bash with log_subcmds on AIX

[loopway]

Calling sudo bash on AIX with enabled log_subcmds breaks STDOUT of certain commands like df. STDOUT is not displayed at all. For other commands like ps it seems to have no affect.

Tested with: AIX 7300-01-02-2320 sudo 1.9.14-2 RPM (from sudo.ws Prebuilt Packages) bash 5.1.4.0 LPP (AIX 7.3) bash 5.1.16-1 RPM (from IBM AIX Toolbox for Open Source Software)

sudo ksh works as expected.

[millert]

This is almost certainly because bash is a 64-bit executable but ksh and sudo are 32-bit. For example:

$ file /bin/ksh /bin/bash
/bin/ksh: executable (RISC System/6000) or object module
/bin/bash: 64-bit XCOFF executable or object module

I see the same behavior when using log_subcmds with a 64-bit bash and a 32-bit sudo. It works as expected with a 32-bit bash executable.

The way log_subcmds works is that it interposes itself via LDR_PRELOAD so it can catch calls to execute a new program. Unfortunately, that only works for binaries of the same word size. Since your bash is 64-bit but sudo is 32-bit log_subcmds will not work properly. The way to fix this is for sudo to build both 32-bit and 64-bit versions of the sudo_intercept dynamic shared object but the build system uses by sudo (autoconf and libtool) doesn't really support that. It may be possible for me to build both a 32-bit and 64-bit sudo on AIX and combine the shared objects since the build system doesn't support this natively.

[millert]

I've added scaffolding to support both 32-bit and 64-bit versions of sudo_intercept.a on AIX in 980e0216ac12e89fe79797da43b513921e41e37b, 0a181849a123108ded6ba6de62d1712434c16a0d and 002e22f84614b2c1cf71f7e33a86dea3d16ac14c. My sudo 1.9.15 AIX packages will include 32-bit and 64-bit versions of sudo_intercept.a.

[loopway]

@millert Thanks a lot for looking into it. I can confirm that we have no issue with the /opt/freeware/bin/bash_32 binary. Will be happy to test the new 1.9.15 release with 32 and 64 bit bash. 😎

[millert]

Closing now that sudo 1.9.15 is out.