Skip to content

Unbound - Supress subsession sudo -l shell output#2893

Closed
brettplarson wants to merge 3 commits intoDataDog:masterfrom
brettplarson:blarson-update-unbound-supress-subshell
Closed

Unbound - Supress subsession sudo -l shell output#2893
brettplarson wants to merge 3 commits intoDataDog:masterfrom
brettplarson:blarson-update-unbound-supress-subshell

Conversation

@brettplarson
Copy link
Copy Markdown

@brettplarson brettplarson commented Jan 29, 2026
edited
Loading

What does this PR do?

This test_sudo line runs and the result code is used only to raise an exception. This PR pipes the output to /dev/null.

Motivation

I am making this change for two reasons:

  1. It generates a lot of low value noise in the logs. This output doesn't appear to respect the log level, so it's impossible to turn this off.
  2. Logging sudo -l output could potentially be a security risk, maybe a stretch, but i'm sure security would prefer you to not log this information.

Review checklist

  • PR has a meaningful title or PR has the no-changelog label attached
  • Feature or bugfix has tests
  • Git history is clean
  • If PR impacts documentation, docs team has been notified or an issue has been opened on the documentation repo
  • If this PR includes a log pipeline, please add a description describing the remappers and processors.

Additional Notes

There's probably some other changes to this that could be explored, open to ideas, this just seemed like the quickest to get approved / merged.

Ideas:

  • Rather than testing for sudo - why not just fail when sudo is used? this code seems overly complex. You need to explicitly enable use_sudo, why test every time?

@brettplarson brettplarson marked this pull request as draft February 2, 2026 18:02
@brettplarson brettplarson marked this pull request as ready for review February 2, 2026 18:02
@dkirov-dd
Copy link
Copy Markdown
Contributor

dkirov-dd commented Feb 4, 2026

Hey @brettplarson,

You can fix the failing test by bumping the minimum base check version to 37.20.0 in the pyproject.toml file.

@brettplarson
Copy link
Copy Markdown
Author

brettplarson commented Feb 4, 2026

@dbyron0 can you please review? thanks!

@dbyron0
Copy link
Copy Markdown
Contributor

dbyron0 commented Feb 4, 2026

@dbyron0 can you please review? thanks!

I haven't used this code for a very long time. Fingers crossed there's someone who's been in the neighborhood more recently who can do a meaningful review.

@brettplarson
Copy link
Copy Markdown
Author

brettplarson commented Feb 5, 2026

@dkirov-dd can you please review? Thank you!

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Feb 26, 2026

This pull request has not been updated for more than 21 days. If there are no updates to this PR within 7 days, it will be closed. If you'd like to re-open this PR after it's been closed, you can start from the latest master branch or pull the latest changes into your branch and create a new pull request.

@github-actions github-actions Bot added the stale label Feb 26, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Mar 5, 2026

This pull request was not updated after an additional 7 days of no activity. If you would like to continue work on this PR, please re-open this PR or create a fresh branch off of the latest master branch.

@github-actions github-actions Bot closed this Mar 5, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dkirov-dd dkirov-dd dkirov-dd approved these changes

Assignees

No one assigned

Labels

stale

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@brettplarson @dkirov-dd @dbyron0