Bugzilla – Bug 1220389
[Build 20240226-1] openQA test fails in yast2_nfs4_client - root is not in the sudoers file.
Last modified: 2024-05-06 15:01:13 UTC
Created attachment 873019 [details] yast2 log. Hardware: aarch64, x86_64, s390x Software: sles15sp2, 15sp3, 15sp4 *********************************************************** ## Observation openQA test in scenario sle-15-SP5-Server-DVD-Updates-x86_64-qam-nfs4-client@64bit fails in [yast2_nfs4_client](https://openqa.suse.de/tests/13615479/modules/yast2_nfs4_client/steps/171) ## Test suite description Testsuite maintained at https://gitlab.suse.de/qe-yam/openqa-job-groups ## Reproducible Fails since (at least) Build [20240226-1](https://openqa.suse.de/tests/13615479) ## Further details Always latest result in this scenario: [latest](https://openqa.suse.de/tests/latest?arch=x86_64&distri=sle&flavor=Server-DVD-Updates&machine=64bit&test=qam-nfs4-client&version=15-SP5) Test steps: 1. Add maintain repos: 32785:sudo 2. Generate one image named: autoyast_SLES-15-SP5-x86_64-create_hdd_yast_maintenance_minimal-Build20240226-1-Server-DVD-Updates-64bit.qcow2 3. Use this image to do yast2 nfs test. Got error message: https://openqa.suse.de/tests/13615479#step/yast2_nfs4_client/171 Command: sudo -u bernhard cat /tmp/nfs/client/secret.txt Output information: root is not in the sudoers file. This incident has been reported to the administrator.
Also 12-SP5 and 15-SP6 - in short all SLES versions. We see this issue in all public cloud test runs, where this means that the users would be locked out from becoming root. The current `sudo` updates must not be released.
@Otto: Could you please have a look, this seems to affect all of the submissions.
I double checked my patch and the backport itself is correct. Problem seems to be in change > -#define DENY 0 > -#define ALLOW 1 > +/* Allowed by policy (rowhammer resistent). */ > +#define ALLOW 0x52a2925 /* 0101001010100010100100100101 */ > +/* Denied by policy (rowhammer resistent). */ > +#define DENY 0xad5d6da /* 1010110101011101011011011010 */ Because some other functions probably relying on older values. I found two related commits > https://github.com/sudo-project/sudo/commit/2ef90231a132547fa4236ff05fc0fafcd3f3d7a4 > https://github.com/sudo-project/sudo/commit/0495afac57f5bd783dd90bfaa25733f802b0f66f I'm trying to backport them.
I've fixed SLE15-SP5, the missing patch is this one: > https://github.com/sudo-project/sudo/commit/cf00568d888c90a8c5d06a06283bc87a45992933 I will backport this patch to remaining codestreams and hopefuly today resubmit it.
resubmitted: > Codestream Version SR > ----------------------------------------------- > SUSE_SLE-15-SP5_Update 1.9.12p1 322748 -> 322941 > SUSE_SLE-15-SP4_Update 1.9.9 322749 -> 322942 > SUSE_SLE-15-SP3_Update 1.9.5p2 322750 -> 322943 > SUSE_SLE-15_Update 1.8.27 322751 -> 322944 > SUSE_SLE-12-SP5_Update 1.8.27 322752 -> 322945 > SUSE_SLE-12-SP3_Update 1.8.20p2 322758 -> 322946
SUSE-SU-2024:0797-1: An update that solves one vulnerability and has one security fix can now be installed. Category: security (important) Bug References: 1219026, 1220389 CVE References: CVE-2023-42465 Sources used: SUSE Linux Enterprise High Performance Computing 12 SP5 (src): sudo-1.8.27-4.45.1 SUSE Linux Enterprise Server 12 SP5 (src): sudo-1.8.27-4.45.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): sudo-1.8.27-4.45.1 SUSE Linux Enterprise Software Development Kit 12 SP5 (src): sudo-1.8.27-4.45.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:0796-1: An update that solves one vulnerability and has one security fix can now be installed. Category: security (important) Bug References: 1219026, 1220389 CVE References: CVE-2023-42465 Sources used: SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): sudo-1.8.27-150000.4.50.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): sudo-1.8.27-150000.4.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): sudo-1.8.27-150000.4.50.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:0795-1: An update that solves one vulnerability and has one security fix can now be installed. Category: security (important) Bug References: 1219026, 1220389 CVE References: CVE-2023-42465 Sources used: openSUSE Leap Micro 5.3 (src): sudo-1.9.9-150400.4.33.1 openSUSE Leap Micro 5.4 (src): sudo-1.9.9-150400.4.33.1 SUSE Linux Enterprise Micro for Rancher 5.3 (src): sudo-1.9.9-150400.4.33.1 SUSE Linux Enterprise Micro 5.3 (src): sudo-1.9.9-150400.4.33.1 SUSE Linux Enterprise Micro for Rancher 5.4 (src): sudo-1.9.9-150400.4.33.1 SUSE Linux Enterprise Micro 5.4 (src): sudo-1.9.9-150400.4.33.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): sudo-1.9.9-150400.4.33.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): sudo-1.9.9-150400.4.33.1 SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): sudo-1.9.9-150400.4.33.1 SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): sudo-1.9.9-150400.4.33.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): sudo-1.9.9-150400.4.33.1 SUSE Manager Proxy 4.3 (src): sudo-1.9.9-150400.4.33.1 SUSE Manager Retail Branch Server 4.3 (src): sudo-1.9.9-150400.4.33.1 SUSE Manager Server 4.3 (src): sudo-1.9.9-150400.4.33.1 openSUSE Leap 15.4 (src): sudo-1.9.9-150400.4.33.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:0794-1: An update that solves one vulnerability and has one security fix can now be installed. Category: security (important) Bug References: 1219026, 1220389 CVE References: CVE-2023-42465 Sources used: openSUSE Leap 15.5 (src): sudo-1.9.12p1-150500.7.7.1 SUSE Linux Enterprise Micro 5.5 (src): sudo-1.9.12p1-150500.7.7.1 Basesystem Module 15-SP5 (src): sudo-1.9.12p1-150500.7.7.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:0796-2: An update that solves one vulnerability and has one security fix can now be installed. Category: security (important) Bug References: 1219026, 1220389 CVE References: CVE-2023-42465 Sources used: SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): sudo-1.8.27-150000.4.50.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): sudo-1.8.27-150000.4.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): sudo-1.8.27-150000.4.50.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:0795-2: An update that solves one vulnerability and has one security fix can now be installed. Category: security (important) Bug References: 1219026, 1220389 CVE References: CVE-2023-42465 Sources used: openSUSE Leap Micro 5.3 (src): sudo-1.9.9-150400.4.33.1 openSUSE Leap Micro 5.4 (src): sudo-1.9.9-150400.4.33.1 SUSE Linux Enterprise Micro for Rancher 5.3 (src): sudo-1.9.9-150400.4.33.1 SUSE Linux Enterprise Micro 5.3 (src): sudo-1.9.9-150400.4.33.1 SUSE Linux Enterprise Micro for Rancher 5.4 (src): sudo-1.9.9-150400.4.33.1 SUSE Linux Enterprise Micro 5.4 (src): sudo-1.9.9-150400.4.33.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): sudo-1.9.9-150400.4.33.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): sudo-1.9.9-150400.4.33.1 SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): sudo-1.9.9-150400.4.33.1 SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): sudo-1.9.9-150400.4.33.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): sudo-1.9.9-150400.4.33.1 SUSE Manager Proxy 4.3 (src): sudo-1.9.9-150400.4.33.1 SUSE Manager Retail Branch Server 4.3 (src): sudo-1.9.9-150400.4.33.1 SUSE Manager Server 4.3 (src): sudo-1.9.9-150400.4.33.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:0797-2: An update that solves one vulnerability and has one security fix can now be installed. Category: security (important) Bug References: 1219026, 1220389 CVE References: CVE-2023-42465 Sources used: SUSE Linux Enterprise High Performance Computing 12 SP5 (src): sudo-1.8.27-4.45.1 SUSE Linux Enterprise Server 12 SP5 (src): sudo-1.8.27-4.45.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): sudo-1.8.27-4.45.1 SUSE Linux Enterprise Software Development Kit 12 SP5 (src): sudo-1.8.27-4.45.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:0794-2: An update that solves one vulnerability and has one security fix can now be installed. Category: security (important) Bug References: 1219026, 1220389 CVE References: CVE-2023-42465 Sources used: openSUSE Leap 15.5 (src): sudo-1.9.12p1-150500.7.7.1 SUSE Linux Enterprise Micro 5.5 (src): sudo-1.9.12p1-150500.7.7.1 Basesystem Module 15-SP5 (src): sudo-1.9.12p1-150500.7.7.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:0834-1: An update that solves one vulnerability and has one security fix can now be installed. Category: security (important) Bug References: 1219026, 1220389 CVE References: CVE-2023-42465 Sources used: openSUSE Leap 15.3 (src): sudo-1.9.5p2-150300.3.33.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): sudo-1.9.5p2-150300.3.33.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): sudo-1.9.5p2-150300.3.33.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): sudo-1.9.5p2-150300.3.33.1 SUSE Enterprise Storage 7.1 (src): sudo-1.9.5p2-150300.3.33.1 SUSE Linux Enterprise Micro 5.1 (src): sudo-1.9.5p2-150300.3.33.1 SUSE Linux Enterprise Micro 5.2 (src): sudo-1.9.5p2-150300.3.33.1 SUSE Linux Enterprise Micro for Rancher 5.2 (src): sudo-1.9.5p2-150300.3.33.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Closing