Bug#377746: gksudo: tells me it's going to run 'halt' without a password, but doesn't run halt at all

Ken Bloom kbloom at gmail.com
Tue Jul 11 00:33:35 UTC 2006 

Package: gksu
Version: 1.9.1-2
Severity: important


I have the following sudoers configuration on my machine:
root	ALL=(ALL) ALL
bloom   ALL=(ALL) ALL
bloom   ALL=NOPASSWD: /usr/local/bin/netup, /usr/local/bin/netdown

I run the halt command using a menu item in fluxbox that executes the
following sequence of commands:
sudo -k ; gksudo halt

When I do this with the current version of gksudo, gksudo displays the
following message:
> Granted permissions without asking for password
> 
> The 'halt' program was started with the privileges of the root user
> without the need to ask for a password, due to your system's
> authentication mechanism setup.
> 
> It is possible that you are being allowed to run specific programs
> as user root without the need for a password, or that the password
> is cached.
> 
> This is not a problem report; it's simply a notification to make
> sure you are aware of this.

upon dismissing this window by hitting close, nothing happens. If I
run ps x, I see
18553 ?        Ss     0:00 /bin/sh -c sudo -k ; gksudo halt
18555 ?        S      0:01 gksudo halt
18557 ?        S      0:00 /usr/lib/libgconf2-4/gconfd-2 5
but the system is not halting.

This is obviously incorrect behavior. When I run gksudo, the system
should prompt me for my password, and then shut down the computer
after I enter the password.

A backtrace from the point where gksudo is stopped:

(no debugging symbols found)
0xffffe410 in __kernel_vsyscall ()
(gdb) bt
#0  0xffffe410 in __kernel_vsyscall ()
#1  0xb77f0b90 in nanosleep () from /lib/tls/i686/cmov/libc.so.6
#2  0xb782965a in usleep () from /lib/tls/i686/cmov/libc.so.6
#3  0xb7fb1abe in gksu_sudo_full () from /usr/lib/libgksu2.so.0
#4  0x0804a6fb in ?? ()
#5  0x0807e108 in ?? ()
#6  0xb7fb4940 in grab_keyboard_and_mouse () from /usr/lib/libgksu2.so.0
#7  0xb7773eb0 in __libc_start_main () from /lib/tls/i686/cmov/libc.so.6
#8  0x08049931 in ?? ()

Here's the tail of an strace:

waitpid(18681, 0xbfd90578, WNOHANG)     = 0
stat64("/proc/18681", {st_mode=S_IFDIR|0555, st_size=0, ...}) = 0
open("/proc/18681/stat", O_RDONLY)      = 16
read(16, "18681 (sudo) S 18680 18681 18681"..., 8191) = 198
close(16)                               = 0
nanosleep({0, 1000000}, NULL)           = 0
read(15, 0xb7453000, 4096)              = -1 EAGAIN (Resource temporarily unavailable)
waitpid(18681, 0xbfd90578, WNOHANG)     = 0
stat64("/proc/18681", {st_mode=S_IFDIR|0555, st_size=0, ...}) = 0
open("/proc/18681/stat", O_RDONLY)      = 16
read(16, "18681 (sudo) S 18680 18681 18681"..., 8191) = 198
close(16)                               = 0
nanosleep({0, 1000000}, NULL)           = 0
read(15, 0xb7453000, 4096)              = -1 EAGAIN (Resource temporarily unavailable)
waitpid(18681, 0xbfd90578, WNOHANG)     = 0
stat64("/proc/18681", {st_mode=S_IFDIR|0555, st_size=0, ...}) = 0
open("/proc/18681/stat", O_RDONLY)      = 16
read(16, "18681 (sudo) S 18680 18681 18681"..., 8191) = 198
close(16)                               = 0
nanosleep({0, 1000000},  <unfinished ...>

It prompts me for a password, however when I type (I canceled here,
becuase I don't want to shut down my system while filing this bug
report)
$strace -o file gksudo halt

Also, a simple "sudo -k; gksudo echo hello"
works just fine.

--Ken Bloom

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-rc6-1ken
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages gksu depends on:
ii  gnome-keyring                0.4.9-1     GNOME keyring services (daemon and
ii  libatk1.0-0                  1.11.4-3    The ATK accessibility toolkit
ii  libc6                        2.3.6-15    GNU C Library: Shared libraries
ii  libcairo2                    1.2.0-2     The Cairo 2D vector graphics libra
ii  libfontconfig1               2.3.2-7     generic font configuration library
ii  libgconf2-4                  2.14.0-1    GNOME configuration database syste
ii  libgksu2-0                   1.9.4-3     library providing su and sudo func
ii  libglib2.0-0                 2.10.3-2    The GLib library of C routines
ii  libgnome-keyring0            0.4.9-1     GNOME keyring services library
ii  libgtk2.0-0                  2.8.18-1    The GTK+ graphical user interface 
ii  liborbit2                    1:2.14.0-2  libraries for ORBit2 - a CORBA ORB
ii  libpango1.0-0                1.12.3-1    Layout and rendering of internatio
ii  libstartup-notification0     0.8-1       library for program launch feedbac
ii  libx11-6                     2:1.0.0-7   X11 client-side library
ii  libxcursor1                  1.1.5.2-5   X cursor management library
ii  libxext6                     1:1.0.0-4   X11 miscellaneous extension librar
ii  libxfixes3                   1:3.0.1.2-4 X11 miscellaneous 'fixes' extensio
ii  libxi6                       1:1.0.0-5   X11 Input extension library
ii  libxinerama1                 1:1.0.1-4   X11 Xinerama extension library
ii  libxrandr2                   2:1.1.0.2-4 X11 RandR extension library
ii  libxrender1                  1:0.9.0.2-4 X Rendering Extension client libra
ii  sudo                         1.6.8p12-4  Provide limited super user privile

gksu recommends no packages.

-- no debconf information

More information about the Pkg-gnome-maintainers mailing list