[opensuse] problems in 13.2 sudo & gvim:
tried editing a file as root: sudo gvim /etc/fstab Error detected while processing /usr/share/vim/vim74/menu.vim: line 354: E327: Part of menu-item path is not sub-menu E233: cannot open displayE852: The child process failed to start the GUI Press ENTER or type command to continue Two separate problems -- the menu.vim file is bad. I think I submitted a but on that some time ago, as I seem to remember them asking me if I could test the newer version (couldn't at the time didn't have the new libc installed for the new vim). So it was there in the 13.1 version as well (as tried reinstalling it (the actual file named above is in the vim-data rpm). --- The 2nd problem, sudo seems to have changed some default to not allow a child process to spawn. This meant when I used "sudoedit" to try to edit the sudoer's file: sudoedit /etc/sudoers ^C^C^C^Y^Y^C^Y^C^Y^C It just hung -- couldn't even trace it to find out what it was doing until I sigSTOP'd/CONT'd it: sudo strace -f -p 31351 Process 31351 attached -- just sat there w/no output until I ^c then ^CProcess 31351 detached STOP/CONT gave something: --- SIGCONT {si_signo=SIGCONT, si_code=SI_USER, si_pid=34997, si_uid=0} --- write(5, "\22", 1) = -1 EBADF (Bad file descriptor) rt_sigreturn() = 140695816922856 ---- Good thing I don't need sudoedit to clean things up. Sigh. I already wrote a bug about the 1st item and it didn't get fixed. I don't really feel like writing another. (I find problems like this with some regularity (not that the bugs are usually in anything suse has done... though the thing about 'gvim' invoking some child process to start the GUI... now I don't know -- is that a SuSE-ism? The gui used to be a separate program Computers are so fun these days.... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
В Wed, 27 May 2015 15:06:01 -0700 Linda Walsh <suse@tlinx.org> пишет:
tried editing a file as root:
sudo gvim /etc/fstab Error detected while processing /usr/share/vim/vim74/menu.vim: line 354: E327: Part of menu-item path is not sub-menu E233: cannot open display
Default sudo configuration in openSUSE does not preserve DISPLAY environment variable.
E852: The child process failed to start the GUI Press ENTER or type command to continue
Two separate problems -- the menu.vim file is bad. I think I submitted a but on that some time ago, as I seem to remember them asking me if I could test the newer version (couldn't at the time didn't have the new libc installed for the new vim). So it was there in the 13.1 version as well (as tried reinstalling it (the actual file named above is in the vim-data rpm).
---
The 2nd problem, sudo seems to have changed some default to not allow a child process to spawn.
This meant when I used "sudoedit" to try to edit the sudoer's file: sudoedit /etc/sudoers ^C^C^C^Y^Y^C^Y^C^Y^C It just hung -- couldn't even trace it to find out what it was doing until I sigSTOP'd/CONT'd it: sudo strace -f -p 31351 Process 31351 attached -- just sat there w/no output until I ^c then ^CProcess 31351 detached STOP/CONT gave something: --- SIGCONT {si_signo=SIGCONT, si_code=SI_USER, si_pid=34997, si_uid=0} --- write(5, "\22", 1) = -1 EBADF (Bad file descriptor) rt_sigreturn() = 140695816922856
---- Good thing I don't need sudoedit to clean things up.
Sigh. I already wrote a bug about the 1st item and it didn't get fixed. I don't really feel like writing another. (I find problems like this with some regularity (not that the bugs are usually in anything suse has done... though the thing about 'gvim' invoking some child process to start the GUI... now I don't know -- is that a SuSE-ism? The gui used to be a separate program
Computers are so fun these days....
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/28/2015 01:03 AM, Andrei Borzenkov wrote:
В Wed, 27 May 2015 15:06:01 -0700 Linda Walsh <suse@tlinx.org> пишет:
tried editing a file as root:
sudo gvim /etc/fstab Error detected while processing /usr/share/vim/vim74/menu.vim: line 354: E327: Part of menu-item path is not sub-menu E233: cannot open display
Default sudo configuration in openSUSE does not preserve DISPLAY environment variable.
Indeed. Cracked record time. RTFM. <quote> -E, --preserve-env Indicates to the security policy that the user wishes to preserve their existing environment variables. The security policy may return an error if the user does not have permission to preserve the environment. </quote> Simple to test: $ sudo -E bash -c 'echo $DISPLAY' Do note the single quotes And also, perhaps more manageable and specific <quote> Environment variables to be set for the command may also be passed on the command line in the form of VAR=value, e.g.LD_LIBRARY_PATH=/usr/local/pkg/lib. Variables passed on the command line are subject to restrictions imposed by the security policy plugin. The sudoers policy subjects variables passed on the command line to the same restrictions as normal environment variables with one important exception. If the setenv option is set in sudoers, the command to be run has the SETENV tag set or the command matched is ALL, the user may set variables that would otherwise be forbid-den. See sudoers(5) for more information. </quote> -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Anton Aylward wrote:
On 05/28/2015 01:03 AM, Andrei Borzenkov wrote:
В Wed, 27 May 2015 15:06:01 -0700 Linda Walsh <suse@tlinx.org> пишет:
tried editing a file as root:
sudo gvim /etc/fstab Error detected while processing /usr/share/vim/vim74/menu.vim: line 354: E327: Part of menu-item path is not sub-menu E233: cannot open display Default sudo configuration in openSUSE does not preserve DISPLAY environment variable.
Indeed. Cracked record time.
Sorry, should have included the relevant parts of that here as well. I thought that would have been obvious if it worked in 13.1... ## ## Defaults specification ## ## Prevent environment variables from influencing programs in an ## unexpected or harmful way (CVE-2005-2959, CVE-2005-4158, CVE-2006-0151) ##Defaults always_set_home ##Defaults env_reset Defaults !syslog Defaults !env_reset Defaults !always_set_home Defaults !env_delete Defaults !env_check ## Change env_reset to !env_reset in previous line to keep all environment variables ## Following list will no longer be necessary after this change Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE" #Defaults closefrom_override Defaults closefrom=65535 Defaults !ignore_dot Defaults preserve_groups Defaults fast_glob Defaults !set_logname Defaults setenv Defaults shell_noargs Defaults !logfile Defaults exempt_group="lawgroup" Defaults !log_output Defaults umask=777 Defaults editor="/usr/bin/gvim -f:/usr/bin/vim" and under users: root ALL=(ALL) NOPASSWD: SETENV: ALL law ALL=(ALL) NOPASSWD: SETENV: ALL Bliss\\law ALL=(ALL) NOPASSWD: SETENV: ALL Bliss\\root ALL=(ALL) NOPASSWD: SETENV: ALL BLISS\\root ALL=(ALL) NOPASSWD: SETENV: ALL BLISS\\law ALL=(ALL) NOPASSWD: SETENV: ALL Same sudoer's file is present ... I've verified the problem disappears if I re-install 13.1. I dumped 'env' before and after sudo in 13.1, and in 13.2. Only difference is in 13.2 DISPLAY/REMOTE host are zero'ed and my 'common_session has pam_env commented out. It's no more useful to zero out DISPLAY than TERM or any of the LC vars -- and since it is usually generated from REMOTE_HOST (pam sets it at system-entry points) that should stay throughout a login session. It's not like I don't want to see my DISPLAY when I do root administration. my 'pam_env.conf' is the same in 13.1 and 13.2, so I'm not sure where the corruption is happening -- maybe really is a bug in sudo ... dunno... I might try their latest source too.. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
В Thu, 28 May 2015 06:53:59 -0700 Linda Walsh <suse@tlinx.org> пишет:
Anton Aylward wrote:
On 05/28/2015 01:03 AM, Andrei Borzenkov wrote:
В Wed, 27 May 2015 15:06:01 -0700 Linda Walsh <suse@tlinx.org> пишет:
tried editing a file as root:
sudo gvim /etc/fstab Error detected while processing /usr/share/vim/vim74/menu.vim: line 354: E327: Part of menu-item path is not sub-menu E233: cannot open display Default sudo configuration in openSUSE does not preserve DISPLAY environment variable.
Indeed. Cracked record time.
Sorry, should have included the relevant parts of that here as well. I thought that would have been obvious if it worked in 13.1...
...
Only difference is in 13.2 DISPLAY/REMOTE host are zero'ed
I just tested in 13.2 with your /etc/sudoers and DISPLAY is preserved. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Andrei Borzenkov wrote:
Only difference is in 13.2 DISPLAY/REMOTE host are zero'ed
I just tested in 13.2 with your /etc/sudoers and DISPLAY is preserved.
Interesting...thanks for the data point... I think it could be some setting in PAM changed and maybe I need to go through all the .rpm{new/old/whatever} files...but appreciate the feedback. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (3)
-
Andrei Borzenkov -
Anton Aylward -
Linda Walsh