Bug 458

Summary: sudo sometimes generates stack smashing exception
Product: Sudo Reporter: Fred Austin <fred.austin>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED INVALID    
Severity: normal    
Priority: low    
Version: 1.7.4   
Hardware: PC   
OS: Linux   
Attachments: patch to fall back to group file when no supplemental groups exist

Description Fred Austin 2010-12-18 11:30:11 MST
running on hardened Linux kernel
- gentoo, build 2.6.32-r22
- sudo, build 1.7.4_p4
- glibc-2.11.2-r3
- gcc-4.4.4-r2

- have userid "user1" belonging to group wheel
- have uncommented line in sudoers file
  %wheel   ALL=(ALL)   NOPASSWD: ALL

- have executable owned by "user1" in bin
- executable setup to always run with "user1" permissions
- executable makes system() call to run command with sudo
- executable is invoked by a runscript during bootup

- first invocation of sudo by executable results in stack smashing error  (some of the time)
- subsequent invocations (and sometimes the first) prompt for password

- the executable runs correctly after the bootup process has completed
- adding the following line to sudoers file also resolves issue
  user1	   ALL=(ALL)   NOPASSWD: ALL
Comment 1 Todd C. Miller 2010-12-20 09:27:58 MST
Can you provide additional details, such as the entire error message?  Is the stack smashing exception coming from gcc's stack protector or from glibc?  I've built sudo with -Wstack-protector on gcc 4.4.3 and am unable to trigger a problem.
Comment 2 Fred Austin 2010-12-20 09:54:50 MST
After other changes that have been made, I am unable to trigger the stack smashing exception on the system. I have someone else building a new system today, if they can duplicate the problem I will provide more details. The only issue that is consistent is that sudo will prompt for a password during the bootup sequence if only the group wheel is configured to execute commands without a password, rather then the userid itself. This was not the case running sudo 1.6.9 on a 2.6.25 kernel.
Comment 3 Todd C. Miller 2010-12-20 11:09:08 MST
The reason sudo is prompting for a password is that during bootup the root user has no supplemental group ids and so it is not actually in group wheel.  Older versions of sudo used the group file directly instead of using supplemental group ids, but this caused problems when multiple group sources were defined in nsswitch.conf.

It would be possible to fall back to the /etc/group file if there are not supplemental groups but this makes it impossible for a program to drop its groups before executing sudo to prevent group matches.  This may not be a big deal.  I'll attach a diff that enables fallback in this case.
Comment 4 Todd C. Miller 2010-12-20 11:10:09 MST
Created attachment 297 [details]
patch to fall back to group file when no supplemental groups exist
Comment 5 Fred Austin 2010-12-20 12:12:32 MST
Thank-you

If the other person can not reproduce the stack smashing problem by the end of today then I think we should drop the bug. As I often say, there is no sense in chasing after ghosts.
Comment 6 Fred Austin 2010-12-20 15:19:37 MST
We now have indications of a problem somewhere else, I think we should drop this bug. Thank-you for your time.