>> Anyhow,
>>
>> What if there's a check for sudo's retval like I posted in the comments?
>
> There is no way to tell the difference between the retval of sudo and
> the retval of the called program as far as I can tell, so this
> wouldn't quite work.
>
In the context of falling back to su if sudo pacman fails, it would
not matter if the error is due to pacman or to sudo missing
permissions for pacman.

Notice that it was in direct response to "more password prompts" over
"loss of functionality":
On Thu, Jun 17, 2010 at 10:00 AM, Allan McRae <allan@archlinux.org> wrote:
> I think I have found the issue here. We obviously have a NOPASSWD entry in
> our sudoers file so "sudo -l" does not require a password.
>
> So the bug is confirmed. However the fix is not fully functional as if I
> have sudo installed but can not use it for pacman, then I can no longer fall
> back to using "su -c". I'd choose excess password typing over functionality
> loss.
>

In short, su would be the fallback if sudo fails for any reason.

Andres P
 
Old 06-17-2010, 03:10 PM
Andres P
 
Default makepkg: do not ask sudo password twice

On Thu, Jun 17, 2010 at 10:39 AM, Loui Chang <louipc.ist@gmail.com> wrote:
> Why not just take sudo and asroot out of the equation and treat makepkg
> as a real non-handholding executable?
>

+1

Andres P
 
Old 06-18-2010, 12:09 AM
Dan McGee
 
Default makepkg: do not ask sudo password twice

On Thu, Jun 17, 2010 at 6:37 PM, Allan McRae <allan@archlinux.org> wrote:
> On 18/06/10 09:12, Loui Chang wrote:
>>
>> On Fri 18 Jun 2010 08:19 +1000, Allan McRae wrote:
>>>
>>> On 18/06/10 01:09, Loui Chang wrote:
>>>>
>>>> On Fri 18 Jun 2010 00:30 +1000, Allan McRae wrote:
>>>>>
>>>>> I think I have found the issue here. * We obviously have a NOPASSWD
>>>>> entry in our sudoers file so "sudo -l" does not require a password.
>>>>>
>>>>> So the bug is confirmed. *However the fix is not fully functional as
>>>>> if I have sudo installed but can not use it for pacman, then I can
>>>>> no longer fall back to using "su -c". *I'd choose excess password
>>>>> typing over functionality loss.
>>>>
>>>> Why not just take sudo and asroot out of the equation and treat makepkg
>>>> as a real non-handholding executable?
>>>
>>> What do you mean? * Remove automatic dependency installation or
>>> require the entire thin to be run as root?
>>
>> Enable the entire thing to be run as any user.
>>
>> A user does not necessarily need to be called 'root' to have package
>> manager privileges, nor do they need to be 'root' to have superuser
>> privileges, so why do we need a special flag for when the user does
>> happen to be 'root'?
>>
>> I think a user should arrange those himself, rather than having makepkg
>> assume that he wants to become root via sudo. If the user hasn't
>> previously arranged the privs, then makepkg dependency installation
>> should fail.
>>
>> In my opinion any use of sudo, and any restrictions on root in makepkg
>> should be removed. If you're keen to this idea I could provide some
>> patches.
>
> I still am not sure where you are going with this...
>
> 1) pacman requires you to be root to install packages (or at least UID=0 I
> think)
>> pacman -S pacman
> error: you cannot perform this operation unless you are root.

Correct. There is really no way to avoid being root here; you are
going to touch everything on the system *and* you need arbitrary
command execution.

/* geteuid undefined in CYGWIN */
uid_t myuid = geteuid();
......
/* check if we have sufficient permission for the requested operation */
if(myuid > 0 && needs_root()) {
pm_printf(PM_LOG_ERROR, _("you cannot perform this operation
unless you are root.
"));
cleanup(EXIT_FAILURE);
}

> 2) Doing the actual packaging as root is dangerous, especially if you have
> "make install" by accident in your PKGBUILD. *Or, as does happen, the
> software has a shitty Makefile and ignores DESTDIR for part of the
> installation (for this reason --asroot is not being removed).

+1000, Try packaging munin sometime from a blank slate as root and let
me know when you un-screw your system. I have spent a long time
haggling with packages like that to make sure they are actually doing
their work in $pkgdest rather than my live system.

> So we have conflicting needs within makepkg. *root to install, non-root to
> build. *When makepkg needs to install dependency packages, it checks if sudo
> is an option and if not falls back to using "su -c", and if that fails it
> gives up. *Are you proposing that it just gives up straight away and not
> attempt privilege escalation?

Couldn't have said it better myself, thank you Allan.

-Dan
 
Old 06-18-2010, 04:27 AM
Andres P
 
Default makepkg: do not ask sudo password twice

On Thu, Jun 17, 2010 at 7:07 PM, Allan McRae <allan@archlinux.org> wrote:
> 2) Doing the actual packaging as root is dangerous, especially if you have
> "make install" by accident in your PKGBUILD. *Or, as does happen, the
> software has a shitty Makefile and ignores DESTDIR for part of the
> installation (for this reason --asroot is not being removed).
>

If at any point you encounter a "shitty" makefile, then you submit a patch
upstream like anybody else. The last thing you do is put a "shitty" workaround
in a bash script.

> So we have conflicting needs within makepkg. *root to install, non-root to
> build. *When makepkg needs to install dependency packages, it checks if sudo
> is an option and if not falls back to using "su -c", and if that fails it
> gives up. *Are you proposing that it just gives up straight away and not
> attempt privilege escalation?
>

All of this insight going nowhere, and the fact still stands that this
behaviour is *new*.

If sudo -l && sudo means 2 password prompts, then the logical route that
makepkg can take is either assume that if sudo is in PATH (type -p sudo), then
that means it's configured to run makepkg. If it's not in PATH, then su it is.

The other route would be to revert to what you had in the repo before the
commit that's been refered to took place, but that would make too much sense.

Andres P
 

Thread Tools




All times are GMT. The time now is 10:12 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org