By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
443,846 Members | 1,872 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 443,846 IT Pros & Developers. It's quick & easy.

Using pexpect with 'sudo'

P: n/a
I'm having a problem using pexpect with 'sudo' on Ubuntu 6.06 (Dapper).
Here's the program:

#!/usr/bin/env python
import pexpect
import sys

child = pexpect.spawn("sudo apt-get update")
child.logfile = sys.stdout

try:
i = child.expect(["Password:", pexpect.EOF, pexpect.TIMEOUT])

if i == 0:
print "****************************** sending password"
child.sendline("XXX") # Not my real sudo password
elif i == 1:
print "EOF"

elif i == 2:
print "TIMEOUT"

except Exception:
print "Exception"

The strange thing is that this script runs with no problems (downloads
the repository updates), even though it should fail. It never prints
the "****************************** sending password" line, and even if
it did write the password to the process, it isn't the correct
password. I've done this after a 'sudo -k' to clear the sudo password,
and if I run 'sudo apt-get update' from the command line manually, it
asks for the password every time.

I I change the spawn to:

child = pexpect.spawn("sudo -u <my user name hereapt-get update")

it fails with:

E: Could not open lock file /var/lib/apt/lists/lock - open (13
Permission denied)
E: Unable to lock the list directory

which is expected.

If I'm not going crazy, this seems like a security hole that allows a
user to run any system command without a superuser password.

Any ideas?

Thanks,

Don

Oct 17 '06 #1
Share this question for a faster answer!
Share on Google+

This discussion thread is closed

Replies have been disabled for this discussion.