-
Notifications
You must be signed in to change notification settings - Fork 120
Add '-h 127.0.0.1' to sudo parameters to avoid running commands twice #76
Conversation
This is to avoid running the child-writer twice when the hostname isn't set in /etc/hosts. See jorangreef/sudo-prompt#76 Change-type: patch Signed-off-by: Alexis Svinartchouk <[email protected]>
index.js
Outdated
// Use localhost as sudo may stderr 'sudo: unable to resolve host <hostname>' | ||
// if the hostname is not in /etc/hosts while still executing the command. | ||
command.push('-h'); | ||
command.push('localhost'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this maybe use 127.0.0.1
instead, as localhost
doesn't necessarily resolve to 127.0.0.1
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jorangreef the PR is already updated to use 127.0.0.1
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, I saw. Just wanted to say that 127.0.0.1
was a good suggestion from @jhermsmeier.
When sudo can't resolve the hostname, it stderrs 'sudo: unable to resolve host <hostname>' but still runs the command. This results in the command being launched twice: * once by sudo * once by kdesudo because the stderr of sudo is interpreted as an error
This is to avoid running the child-writer twice when the hostname isn't set in /etc/hosts. See jorangreef/sudo-prompt#76 Change-type: patch Signed-off-by: Alexis Svinartchouk <[email protected]>
This is to avoid running the child-writer twice when the hostname isn't set in /etc/hosts. See jorangreef/sudo-prompt#76 Change-type: patch Signed-off-by: Alexis Svinartchouk <[email protected]>
I just tried doing some tests on my local Ubuntu 14.04 laptop, and as you say if I take my hostname out of Perhaps a better fix is to look for (and explicitly ignore) any stderr response starting with EDIT: In case it helps: andrew@shyknee:~$ uname -a
Linux shyknee 3.19.0-82-generic #90~14.04.1-Ubuntu SMP Thu Feb 23 01:12:44 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
andrew@shyknee:~$ dpkg -l sudo
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-===================-==============-==============-===========================================
ii sudo 1.8.9p5-1ubunt amd64 Provide limited super user privileges to sp
andrew@shyknee:~$ sudo -h 127.0.0.1 ls
sudo: unable to resolve host shyknee
[sudo] password for andrew:
<snipped ls output> |
Thanks, great find @zvin ! I was able to reproduce this on Ubuntu 13.10 with the following script after changing my hostname to something unresolvable: var command = [];
command.push('/usr/bin/sudo');
command.push('-n');
command.push('-E');
command.push('--');
command.push('ls');
command = command.join(' ');
var cp = require('child_process').exec(command, {},
function(error, stdout, stderr) {
console.log('error: ' + JSON.stringify(error));
console.log('stdout: ' + JSON.stringify(stdout));
console.log('stderr: ' + JSON.stringify(stderr));
if (error) console.log('error.code: ' + error.code);
console.log('cp.exitCode: ' + cp.exitCode);
console.log('cp.killed: ' + cp.killed);
}
); Here are the results:
The issue, as you say, is that In the past, we used to check And now we're getting a casual
Thanks @lurch, I agree we shouldn't use Although, we don't actually need to check for In other words, we should only call
|
@jorangreef there's an issue with this approach: the program being elevated may exit with an expected error status. You'll still launch it 2 times in that case. |
Can't you manually override the locale in the temporary execution environment you're creating to force English? |
Ah yes. We could then either:
|
I think this would also affect the user's command output, so we can't do that. |
From the
You can't differentiate between an auth failure or a program exiting with Passing |
Or you could wrap the user's program in a script that would add |
@lurch showed a case where |
Another idea: we could use the |
I don't think @lurch's case can happen when using the |
andrew@shyknee:~$ sudo -h 127.0.0.1 -n ls /root
sudo: unable to resolve host shyknee
sudo: a password is required 😕 EDIT... andrew@shyknee:~$ sudo -n ls /root
sudo: unable to resolve host shyknee
sudo: a password is required Adding the |
@lurch that's ok, it's going to get launched by |
@lurch strange, I don't get this behaviour. |
@zvin Hmmm, are you remembering to use |
@lurch I was running sudo while already being root. So it didn't need any credential. |
I was testing with |
Perhaps the simplest, safest option is to remove the The only downside is that a prompt will be shown even if a sudo session exists. Then again, most Linux platforms have TTY tickets enabled, and macOS started enabling TTY tickets a year or two back so this is not likely a problem. |
Hmmm, I've just tried switching to root and running sudo from there, and no matter which combinations of |
I agree |
This is to avoid running the child-writer twice when the hostname isn't set in /etc/hosts. See jorangreef/sudo-prompt#76 Change-type: patch Signed-off-by: Alexis Svinartchouk <[email protected]>
Fixed in 8c1a302 |
This is to avoid running the child-writer twice when the hostname isn't set in /etc/hosts. See jorangreef/sudo-prompt#76 Change-type: patch Signed-off-by: Alexis Svinartchouk <[email protected]>
This is to avoid running the child-writer twice when the hostname isn't set in /etc/hosts. See jorangreef/sudo-prompt#76 Change-type: patch Signed-off-by: Alexis Svinartchouk <[email protected]>
This is to avoid running the child-writer twice when the hostname isn't set in /etc/hosts. See jorangreef/sudo-prompt#76 Change-type: patch Signed-off-by: Alexis Svinartchouk <[email protected]>
This is to avoid running the child-writer twice when the hostname isn't set in /etc/hosts. See jorangreef/sudo-prompt#76 Change-type: patch Signed-off-by: Alexis Svinartchouk <[email protected]>
This is to avoid running the child-writer twice when the hostname isn't set in /etc/hosts. See jorangreef/sudo-prompt#76 Change-type: patch Signed-off-by: Alexis Svinartchouk <[email protected]>
When
sudo
can't resolve the hostname, it stderrssudo: unable to resolve host <hostname>
but still runs the command.This results in the command being launched twice:
sudo
kdesudo
because the stderr ofsudo
is interpreted as an error