search

sudo-project / sudo

Utility to execute a command as another user
https://www.sudo.ws
Other
1.2k stars 224 forks source link

Incorrect sudo -V output #386

Closed blemouzy closed 5 months ago

blemouzy commented 5 months ago

Hello,

I working on an ARM based embedded system with Yocto.

I noticed a strange sudo -V output (floating values are not correctly displayed) since sudo update from 1.9.13p3 to 1.9.15p2.

# sudo -V | grep timeout
Authentication timestamp timeout: f minutes
Password prompt timeout: f minutes

I also tried the 1.9.15p5 version with same result.

millert commented 5 months ago

This happens when using sudo's snprintf() replacement since it does not support floating point. That should only be necessary on older systems without a C99-compatible snprintf() (or systems without asprintf()).

In your case, this is probably because sudo was built with a cross-compiler and that configure test was unable to run. These days, it is probably safe to assume that snprintf() is C99-compliant when cross-compiling. If you are building your own sudo, you can set ac_cv_have_working_snprintf=yes in the environment to avoid the issue.

blemouzy commented 5 months ago

This happens when using sudo's snprintf() replacement since it does not support floating point. That should only be necessary on older systems without a C99-compatible snprintf() (or systems without asprintf()).

What explains the regression between 1.9.13p3 and 1.9.15p2?

In your case, this is probably because sudo was built with a cross-compiler and that configure test was unable to run. These days, it is probably safe to assume that snprintf() is C99-compliant when cross-compiling. If you are building your own sudo, you can set ac_cv_have_working_snprintf=yes in the environment to avoid the issue.

I made the test:

After

12157:ac_cv_have_working_snprintf=yes

* check `sudo -V` output:
```bash
Authentication timestamp timeout: f minutes
Password prompt timeout: f minutes

⮕ same result

millert commented 5 months ago

Sorry, you also need to set ac_cv_have_working_vsnprintf=yes.

In sudo 1.9.13 vfprintf() was used to display those strings so the problem did not occur. The switch to using vsnprintf() in 1.9.14 is what triggered the issue. Sudo 1.9.16 will avoid the problem by treating ac_cv_have_working_snprintf=cross and ac_cv_have_working_vsnprintf=crossthe same as "yes".

blemouzy commented 5 months ago

Sorry, you also need to set ac_cv_have_working_vsnprintf=yes.

That effectively work now!

In sudo 1.9.13 vfprintf() was used to display those strings so the problem did not occur. The switch to using vsnprintf() in 1.9.14 is what triggered the issue.

Thanks for the explanation and thanks for support.

Sudo 1.9.16 will avoid the problem by treating ac_cv_have_working_snprintf=cross and ac_cv_have_working_vsnprintf=crossthe same as "yes".

Nice! Link to the associated commit: 920710b186ad11205b7f4969178555cd5fe23e20

egtvedt commented 3 months ago

After this change I'm not able to link sudo release 1.9.16, I did a comment on the configure script change in https://github.com/sudo-project/sudo/commit/920710b186ad11205b7f4969178555cd5fe23e20#r146098350

I'm no good with autoconf, so if somebody could point failure on my side or the change here needs further improvements?

Update: By adding ac_cv_have_working_snprintf=yes and ac_cv_have_working_vsnprintf=yes when configuring, sudo 1.9.16 compiles and link for me.

Update2: And I have the following in config.h

/* Enable replacement (v)snprintf if system (v)snprintf is broken. */
/* #undef PREFER_PORTABLE_SNPRINTF */

Which looks correct.

millert commented 3 months ago

@egtvedt Can you test whether https://github.com/sudo-project/sudo/commit/3e12cacc0f91bc27f0c8d627843bd22c8b5bb6fa this this for you?

egtvedt commented 3 months ago

@egtvedt Can you test whether 3e12cac this this for you?

This commit solves my configure problem, and I get the expected defines in config.h

#define HAVE_SNPRINTF 1
#define HAVE_VSNPRINTF 1
/* #undef PREFER_PORTABLE_SNPRINTF */

Thank you for solving so quickly.