Ubuntu
sudo package

sudo doesn't strip quotes from /etc/environment

Bug #387262 reported by Loïc Minier
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
sudo
Unknown
Unknown
localechooser (Ubuntu)
Invalid
Undecided
Unassigned
sudo (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Hi

localechooser writes /etc/default/locale with quotes protecting LANG and LANGUAGE; typically after an install the file contains something like:
LANG="en_US.UTF-8"

however pam_env expects VAR=VALUE lines, without quotes. This causes LANG to be set literally to "en_US.UTF-8" with the quotes; this is of course not a valid locale name.

[ I raised this bug to Michael Vogt during UDS as I was seeing this after using language-selector, he fixed language-selector to write LANG=foo instead of LANG="foo", but this only fixes the issue for people who will run language-selector in the future. ]

I believe we should change pam_env to strip quotes, perhaps only for certain env vars; we can also change localechooser to stop using quotes for new installs.

Cheers

See original description

Related branches

lp:ubuntu/karmic/sudo
Loïc Minier (lool)
description: updated
Revision history for this message
Colin Watson (cjwatson) wrote : Re: [Bug 387262] [NEW] pam_env's and localechooser's usage of quotes for /etc/default/locale conflicts

As far as I can see, pam_env already strips quotes. Here's the code:

        /* now we try to be smart about quotes around the value,
           but not too smart, we can't get all fancy with escaped
           values like bash */
        if (key[i] == '=' && (key[++i] == '\"' || key[i] == '\'')) {
            for ( t = i+1 ; key[t] != '\0' ; t++)
                if (key[t] != '\"' && key[t] != '\'')
                    key[i++] = key[t];
                else if (key[t+1] != '\0')
                    key[i++] = key[t];
            key[i] = '\0';
        }

Is this not working for you?

Revision history for this message
Loïc Minier (lool) wrote : Re: pam_env's and localechooser's usage of quotes for /etc/default/locale conflicts

Ah it seems it's not systematic; I get it with "sudo -i" or "env -i sudo -i".

Revision history for this message
Loïc Minier (lool) wrote :

I see that pam_env is only enabled for some services, but not for sudo.

affects: pam (Ubuntu) → sudo (Ubuntu)
Revision history for this message
Loïc Minier (lool) wrote :

Sorry for wrongly assuming this was pam_env; this lead me to think that the fix would be intrusive in pam_env and a change in localechooser had to be considered, but that's not the case, it's just sudo not using the same algorithm:
/*
 * Read in /etc/environment ala AIX and Linux.
 * Lines are in the form of NAME=VALUE
 * Invalid lines, blank lines, or lines consisting solely of a comment
 * character are skipped.
 */
void
read_env_file(path, replace)
    const char *path;
    int replace;
{
    FILE *fp;
    char *cp;

    if ((fp = fopen(path, "r")) == NULL)
        return;

    /* Make sure we are operating on the current environment. */
    if (env.envp != environ)
        sync_env();

    while ((cp = sudo_parseln(fp)) != NULL) {
        /* Skip blank or comment lines */
        if (*cp == '\0')
            continue;

        /* Must be of the form name=value */
        if (strchr(cp, '=') == NULL)
            continue;

        insert_env(estrdup(cp), replace ? TRUE : -1, TRUE);
    }
    fclose(fp);
}

Changed in localechooser (Ubuntu):
status: New → Invalid
Revision history for this message
Loïc Minier (lool) wrote :

I implemented the pam_env logic in sudo; see attached debdiff which I'd like someone to proofread.

This is the testsuite I've put in /etc/environment along with the outputs of env in sudo -i and in env -i su - -c env:
test sudo pam_env
----------------------------------------------------------
FOO0=foo0 FOO0=foo0 FOO0=foo0
FOO1="foo1 FOO1=foo1 FOO1=foo1
FOO2="foo2" FOO2=foo2 FOO2=foo2
FOO3=foo3" FOO3=foo3" FOO3=foo3"
FOO4='foo4 FOO4=foo4 FOO4=foo4
FOO5='foo5' FOO5=foo5 FOO5=foo5
FOO6=foo6' FOO6=foo6' FOO6=foo6'
FOO7='foo7" FOO7=foo7 FOO7=foo7
FOO8="foo8' FOO8=foo8 FOO8=foo8
FOO9="foo'9" FOO9=foo'9 FOO9=foo'9
FOO10='foo"10" FOO10=foo"10 FOO10=foo"10
FOO11='foo"11 FOO11=foo"11 FOO11=foo"11
FOO12="foo'12 FOO12=foo'12 FOO12=foo'12
FOO13='foo"13 FOO13=foo"13 FOO13=foo"13
FOO14=foo"14' FOO14=foo"14' FOO14=foo"14'
FOO15=foo'15" FOO15=foo'15" FOO15=foo'15"
FOO16=foo'16 FOO16=foo'16 FOO16=foo'16
FOO17=foo"17 FOO17=foo"17 FOO17=foo"17

(so the results match between pam_env/su and sudo)

Revision history for this message
Loïc Minier (lool) wrote :

This is another test run, adding also the results with the current ("old") sudo and some tests for "export".

test new sudo pam_env old sudo
----------------------------------------------------------
FOO0=foo0 FOO0=foo0 FOO0=foo0 FOO0=foo0
FOO1="foo1 FOO1=foo1 FOO1=foo1 FOO1="foo1
FOO2="foo2" FOO2=foo2 FOO2=foo2 FOO2="foo2"
FOO3=foo3" FOO3=foo3" FOO3=foo3" FOO3=foo3"
FOO4='foo4 FOO4=foo4 FOO4=foo4 FOO4='foo4
FOO5='foo5' FOO5=foo5 FOO5=foo5 FOO5='foo5'
FOO6=foo6' FOO6=foo6' FOO6=foo6' FOO6=foo6'
FOO7='foo7" FOO7=foo7 FOO7=foo7 FOO7='foo7"
FOO8="foo8' FOO8=foo8 FOO8=foo8 FOO8="foo8'
FOO9="foo'9" FOO9=foo'9 FOO9=foo'9 FOO9="foo'9"
FOO10='foo"10" FOO10=foo"10 FOO10=foo"10 FOO10='foo"10"
FOO11='foo"11 FOO11=foo"11 FOO11=foo"11 FOO11='foo"11
FOO12="foo'12 FOO12=foo'12 FOO12=foo'12 FOO12="foo'12
FOO13='foo"13 FOO13=foo"13 FOO13=foo"13 FOO13='foo"13
FOO14=foo"14' FOO14=foo"14' FOO14=foo"14' FOO14=foo"14'
FOO15=foo'15" FOO15=foo'15" FOO15=foo'15" FOO15=foo'15"
FOO16=foo'16 FOO16=foo'16 FOO16=foo'16 FOO16=foo'16
FOO17=foo"17 FOO17=foo"17 FOO17=foo"17 FOO17=foo"17
export FOO=foo FOO=foo FOO=foo export FOO=foo
export F="f" F=f F=f export F="f"

Loïc Minier (lool)
summary: - pam_env's and localechooser's usage of quotes for /etc/default/locale
- conflicts
+ sudo doesn't strip quotes from /etc/environment
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package sudo - 1.7.0-1ubuntu2

---------------
sudo (1.7.0-1ubuntu2) karmic; urgency=low

  * env.c: add logic similar to pam_env's stripping of single and double
    quotes around /etc/environment env vars; fixes literal quotes in LANG when
    using sudo -i; LP: #387262.

 -- Loic Minier <email address hidden> Mon, 22 Jun 2009 18:03:45 +0200

Changed in sudo (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.