Bug 452

Summary: sudo crash when seeing dir in #includedir
Product: Sudo Reporter: Elan Ruusamäe <glen>
Component: SudoersAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: high    
Priority: low    
Version: 1.7.4   
Hardware: PC   
OS: Linux   
Attachments: Patch to fix crash when a non-regular file is in the includedir

Description Elan Ruusamäe 2010-11-15 06:23:28 MST 
# grep includedir /etc/sudoers
#includedir /etc/sudoers.d

# mkdir /etc/sudoers.d/CVS

# EDITOR=vim visudo 
visudo: : No such file or directory
visudo: editor (/usr/bin/vim) failed, /etc/sudoers unchanged
Segmentation fault
Comment 1 Elan Ruusamäe 2010-11-15 06:27:44 MST 
strace of "sudo id", which reports on console:

# sudo id
sudo: can't stat : No such file or directory
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)


...
open("/etc/sudoers.d", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 5
fstat64(5, {st_mode=S_IFDIR|0550, st_size=16, ...}) = 0
fcntl64(5, F_SETFD, FD_CLOEXEC)         = 0
getdents64(5, /* 3 entries */, 4096)    = 72
stat64("/etc/sudoers.d/CVS", {st_mode=S_IFDIR|0775, st_size=48, ...}) = 0
getdents64(5, /* 0 entries */, 4096)    = 0
close(5)                                = 0
lstat64("", 0xbffe97ec)                 = -1 ENOENT (No such file or directory)
setresgid32(-1, 0, -1)                  = 0
setresuid32(0, 1, 0)                    = 0
lstat64("", 0xbffe97ec)                 = -1 ENOENT (No such file or directory)
setresuid32(0, 0, 0)                    = 0
setresgid32(-1, 0, -1)                  = 0
...
Comment 2 Todd C. Miller 2010-11-30 12:21:30 MST 
I'm unable to reproduce this and the includedir code explicitly skips non-regular files.

Can you tell me a little bit more about your environment, such as which version of Linux, whether you are using the vendor's sudo package (and if so, the package version) or whether your sudo is build from source?
Comment 3 Elan Ruusamäe 2011-03-26 13:42:34 MDT 
it is pld linux, and i am building rpm package

seems it is something environment specific. as if i build the same codebase on the different favour of distribution (2.0 vs 3.0), then on the newer 3.0 (th) i do not notice such behaviour and on older 2.0 (ac) it segfaults

on system where it segfaults:
glibc-6:2.3.6-18.i686
gcc-5:3.3.6-9.i686

# mkdir -p /etc/sudoers.d/CVS
# sudo -l
sudo: can't stat : No such file or directory
Segmentation fault
# sudo -V|head -n1
Sudo version 1.7.5



on system where it does not segfault:
gcc-4.5.1-5.x86_64
glibc-2.13-3.x86_64

# mkdir -p /etc/sudoers.d/CVS
# sudo -l
User root may run the following commands on this host:
    (ALL) ALL
    (ALL) NOPASSWD: ALL
# sudo -V |head -n1
Sudo version 1.7.5

so i'm not really sure what can be cause of the segfault, i suspect glibc glob.
Comment 4 Elan Ruusamäe 2011-03-26 13:55:37 MDT 
seems there's also double free or memory corruption?

$ sudo -l
sudo: can't stat : No such file or directory
*** glibc detected *** free(): invalid pointer: 0x080816f0 ***
Aborted
Comment 5 Todd C. Miller 2011-03-27 09:18:26 MDT 
Created attachment 310 [details]
Patch to fix crash when a non-regular file is in the includedir

I was able to install pld Linux 2.0 in a VM and reproduce the problem.  The attached patch fixes it and will be included in sudo 1.7.6.
Comment 6 Elan Ruusamäe 2011-03-28 08:24:39 MDT 
your patch is invalid, but simple s/PATH/path/ fixes it (wrong case in first chunk) :)
Comment 7 Todd C. Miller 2011-04-11 08:07:16 MDT 
Fixed in sudo 1.7.6 and 1.8.1