[Bug 982684] Re: sudo, pkexec don't apply global environment settings from /etc/environment

Bug Watch Updater 982684 at bugs.launchpad.net
Tue Mar 12 09:17:30 UTC 2013 

Launchpad has imported 6 comments from the remote bug at
https://bugs.freedesktop.org/show_bug.cgi?id=62016.

If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.

------------------------------------------------------------------------
On 2013-03-08T10:58:55+00:00 Martin Pitt wrote:

Various pam modules provide environment variables that are intended to
be set in the environment of the pam session.  pkexec needs to process
the output of pam_getenvlist() to get these.

This will e. g. apply correct locales in pkexec when they are configured
in pam_environment.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/982684/comments/23

------------------------------------------------------------------------
On 2013-03-08T11:01:25+00:00 Martin Pitt wrote:

Created attachment 76150
pkexec: Set process environment from pam_getenvlist()

Steve Langasek applied this patch a while ago to the Ubuntu packages. I
adjusted it for current git master and brought it into git format-patch
form.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/982684/comments/24

------------------------------------------------------------------------
On 2013-03-08T18:06:28+00:00 Zeuthen wrote:

I'm not sure that's a good idea ... but I can probably be convinced that
it is :-) ... So apart from locales, can you give examples of such PAM
modules and the environment variables that are set? Thanks.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/982684/comments/25

------------------------------------------------------------------------
On 2013-03-08T18:08:38+00:00 Zeuthen wrote:

Comment on attachment 76150
pkexec: Set process environment from pam_getenvlist()

Review of attachment 76150:
-----------------------------------------------------------------

Looks good but the the coding style is wrong

 - curly-braces / indentation wrong
 - should use guint instead of int
 - should use 'n' as a counter/iterator, not 'i' (like the rest of the code)

These are style issues but consistency is important.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/982684/comments/26

------------------------------------------------------------------------
On 2013-03-11T08:31:41+00:00 Steve Langasek wrote:

On Fri, Mar 08, 2013 at 06:06:28PM +0000, bugzilla-daemon at freedesktop.org wrote:
> ... So apart from locales, can you give examples of such PAM modules and
> the environment variables that are set? Thanks.

The pam_env module is a big one, which is used by admins to configure
arbitrary environment settings for all sessions.  The specific case that
prompted this had to do with proxy settings configured in the environment.

Other modules that may need to set environment variables include pam_krb5
and pam_afs_session, whose environment settings may be required for proper
filesystem access.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/982684/comments/27

------------------------------------------------------------------------
On 2013-03-11T08:48:38+00:00 Martin Pitt wrote:

Created attachment 76324
pkexec: Set process environment from pam_getenvlist()

Fixed coding style.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/982684/comments/28


** Changed in: policykit
       Status: Unknown => Incomplete

** Changed in: policykit
   Importance: Unknown => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/982684

Title:
  sudo, pkexec don't apply global environment settings from
  /etc/environment

Status in PolicyKit:
  Incomplete
Status in “policykit-1” package in Ubuntu:
  Fix Released
Status in “sudo” package in Ubuntu:
  Fix Released
Status in “policykit-1” source package in Precise:
  Fix Released
Status in “sudo” source package in Precise:
  Fix Released
Status in “policykit-1” source package in Quantal:
  Fix Released
Status in “sudo” source package in Quantal:
  Fix Released

Bug description:
  [Impact]
  In connection with the recent update-notifier changes (https://wiki.ubuntu.com/Specs/UpdateNotifierPackageDataDownloader), some users who were previously able to download the flashplugin via the apt proxy settings are now unable to download it when running, e.g., 'sudo apt-get install'.

  The reason for this is that, even though a global proxy may be
  configured in /etc/environment, sudo does not allow $http_proxy to be
  inherited by default and does not reapply the environment from
  /etc/environment (and from /etc/default/locale) via pam_env.

  The first part is reasonable, but I question the second part.  Since
  these are global config files, I believe it's safe for sudo to apply
  the environment settings by default just as 'su' does; and the
  settings are intended to apply globally, which would include to sudo
  sessions.

  This would make update-notifier work more reliably for users with
  proxies, and would probably help with a variety of other cases where
  global variables are currently not being set as expected for sudo.

  [Test Case]
  1. Set 'http_proxy=invalid' in /etc/environment
  2. Run 'sudo wget http://www.ubuntu.com/', 'pkexec wget http://www.ubuntu.com/'
  3. Verify that the commands return successfully
  4. Install updated sudo, policykit-1 packages from precise-proposed
  5. Repeat the commands from step 2
  6. Verify that the commands now fail with an error about invalid proxies
  7. Remove the http_proxy line from /etc/environment

  [Regression potential]
  Some users may consider it a feature that global settings from /etc/environment are not applied to sudo and/or pkexec.  However, this is not by design; the cost of not being able to correctly support proxies for users is greater than the cost of changing this behavior in an SRU and breaking expectations of users regarding undocumented behavior.

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: sudo 1.8.3p1-1ubuntu3
  ProcVersionSignature: Ubuntu 3.2.0-22.35-generic 3.2.14
  Uname: Linux 3.2.0-22-generic x86_64
  ApportVersion: 2.0.1-0ubuntu3
  Architecture: amd64
  CheckboxSubmission: 017452a27eca3c8b498abbfa5ef91db9
  CheckboxSystem: ecaaad6fa1e0799a0aa1126bf620f39e
  Date: Sun Apr 15 16:41:17 2012
  InstallationMedia: Ubuntu 10.04.1 LTS "Lucid Lynx" - Release amd64 (20100816.1)
  ProcEnviron:
   TERM=xterm
   PATH=(custom, user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: sudo
  UpgradeStatus: Upgraded to precise on 2011-11-08 (159 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/policykit/+bug/982684/+subscriptions

More information about the foundations-bugs mailing list