Format of "ENV=..." event logging broken

Question

Format of "ENV=..." event logging broken

z1atk0 opened this issue a year ago · 1 comments

Hi,

Commit 334daf9 seems to have broken the log format of commands with environment variables set. More specific, the ; (space, semicolon, space) that separates the environment variables from the following logged object (usually the actual command itself) has been lost.

For example, with sudo-1.9.12p2, logged lines would look like this:

Mar  6 05:24:46 disclosure sudo:   zlatko : TTY=pts/18 ; PWD=/usr/local/src/gst-devtools-1.22.1/builddir ; USER=root ; ENV=DESTDIR=/usr/local/stow/gst-devtools-1.22.1-@FDO ; COMMAND=/usr/local/bin/ninja install
Mar  6 05:59:55 disclosure sudo:   zlatko : TTY=pts/18 ; PWD=/usr/local/src/gst-editing-services-1.22.1/builddir ; USER=root ; ENV=DESTDIR=/usr/local/stow/gst-editing-services-1.22.1-@FDO ; COMMAND=/usr/local/bin/ninja install
Mar  6 06:01:54 disclosure sudo:   zlatko : TTY=pts/18 ; PWD=/usr/local/src/gtk-4.10.0/builddir ; USER=root ; ENV=DESTDIR=/usr/local/stow/gtk-4.10.0-@GNOME3 ; COMMAND=/usr/local/bin/ninja install

Note the ; separating the ENV= part from the COMMAND= part. As of sudo-1.9.13 and later, these lines look like this:

Mar 10 18:02:03 disclosure sudo:   zlatko : TTY=pts/26 ; PWD=/usr/local/src/gtkmm-4.10.0/builddir ; USER=root ; ENV=DESTDIR=/usr/local/stow/gtkmm-4.10.0-@GNOME3COMMAND=/usr/local/bin/ninja install
Mar 10 18:04:47 disclosure sudo:   zlatko : TTY=pts/26 ; PWD=/usr/local/src/pipewire-0.3.67/builddir ; USER=root ; ENV=DESTDIR=/usr/local/stow/pipewire-0.3.67-@FDOCOMMAND=/usr/local/bin/ninja install
Mar 10 18:19:01 disclosure sudo:   zlatko : TTY=pts/26 ; PWD=/usr/local/src/gtkmm-documentation-4.10.0/builddir ; USER=root ; ENV=DESTDIR=/usr/local/stow/gtkmm-documentation-4.10.0-@GNOME3COMMAND=/usr/local/bin/ninja install
Mar 10 18:21:25 disclosure sudo:   zlatko : TTY=pts/26 ; PWD=/usr/local/src/wireplumber-0.4.14/builddir ; USER=root ; ENV=DESTDIR=/usr/local/stow/wireplumber-0.4.14-@FDOCOMMAND=/usr/local/bin/ninja install

Note that now there is not even a single space separating the ENV= part from the COMMAND= part. Apart from looking a bit ugly/strange, it breaks my logcheck patterns on all my servers - that's how I found out. 🤓 😉

The code in question lives in lib/eventlog/eventlog.c, lines 185-192. This could probably simply be fixed by adding a line sudo_lbuf_append(lbuf, " ; "); after line 191, but then again I know exactly nothing about sudo's internals, so I leave that up to the pros. 😇

Thanks for listening,
Thomas

Answer 1 · 2023-03-14T22:10:56.000Z

Thanks for reporting this, it is fixed by 12648b4. I've added some log format tests to catch this sort of breakage in the future.