Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-92629

sudo ksh executes ksh scripts using bash instead of ksh when checking the checksum

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Critical Critical
    • rhel-8.10.z
    • rhel-8.10
    • ksh
    • None
    • ksh-20120801-270.el8_10
    • No
    • Moderate
    • ZStream
    • 2
    • rhel-plumbers
    • ssg_core_services
    • 5
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • Plumbers Sprint 2, Plumbers Sprint 3
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      The issue got fixed on RHEL9 (sudo-1.9.5p2-10.el9_3).

      When executing a ksh script under sudo and sudo has a line to verify the checksum, then the target's user shell is used instead of ksh to interpret the script, as shown in the example below:

      ksh script /usr/local/bin/script.ksh

      #!/usr/bin/ksh
echo "SHELL is $(readlink /proc/$$/exe)"

      configure sudo to verify the checksum

      # echo "kshuser ALL=NOPASSWD: sha256:$(sha256sum /usr/local/bin/script.ksh)" > /etc/sudoers.d/kshuser

      execute the script under sudo

      (kshuser) $ sudo /usr/local/bin/script.ksh
SHELL is /usr/bin/bash

      Please backport this from RHEL9, sudo+checksum is an important feature.

              kvolny Karel Volný
              rhn-support-rmetrich Renaud Métrich
              Vincent Mihalkovic Vincent Mihalkovic
              Karel Volný Karel Volný
              Votes:
              0 Vote for this issue
              Watchers:
              16 Start watching this issue

                Created:
                Updated: