update_sudo.pl may exit before deploying all fragments #1

New Issue

patrick · 2025-04-26T08:46:34+02:00

patrick commented

2025-04-26 08:46:34 +02:00

Some parts of the code will cause an premature exit of the script if an error happens due to external factors. For example when setting ownerships and/or permissions on the final sudo file:

    chmod ($perm, "$file")
        or do_log ("ERROR: cannot set permissions on $file [$!/$hostname]")
        and exit (1);
    chown ($uid, $gid, "$file")
        or do_log ("ERROR: cannot set ownerships on $file [$!/$hostname]")
        and exit (1);

As a consequence not all sudo fragments may be deployed and this may ultimately leave the system in an unmanaged state (loss of privilege).

It would be better to allow such errors to be ignored via a configuration option.

Some parts of the code will cause an **premature exit** of the script if an error happens due to external factors. For example when setting ownerships and/or permissions on the final sudo file: ``` chmod ($perm, "$file") or do_log ("ERROR: cannot set permissions on $file [$!/$hostname]") and exit (1); chown ($uid, $gid, "$file") or do_log ("ERROR: cannot set ownerships on $file [$!/$hostname]") and exit (1); ``` As a consequence not all sudo fragments may be deployed and this may ultimately leave the system in an unmanaged state (loss of privilege). It would be better to allow such errors to be ignored via a configuration option.

patrick self-assigned this 2025-04-26 08:46:48 +02:00

patrick commented

2025-04-27 09:09:32 +02:00

Fixed in 78d2d6aff1 by adding the ignore_errors flag

Fixed in 78d2d6aff1 by adding the `ignore_errors` flag

patrick closed this issue

2025-04-27 09:09:32 +02:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: kudos/sudo_controls#1