sudo show predefine PAM prompt with some PAM Modules, no default sudo prompt

Bug #1414303 reported by Joel Peláez Jorge
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
sudo (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

I use libpam-krb5 for authentication, when I use sudo it show this prompt

Password:

Not the default of sudo

[sudo] password for (user):

But if it's set LANG=C (no locale) with module libpam-krb5 show the default prompt of sudo.

With the module pam_unix (default of system) work without problems.

Then the problem is in locale support of one of these packages. At check the source code of two I reached the conclusion.

1. libpam-krb5 not support translations.

2. sudo replaces the PAM prompt if this is "Password:" or translate of this. But sudo only check "Password:" translated on current language config (example "Contraseña:" on "es" locale).

This bug not cause "real" problem but it may reveal the authentication system in use.

This report has attached a (possible) patch of sudo for fix the bug.

ProblemType: Bug
DistroRelease: Ubuntu 14.10
Package: sudo 1.8.9p5-1ubuntu2
ProcVersionSignature: Ubuntu 3.16.0-29.39-generic 3.16.7-ckt2
Uname: Linux 3.16.0-29-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.14.7-0ubuntu8.1
Architecture: amd64
Date: Sat Jan 24 07:50:23 2015
InstallationDate: Installed on 2015-01-12 (12 days ago)
InstallationMedia: Ubuntu 14.10 "Utopic Unicorn" - Release amd64 (20141022.1)
SourcePackage: sudo
UpgradeStatus: No upgrade log present (probably fresh install)
VisudoCheck:
 /etc/sudoers análisis OK
 /etc/sudoers.d/README análisis OK

Related branches

Revision history for this message
Joel Peláez Jorge (joelpelaez) wrote :
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "sudo patch for fix prompt issue with some PAM modules" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

tags: added: patch
Changed in sudo (Ubuntu):
importance: Undecided → Medium
Revision history for this message
Daniel Holbach (dholbach) wrote :

Do you know if this patch was discussed with the sudo upstream developers?

Revision history for this message
Martin Pitt (pitti) wrote :

Right, please forward this to http://bugzilla.sudo.ws/index.cgi . I don't want to patch this central piece of security sensitive software with some upstream review; and in general, we avoid having non-Ubuntu specific patches in Ubuntu only. Thanks!

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

I am unsubscribing ubuntu-sponsors for now, since there is nothing to do until this patch gets accepted upstream.

Once you've opened the upstream bug, and have linked it to this one, please subscribe ubuntu-sponsors again. Thanks!

Revision history for this message
Joel Peláez Jorge (joelpelaez) wrote :

The patch has committed, the bug entry is http://bugzilla.sudo.ws/show_bug.cgi?id=701

Changed in sudo (Ubuntu):
status: New → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package sudo - 1.8.12-1ubuntu3

---------------
sudo (1.8.12-1ubuntu3) wily; urgency=medium

  * debian/patches/pam_check_untranslated_prompt.patch: also check the un-
    translated version of the prompt when checking if the PAM prompt matches
    "Password:". Patch from Joel Pelaez Jorge. (LP: #1414303)

 -- Mathieu Trudel-Lapierre <email address hidden> Tue, 22 Sep 2015 11:57:43 -0400

Changed in sudo (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.