Bug 951

Hello,

when upgrading from 1.9.4 to 1.9.4.p1, sudo started to throw SIGSEGFAULTS (for the archlinux package, which does not apply any patches to the release).

The SEGFAULT happens for various invokations, including "sudo" or "sudo -s".

When rebuilding with -O0 and debug-symbols, gdb tells me the following about the location of the segfault:

>  0x00006b2ecb7501e7 in runaslist_matches (parse_tree=parse_tree@entry=0x4d6ea4c4f98, user_list=<optimized out>, group_list=group_list@entry=0x0, 
>     matching_user=matching_user@entry=0x0, matching_group=matching_group@entry=0x0) at ./match.c:199
> 199				if (userpw_matches(m->name, runas_pw->pw_name, runas_pw))

As it seems, runas_pw can be a NULL-pointer at that point:

> (gdb) p sudo_user._runas_pw
> $2 = (struct passwd *) 0x0

My /etc/sudoers config is quite minimal:

> cat /etc/sudoers | grep -vP '(^#|^$)'
> Defaults	env_reset, !set_logname
> Defaults>root	env_keep += HOME
> root ALL=(ALL) ALL
> %wheel ALL=(ALL) ALL
> @includedir /etc/sudoers.d

(/etc/sudoers.d is an empty folder)

When commenting the line
> Defaults>root	env_keep += HOME
sudo works as expected, so I guess one of the last commits might make sudo sensitive to the value of HOME?

Thank you for reading that far, please let me know if you need any further information, such as specific library versions, etc. (Though I can confirm that downgrading the sudo-package to 1.9.4 while keeping all libraries untouched fixes/masks the issue, so it is probably not related to the library versions anyway).

Regards,
Simon

P.S. Two more things:
 1. Thanks for all the work you put into sudo. I guess one should say that more often in FOSS :)
 2. Maybe a bit of context, as env_keep += HOME might be a bit strange: This is used on a trusted host for our organisation where multiple admins occasionally act as root, each one with his own preferred dotfiles, so env_keep allows everyone to use the dotfiles of his personal useraccount, as opposed to a least common denominator for /root itself.