[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
sudo & addauth woes
|
From: |
Sergey Bugaev |
|
Subject: |
sudo & addauth woes |
|
Date: |
Tue, 7 Sep 2021 12:34:23 +0300 |
Hello!
Since this is bug-hurd and not just discuss-hurd, let me actually
report some bugs I just ran into.
Since recently, sudo has been broken:
$ sudo echo hi
Sorry, try again.
Sorry, try again.
sudo: 3 incorrect password attempts
It never even asks for the password, just errors out all by itself.
I thought, this is a perfect opportunity to break my Unix habits and
use addauth instead. So I run:
$ addauth root
Password:
it asks me for the (root) password, which I input, and then hangs.
Since unlike sudo it's not setuid, I can actually rpctrace it. Here
are the relevant parts:
<snip>
144<--148(pid773)->proc_getloginpids_request (1) = 0 {1 730 725 694
685 662 648 538 111 97 28 12 2 749 659 547 200 95 3 4 7 5 755 756 748
747 746 745 744 743 724 649 644 643 636 545 544 543 542 519 506 166 44
29 27 26 25 20 16 10 9 6 757 772 773}
<snip>
task135(pid773)->mach_port_deallocate (pn{ 23}) = 0
144<--148(pid773)->proc_getmsgport_request (28) = 0 138<--169(pid773)
138<--169(pid773)->msg_add_auth ( 167<--162(pid773)) = 0
task135(pid773)->mach_port_deallocate (pn{ 23}) = 0
144<--148(pid773)->proc_getmsgport_request (12) = 0 138<--165(pid773)
138<--165(pid773)->msg_add_auth ( 167<--162(pid773)) = 0
task135(pid773)->mach_port_deallocate (pn{ 23}) = 0
144<--148(pid773)->proc_getmsgport_request (2) = 0 138<--169(pid773)
138<--169(pid773)->msg_add_auth ( 167<--162(pid773))
It tries to add the new auth to all the processes in the current login
collection (as documented), but I'm somehow not a login collection —
or, rather, in the default login collection rooted at PID 1. It hangs
on PID 2 — it looks like /hurd/startup does not communicate its
message port to proc properly, or something.
So next I try only adding auth to the session, not the whole login collection:
$ addauth -S root
Password:
addauth: 757: Cannot get message port: (ipc/send) invalid destination port
$ ps 757
PID TT STAT TIME COMMAND
757 p0 Ssow 0:00.10 -bash
Eh, this last one is actually my fault: something something
reauthentication, something something cached proc server port.
The thing that worked in the end was:
$ addauth -p $$ root
I.e. adding auth only to the shell process.
So, the issues here are:
- sudo no longer works,
- /hurd/startup / PID 2 doesn't respond to msg_add_auth (),
- OpenSSH doesn't put me into a login collection,
- addauth doesn't quite work once it adds new auth to itself.
Sergey
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- sudo & addauth woes,
Sergey Bugaev <=