|
Bugzilla – Full Text Bug Listing |
| Summary: | Segmentation fault when activating include directive in /etc/sudoers | ||
|---|---|---|---|
| Product: | Sudo | Reporter: | Joachim Bauernberger <joachim.bauernberger> |
| Component: | Sudo | Assignee: | Todd C. Miller <Todd.Miller> |
| Status: | RESOLVED FIXED | ||
| Severity: | high | CC: | mehmetgelisin, prime |
| Priority: | low | ||
| Version: | 1.9.1 | ||
| Hardware: | PC | ||
| OS: | Linux | ||
Looks like a crash in the error reporting function. The actual line should be either: @includedir /etc/sudoers.d or #includedir /etc/sudoers.d I haven't managed to reproduce the crash, does it also happen when you run visudo? Now that sudoers is parsed as part of an audit plugin we need some of the same boiler plate code to setup the conversation function. Fixed in https://www.sudo.ws/repos/sudo/rev/e88919ff4900 Hello,
I can reproduce the problem on kali Linux, sudo version 1.9.1. It seems to occur for any error in the configuration file, such as a non existing target binary e.g. "user ALL= NOPASSWD: a"
Recompiled from source and I've got a stacktrace similar to the one OP has:
Program received signal SIGSEGV, Segmentation fault.
[----------------------------------registers-----------------------------------]
RAX: 0x0
RBX: 0x29 (')')
RCX: 0x7fcda47215aa ("syntax error")
RDX: 0x55cc8bc72914 ("/etc/sudoers")
RSI: 0x7fffc7bf7e80 (">>> %s: %s near line %d <<<\n")
RDI: 0x3
RBP: 0x7fcda47215aa ("syntax error")
RSP: 0x7fffc7bf7e68 --> 0x7fcda46fc69c (<sudoerserror+444>: mov edi,DWORD PTR [rsp+0xc])
RIP: 0x0
R8 : 0x29 (')')
R9 : 0x0
R10: 0x1
R11: 0x1
R12: 0x0
R13: 0x7fcda47215aa ("syntax error")
R14: 0x0
R15: 0x55cc8bc72914 ("/etc/sudoers")
EFLAGS: 0x10246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
Invalid $PC address: 0x0
[------------------------------------stack-------------------------------------]
0000| 0x7fffc7bf7e68 --> 0x7fcda46fc69c (<sudoerserror+444>: mov edi,DWORD PTR [rsp+0xc])
0008| 0x7fffc7bf7e70 --> 0x33 ('3')
0016| 0x7fffc7bf7e78 --> 0x1a470921e
0024| 0x7fffc7bf7e80 (">>> %s: %s near line %d <<<\n")
0032| 0x7fffc7bf7e88 ("%s near line %d <<<\n")
0040| 0x7fffc7bf7e90 ("line %d <<<\n")
0048| 0x7fffc7bf7e98 --> 0xa3c3c3c ('<<<\n')
0056| 0x7fffc7bf7ea0 --> 0x55cc8bc84510 --> 0x0
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
0x0000000000000000 in ?? ()
gdb-peda$ bt
#0 0x0000000000000000 in ?? ()
#1 0x00007fcda46fc69c in sudoerserror (s=0x7fcda47215aa "syntax error") at gram.y:953
#2 0x00007fcda46fd26c in sudoersparse () at gram.c:1248
#3 0x00007fcda46db577 in sudo_file_parse (nss=0x7fcda473bb20 <sudo_nss_file>) at ./file.c:102
#4 0x00007fcda46f1c96 in sudoers_init (info=info@entry=0x7fffc7bf8020, envp=envp@entry=0x7fffc7bf8390) at ./sudoers.c:207
#5 0x00007fcda46f7d60 in sudoers_audit_open (version=<optimized out>, conversation=<optimized out>, plugin_printf=<optimized out>, settings=0x55cc8bc77a20, user_info=0x55cc8bc73ee0, submit_optind=<optimized out>,
submit_argv=0x7fffc7bf8368, submit_envp=0x7fffc7bf8390, plugin_options=0x0, errstr=0x7fffc7bf8110) at ./audit.c:158
#6 0x000055cc8a218097 in audit_open_int (errstr=0x7fffc7bf8110, submit_envp=0x7fffc7bf8390, submit_argv=0x7fffc7bf8368, submit_optind=0x4, user_info=0x55cc8bc73ee0, settings=0x55cc8a239c40 <sudo_settings>, plugin=0x55cc8bc78810)
at ./sudo.c:1543
#7 audit_open (submit_envp=0x7fffc7bf8390, submit_argv=0x7fffc7bf8368, submit_optind=0x4, user_info=0x55cc8bc73ee0, settings=0x55cc8a239c40 <sudo_settings>) at ./sudo.c:1563
#8 main (argc=argc@entry=0x4, argv=argv@entry=0x7fffc7bf8368, envp=0x7fffc7bf8390) at ./sudo.c:238
#9 0x00007fcda4a8ee0b in __libc_start_main (main=0x55cc8a217ce0 <main>, argc=0x4, argv=0x7fffc7bf8368, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffc7bf8358) at ../csu/libc-start.c:308
#10 0x000055cc8a21a35a in _start () at ./sudo.c:752
gdb-peda$ print sudo_printf
$1 = (int (*)(int, const char *, ...)) 0x0
Seems like sudo_printf is not properly set?
visudo does warn of an error when exiting:
root ~/Documents/sudo/sudo-1.9.1 visudo
>>> /etc/sudoers: syntax error near line 41 <<<
visudo: /etc/sudoers.tmp unchanged
>>> /etc/sudoers: syntax error near line 41 <<<
What now?
Options are:
(e)dit sudoers file again
e(x)it without saving changes to sudoers file
(Q)uit and save changes to sudoers file (DANGER!)
What now? x
Also note that sudo refused to install (make install) when there was a configuration error:
root ~/Documents/sudo/sudo-1.9.1 make install
.. snip ..
Checking existing sudoers file for syntax errors.
>>> /etc/sudoers: syntax error near line 41 <<<
>>> /etc/sudoers: syntax error near line 50 <<<
parse error in /etc/sudoers near line 41
make[1]: *** [Makefile:386: pre-install] Error 1
make[1]: Leaving directory '/root/Documents/sudo/sudo-1.9.1/plugins/sudoers'
make: *** [Makefile:114: pre-install] Error 2
Never mind can't read in the morning ...
root ~/Documents/sudo/sudo (master) /usr/local/bin/sudo -l
>>> /etc/sudoers: syntax error near line 41 <<<
sudo: parse error in /etc/sudoers near line 41
sudo: no valid sudoers sources found, quitting
sudo: error initializing audit plugin sudoers_audit
Confirmed fix on master bd24a322cca90e000e372d3f98f69553f6f1d755, sorry for being dumb
Fixed in sudo 1.9.2, available now. |
Hi there, when uncommenting the "include" directive in /etc/sudoers: includedir /etc/sudoers.d then sudo crashes with a segmentation fault (stacktrace generated on debian/unstable -- see version info below this stacktrace): gdb -batch -n -ex 'set pagination off' -ex run -ex bt -ex 'bt full' -ex 'thread apply all bt full' --args sudo ls [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Program received signal SIGSEGV, Segmentation fault. 0x0000000000000000 in ?? () #0 0x0000000000000000 in ?? () #1 0x00007ffa722fddbc in sudoerserror (s=0x7ffa72324082 "syntax error") at gram.y:953 #2 0x00007ffa722fe9dc in sudoersparse () at gram.c:1248 #3 0x00007ffa722d8657 in sudo_file_parse (nss=0x7ffa7233f500 <sudo_nss_file>) at ../../../plugins/sudoers/file.c:102 #4 0x00007ffa722ef596 in sudoers_init (info=info@entry=0x7ffc614930d0, envp=envp@entry=0x7ffc61493430) at ../../../plugins/sudoers/sudoers.c:207 #5 0x00007ffa722f9540 in sudoers_audit_open (version=<optimized out>, conversation=<optimized out>, plugin_printf=<optimized out>, settings=0x559b286b9830, user_info=0x559b286b5d00, submit_optind=<optimized out>, submit_argv=0x7ffc61493418, submit_envp=0x7ffc61493430, plugin_options=0x0, errstr=0x7ffc614931c0) at ../../../plugins/sudoers/audit.c:158 #6 0x0000559b28448207 in audit_open_int (errstr=0x7ffc614931c0, submit_envp=0x7ffc61493430, submit_argv=0x7ffc61493418, submit_optind=1, user_info=0x559b286b5d00, settings=0x559b2846d5c0 <sudo_settings>, plugin=0x559b286b9a40) at ../../src/sudo.c:1543 #7 audit_open (submit_envp=0x7ffc61493430, submit_argv=0x7ffc61493418, submit_optind=1, user_info=0x559b286b5d00, settings=0x559b2846d5c0 <sudo_settings>) at ../../src/sudo.c:1563 #8 main (argc=<optimized out>, argv=0x7ffc61493418, envp=0x7ffc61493430) at ../../src/sudo.c:238 #0 0x0000000000000000 in ?? () No symbol table info available. #1 0x00007ffa722fddbc in sudoerserror (s=0x7ffa72324082 "syntax error") at gram.y:953 fmt = ">>> %s: %s near line %d <<<\n" oldlocale = 1 sudo_debug_subsys = 0 __func__ = "sudoerserror" #2 0x00007ffa722fe9dc in sudoersparse () at gram.c:1248 yym = <optimized out> yyn = <optimized out> yystate = 23 #3 0x00007ffa722d8657 in sudo_file_parse (nss=0x7ffa7233f500 <sudo_nss_file>) at ../../../plugins/sudoers/file.c:102 sudo_debug_subsys = 0 __func__ = "sudo_file_parse" handle = 0x559b286be510 #4 0x00007ffa722ef596 in sudoers_init (info=info@entry=0x7ffc614930d0, envp=envp@entry=0x7ffc61493430) at ../../../plugins/sudoers/sudoers.c:207 nss = 0x7ffa7233f500 <sudo_nss_file> nss_next = 0x0 oldlocale = 0 sources = 0 ret = -1 sudo_debug_subsys = 0 __func__ = "sudoers_init" #5 0x00007ffa722f9540 in sudoers_audit_open (version=<optimized out>, conversation=<optimized out>, plugin_printf=<optimized out>, settings=0x559b286b9830, user_info=0x559b286b5d00, submit_optind=<optimized out>, submit_argv=0x7ffc61493418, submit_envp=0x7ffc61493430, plugin_options=0x0, errstr=0x7ffc614931c0) at ../../../plugins/sudoers/audit.c:158 debug_files = {tqh_first = 0x0, tqh_last = 0x7ffc614930c0} info = {settings = 0x559b286b9830, user_info = 0x559b286b5d00, plugin_args = 0x0} cp = <optimized out> plugin_path = <optimized out> cur = <optimized out> ret = <optimized out> sudo_debug_subsys = 0 __func__ = "sudoers_audit_open" #6 0x0000559b28448207 in audit_open_int (errstr=0x7ffc614931c0, submit_envp=0x7ffc61493430, submit_argv=0x7ffc61493418, submit_optind=1, user_info=0x559b286b5d00, settings=0x559b2846d5c0 <sudo_settings>, plugin=0x559b286b9a40) at ../../src/sudo.c:1543 plugin_settings = 0x559b286b9830 ret = <optimized out> sudo_debug_subsys = 576 plugin_settings = <optimized out> ret = <optimized out> sudo_debug_subsys = <optimized out> __func__ = "audit_open_int" sudo_debug_ret = <optimized out> sudo_debug_ret = <optimized out> #7 audit_open (submit_envp=0x7ffc61493430, submit_argv=0x7ffc61493418, submit_optind=1, user_info=0x559b286b5d00, settings=0x559b2846d5c0 <sudo_settings>) at ../../src/sudo.c:1563 ok = <optimized out> plugin = 0x559b286b9a40 next = 0x0 errstr = 0x0 sudo_debug_subsys = 576 plugin = <optimized out> next = <optimized out> errstr = <optimized out> sudo_debug_subsys = <optimized out> __func__ = "audit_open" ok = <optimized out> #8 main (argc=<optimized out>, argv=0x7ffc61493418, envp=0x7ffc61493430) at ../../src/sudo.c:238 nargc = 1 status = 0 nargv = 0x7ffc61493420 env_add = 0x0 user_info = 0x559b286b5d00 command_info = 0x0 argv_out = 0x0 user_env_out = 0x0 settings = 0x559b2846d5c0 <sudo_settings> submit_optind = 1 mask = {__val = {0 <repeats 16 times>}} __func__ = "main" Thread 1 (Thread 0x7ffa72670d00 (LWP 80147)): #0 0x0000000000000000 in ?? () No symbol table info available. #1 0x00007ffa722fddbc in sudoerserror (s=0x7ffa72324082 "syntax error") at gram.y:953 fmt = ">>> %s: %s near line %d <<<\n" oldlocale = 1 sudo_debug_subsys = 0 __func__ = "sudoerserror" #2 0x00007ffa722fe9dc in sudoersparse () at gram.c:1248 yym = <optimized out> yyn = <optimized out> yystate = 23 #3 0x00007ffa722d8657 in sudo_file_parse (nss=0x7ffa7233f500 <sudo_nss_file>) at ../../../plugins/sudoers/file.c:102 sudo_debug_subsys = 0 __func__ = "sudo_file_parse" handle = 0x559b286be510 #4 0x00007ffa722ef596 in sudoers_init (info=info@entry=0x7ffc614930d0, envp=envp@entry=0x7ffc61493430) at ../../../plugins/sudoers/sudoers.c:207 nss = 0x7ffa7233f500 <sudo_nss_file> nss_next = 0x0 oldlocale = 0 sources = 0 ret = -1 sudo_debug_subsys = 0 __func__ = "sudoers_init" #5 0x00007ffa722f9540 in sudoers_audit_open (version=<optimized out>, conversation=<optimized out>, plugin_printf=<optimized out>, settings=0x559b286b9830, user_info=0x559b286b5d00, submit_optind=<optimized out>, submit_argv=0x7ffc61493418, submit_envp=0x7ffc61493430, plugin_options=0x0, errstr=0x7ffc614931c0) at ../../../plugins/sudoers/audit.c:158 debug_files = {tqh_first = 0x0, tqh_last = 0x7ffc614930c0} info = {settings = 0x559b286b9830, user_info = 0x559b286b5d00, plugin_args = 0x0} cp = <optimized out> plugin_path = <optimized out> cur = <optimized out> ret = <optimized out> sudo_debug_subsys = 0 __func__ = "sudoers_audit_open" #6 0x0000559b28448207 in audit_open_int (errstr=0x7ffc614931c0, submit_envp=0x7ffc61493430, submit_argv=0x7ffc61493418, submit_optind=1, user_info=0x559b286b5d00, settings=0x559b2846d5c0 <sudo_settings>, plugin=0x559b286b9a40) at ../../src/sudo.c:1543 plugin_settings = 0x559b286b9830 ret = <optimized out> sudo_debug_subsys = 576 plugin_settings = <optimized out> ret = <optimized out> sudo_debug_subsys = <optimized out> __func__ = "audit_open_int" sudo_debug_ret = <optimized out> sudo_debug_ret = <optimized out> #7 audit_open (submit_envp=0x7ffc61493430, submit_argv=0x7ffc61493418, submit_optind=1, user_info=0x559b286b5d00, settings=0x559b2846d5c0 <sudo_settings>) at ../../src/sudo.c:1563 ok = <optimized out> plugin = 0x559b286b9a40 next = 0x0 errstr = 0x0 sudo_debug_subsys = 576 plugin = <optimized out> next = <optimized out> errstr = <optimized out> sudo_debug_subsys = <optimized out> __func__ = "audit_open" ok = <optimized out> #8 main (argc=<optimized out>, argv=0x7ffc61493418, envp=0x7ffc61493430) at ../../src/sudo.c:238 nargc = 1 status = 0 nargv = 0x7ffc61493420 env_add = 0x0 user_info = 0x559b286b5d00 command_info = 0x0 argv_out = 0x0 user_env_out = 0x0 settings = 0x559b2846d5c0 <sudo_settings> submit_optind = 1 mask = {__val = {0 <repeats 16 times>}} __func__ = "main" 8<---------------------------------8<---------------------------------8<---------------------------------8<--------------------------------- sudo --version Sudo version 1.9.1 Configure options: --build=x86_64-linux-gnu --prefix=/usr --includedir=${prefix}/include --mandir=${prefix}/share/man --infodir=${prefix}/share/info --sysconfdir=/etc --localstatedir=/var --disable-option-checking --disable-silent-rules --libdir=${prefix}/lib/x86_64-linux-gnu --libexecdir=${prefix}/lib/x86_64-linux-gnu --disable-maintainer-mode --disable-dependency-tracking -v --with-all-insults --with-pam --with-fqdn --with-logging=syslog --with-logfac=authpriv --with-env-editor --with-editor=/usr/bin/editor --with-exampledir=/usr/share/doc/sudo/examples --with-timeout=15 --with-password-timeout=0 --with-passprompt=[sudo] password for %p: --disable-root-mailer --with-sendmail=/usr/sbin/sendmail --with-rundir=/run/sudo --libexecdir=/usr/lib --with-sssd --with-sssd-lib=/usr/lib/x86_64-linux-gnu --with-selinux --with-linux-audit --enable-tmpfiles.d=yes Sudoers policy plugin version 1.9.1 Sudoers file grammar version 48 Sudoers path: /etc/sudoers Authentication methods: 'pam' Syslog facility if syslog is being used for logging: authpriv Syslog priority to use when user authenticates successfully: notice Syslog priority to use when user authenticates unsuccessfully: alert Send mail if user authentication fails Send mail if the user is not in sudoers Lecture user the first time they run sudo Require users to authenticate by default Root may run sudo Allow some information gathering to give useful error messages Require fully-qualified hostnames in the sudoers file Visudo will honor the EDITOR environment variable Set the LOGNAME and USER environment variables Length at which to wrap log file lines (0 for no wrap): 80 Authentication timestamp timeout: 15.0 minutes Password prompt timeout: 0.0 minutes Number of tries to enter a password: 3 Umask to use or 0777 to use user's: 022 Path to mail program: /usr/sbin/sendmail Flags for mail program: -t Address to send mail to: root Subject line for mail messages: *** SECURITY information for %h *** Incorrect password message: Sorry, try again. Path to lecture status dir: /var/lib/sudo/lectured Path to authentication timestamp dir: /run/sudo/ts Default password prompt: [sudo] password for %p: Default user to run commands as: root Value to override user's $PATH with: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin Path to the editor for use by visudo: /usr/bin/editor When to require a password for 'list' pseudocommand: any When to require a password for 'verify' pseudocommand: all File descriptors >= 3 will be closed before executing a command Reset the environment to a default set of variables Environment variables to check for sanity: TZ TERM LINGUAS LC_* LANGUAGE LANG COLORTERM Environment variables to remove: *=()* RUBYOPT RUBYLIB PYTHONUSERBASE PYTHONINSPECT PYTHONPATH PYTHONHOME TMPPREFIX ZDOTDIR READNULLCMD NULLCMD FPATH PERL5DB PERL5OPT PERL5LIB PERLLIB PERLIO_DEBUG JAVA_TOOL_OPTIONS SHELLOPTS BASHOPTS GLOBIGNORE PS4 BASH_ENV ENV TERMCAP TERMPATH TERMINFO_DIRS TERMINFO _RLD* LD_* PATH_LOCALE NLSPATH HOSTALIASES RES_OPTIONS LOCALDOMAIN CDPATH IFS Environment variables to preserve: XAUTHORIZATION XAUTHORITY PS2 PS1 PATH LS_COLORS KRB5CCNAME HOSTNAME DPKG_COLORS DISPLAY COLORS Locale to use while parsing sudoers: C Directory in which to store input/output logs: /var/log/sudo-io File in which to store the input/output log: %{seq} Add an entry to the utmp/utmpx file when allocating a pty PAM service name to use: sudo PAM service name to use for login shells: sudo Attempt to establish PAM credentials for the target user Create a new PAM session for the command to run in Perform PAM account validation management Enable sudoers netgroup support Check parent directories for writability when editing files with sudoedit Allow commands to be run even if sudo cannot write to the audit log Allow commands to be run even if sudo cannot write to the log file Log entries larger than this value will be split into multiple syslog messages: 960 File mode to use for the I/O log files: 0600 Execute commands by file descriptor instead of by path: digest_only Type of authentication timestamp record: tty Ignore case when matching user names Ignore case when matching group names Log when a command is allowed by sudoers Log when a command is denied by sudoers Sudo log server timeout in seconds: 30 Enable SO_KEEPALIVE socket option on the socket connected to the logserver Verify that the log server's certificate is valid Set the pam remote user to the user running sudo Local IP address and netmask pairs: 192.168.1.190/255.255.255.0 fe80::9049:55ff:fed5:2654/ffff:ffff:ffff:ffff:: Sudoers I/O plugin version 1.9.1 Sudoers audit plugin version 1.9.1