From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Sun, 14 Aug 2011 20:00:01 +0000 (-0400)
Subject: bash 2.x doesd not support the -l flag and exits with an error if
X-Git-Tag: SUDO_1_7_7
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4f8587da3202c351d8ed6ca0ec59f61b36c6e671;p=sudo

bash 2.x doesd not support the -l flag and exits with an error if
it is specified so use --login instead. This causes an error with
bash 1.x (which uses -login instead) but this version is hopefully
less used than 2.x.

--HG--
branch : 1.7
---

diff --git a/NEWS b/NEWS
index 0b5889d5a..13e711f14 100644
--- a/NEWS
+++ b/NEWS
@@ -13,6 +13,11 @@ What's new in Sudo 1.7.7
    the target user's group in the password database, it is now
    allowed even if no groups are present in the Runas_Spec.
 
+ * "sudo -i command" now works correctly with the bash version
+   2.0 and higher.  Previously, the .bash_profile would not be
+   sourced prior to running the command unless bash was built with
+   NON_INTERACTIVE_LOGIN_SHELLS defined.
+
  * Multi-factor authentication is now supported on AIX.
 
  * Added support for non-RFC 4517 compliant LDAP servers that require
diff --git a/sudo.c b/sudo.c
index c89aed11c..c52163412 100644
--- a/sudo.c
+++ b/sudo.c
@@ -505,6 +505,20 @@ main(argc, argv, envp)
 	    *p = '-';
 	    NewArgv[0] = p;
 
+	    /*
+	     * Newer versions of bash require the --login option to be used
+	     * in conjunction with the -c option even if the shell name starts
+	     * with a '-'.  Unfortunately, bash 1.x uses -login, not --login
+	     * so this will cause an error for that.
+	     */
+	    if (NewArgc > 1 && strcmp(NewArgv[0], "-bash") == 0) {
+		/* Use an extra slot before NewArgv so we can store --login. */
+		NewArgv--;
+		NewArgc++;
+		NewArgv[0] = NewArgv[1];
+		NewArgv[1] = "--login";
+	    }
+
 #if defined(__linux__) || defined(_AIX)
 	    /* Insert system-wide environment variables. */
 	    read_env_file(_PATH_ENVIRONMENT, TRUE);
@@ -703,9 +717,9 @@ init_vars(envp)
     if (ISSET(sudo_mode, MODE_SHELL)) {
 	char **av;
 
-	/* Allocate an extra slot for execve() failure (ENOEXEC). */
-	av = (char **) emalloc2(5, sizeof(char *));
-	av++;
+	/* Allocate 2 extra slots for --login and execve() failure (ENOEXEC). */
+	av = (char **) emalloc2(6, sizeof(char *));
+	av += 2;
 
 	av[0] = user_shell;	/* may be updated later */
 	if (NewArgc > 0) {