diff --git a/0003-rebuild_env-Avoid-setting-SHELL-twice-for-sudo-i.patch b/0003-rebuild_env-Avoid-setting-SHELL-twice-for-sudo-i.patch new file mode 100644 index 0000000..a8d0819 --- /dev/null +++ b/0003-rebuild_env-Avoid-setting-SHELL-twice-for-sudo-i.patch @@ -0,0 +1,32 @@ +From 3d467a705ea6ee53081cb11cc21ecf08eb47700d Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" +Date: Thu, 6 Nov 2025 12:05:24 -0700 +Subject: [PATCH] rebuild_env: Avoid setting SHELL twice for "sudo -i" +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Make sure DID_SHELL is set when we set SHELL in the "sudo -i" case. +Otherwise, it will be set again when setting fallback values. +Reported by Alejandro López at Red Hat. + +The code to make sure that SHELL is setu +--- + plugins/sudoers/env.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/plugins/sudoers/env.c b/plugins/sudoers/env.c +index 866ef3991..61b615513 100644 +--- a/plugins/sudoers/env.c ++++ b/plugins/sudoers/env.c +@@ -966,6 +966,7 @@ rebuild_env(const struct sudoers_context *ctx) + if (ISSET(ctx->mode, MODE_LOGIN_SHELL)) { + CHECK_SETENV2("SHELL", ctx->runas.pw->pw_shell, + ISSET(didvar, DID_SHELL), true); ++ SET(didvar, DID_SHELL); + #ifdef _AIX + CHECK_SETENV2("LOGIN", ctx->runas.pw->pw_name, + ISSET(didvar, DID_LOGIN), true); +-- +2.51.1 + diff --git a/sudo.spec b/sudo.spec index 0e824a8..e2b6953 100644 --- a/sudo.spec +++ b/sudo.spec @@ -27,6 +27,7 @@ BuildRequires: zlib-devel Patch1: 0001-covscan.patch Patch2: 0002-sudo-conf.patch +Patch3: 0003-rebuild_env-Avoid-setting-SHELL-twice-for-sudo-i.patch %description Sudo (superuser do) allows a system administrator to give certain @@ -61,6 +62,7 @@ BuildRequires: python3-devel %patch -P 1 -p1 -b .covscan %patch -P 2 -p1 -b .sudo-conf +%patch -P 3 -p1 -b .double-shell %build @@ -237,15 +239,13 @@ EOF %attr(0644,root,root) %{_libexecdir}/sudo/python_plugin.so %changelog -* Thu Nov 13 2025 Alejandro López - 1.9.17p2-2 +* Mon Nov 17 2025 Alejandro López - 1.9.17p2-2 - Request to backport support for regex in sudo [rhel-9] Resolves: RHEL-1376 - Rebase of sudo to 1.9.17p2 [rhel-9] Resolves: RHEL-128623 - -* Tue Nov 04 2025 Alejandro López - 1.9.17p2-1 -Resolves: RHEL-122298 -- Rebase sudo to 1.9.17p2 [rhel-9.7.z] +- sudo passes SHELL environment variable twice to the shell being executed [rhel-9] +Resolves: RHEL-127359 * Fri Apr 25 2025 Radovan Sroka - 1.9.5p2-13 RHEL: 9.7.0 ERRATUM