Bug 5896 - (int-144787) "sudo gainroot" root shells write their history in user's history file
(int-144787)
: "sudo gainroot" root shells write their history in user's history file
Status: NEW
Product: Core
general
: 5.0/(1.2009.41-10)
: N900 Maemo
: Low normal with 3 votes (vote)
: ---
Assigned To: unassigned
: core-general-bugs
:
: community-diablo, easyfix
:
:
  Show dependency tree
 
Reported: 2009-10-29 15:22 UTC by Lucas Maneos
Modified: 2010-08-03 12:50 UTC (History)
3 users (show)

See Also:


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description Lucas Maneos (reporter) 2009-10-29 15:22:13 UTC
SOFTWARE VERSION:
1.2009.41-10

Hope this is the right product/component for package sudo, please redirect if
not.

STEPS TO REPRODUCE THE PROBLEM:
1. Enable R&D mode or install rootsh.
2. Start an xterm.
3. Run "sudo gainroot".
4. Run a few commands.
5. Exit the root shell ("exit" or Ctrl-D, do not close the terminal).
6. Inspect /home/user/.ash_history and /root/.ash_history

EXPECTED OUTCOME:
The commands entered in step 4 should be appended to /root/.ash_history.

ACTUAL OUTCOME:
The commands are appended to /home/user/.ash_history instead.  If that file did
not previously exist, it is created with root owner/group thus preventing any
future user shell sessions from saving their history.

REPRODUCIBILITY:
Always.

EXTRA SOFTWARE INSTALLED:
rootsh, but the problem also is present also with the default gainroot script
(saved as /usr/sbin/gainroot.old).

OTHER COMMENTS:
This is caused by $HOME remaining unchanged by sudo (as configured in
/etc/sudoers).  I'm sure there are Good Reasons(TM) for that, but at least the
HISTFILE environment variable could be used to save root's history in the right
place, for example by replacing (in /usr/sbin/gainroot) the call to /bin/sh
with

HISTFILE=/root/.ash_history /bin/sh
Comment 1 Lucas Maneos (reporter) 2009-10-29 15:42:39 UTC
CCing rootsh maintainer.
Comment 2 Andre Klapper maemo.org 2009-10-29 17:15:01 UTC
I'm also wondering whether this is a rootsh issue or Nokia's fault. :-P
Comment by trippin1 welcome.
Comment 3 Lucas Maneos (reporter) 2009-10-29 17:22:26 UTC
(In reply to comment #2)
> I'm also wondering whether this is a rootsh issue or Nokia's fault. 

Both should be fixed, but the root cause is this line in /etc/sudoers:

Defaults env_keep+="HOME DISPLAY"

The gainroot script (both Nokia and rootsh versions) thus runs with
HOME=/home/user and executes /bin/sh with the same environment, which in turn
(if HISTFILE is unset, as it is by default) sets the history file to be
$HOME/.ash_history.
Comment 4 Andre Klapper maemo.org 2009-10-29 17:23:53 UTC
(Note to myself: potential userland issue)
Comment 5 Lucas Maneos (reporter) 2009-10-29 17:34:09 UTC
Oh, this affects Diablo too.
Comment 6 Faheem Pervez maemo.org 2009-10-29 18:07:05 UTC
Thank you, Lucas, for CCing me, and for the fix of course.

I have no problems with applying the fix given by Lucas to rootsh, but I would
like this to be noted: The root cause of the problem isn't my fault and, as
such, should be fixed by Nokia; not everyone uses rootsh to become root.
Comment 7 Lucas Maneos (reporter) 2009-10-29 18:46:12 UTC
(In reply to comment #6)
> The root cause of the problem isn't my fault and

No, of course not and apologies if it sounded like that.  In fact your version
provides an alternative (--use-su) which doesn't cause problems.

Note that the "fix" is not optimal, just a relatively safe workaround (I'm
trying to avoid touching anything that might require a reflash until firmware
images are available).  A SETENV tag in sudoers for example would fix this for
all versions of gainroot.
Comment 8 Faheem Pervez maemo.org 2009-10-29 18:52:37 UTC
(In reply to comment #7)
> (In reply to comment #6)
> > The root cause of the problem isn't my fault and
> 
> No, of course not and apologies if it sounded like that.  In fact your version
> provides an alternative (--use-su) which doesn't cause problems.
> 

Oh, apologies. That wasn't a dig at you; I just want Nokia to know that fixing
it in rootsh isn't a cue for the root problem to be ignored totally.

> Note that the "fix" is not optimal, just a relatively safe workaround (I'm
> trying to avoid touching anything that might require a reflash until firmware
> images are available).  A SETENV tag in sudoers for example would fix this for
> all versions of gainroot.
> 

No, it's all good. I had noticed that the history was rather odd on the N900,
but didn't really know where it originated from.
Comment 9 Andre Klapper maemo.org 2009-10-29 18:54:47 UTC
(In reply to comment #6)
> The root cause should be fixed by Nokia

Of course, that's why I've imported it already. :)
Comment 10 Andre Klapper maemo.org 2009-10-30 19:22:11 UTC
Problem here is (according to internal comment) that

"I can't estimate the number of applications that still depends on this
particular "feature" both in-house and 3rd party."

So this might become a WONTFIX for Maemo5 and it's definitely recommended to
fix rootsh "instead"/too. :-/
Comment 11 Lucas Maneos (reporter) 2009-10-30 19:31:42 UTC
(In reply to comment #10)
> "I can't estimate the number of applications that still depends on this
> particular "feature" both in-house and 3rd party."

That's what I thought, fair enough.

> So this might become a WONTFIX for Maemo5

Although not the perfect fix, there's no reason not to make the Nokia gainroot
set HISTFILE at least.  Nothing apart from /bin/sh (or bash, if it's installed)
uses that environment variable.
Comment 12 Andre Klapper maemo.org 2009-10-30 19:34:04 UTC
(In reply to comment #11)
> Although not the perfect fix, there's no reason not to make the Nokia gainroot
> set HISTFILE at least.  Nothing apart from /bin/sh (or bash, if it's installed)
> uses that environment variable.

Sorry, I wasn't verbose enough here. That's what's discussed now, yes.
Comment 13 Faheem Pervez maemo.org 2009-11-01 13:52:07 UTC
rootsh 1.6, which has been uploaded to the Chinook, Diablo and Fremantle
autobuilders, includes the fix given by lma.

Will test on my N800, N810 and N900 before I promote it.
Comment 14 Taomyn 2010-08-03 12:50:03 UTC
What happened to 1.6? It's not appeared in extras or extras-testing.