HPE Community
Operating System - HP-UX
1829594 Members
1298 Online
109992 Solutions
New Discussion

Sudo

 
Gordon_3
Regular Advisor

‎06-23-2003 02:55 AM

‎06-23-2003 02:55 AM

Sudo

Hi all,

I wanna to install the sudo 1.6.6 into our HPUX 11.00 & 11i machine, however after reading the README, I found 1 big issue which quite confuse me, it stating

Quote:
Sudo tries to clear the environment of dangerous environment variables
such as LD_* to prevent shared library spoofing. If you are porting
sudo to a new OS that has shared libraries you'll want to mask out
the variables that allow one to change the shared library path.
See initial_badenv_table() in env.c to see how this is done for
various operating systems.
End Quote:

Some of our programs will require LD_PRELOAD env variable to work for Dynamic Library Linkage, also in the table above message mention, I also found "SHLIB_*" definition in the called initial_badenv_table() , which some other program will also require this SHLIB_* to work, I really have no idea what above message mean and what will be impact to those applications after I install it, could someone pls help to clear up, many thx.

Gordon
Gordon
0 Kudos
Reply
6 REPLIES 6
Pete Randall
Outstanding Contributor

‎06-23-2003 03:00 AM

‎06-23-2003 03:00 AM

Re: Sudo

Gordon,

I see no such note in the README file for the pre-built version at the Porting and Archive Centre. Try downloading from here:

http://hpux.connect.org.uk/hppd/hpux/Sysadmin/sudo-1.6.6/


Pete



Pete
0 Kudos
Reply
Umapathy S
Honored Contributor

‎06-23-2003 03:07 AM

‎06-23-2003 03:07 AM

Re: Sudo

Gordon,
Just a thought. In this case, it may affect the application. Sudo, clearly says that it will remove LD_* variables.

A fix would be to create a shell script that exports all these variables and then run the application. You can invoke the application via the shell script using sudo.

HTH,
Umapathy
Arise Awake and Stop NOT till the goal is Reached!
0 Kudos
Reply
Gordon_3
Regular Advisor

‎06-23-2003 03:34 AM

‎06-23-2003 03:34 AM

Re: Sudo

HI Pete,

Sorry give some wrong info, in fact, u can check the file PORTING in the source dir.

Also our current setting is set those LD_* in the application ID .profile / .cshrc. But seems it will not remove it after I test install it, so I really wonder what above sentence mean?? Many thx.

Gordon
Gordon
0 Kudos
Reply
Pete Randall
Outstanding Contributor

‎06-23-2003 03:41 AM

‎06-23-2003 03:41 AM

Re: Sudo

Gordon,

I looked at the README file as posted at http://hpux.connect.org.uk/hppd/hpux/Sysadmin/sudo-1.6.6/readme.html which must be different than what you're seeing. Sorry for any confusion.


Pete



Pete
0 Kudos
Reply
Michael Kelly_5
Valued Contributor

‎06-23-2003 10:14 AM

‎06-23-2003 10:14 AM

Re: Sudo

Gordon,
when you run a program with sudo, it (sudo) will clear (or empty) certain environment variables before starting the new program. It does this to prevent some well known hacks.
The important thing to remember is that sudo only clears these variables, it does not 'disable' them. There is no reason why the 'called' program should not set these environment variables to whatever you need them to be set to.
As Umapathy pointed out, you can use sudo to start a shell which sets up the environment you need and then exec's the program.

HTH,
Michael.
The nice thing about computers is that they do exactly what you tell them. The problem with computers is that they do EXACTLY what you tell them.
0 Kudos
Reply
Bill Douglass
Esteemed Contributor

‎06-23-2003 10:53 AM

‎06-23-2003 10:53 AM

Re: Sudo

If you have questions about what environment variables are affected by sudo, then you can do the following:


env | sort > /tmp/user1

sudo -u user2 env | sort > /tmp/user2

diff /tmp/user1 /tmp/user2

In my case,

SHLIB_PATH
TERMCAP
TERMINFO

were missing from the sudo environment.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.