Bug 1054

Summary: python_plugin_unlink crashes with Python 3.12
Product: Sudo Reporter: Yaakov Selkowitz <yselkowi>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: high    
Priority: low    
Version: 1.9.14   
Hardware: PC   
OS: Linux   

Description Yaakov Selkowitz 2023-07-18 15:36:51 MDT 
The Fedora rawhide and ELN builds of sudo are currently failing due to check_python_examples crashing during "make check" when built with Python 3.12:

https://bugzilla.redhat.com/show_bug.cgi?id=2186412

(While that was reported with 1.9.13p2, the same occurs with 1.9.14p2.)

This is currently preventing sudo from being built for the upcoming Fedora 39 and RHEL 10.  You can see what's new in Python 3.12 here:

https://docs.python.org/3.12/whatsnew/3.12.html
Comment 1 Todd C. Miller 2023-07-19 19:59:29 MDT 
This appears to be a Python bug, it is a NULL dereference in the garbage collector code.  Adding a check for a NULL prev in _PyObject_GC_UNTRACK works around the problem but I've no idea if it is correct.
Comment 2 Todd C. Miller 2023-07-21 15:13:07 MDT 
I have committed a workaround for now until I am able to determine whether this is due to a reference counting issue in the sudo python plugin or a Python 3.12 bug.
Comment 3 Yaakov Selkowitz 2023-07-21 15:58:32 MDT 
Thanks, that allows the tests to proceed further, but another error occurs:

https://kojipkgs.fedoraproject.org//work/tasks/7227/103717227/build.log

Expectation failed at ./regress/testhelpers.c:139:
  actual is <<SudoGroupPlugin.__init__ was called with arguments: () [('args', ('ModulePath=SRC_DIR/example_group_plugin.py', 'ClassName=SudoGroupPlugin')), ('version', '1.0')]
SudoGroupPlugin.__init__ returned result: <example_group_plugin.SudoGroupPlugin object>
SudoGroupPlugin.query was called with arguments: ('user', 'group', ('pw_name', 'pw_passwd', 1001, 101, 'pw_gecos', 'pw_dir', 'pw_shell')) 
SudoGroupPlugin.query returned result: <RC.REJECT: 0> 
>>: actual_content
  expected to be <<SudoGroupPlugin.__init__ was called with arguments: () [('args', ('ModulePath=SRC_DIR/example_group_plugin.py', 'ClassName=SudoGroupPlugin')), ('version', '1.0')]
SudoGroupPlugin.__init__ returned result: <example_group_plugin.SudoGroupPlugin object>
SudoGroupPlugin.query was called with arguments: ('user', 'group', ('pw_name', 'pw_passwd', 1001, 101, 'pw_gecos', 'pw_dir', 'pw_shell')) 
SudoGroupPlugin.query returned result: 0 
>>: expected_output
Expectation failed at ./regress/testhelpers.c:279:
  actual is <<0>>: verify_content(stored_str, reference_path)
  not expected to be <<0>>: 0
Expectation failed at ./regress/check_python_examples.c:512:
  actual is <<0>>: verify_log_lines(expected_path("check_example_group_plugin_is_able_to_debug.log"))
  not expected to be <<0>>: 0
FAILED: testcase check_example_group_plugin_is_able_to_debug() at ./regress/check_python_examples.c:1543
The output of the plugin:
The error output of the plugin:
check_python_examples: 58 tests run, 1 errors, 98% success rate
Comment 4 Todd C. Miller 2023-07-21 20:02:31 MDT 
There are other commits that fix that:

https://www.sudo.ws/repos/sudo/rev/138957911238
https://www.sudo.ws/repos/sudo/rev/38f03683001d
Comment 5 Yaakov Selkowitz 2023-07-23 14:24:08 MDT 
Thank you, with all the plugins/python patches post-1.9.14p2 applied, the tests now pass in Fedora rawhide with Python 3.12.  Can we expect a 1.9.14p3 with these patches sometime soon?
Comment 6 Todd C. Miller 2023-07-24 17:19:14 MDT 
I found a better solution to the crash that doesn't involve leaking a reference and released sudo 1.9.14p3 with that change and the other Python 3.12 fixes.
Comment 7 Yaakov Selkowitz 2023-07-24 21:03:16 MDT 
Thanks, I have proposed the update for Fedora rawhide and the CI scratch builds were successful.  All set from my end now.