-
Bug
-
Resolution: Unresolved
-
Undefined
-
rhel-8.10.z
-
sudo-1.9.5p2-1.el8_10.3
-
None
-
Low
-
ZStream
-
rhel-idm-sssd
-
None
-
-
False
-
False
-
-
None
-
Red Hat Enterprise Linux
-
None
-
-
Pass
-
Automated
-
Unspecified
-
Unspecified
-
Unspecified
-
None
This is a clone of issue RHEL-59136 to use for version rhel-8.10.z
–
Original description:
What were you trying to do that didn't work?
When sudo'ing interactively, sudo spawns the user's shell with setting SHELL twice in the environment, e.g.:
2755 14:13:52.522189 execve("/usr/bin/sudo", ["sudo", "-iu", "admin"], ["USER=admin", "LOGNAME=admin", "HOME=/home/admin", "PATH=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/admin/bin", "SHELL=/usr/bin/zsh", "TERM=xterm-256color", "SSH_AUTH_SOCK=/tmp/ssh-9oLKnY3wjh/agent.2696", "SELINUX_ROLE_REQUESTED=", "SELINUX_LEVEL_REQUESTED=", "SELINUX_USE_CURRENT_RANGE=", ...]) = 0 <0.001487> : 2761 14:13:52.561218 execve("/usr/bin/zsh", ["-zsh"], ["TERM=xterm-256color", "MAIL=/var/mail/admin", ..., "LANG=en_US.UTF-8", "SHELL=/usr/bin/zsh", ..., "SHELL=/usr/bin/zsh", "SUDO_COMMAND=/usr/bin/zsh", "SUDO_USER=admin", "SUDO_UID=1000", "SUDO_GID=1000"] <unfinished ...> 2761 14:13:52.561565 <... execve resumed>) = 0 <0.000333>
Whatever shell is spawned, the issue occurs.
For bash this isn't an issue because bash removes the duplicate entry somehow, but it's an issue for zsh which doesn't do this additional operation.
The result is querying SHELL through parsing env output shows a duplicate:
$ env | grep ^SHELL SHELL=/bin/zsh SHELL=/bin/zsh
IMHO there is a bug in sudo, the related code is plugins/sudoers/env.c which doesn't check for duplicates:
62 #undef DID_SHELL 63 #define DID_SHELL 0x00000008 868 #define CHECK_SETENV2(a, b, c, d) do { \ 869 if (sudo_setenv2((a), (b), (c), (d)) == -1) { \ 870 goto bad; \ 871 } \ 872 } while (0) 969 didvar |= didvar << 16; /* convert DID_* to KEPT_* */ 970 971 /* 972 * Add in defaults. In -i mode these come from the runas user, 973 * otherwise they may be from the user's environment (depends 974 * on sudoers options). 975 */ 976 if (ISSET(sudo_mode, MODE_LOGIN_SHELL)) { 977 CHECK_SETENV2("SHELL", runas_pw->pw_shell, 978 ISSET(didvar, DID_SHELL), true); :
Here above on line 978, didvar doesn't contain DID_SHELL flag, which leads to sudo_setenv2() not checking for duplicates, as seen in the gdb backtrace (dupcheck=false):
sudo_setenv2 (var=var@entry=0x7fc0edbe5fe0 "SHELL", val=0x5577db35d75d "/bin/zsh", dupcheck=false, overwrite=overwrite@entry=true) at ./env.c:423 423 debug_decl(sudo_setenv2, SUDOERS_DEBUG_ENV);
What is the impact of this issue to you?
Unclear if this could affect programs expecting a unique value for SHELL.
- software is reporting following errors:
Error : Severity:WARNING (ELABORATING) Key already exists
Description : Key SHELL already defined as "/bin/ksh"
Latest errno set : 22 : INVALID_ARGUMENT, Invalid argument
- these errors are polluting the program logs
Please provide the package NVR for which the bug is seen:
sudo-1.9.5p2-1.el8_9
sudo-1.9.5p2-10.el9_3
How reproducible is this bug?:
Always
Steps to reproduce
- Create a user in wheel group with /bin/zsh shell
# useradd -G wheel -s /bin/zsh admin # echo redhat | passwd --stdin admin
- Login as the user
- Sudo interactively with target being the user itself (or any user having zsh as a shell)
$ sudo -iu admin $ env | grep ^SHELL
Expected results
SHELL=/bin/zsh
Actual results
SHELL=/bin/zsh SHELL=/bin/zsh
- clones
-
-
- In Progress
-
- links to
-
RHBA-2025:156465
sudo update
