Bug 998

Summary: Segmentation fault when invoked inside systemd-nspawn container
Product: Sudo Reporter: Andrew Turny <pt1odp9on9s>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: normal    
Priority: low    
Version: 1.9.8   
Hardware: PC   
OS: Linux   
Attachments: debug build stacktrace and strace

Description Andrew Turny 2021-09-18 19:57:04 MDT 
Created attachment 559 [details]
debug build stacktrace and strace

In a fresh Arch Linux nspawn container, calling `sudo --login -u builduser /bin/true` (/bin/true or anything else) as root results in a segmentation fault.

/etc/sudoers.d/test contains the following, added with visudo:

    builduser ALL = NOPASSWD: /usr/bin/pacman


It works fine if one of following actions is taken:

- `resolve [!UNAVAIL=return]` is removed from the hosts line in /etc/nsswitch.conf.
- `builduser ALL = NOPASSWD: /usr/bin/pacman` is added to /etc/sudoers instead of a drop-in file.
- Not specifying `--login`.


sssd is not installed and the host uses systemd-resolved.

Stackstrace and strace attached.

--
sudo -l:
User builduser may run the following commands on archroot:
    (root) NOPASSWD: /usr/bin/pacman

sudo -V:
Sudo version 1.9.8p1
Sudoers policy plugin version 1.9.8p1
Sudoers file grammar version 48
Sudoers I/O plugin version 1.9.8p1
Sudoers audit plugin version 1.9.8p1
Comment 1 Todd C. Miller 2021-09-19 14:07:15 MDT 
Thank you for your detailed report.  This is now fixed by https://www.sudo.ws/repos/sudo/rev/4b297f2ead15

The fix will be part of sudo 1.9.8p2
Comment 2 Todd C. Miller 2021-09-21 10:12:55 MDT 
Fixed in sudo 1.9.8p2 which is available now.