strangeness: sudo

otheus
2008-08-25
2013-05-23
  • otheus
    otheus
    2008-08-25

    Actually this is NOT a complaint, but running commands under "sudo" does not result in a logline for that action. However, the commands executed while running that command DO appear. I'm happy about not seeing the redundancy. But I wonder if there's a security hole somewhere? See below where sudo logs "make install" but only make's children are logged by snoopy?

    (PS: I think getuid() should be geteuid() on line 50).

    Aug 25 16:11:46 sandbox sudo: otheus: TTY=pts/0 ; PWD=/tmp/snoopy-1.3 ; USER=root ; COMMAND=/usr/bin/make install
    Aug 25 16:11:46 sandbox snoopy[1651]: [otheus, uid:0 sid:416]: /usr/libexec/gcc/i386-redhat-linux/4.1.1/cc1 -quiet -iprefix /home/otheus/bin/../lib/gcc/i386-redhat-linux/4.1.1/ snoopy.c -quiet -dumpbase snoopy.c -mtune=generic -auxbase snoopy -O3 -fomit-frame-pointer -o /tmp/ccsPwvGN.s
    Aug 25 16:11:46 sandbox snoopy[1656]: [otheus, uid:0 sid:416]: /usr/libexec/gcc/i386-redhat-linux/4.1.1/collect2 --eh-frame-hdr -m elf_i386 --hash-style=gnu -shared -osnoopy.so /usr/lib/gcc/i386-redhat-linux/4.1.1/../../../crti.o /usr/lib/gcc/i386-redhat-linux/4.1.1/crtbeginS.o -L/usr/lib/gcc/i386-redhat-linux/4.1.1 -L/usr/lib/gcc/i386-redhat-linux/4.1.1 -L/home/otheus/bin/../lib -L/usr/lib/gcc/i386-redhat-linux/4.1.1/../../.. /tmp/ccIz0SwD.o -ldl -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/i386-redhat-linux/4.1.1/crtendS.o /usr/lib/gcc/i386-redhat-linux/4.1.1/../../../crtn.o
    Aug 25 16:11:46 sandbox snoopy[1659]: [otheus, uid:0 sid:416]: install -m 755 snoopy.so /lib/snoopy.so
    Aug 25 16:11:46 sandbox snoopy[1660]: [otheus, uid:0 sid:416]: ./install.sh
    Aug 25 16:11:46 sandbox snoopy[1661]: [otheus, uid:0 sid:416]: touch /etc/ld.so.preload
    Aug 25 16:11:46 sandbox snoopy[1662]: [otheus, uid:0 sid:416]: grep -c /lib/snoopy.so /etc/ld.so.preload

     
  • Does this still happen with latest version?