https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1823202
╭─rkm@Khadas ~
╰─➤ sudo -s
[oh-my-zsh] Insecure completion-dependent directories detected:
drwxr-xr-x 11 rkm rkm 4096 Mar 30 19:19 /home/rkm/.oh-my-zsh
drwxr-xr-x 266 rkm rkm 12288 Mar 30 19:19 /home/rkm/.oh-my-zsh/plugins
drwxr-xr-x 2 rkm rkm 4096 Mar 30 19:19 /home/rkm/.oh-my-zsh/plugins/git
[oh-my-zsh] For safety, we will not load completions from these directories until
[oh-my-zsh] you fix their permissions and ownership and restart zsh.
[oh-my-zsh] See the above list for directories with group or other writability.
[oh-my-zsh] To fix your permissions you can do so by disabling
[oh-my-zsh] the write permission of "group" and "others" and making sure that the
[oh-my-zsh] owner of these directories is either root or your current user.
[oh-my-zsh] The following command may help:
[oh-my-zsh] compaudit | xargs chmod g-w,o-w
[oh-my-zsh] If the above didn't help or you want to skip the verification of
[oh-my-zsh] insecure directories you can set the variable ZSH_DISABLE_COMPFIX to
[oh-my-zsh] "true" before oh-my-zsh is sourced in your zshrc file.
zsh compinit: insecure directories, run compaudit for list.
Ignore insecure directories and continue [y] or abort compinit [n]? ncompinit: initialization aborted
complete:13: command not found: compdef
╭─root@Khadas ~
╰─➤ exit 127 ↵
╭─rkm@Khadas ~
╰─➤ sudo su 127 ↵
root@Khadas:/home/rkm# compaudit | xargs chmod g-w,o-w
compaudit: command not found
chmod: missing operand after ‘g-w,o-w’
Try 'chmod --help' for more information.
root@Khadas:/home/rkm# compaudit | xargs chmod g-w
compaudit: command not found
chmod: missing operand after ‘g-w’
Try 'chmod --help' for more information.
root@Khadas:/home/rkm# compaudit | xargs chmod -w
compaudit: command not found
chmod: missing operand
Try 'chmod --help' for more information.
root@Khadas:/home/rkm#
You shouldn't use interactive shell, or any program with executable configuration, while your HOME points to something not owned by your user. That's the big issue and it's with sudo, not zsh, not omz, not any other shell or application you launch. You can go shout "you are doing security wrong" at Ubuntu. Good luck.
╭─rkm@Khadas ~
╰─➤ id rkm && getent passwd rkm
uid=1001(rkm) gid=1001(rkm) groups=1001(rkm),0(root),4(adm),5(tty),6(disk),20(dialout),21(fax),24(cdrom),25(floppy),26(tape),27(sudo),29(audio),30(dip),44(video),46(plugdev),50(staff),60(games),100(users),101(systemd-journal),104(input),108(netdev),112(bluetooth),113(lpadmin),121(pulse-access)
rkm:x:1001:1001:Ryan McKee,,,,:/home/rkm:/usr/bin/zsh
╭─rkm@Khadas ~
╰─➤ sudo /usr/bin/env 1 ↵
LC_MESSAGES=en_US.UTF-8
LANG=en_US.UTF-8
LANGUAGE=en_US.UTF-8
TERM=xterm-256color
XAUTHORITY=/home/rkm/.Xauthority
COLORTERM=truecolor
DISPLAY=:0.0
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
HOME=/home/rkm
LC_CTYPE=en_US.UTF-8
LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:.tar=01;31:.tgz=01;31:.arc=01;31:.arj=01;31:.taz=01;31:.lha=01;31:.lz4=01;31:.lzh=01;31:.lzma=01;31:.tlz=01;31:.txz=01;31:.tzo=01;31:.t7z=01;31:.zip=01;31:.z=01;31:.Z=01;31:.dz=01;31:.gz=01;31:.lrz=01;31:.lz=01;31:.lzo=01;31:.xz=01;31:.zst=01;31:.tzst=01;31:.bz2=01;31:.bz=01;31:.tbz=01;31:.tbz2=01;31:.tz=01;31:.deb=01;31:.rpm=01;31:.jar=01;31:.war=01;31:.ear=01;31:.sar=01;31:.rar=01;31:.alz=01;31:.ace=01;31:.zoo=01;31:.cpio=01;31:.7z=01;31:.rz=01;31:.cab=01;31:.wim=01;31:.swm=01;31:.dwm=01;31:.esd=01;31:.jpg=01;35:.jpeg=01;35:.mjpg=01;35:.mjpeg=01;35:.gif=01;35:.bmp=01;35:.pbm=01;35:.pgm=01;35:.ppm=01;35:.tga=01;35:.xbm=01;35:.xpm=01;35:.tif=01;35:.tiff=01;35:.png=01;35:.svg=01;35:.svgz=01;35:.mng=01;35:.pcx=01;35:.mov=01;35:.mpg=01;35:.mpeg=01;35:.m2v=01;35:.mkv=01;35:.webm=01;35:.ogm=01;35:.mp4=01;35:.m4v=01;35:.mp4v=01;35:.vob=01;35:.qt=01;35:.nuv=01;35:.wmv=01;35:.asf=01;35:.rm=01;35:.rmvb=01;35:.flc=01;35:.avi=01;35:.fli=01;35:.flv=01;35:.gl=01;35:.dl=01;35:.xcf=01;35:.xwd=01;35:.yuv=01;35:.cgm=01;35:.emf=01;35:.ogv=01;35:.ogx=01;35:.aac=00;36:.au=00;36:.flac=00;36:.m4a=00;36:.mid=00;36:.midi=00;36:.mka=00;36:.mp3=00;36:.mpc=00;36:.ogg=00;36:.ra=00;36:.wav=00;36:.oga=00;36:.opus=00;36:.spx=00;36:.xspf=00;36:
MAIL=/var/mail/root
LOGNAME=root
USER=root
USERNAME=root
SHELL=/bin/bash
SUDO_COMMAND=/usr/bin/env
SUDO_USER=rkm
SUDO_UID=1001
SUDO_GID=1001
╭─rkm@Khadas ~
╰─➤
CyberManifest: sudo is a package. Also, once filed, add zsh to the bug since it could be a bug in zsh's package as well.
Not necessarily zsh itself, but the packaging.
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: sudo 1.8.21p2-3ubuntu1
Uname: Linux 4.9.40 aarch64
ApportVersion: 2.20.9-0ubuntu7.6
Architecture: arm64
CurrentDesktop: XFCE
Date: Thu Apr 4 11:07:42 2019
SourcePackage: sudo
UpgradeStatus: No upgrade log present (probably fresh install)
VisudoCheck:
/etc/sudoers: parsed OK
/etc/sudoers.d/README: parsed OK
You should use sudo -i to get a clean root login without your local user configuration seeping into the shell.
[14:40:45] CyberManifest: no, not an issue with sudo or Ubuntu. Just wrong usage. You cannot block sudo from running other programs because they will try to read the program's configuration files from an invalid place
[14:41:20] (because you setuid-ed to a different user, and left the environment variables as they were
CyberManifest: for the kernel, you can try raising it at #ubuntu-kernel (but I think it will be difficult to convince them to use something off mainline...)
for u-boot, there IS a u-boot-tools pacakge already available (but IDK if it is the full u-boot thing)
since precise, BTW. It seems to have configuration files for a series of vendors
[15:26:48] <slacker_nl> CyberManifest: I think the problem is with sudo. I'm running it on debian stable (1.8.19p1) and don't have home in keep_env afaik, at work we have 1.8.16 and that keeps HOME, and you have 1.8.21 which also keeps HOME
CyberManifest: query Khadas about submitting patches to mailine(s)